Ubuntu VM ReverseProxy with SSL

NGINX Setup Guide for thestorywand.com

1. Update Package Lists and Install NGINX

sudo apt update
sudo apt install nginx

2. Configure Firewall

Allow standard web traffic (HTTP on port 80 and HTTPS on port 443). 'Nginx Full' is a convenient profile that covers both ports.

sudo ufw allow 'Nginx Full'

CRITICAL: Explicitly allow incoming connections for SSH (port 22). If you skip this, the firewall will block SSH after it's enabled and the server reboots.

sudo ufw allow 'OpenSSH'
sudo ufw enable

Check the status to confirm your rules are active:

sudo ufw status

3. Create NGINX Configuration

Create a new configuration file for your domain:

sudo nano /etc/nginx/sites-available/thestorywand.com

Add the following configuration:

server {
    listen 80;
    server_name thestorywand.com www.thestorywand.com;
    return 301 https://thestorywand.com$request_uri;
}

server {
    listen 443 ssl;
    server_name www.thestorywand.com;

    ssl_certificate /etc/letsencrypt/live/thestorywand.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/thestorywand.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    return 301 https://thestorywand.com$request_uri;
}

server {
    listen 443 ssl;
    server_name thestorywand.com;

    ssl_certificate /etc/letsencrypt/live/thestorywand.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/thestorywand.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

4. Install Certbot and Enable Site

sudo apt install certbot python3-certbot-nginx
sudo ln -s /etc/nginx/sites-available/thestorywand.com /etc/nginx/sites-enabled/

5. Obtain SSL Certificate

Run Certbot to detect your domains from the NGINX config, obtain the certificate, and automatically edit your config file to include the SSL paths:

sudo certbot --nginx -d thestorywand.com -d www.thestorywand.com

6. Test and Restart NGINX

sudo nginx -t
sudo systemctl restart nginx