NGINX

Before getting into nginx, lets enable the firewall 1) sudo ufw status

2) sudo ufw enable

3) Lets enable ssh, http and https

sudo ufw allow ssh sudo ufw allow http sudo ufw allow https

4) Check the status sudo ufw status

5) Now if you want to access your website only through ip and not ip:port number, we’ll install nginx for that.

sudo apt install nginx

If you hit the ip, you’ll see this page!

6) Lets configure the default file

  sudo nano /etc/nginx/sites-available/default*

  In the location section, comment try_files $uri $uri/ =404; using a #

  Add these commands-

    proxy_pass http://localhost:5000; #whatever port your app runs on
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;

Ctrl +x, y, enter

7) To check if everything is correct sudo nginx –t

8) Restart the service sudo service nginx restart

9) Now lets go back to our ip and reload it

There it is! Our node application is running on port 80. It is running on port 5000 but we are using nginx in front of it as a reverse proxy to access it through port 80

10) To additionally let in HTTPS traffic, allow the Nginx Full profile sudo ufw allow 'Nginx Full' sudo ufw status

SSL Certbot-

11) Obtaining a SSL certificate sudo apt install certbot python3-certbot-nginx

12) Certbot provides a variety of ways to obtain SSL certificates through plugins. The Nginx plugin will take care of reconfiguring Nginx and reloading the config whenever necessary. To use this plugin, type the following

sudo certbot --nginx -d example.com -d example.com

enter email A (agree) N (no)

2 (Redirect)

13) Congratulations!

Your certificates are downloaded, installed, and loaded. Try reloading your website using https:// and notice your browser’s security indicator. You’ll notice a lock!