Configure Nginx as a Reverse Proxy with SSL on Ubuntu 24.04 VPS for Multiple Domains

Introduction

At our company, we understand the importance of securing and optimizing your web services. One effective way to do this is by configuring Nginx as a reverse proxy with SSL on your Ubuntu 24.04 VPS. This setup not only enhances security but also improves performance when managing multiple domains. In this guide, we will walk you through the process of configuring Nginx as a reverse proxy for multiple domains on Ubuntu 24.04, ensuring your sites are both secure and efficient.

Prerequisites

Before we begin, ensure you have the following:

• An Ubuntu 24.04 VPS with root or sudo access
• Nginx installed and running on your server
• Domain names pointing to your VPS IP address (DNS records configured)
• Basic knowledge of terminal commands and editing configuration files

If you haven't installed Nginx yet, you can do so with:

sudo apt update
sudo apt install nginx

Configuring Nginx Server Blocks for Multiple Domains

Our first step is to set up individual server blocks for each domain. This allows Nginx to handle multiple sites on a single VPS. Let's assume you have two domains: example1.com and example2.com.

Create Directory Structure

For each domain, create a directory to hold your website files:

sudo mkdir -p /var/www/example1.com/html
sudo mkdir -p /var/www/example2.com/html

Set proper permissions:

sudo chown -R $USER:$USER /var/www/example1.com/html
sudo chown -R $USER:$USER /var/www/example2.com/html

Create Sample Index Files

For testing, create simple index.html files:

echo '<h1>Welcome to Example1.com</h1>' | sudo tee /var/www/example1.com/html/index.html
echo '<h1>Welcome to Example2.com</h1>' | sudo tee /var/www/example2.com/html/index.html

Configure Server Blocks

Create configuration files for each domain in /etc/nginx/sites-available/. For example, example1.com:

sudo nano /etc/nginx/sites-available/example1.com

Insert the following configuration:

server {
    listen 80;
    server_name example1.com www.example1.com;

    root /var/www/example1.com/html;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}

Repeat for example2.com with appropriate server_name and root paths.

Enable the sites by creating symbolic links:

sudo ln -s /etc/nginx/sites-available/example1.com /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/example2.com /etc/nginx/sites-enabled/

Test Nginx configuration and reload:

sudo nginx -t
sudo systemctl reload nginx

Setting Up SSL Certificates with Let's Encrypt

Next, we secure each domain with SSL certificates from Let's Encrypt. We recommend using Certbot for automation.

Install Certbot

sudo apt install certbot python3-certbot-nginx

Obtain and Install Certificates

Run Certbot for each domain:

sudo certbot --nginx -d example1.com -d www.example1.com
sudo certbot --nginx -d example2.com -d www.example2.com

This process automatically configures SSL in your Nginx server blocks and sets up auto-renewal.

Configuring Reverse Proxy Rules and Proxy Headers

With SSL in place, we now configure Nginx to act as a reverse proxy. This is useful if your backend services run on different ports or servers.

Example Proxy Configuration

Suppose your backend services are running on ports 3000 and 4000 for each domain. Update your server blocks as follows:

server {
    listen 80;
    server_name example1.com www.example1.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
    listen 80;
    server_name example2.com www.example2.com;

    location / {
        proxy_pass http://localhost:4000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Remember to reload Nginx after making changes:

sudo nginx -t
sudo systemctl reload nginx

Testing Your Configuration

Visit each domain in your browser to verify that the SSL certificates are active and the reverse proxy is functioning correctly. You should see your sample pages load securely with https://.

You can also use online tools like SSL Labs to check your SSL configuration and ensure your sites are secure.

Troubleshooting Common Issues

• SSL certificate errors: Ensure Certbot completed successfully and your DNS records are correct.
• Proxy not working: Check your proxy_pass URLs and ensure your backend services are running.
• Nginx syntax errors: Always test your configuration with nginx -t before reloading.

Conclusion

Configuring Nginx as a reverse proxy with SSL on Ubuntu 24.04 is a powerful way to manage multiple domains securely and efficiently. By following our step-by-step guide, you can set up a robust environment that enhances your website's security and performance. Whether you're hosting simple static sites or complex web applications, this setup provides a scalable foundation. If you're interested in exploring our VPS plans, we offer flexible options to suit your needs. Start optimizing your web infrastructure today!