Setting Up Nginx as a Reverse Proxy with SSL on a VPS in 2026

Published on

Nginx reverse proxy with Let's Encrypt SSL is the standard for hosting web applications on a VPS. Here's the straightforward setup that actually works.

Written by Alex van der Berg – Infrastructure Engineer at Space-Node – 15+ years combined experience in game server hosting, VPS infrastructure, and 24/7 streaming solutions. Read author bio →

Setting Up Nginx as a Reverse Proxy with SSL on a VPS in 2026

Running your Node.js, Python, or PHP application directly exposed on port 80 is insecure and inflexible. Nginx as a reverse proxy sits in front of your application, handles SSL termination, and provides a clean, maintainable setup.

The Architecture

User Browser → Nginx (port 443, SSL) → Your App (port 3000, localhost only)

Your application never needs to handle SSL certificates. Nginx does it once and proxies plaintext internally.

Installation

sudo apt install nginx certbot python3-certbot-nginx

Nginx Virtual Host Configuration

Create a config file for your domain:

sudo nano /etc/nginx/sites-available/myapp

server {
    listen 80;
    server_name myapp.yourdomain.com;
    
    # Certbot challenge (needed for initial certificate)
    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }
    
    # Redirect HTTP to HTTPS
    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl http2;
    server_name myapp.yourdomain.com;
    
    ssl_certificate /etc/letsencrypt/live/myapp.yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/myapp.yourdomain.com/privkey.pem;
    
    # Security headers
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
    
    location / {
        proxy_pass http://127.0.0.1:3000;  # Your app's port
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

sudo ln -s /etc/nginx/sites-available/myapp /etc/nginx/sites-enabled/
sudo nginx -t  # Validate config
sudo systemctl reload nginx

Let's Encrypt SSL Certificate

sudo certbot --nginx -d myapp.yourdomain.com

Certbot modifies your Nginx config automatically to add SSL certificate paths. Certificates auto-renew via a cron job installed by certbot.

Multiple Apps Behind One Nginx

Each application gets its own server_name block. They can all run on different local ports:

# In sites-available/apps.conf:
server { server_name app1.yourdomain.com; location / { proxy_pass http://127.0.0.1:3001; } }
server { server_name app2.yourdomain.com; location / { proxy_pass http://127.0.0.1:3002; } }
server { server_name api.yourdomain.com; location / { proxy_pass http://127.0.0.1:4000; } }

Host multiple applications behind Nginx on Space-Node VPS

About the Author

Alex van der Berg – Infrastructure Engineer at Space-Node – Experts in game server hosting, VPS infrastructure, and 24/7 streaming solutions with 15+ years combined experience.

Since 2023
500+ servers hosted
4.8/5 avg rating

Our team specializes in Minecraft, FiveM, Rust, and 24/7 streaming infrastructure, operating enterprise-grade AMD Ryzen 9 hardware in Netherlands datacenters. We maintain GDPR compliance and ISO 27001-aligned security standards.

View Space-Node's full team bio and credentials →

Launch Your VPS Today

Get started with professional VPS hosting powered by enterprise hardware. Instant deployment and 24/7 support included.

Deploy VPS NowNeed Custom Config?
Setting Up Nginx as a Reverse Proxy with SSL on a VPS in 2026