Shakhzhakhan Maxudbek

Posted on Mar 10 • Originally published at args.tech

Setup Nginx reverse proxy and force redirect HTTP to HTTPS

#nginx #http #ssl #openssl

Nginx is very powerful WEB-server. The primary goal of Nginx - answering on clients' requests. It can serve html, php and static files (css, js, images, etc...). Also Nginx maybe configured as load balancer. This tutorial explain, how to configure Nginx as frontend for your web-based application (reverse proxy) and force redirect HTTP to HTTPS (HSTS - HTTP Strict Transport Security technology).

Installing Nginx from Advanced Packaging Tool (APT) package manager:

sudo apt install nginx -y

Firewall configuration. If you have enabled UFW, create rule for allowing all Nginx listen ports:

sudo ufw allow 'Nginx full'

Generate self-signed SSL certificate and key files with OpenSSL:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt

Certificate and Key generating outuput:

..........+..+..........+...........+.......+...............+++++++++++++++++++++++++++++++++++++++*...+++++++++++++++++++++++++++++++++++++++*.........+.....+...............+.+...+......+...+..+.........+.......+...+..+.......+..+.+...............+............+..+...+...+.......+......+...........+.+...+..+.........+....+.........+...+..+...+............+.+......+.....+.+........+............+....+.....+.+........+.......+.....+.......+.....+.+..+...+.+..............+....+..+..........+.....+......+.................................+.......+..+..................+....+.........+......+.....+.........+.........+...+....+...+........+...+....+...+.....+.......+......+...............+..............+...............+.+.....+.........+............+......+....+.........+.........+..+.+.....+....+.....+...+.............+.........+.....+....+......+..............+.+........+...+.........................+..+.......+.......................+.......+.........+......+.....+.+.....+...++++++
...+.......+...+............+..+......+.+.....+...+.+++++++++++++++++++++++++++++++++++++++*....+.........+..+...+.........+...+...+....+...+............+...+...+..+....+...+..+++++++++++++++++++++++++++++++++++++++*....+....+..+...+....+......+......+...+.....+.+.....+.......++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

Configuring Nginx. Add Nginx configuration for your application in /etc/nginx/sites-available/your-project.com file:

server {
    # This block need for redirecting HTTP to HTTPS
    # When Nginx receive client request on 80 port by HTTP
    # Connection will be redirected on HTTPS
    listen 80;
    server_name your-project.com www.your-project.com;
    return 301 https://$host$request_uri;
}
server {
    listen 443 ssl;
    server_name your-project.com www.your-project.com;

    # Certificates PATH:
    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

    # Setting up reverse proxy to application side
    location / {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_pass http://localhost:8000;
    }
}

Creating symlink for configuration file:

sudo ln -s /etc/nginx/sites-available/your-project.com /etc/nginx/sites-enabled

Test newly created configurations:

sudo nginx -t

Output of tests should say result. If configurations not contain errors, result must be OK:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart Nginx for applying new configurations:

sudo systemctl restart nginx

Testing in browser. When you first time open URL address with self-signed certificate you get "Privacy error" message. Example for Chromium:

Your connection is not private
Attackers might be trying to steal your information from your-project.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID

Click on "Advanced" button, then open "Proceed to your-project.com (unsafe)" link.

Your AI Code Assistant

Automate your code reviews. Catch bugs before your coworkers. Fix security issues in your code. Built to handle large projects, Amazon Q Developer works alongside you from idea to production code.

Get started free in your IDE

Top comments (0)

5 Playwright CLI Flags That Will Transform Your Testing Workflow

--last-failed: Zero in on just the tests that failed in your previous run
--only-changed: Test only the spec files you've modified in git
--repeat-each: Run tests multiple times to catch flaky behavior before it reaches production
--forbid-only: Prevent accidental test.only commits from breaking your CI pipeline
--ui --headed --workers 1: Debug visually with browser windows and sequential test execution

Learn how these powerful command-line options can save you time, strengthen your test suite, and streamline your Playwright testing experience. Practical examples included!

Watch Video 📹️

DEV Community

Setup Nginx reverse proxy and force redirect HTTP to HTTPS

Your AI Code Assistant

Top comments (0)

5 Playwright CLI Flags That Will Transform Your Testing Workflow

Okay