Skip to content

Nginx Configuration

Amit Das edited this page Apr 28, 2026 · 1 revision

🌐 Nginx Configuration

This guide explains how to configure Nginx for SecureAuth.

Nginx is used as a reverse proxy to securely route traffic to the SecureAuth backend server.


🚀 Why Use Nginx?

Benefits of using Nginx:

  • Reverse proxy support
  • HTTPS/SSL termination
  • Better performance
  • Security improvements
  • Load balancing support

📋 Requirements

Before starting:

  • Ubuntu/Linux server
  • Nginx installed
  • SecureAuth running on port 3000

📦 Install Nginx

Ubuntu installation:

sudo apt update

sudo apt install nginx -y

▶️ Verify Nginx Status

sudo systemctl status nginx

⚙️ Basic Reverse Proxy Configuration

Create a new Nginx configuration file.

Example:

sudo nano /etc/nginx/sites-available/secureauth

🌍 Basic Nginx Configuration

server {

    listen 80;

    server_name yourdomain.com;

    location / {

        proxy_pass http://127.0.0.1:3000;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_http_version 1.1;
    }
}

🔗 Enable Configuration

sudo ln -s /etc/nginx/sites-available/secureauth /etc/nginx/sites-enabled/

🔍 Test Nginx Configuration

sudo nginx -t

🔄 Restart Nginx

sudo systemctl restart nginx

🔒 Enable HTTPS (Recommended)

HTTPS is strongly recommended for production deployments.


📦 Install Certbot

sudo apt install certbot python3-certbot-nginx -y

🔐 Generate SSL Certificate

sudo certbot --nginx -d yourdomain.com

🌍 HTTPS Configuration Example

server {

    listen 443 ssl;

    server_name yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

    location / {

        proxy_pass http://127.0.0.1:3000;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_http_version 1.1;
    }
}

⚡ WebSocket Support

If WebSocket support is needed:

location / {

    proxy_pass http://127.0.0.1:3000;

    proxy_http_version 1.1;

    proxy_set_header Upgrade $http_upgrade;

    proxy_set_header Connection "upgrade";

    proxy_set_header Host $host;
}

📁 Recommended Nginx Structure

/etc/nginx/
├── nginx.conf
├── sites-available/
│   └── secureauth
└── sites-enabled/
    └── secureauth

🔥 Firewall Configuration

Allow required ports.

sudo ufw allow 80

sudo ufw allow 443

🛡️ Security Recommendations

For production deployments:

  • Enable HTTPS
  • Disable unused ports
  • Use strong SSL settings
  • Restrict server access

📊 Recommended Production Flow

Client
  ↓
Nginx Reverse Proxy
  ↓
SecureAuth Backend
  ↓
Authentication Validation

⚠️ Common Issues


502 Bad Gateway

Cause:

  • Backend server not running

Check backend:

curl http://127.0.0.1:3000

Nginx Configuration Error

Test config:

sudo nginx -t

SSL Certificate Issues

Renew certificates:

sudo certbot renew

Permission Issues

Restart Nginx:

sudo systemctl restart nginx

🔍 Verify Deployment

Test application:

curl http://yourdomain.com

📱 PWA Recommendation

For proper PWA support:

  • Use HTTPS only
  • Ensure service workers load correctly

✅ Next Steps

Continue with:


Secure • Fast • Modern ⚡

Clone this wiki locally