How to configure Nginx for HTTPS
How to set up HTTPS on your Web Server using Let's Encrypt
I recently set up a VPS on DigitalOcean using the official Node.js droplet, which installs Ubuntu Linux with Node and Nginx as a reverse proxy, which means it’s a middleman between users and your Node.js apps.
By default the droplet is configured to use HTTP, but we want our apps to be served using HTTPS, the secure version of HTTP.
So we need to do a little procedure that involves using Certbot to obtain a SSL certificate through Let’s Encrypt, and configuring Nginx to use it.
These are the steps we’ll follow:
- Install Certbot and the Certbot Nginx package
- Set up Nginx
- Generate the SSL certificate using Certbot
Install Certbot and the Certbot Nginx package
These instructions assume you are using Ubuntu, Debian or any other Linux distribution that uses apt-get
to manage packages:
sudo apt-get install certbot python3-certbot-nginx
Set up Nginx
Edit /etc/nginx/sites-available/default
to set the correct server name (essential for SSL)
sudo nano /etc/nginx/sites-available/default
find the line server_name
and enter your domain name:
server_name my.domain.com;
Now run
sudo systemctl reload nginx
to reload Nginx with the updated configuration.
The firewall should already be configured to accept HTTPS, find it out typing sudo ufw status
. You should see Nginx Full
in the list. If you only see Nginx HTTP
, look up how to change that.
Generate the SSL certificate using Certbot
Now we can invoke Certbot to generate the certificate. You must run this as root:
sudo certbot --nginx -d my.domain.com
(of course, change my.domain.com
to your domain name)
Enter your real email, as that will be used to communicate you any problem.
I also suggest to choose the option to redirect HTTP to HTTPS automatically.
That’s it!
SSL certificates are valid for 90 days, and Certbot is already set up for automated renewal. To simulate and test-drive the renewal process, run:
sudo certbot renew --dry-run
This should give you a successful message.
That’s it, now your Node apps should successfully run on HTTPS with no additional changes on your part.
THE VALLEY OF CODE
THE WEB DEVELOPER's MANUAL
You might be interested in those things I do:
- Learn to code in THE VALLEY OF CODE, your your web development manual
- Find a ton of Web Development projects to learn modern tech stacks in practice in THE VALLEY OF CODE PRO
- I wrote 16 books for beginner software developers, DOWNLOAD THEM NOW
- Every year I organize a hands-on cohort course coding BOOTCAMP to teach you how to build a complex, modern Web Application in practice (next edition February-March-April-May 2024)
- Learn how to start a solopreneur business on the Internet with SOLO LAB (next edition in 2024)
- Find me on X