How to Setup a Nginx Reverse Proxy With Let's Encrypt for Microservices

Let’s say one of your micro services is running on http://localhost:3000
If you already have a nginx service running on the server, create a server block like this:

1vim /etc/nginx/sites-available/

Grab this content to paste in:

 1server {
 3        server_name;
 5        root /var/www/html;
 6        index index.html;
 8        location / {
 9                proxy_pass http://localhost:3000;
10                proxy_http_version 1.1;
11                proxy_set_header Upgrade $http_upgrade;
12                proxy_set_header Connection 'upgrade';
13                proxy_set_header Host $host;
14                proxy_cache_bypass $http_upgrade;
15        }

Make a link of the config file:

1sudo ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled/

Check the validity of your config file with this command

1sudo nginx -t

Now that it went fine, you will be able to see your public domain will be showing your landing page or something like that.
It’s time to secure your service with Let’s Encrypt (Let's just assume that the server is running Ubuntu 18.04 Bionic for simplicity):

1apt-get update
2apt-get install software-properties-common
3add-apt-repository universe
4add-apt-repository ppa:certbot/certbot
5apt-get update
6apt-get install certbot python-certbot-nginx
7certbot --nginx

Now, you will have to configure a cron job for auto-renewing the received certificates.

1certbot renew --dry-run
2crontab -e

Grab this code followed by an empty line

10 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew

It seems you did an awesome job! 😉
A Bonus Tip: Nginx Purging - Right Way

1apt purge nginx nginx-common nginx-full

On CentOS 7/8, you need to configure SELinux as well like so:

1setsebool -P httpd_can_network_connect on

Happy coding! 😎

comments powered by Disqus