Configure Nginx as a Reverse Proxy with SSL on Ubuntu 24.04 for Multiple Domains

Configure Nginx as a Reverse Proxy with SSL on Ubuntu 24.04 for Multiple Domains

At ByteHosting, we understand the importance of secure and efficient web hosting. Setting up Nginx as a reverse proxy with SSL encryption on Ubuntu 24.04 allows you to serve multiple domains securely and optimize your server’s performance. In this guide, we’ll walk you through the practical steps to achieve this, ensuring your setup is both robust and scalable.

Prerequisites

• Ubuntu 24.04 VPS with root or sudo access
• Multiple domain names pointing to your server’s IP address
• SSL certificates for each domain (we recommend Let's Encrypt for free SSL)
• Nginx installed and running

If you haven't installed Nginx yet, you can do so with:

sudo apt update
sudo apt install nginx

Configure Server Blocks for Each Domain

First, we need to create separate server blocks for each domain. This helps Nginx handle multiple sites efficiently. Let’s assume you have two domains: example1.com and example2.com.

Create Directory Structure

Although not mandatory for reverse proxy, it's good practice to organize your configuration files:

sudo mkdir -p /etc/nginx/sites-available
sudo mkdir -p /etc/nginx/sites-enabled

Create Server Block Files

For each domain, create a configuration file:

sudo nano /etc/nginx/sites-available/example1.com

Insert the following configuration, replacing your_backend_service with your actual backend URL or IP:

server {
    listen 80;
    server_name example1.com www.example1.com;

    location / {
        proxy_pass http://your_backend_service;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Repeat for example2.com.

Set Up SSL Certificates with Certbot

We recommend using Certbot to obtain free SSL certificates from Let's Encrypt. Install Certbot if you haven't:

sudo apt install certbot python3-certbot-nginx

Obtain and install SSL certificates for each domain:

sudo certbot --nginx -d example1.com -d www.example1.com
sudo certbot --nginx -d example2.com -d www.example2.com

Certbot will automatically update your Nginx configuration to redirect HTTP to HTTPS and enable SSL.

Configure Reverse Proxy Rules and proxy_pass

Ensure your server blocks include the listen 443 ssl; directive and SSL configurations. Certbot typically handles this, but verify your sites-available files look like this:

server {
    listen 443 ssl;
    server_name example1.com www.example1.com;

    ssl_certificate /etc/letsencrypt/live/example1.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example1.com/privkey.pem;

    location / {
        proxy_pass http://your_backend_service;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# Repeat for other domains

Test SSL and Proxy Functionality

After configuring, test your setup:

• Visit https://example1.com and https://example2.com in your browser.
• Ensure the SSL certificate is valid and the site loads correctly.
• Use tools like SSL Labs to verify your SSL configuration.

Optimize Nginx for Performance and Security

Enhance your Nginx configuration by enabling HTTP/2, setting strong SSL ciphers, and enabling security headers. Here’s a sample snippet:

server {
    listen 443 ssl http2;
    server_name example1.com;

    ssl_protocols TLSv1.3 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256';
    ssl_prefer_server_ciphers on;

    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options DENY;
    add_header X-XSS-Protection "1; mode=block";
}

Additionally, consider enabling gzip compression and caching headers for better performance.

Troubleshooting Common SSL and Proxy Issues

• SSL certificate errors: Verify your certificate paths and renewal status.
• Proxy not working: Check your proxy_pass URL and ensure your backend service is accessible.
• HTTP to HTTPS redirection issues: Confirm Certbot’s automatic redirect configuration or set up manual redirects in your server blocks.

Conclusion

By following these steps, we can successfully configure Nginx as a reverse proxy with SSL on Ubuntu 24.04 for multiple domains. This setup not only secures your web traffic but also improves your server’s performance and scalability. At ByteHosting, we’re committed to providing reliable hosting solutions, and we hope this guide helps you achieve a secure and efficient web environment. If you need scalable VPS hosting to support your projects, explore our affordable plans in Frankfurt, Germany, and experience enterprise-grade infrastructure with instant deployment and excellent support.