Configure Nginx as a Reverse Proxy with SSL on Ubuntu 24.04 for Multiple Domains

Introduction

At ByteHosting, we understand the importance of secure and efficient web hosting solutions. If you're managing multiple websites or services, configuring Nginx as a reverse proxy with SSL on Ubuntu 24.04 is an excellent way to enhance security, simplify management, and improve performance. In this tutorial, we’ll walk you through a hands-on process to set up Nginx as a reverse proxy with SSL for multiple domains, using a native setup without Docker. This approach ensures you have full control over your server environment and can tailor configurations to your needs.

Prerequisites

Before we begin, ensure you have the following:

• An Ubuntu 24.04 VPS instance. Our cost-effective KVM VPS hosting plans in Frankfurt are perfect for this purpose.
• Nginx installed on your server. If not, you can install it with sudo apt update && sudo apt install nginx.
• Domain names pointing to your server’s IP address. Proper DNS setup is crucial for SSL certificate issuance.

Creating Server Blocks for Each Domain

To host multiple domains, we need to create individual server blocks (virtual hosts) in Nginx. Each server block will handle a specific domain and act as a reverse proxy to your backend services.

Step 1: Create Directory Structure

sudo mkdir -p /var/www/domain1.com/html
sudo mkdir -p /var/www/domain2.com/html

Replace domain1.com and domain2.com with your actual domain names.

Step 2: Set Permissions

sudo chown -R $USER:$USER /var/www/domain1.com/html
sudo chown -R $USER:$USER /var/www/domain2.com/html

Step 3: Create Sample Index Files

echo "Welcome to domain1.com" | sudo tee /var/www/domain1.com/html/index.html
echo "Welcome to domain2.com" | sudo tee /var/www/domain2.com/html/index.html

Step 4: Configure Nginx Server Blocks

Create configuration files in /etc/nginx/sites-available/. For example, domain1.com:

sudo nano /etc/nginx/sites-available/domain1.com

Insert the following configuration:

server {
    listen 80;
    server_name domain1.com www.domain1.com;

    root /var/www/domain1.com/html;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}

Repeat for domain2.com with appropriate server_name and root paths.

Enable the sites by creating symbolic links:

sudo ln -s /etc/nginx/sites-available/domain1.com /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/domain2.com /etc/nginx/sites-enabled/

Test Nginx configuration and reload:

sudo nginx -t
sudo systemctl reload nginx

Obtaining SSL Certificates via Let's Encrypt

Next, we secure our domains with SSL certificates from Let's Encrypt. We recommend using Certbot for this purpose.

Step 1: Install Certbot

sudo apt update
sudo apt install certbot python3-certbot-nginx

Step 2: Obtain Certificates

Run Certbot for each domain:

sudo certbot --nginx -d domain1.com -d www.domain1.com
sudo certbot --nginx -d domain2.com -d www.domain2.com

Follow the prompts to complete the process. Certbot will automatically configure SSL in your Nginx server blocks.

Configuring SSL and Reverse Proxy Settings

After obtaining SSL certificates, ensure your server blocks are configured to redirect HTTP to HTTPS and to act as reverse proxies if needed.

Sample SSL-enabled Server Block

server {
    listen 80;
    server_name domain1.com www.domain1.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name domain1.com www.domain1.com;

    ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem;

    root /var/www/domain1.com/html;
    index index.html;

    location / {
        proxy_pass http://localhost:8080; # Your backend service
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Adjust the proxy_pass directive to point to your backend service or application.

Testing the Setup with Multiple Domains

Once everything is configured, test your setup by visiting your domains via HTTPS. You should see the SSL certificate in action, and your reverse proxy should correctly forward requests to your backend services.

Use tools like SSL Labs to verify your SSL configuration and ensure your sites are secure.

Troubleshooting Common SSL and Proxy Issues

• SSL certificate errors: Ensure Certbot certificates are correctly installed and paths are accurate.
• Reverse proxy not working: Check proxy headers and backend service status.
• HTTP to HTTPS redirection issues: Confirm redirect rules are correctly set up in your server blocks.

Best Practices for Security and Performance

• Enable HTTP/2 in your server blocks for faster performance:
• Use strong SSL ciphers and protocols:
• Regularly renew your SSL certificates with Certbot:
• Monitor your server logs for unusual activity and optimize your backend services for better response times.

sudo certbot renew --dry-run

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;

listen 443 ssl http2;

Conclusion

Configuring Nginx as a reverse proxy with SSL on Ubuntu 24.04 for multiple domains is a powerful way to secure and streamline your web hosting environment. At ByteHosting, we provide reliable VPS hosting in Frankfurt that can handle these configurations effortlessly. By following this tutorial, you can ensure your websites are protected with SSL, efficiently managed, and ready to serve your visitors securely. If you need scalable hosting solutions or assistance, our team is here to support your journey to a robust web infrastructure.