Skip to main content

Reverse Proxy with Nginx

To install and configure Nginx with HTTPS support (SSL/TLS) on your Linux server, follow these steps. I'll outline the process assuming you're setting up Nginx on a Debian/Ubuntu system. Adjust commands and paths as needed for other distributions.

Step 1: Install Nginx

First, ensure your package lists are up-to-date, then install Nginx:

sudo apt update
sudo apt install nginx

Step 2: Obtain SSL/TLS Certificates

You can obtain SSL/TLS certificates for your domain using Let's Encrypt, which provides free certificates. Here’s how to set it up with Certbot, a tool for automatically managing Let's Encrypt certificates:

Install Certbot

sudo apt install certbot python3-certbot-nginx

Step 3: Configure Nginx for HTTPS

  1. Configure Nginx

    Create a new configuration file for your domain under Nginx's sites-available directory:

    sudo nano /etc/nginx/sites-available/<domain>
    

    Example Nginx configuration for HTTPS:

    server {
        listen 80;
        server_name <domain>;
    
        location / {
            return 301 https://$host$request_uri;
        }
    }
    
    server {
        listen 443 ssl;
        server_name <domain>;
    
        ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;
    
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
        location / {
            proxy_pass http://localhost:8080;  # Adjust to your Docker BookStack URL
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
    

    Replace <domain> with your actual domain name and adjust proxy_pass to point to your BookStack Docker container.

  2. Enable the Site

    Create a symbolic link to enable the site in Nginx:

    sudo ln -s /etc/nginx/sites-available/<domain> /etc/nginx/sites-enabled/
    
  3. Test Nginx Configuration

    Verify the Nginx configuration for syntax errors:

    sudo nginx -t
    
  4. Reload Nginx

    Apply the new configuration:

    sudo systemctl reload nginx
    

Step 4: Obtain SSL/TLS Certificates with Certbot

Run Certbot to obtain SSL certificates for your domain (<domain>):

sudo certbot --nginx -d <domain>

Follow the prompts to set up HTTPS for your domain. Certbot will automatically configure Nginx with SSL/TLS settings and handle certificate renewal.

Step 5: Verify HTTPS Setup

Access https://<domain> in your web browser to verify that Nginx is correctly serving your BookStack application over HTTPS.

Notes:

  • Firewall: Ensure ports 80 (HTTP) and 443 (HTTPS) are open in your firewall.
  • Security: Regularly update Nginx and renew SSL certificates before expiry.
  • Backup: Maintain backups of your Nginx configurations and SSL certificates.

This setup ensures secure access to your BookStack application with HTTPS, enhancing data security and user trust.