Emiliano Maccaferri Emiliano Maccaferri - 4 months ago 17x
Node.js Question

How do I make an SSL-secured reverse proxy on Nginx with Let's Encrypt?

I have a RestAPI that works on Node.js and it's proxied through Nginx with the following configuration (private parts have been hidden):

server {

listen 80;
server_name mywebsitestuff.com www.mywebsitestuff.com;

location / {
proxy_pass http://serverip:25000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;

I want this API work with a Let's Encrypt SSL Certificate, how can I do it?



1.use Let's encrypt to sign a cert for you domain mywebsitestuff.com www.mywebsitestuff.com

Links: Getting Started - Let's Encrypt

2.config the server block like this

listen 443;
server_name   mywebsitestuff.com;

ssl on;
ssl_certificate     /etc/letsencrypt/live/mywebsitestuff.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsitestuff.com/privkey.pem;
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;

You might need to sign two certs for your domain both w/ and w/o www, then config them in two separate server block since they are using two different certs.


It seems like Let's Encrypt will visit /.well-known/acme-challenge/ for authentication of domain.

Add a location to avoid reverse proxy this request like this

location /.well-known/acme-challenge/ {
    root /some/path/;

Then you can continue on with webroot plugin with command like

./path/to/certbot-auto certonly --webroot -w /some/path -d mywebsitestuff.com -d www.mywebsitestuff.com

Make sure /some/path exists and you can write while nginx can read.