DEV Community

Cover image for NGINX and Node.js - Serving Static Content and Handling SSL Encryption
Sushant Gaurav
Sushant Gaurav

Posted on

NGINX and Node.js - Serving Static Content and Handling SSL Encryption

As applications grow in complexity, deploying them efficiently becomes crucial. One of the most common solutions for hosting and managing Node.js applications is NGINX, a high-performance web server that can act as a reverse proxy, load balancer, and static content server. This article covers:

  1. Why use NGINX with Node.js?
  2. Setting up NGINX for static content delivery.
  3. Using NGINX as a reverse proxy for Node.js applications.
  4. Enabling SSL encryption with NGINX.

Why Use NGINX with Node.js?

Node.js is great for handling real-time applications and dynamic requests, but it’s not optimized for serving static files or handling SSL/TLS. NGINX, with its asynchronous architecture, is more suited for static content delivery and SSL termination. Here’s why combining NGINX with Node.js makes sense:

  • Efficient Static Content Serving: NGINX efficiently serves static files (HTML, CSS, JS) and reduces the workload on the Node.js server.
  • Reverse Proxy: NGINX can forward incoming client requests to multiple Node.js instances, providing load balancing and fault tolerance.
  • SSL Termination: NGINX can handle SSL encryption, allowing secure HTTPS connections.
  • Improved Performance: Offloading static files and SSL handling to NGINX allows Node.js to focus on processing dynamic content, improving performance.

Setting Up NGINX for Static Content Delivery

NGINX is highly efficient at serving static content (e.g., images, JavaScript, CSS). When working with a Node.js application, it’s best to let NGINX handle static files while Node.js focuses on dynamic content.

Step 1: Install NGINX

On Ubuntu, you can install NGINX with:

sudo apt update
sudo apt install nginx
Enter fullscreen mode Exit fullscreen mode

Step 2: Configure NGINX for Static Content

Once installed, the NGINX configuration file can be found at /etc/nginx/nginx.conf. Here’s how to configure NGINX to serve static files from a directory:

server {
    listen 80;

    # Root directory for static files
    root /var/www/myapp/public;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}
Enter fullscreen mode Exit fullscreen mode
  • root: Specifies the directory where the static files are located.
  • try_files: Checks for the existence of the requested file. If not found, returns a 404 error.

Step 3: Start NGINX

sudo systemctl start nginx
sudo systemctl enable nginx
Enter fullscreen mode Exit fullscreen mode

Your static files (e.g., HTML, CSS, and JavaScript) will now be served from the /var/www/myapp/public directory.

Using NGINX as a Reverse Proxy for Node.js

When NGINX acts as a reverse proxy, it forwards client requests to a backend Node.js server. This approach enhances scalability and security by hiding the Node.js server behind NGINX.

Step 1: Node.js Server

Here’s a simple Node.js application:

const http = require('http');

const server = http.createServer((req, res) => {
    res.writeHead(200, { 'Content-Type': 'text/html' });
    res.end('<h1>Hello from Node.js</h1>');
});

server.listen(3000, () => {
    console.log('Node.js server running on http://localhost:3000');
});
Enter fullscreen mode Exit fullscreen mode

Step 2: NGINX Reverse Proxy Configuration

Edit the NGINX configuration file to add the reverse proxy settings:

server {
    listen 80;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}
Enter fullscreen mode Exit fullscreen mode
  • proxy_pass: Forwards incoming requests to the Node.js server running on port 3000.
  • proxy_set_header: Passes client information like the original host and connection upgrade details (for WebSocket support).

Step 3: Restart NGINX

sudo systemctl restart nginx
Enter fullscreen mode Exit fullscreen mode

Now, when you access your server via http://yourdomain.com, NGINX will route requests to your Node.js application running on port 3000.

Enabling SSL Encryption with NGINX

In today’s world, SSL (Secure Sockets Layer) is essential for securing communications between clients and servers. NGINX makes it easy to enable SSL and manage HTTPS connections.

Step 1: Obtain an SSL Certificate

For production, you can obtain a free SSL certificate using Let’s Encrypt. For local development or testing, you can use a self-signed certificate.

Install Let’s Encrypt and generate an SSL certificate:

sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com
Enter fullscreen mode Exit fullscreen mode

Let’s Encrypt will automatically generate and install the certificate.

Step 2: Configure NGINX for SSL

Once the SSL certificate is installed, update the NGINX configuration file:

server {
    listen 80;
    server_name yourdomain.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}
Enter fullscreen mode Exit fullscreen mode
  • listen 443 ssl: Configures the server to listen on port 443 (HTTPS).
  • ssl_certificate and ssl_certificate_key: Specify the paths to your SSL certificate and key files.

Step 3: Restart NGINX to Apply Changes

sudo systemctl restart nginx
Enter fullscreen mode Exit fullscreen mode

Now, your Node.js application is secured with SSL and accessible via https://yourdomain.com.

Serving Static Content with NGINX and Node.js

While NGINX handles dynamic requests via reverse proxy, it’s highly efficient at serving static files such as CSS, JavaScript, and images directly from the server. Let’s look at how NGINX handles static content:

Configuration for Static Content Delivery

Edit your NGINX configuration to define the location of static files:

server {
    listen 80;
    server_name yourdomain.com;

    # Serve static files from this directory
    location /static/ {
        root /var/www/myapp;
    }

    location / {
        proxy_pass http://localhost:3000;
    }
}
Enter fullscreen mode Exit fullscreen mode

In this configuration:

  • location /static/: Serves static files (e.g., /static/style.css will map to /var/www/myapp/static/style.css).

By using NGINX for static content delivery, your Node.js server can focus solely on handling dynamic content and business logic, reducing the load on your application.

Why SSL, Encryption, and Security Measures Are Important?

Encryption is essential for ensuring that sensitive data transmitted between the client and server remains secure. SSL certificates, using the HTTPS protocol, provide an extra layer of security by encrypting the communication channel. Here’s why SSL is important:

  1. Data Integrity: Prevents data from being tampered with during transmission.
  2. Authentication: Ensures that the server you’re communicating with is indeed the one you intended to reach.
  3. Encryption: Encrypts sensitive information such as login credentials, personal data, and payment details.
  4. Trust: SSL certificates build trust with users as browsers mark unencrypted sites as "Not Secure."

SSL/TLS Encryption in Practice

SSL/TLS works by establishing a secure handshake between the client and the server. It uses both asymmetric encryption (public/private keys) and symmetric encryption to secure communication.

Conclusion

NGINX is an incredibly powerful tool that enhances the performance, scalability, and security of Node.js applications. By leveraging NGINX to handle static content, serve as a reverse proxy, and manage SSL encryption, your application can scale more efficiently and provide a secure environment for your users.

In the next article, we will dive deeper into WebSockets and Socket.IO, focusing on real-time communication for highly interactive applications.

Top comments (0)