Installing Express/Nginx app with SSL using Certbot on Ubuntu 18.04
This is a quick guide on how to setup NGINX as a reverse proxy in front of an Express.js application and how to have a free SSL certificate using Certbot, all in under 10 minutes!
Node.js & Express
Installing Node.js 10.x
curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
sudo apt-get install -y nodejs
Creating a basic Express app
mkdir my-app
cd my-app
npm init # Fill the form
npm install express
Create an index.js file and paste the following:
nano index.js
'use strict';
const express = require('express');
const app = express();
app.get('/', (req, res) => {
res.send('Express/Nginx/Certbot tutorial');
});
app.listen(3001);
Install PM2
PM2 is a Node.js process manager that will run our app on the background & restart it on boot/crash.
sudo npm install -g pm2
sudo pm2 startup
sudo pm2 start index.js
sudo pm2 save
We can check that our app is running visiting http://yourdomain.com:3001 (You don't have an SSL certificate yet so https won't work)
Installing & Setting up Nginx
sudo apt install nginx
Now we have to create a server configuration
sudo nano /etc/nginx/sites-available/yourdomain.com.conf
And copy the following:
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
location / {
proxy_pass http://localhost:3001; # Change the port if needed
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Nginx lacks the command a2ensite that apache2 has on Ubuntu, so we have to create the symlink running the following command:
sudo ln -s /etc/nginx/sites-available/yourdomain.com.conf /etc/nginx/sites-enabled/
After that, we need to run:
sudo service nginx restart # or reload
To check Nginx installation visit: http://yourdomain.com
You will need to see the Express application being served.
Certbot:
Installation
sudo apt update
sudo apt install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install python-certbot-nginx
Getting the certificate:
sudo certbot --nginx
The command will automatically detect the domain/s used in the server_name directive of the nginx conf.
After the execution you will have a certificate & the Nginx configuration will be changed automatically to use it.
Restart Nginx
sudo service nginx restart
And now go to: https://yourdomain.com
Thanks for the guide, super fast and clear instructions! Only question is, with these instructions for installing certbot, will it auto renew the certificates? Guessing it’s supposed to be done every 60 days or so? I couldn’t find anything in the crontab…
Hi Marcos I followed the above steps, but 502 bad gateway error coming on this domain https://beta.havehalalwilltravel.com
But this link working fine: https://beta.havehalalwilltravel.com:3002/
But I want my app working on https://beta.havehalalwilltravel.com
Bad gateway means that Nginx can’t communicate correctly with the application. I’ll need to see your nginx conf.
Very cool! I followed the guide, everything went through, no errors. SSL still not working though? It takes some time to propogate or should it work immediately?
If you can access with HTTP (port 80), then the DNS is propagated and HTTPS should work.
Don’t forget to restart Nginx, and make sure you don’t have a firewall blocking port 443.
Thank you, it was a firewall problem 😁