Proxying a Node.js app and enabling HTTPS with Let's Encrypt
Target: Ubuntu 20.04–24.04 LTS
Use case: Running Node.js app on port3000via PM2
Domain:taleem.help(must already point to your droplet's IP via A-record)
Keep your system up to date:
sudo apt update && sudo apt upgrade -y
Enable UFW to secure your server, allowing only essential ports.
sudo apt install -y ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow OpenSSH
sudo ufw allow http
sudo ufw allow https
Optional (Advanced): Lock SSH to your IP only
sudo ufw allow from YOUR.IP.ADDR.HERE/32 to any port 22 proto tcp
sudo ufw enable
sudo ufw status verbose
sudo apt install -y nginx
sudo systemctl enable --now nginx
Test by visiting:
http://YOUR_SERVER_IP
You should see the Nginx welcome page.
We'll proxy http://taleem.help → http://localhost:3000
sudo nano /etc/nginx/sites-available/taleem.help
server {
listen 80;
server_name taleem.help www.taleem.help;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
sudo ln -s /etc/nginx/sites-available/taleem.help /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx
Now, http://taleem.help (without port 3000) should open your app.
sudo snap install core && sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx -d taleem.help -d www.taleem.help
Certbot will:
sudo certbot renew --dry-run
Visit:
http://taleem.help → should redirect to https://taleem.helphttps://taleem.help → should show your Node.js app with a secure lock icon| What you did | Tool Used |
|---|---|
| Secured ports | UFW |
| Installed reverse proxy | Nginx |
| Set up HTTPS | Certbot (Let's Encrypt) |
| Reverse proxied Node app | http://localhost:3000 → https://taleem.help |
Everything is now production-ready:
:3000