Guides/Server Setup
Server Setup8 min read

How to Set Up Nginx as a Reverse Proxy on Ubuntu

A reverse proxy lets Nginx sit in front of your Node.js, Python, or any app running on a local port and serve it securely on port 80/443 with SSL. This guide covers the full setup.

In this guide

  1. 01Install Nginx
  2. 02Create a Server Block (Virtual Host)
  3. 03Test and Reload Nginx
  4. 04Add SSL with Certbot (Let's Encrypt)
  5. 05Add WebSocket Support
  6. 06Add Gzip Compression and Caching

Install Nginx

Run: sudo apt update && sudo apt install -y nginx. Start it: sudo systemctl start nginx && sudo systemctl enable nginx. Test it is working by visiting your server IP in a browser — you should see the Nginx welcome page. Allow it through UFW: sudo ufw allow "Nginx Full".

Create a Server Block (Virtual Host)

Create a new config file: sudo nano /etc/nginx/sites-available/myapp. Add a basic proxy block: server { listen 80; server_name yourdomain.com; location / { proxy_pass http://localhost:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }. Enable it: sudo ln -s /etc/nginx/sites-available/myapp /etc/nginx/sites-enabled/

Test and Reload Nginx

Always test your config before reloading: sudo nginx -t. If the output says "syntax is ok" and "test is successful," reload: sudo systemctl reload nginx. Never use restart if reload works — restart briefly drops all connections, reload applies changes without downtime. If the test fails, the error message includes the line number with the problem.

Add SSL with Certbot (Let's Encrypt)

Install Certbot: sudo apt install -y certbot python3-certbot-nginx. Get a free SSL certificate: sudo certbot --nginx -d yourdomain.com. Certbot automatically modifies your Nginx config to redirect HTTP to HTTPS and adds the SSL certificate. Certificates auto-renew via a systemd timer. Test renewal: sudo certbot renew --dry-run.

Add WebSocket Support

If your app uses WebSockets (Socket.io, real-time chat, etc.), add these headers to your proxy block: proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";. Without these, WebSocket connections will fail silently and your real-time features will not work behind Nginx.

Add Gzip Compression and Caching

In /etc/nginx/nginx.conf, inside the http { } block, add: gzip on; gzip_types text/plain text/css application/json application/javascript text/xml; gzip_min_length 256;. For static asset caching, add to your server block: location ~* \.(js|css|png|jpg|svg)$ { expires 1y; add_header Cache-Control "public, immutable"; }. This significantly improves page load speed.

Need Help?

Want this done for you?

Our engineering team handles implementations like this every week. Get a free scoping call — we will tell you exactly what it takes and what it costs.

Book a free call

More Server Setup Guides

How to Install OpenClaw on Ubuntu EC2 (AWS)

10 min

How to Install OpenClaw on a DigitalOcean Droplet

8 min

How to Set Up PM2 for Node.js in Production

7 min

All Server Setup guides

Strategic Industries

Modular Solutions

Core Stack

Regional Intelligence Hubs

Engineering in New YorkEngineering in Los AngelesEngineering in ChicagoEngineering in HoustonEngineering in MiamiEngineering in TorontoEngineering in VancouverEngineering in LondonView Global Infrastructure →

Competitive Intelligence

vs Toptalvs Accenturevs Freelancers

Efficiency Modeling

Financial Impact Model

Governance

100% Code OwnershipEnterprise Security Protocol

© 2026 NexWorldTech — Built for Global Dominance.

Node Status: OperationalSystem Latency: 42ms