How to Set Up a Reverse Proxy with nginx for Multiple Apps on One Server
The Architecture
Step 1: Install nginx
Step 2: Create Server Blocks
Step 3: Add SSL with Certbot
Step 4: Optimize the Shared nginx Config
Step 5: Handle WebSockets (if needed)
Useful nginx Commands Running multiple apps on a single $5/month VPS? nginx can route traffic to each one based on the domain name. Here's the complete setup. Each app runs on a different local port. nginx routes incoming requests to the right one. Certbot automatically updates your nginx configs to handle HTTPS and redirect HTTP → HTTPS. Add inside the http {} block: I built ARIA to solve exactly this.
Try it free at step2dev.com — no credit card needed. Templates let you quickly answer FAQs or store snippets for re-use. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse
Internet ↓
nginx (port 80/443) ├── app1.yourdomain.com → localhost:3001 ├── app2.yourdomain.com → localhost:3002 └── api.yourdomain.com → localhost:8080
Internet ↓
nginx (port 80/443) ├── app1.yourdomain.com → localhost:3001 ├── app2.yourdomain.com → localhost:3002 └── api.yourdomain.com → localhost:8080
Internet ↓
nginx (port 80/443) ├── app1.yourdomain.com → localhost:3001 ├── app2.yourdomain.com → localhost:3002 └── api.yourdomain.com → localhost:8080
sudo apt update && sudo apt install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginx
sudo apt update && sudo apt install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginx
sudo apt update && sudo apt install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginx
# Create config for each app
sudo nano /etc/nginx/sites-available/app1.yourdomain.com
# Create config for each app
sudo nano /etc/nginx/sites-available/app1.yourdomain.com
# Create config for each app
sudo nano /etc/nginx/sites-available/app1.yourdomain.com
server { listen 80; server_name app1.yourdomain.com; location / { proxy_pass http://127.0.0.1:3001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; }
}
server { listen 80; server_name app1.yourdomain.com; location / { proxy_pass http://127.0.0.1:3001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; }
}
server { listen 80; server_name app1.yourdomain.com; location / { proxy_pass http://127.0.0.1:3001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; }
}
# Enable the site
sudo ln -s /etc/nginx/sites-available/app1.yourdomain.com /etc/nginx/sites-enabled/ # Repeat for app2
sudo nano /etc/nginx/sites-available/app2.yourdomain.com
sudo ln -s /etc/nginx/sites-available/app2.yourdomain.com /etc/nginx/sites-enabled/ # Test config
sudo nginx -t # Reload
sudo systemctl reload nginx
# Enable the site
sudo ln -s /etc/nginx/sites-available/app1.yourdomain.com /etc/nginx/sites-enabled/ # Repeat for app2
sudo nano /etc/nginx/sites-available/app2.yourdomain.com
sudo ln -s /etc/nginx/sites-available/app2.yourdomain.com /etc/nginx/sites-enabled/ # Test config
sudo nginx -t # Reload
sudo systemctl reload nginx
# Enable the site
sudo ln -s /etc/nginx/sites-available/app1.yourdomain.com /etc/nginx/sites-enabled/ # Repeat for app2
sudo nano /etc/nginx/sites-available/app2.yourdomain.com
sudo ln -s /etc/nginx/sites-available/app2.yourdomain.com /etc/nginx/sites-enabled/ # Test config
sudo nginx -t # Reload
sudo systemctl reload nginx
sudo apt install certbot python3-certbot-nginx -y # Get certs for all your domains at once
sudo certbot --nginx -d app1.yourdomain.com -d app2.yourdomain.com -d api.yourdomain.com # Auto-renewal
sudo systemctl enable certbot.timer
sudo apt install certbot python3-certbot-nginx -y # Get certs for all your domains at once
sudo certbot --nginx -d app1.yourdomain.com -d app2.yourdomain.com -d api.yourdomain.com # Auto-renewal
sudo systemctl enable certbot.timer
sudo apt install certbot python3-certbot-nginx -y # Get certs for all your domains at once
sudo certbot --nginx -d app1.yourdomain.com -d app2.yourdomain.com -d api.yourdomain.com # Auto-renewal
sudo systemctl enable certbot.timer
sudo nano /etc/nginx/nginx.conf
sudo nano /etc/nginx/nginx.conf
sudo nano /etc/nginx/nginx.conf
# Gzip compression (applies to all sites)
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss; # Rate limiting zone (use in server blocks)
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s; # Security headers (apply to all)
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always; # Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
# Gzip compression (applies to all sites)
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss; # Rate limiting zone (use in server blocks)
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s; # Security headers (apply to all)
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always; # Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
# Gzip compression (applies to all sites)
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss; # Rate limiting zone (use in server blocks)
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s; # Security headers (apply to all)
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always; # Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
location /socket.io/ { proxy_pass http://127.0.0.1:3001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 86400; # Keep connection alive for 24h
}
location /socket.io/ { proxy_pass http://127.0.0.1:3001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 86400; # Keep connection alive for 24h
}
location /socket.io/ { proxy_pass http://127.0.0.1:3001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 86400; # Keep connection alive for 24h
}
sudo nginx -t # Test config
sudo systemctl reload nginx # Reload without downtime
sudo systemctl restart nginx # Full restart
sudo nginx -T # Print full parsed config
sudo tail -f /var/log/nginx/error.log # Watch errors live
sudo nginx -t # Test config
sudo systemctl reload nginx # Reload without downtime
sudo systemctl restart nginx # Full restart
sudo nginx -T # Print full parsed config
sudo tail -f /var/log/nginx/error.log # Watch errors live
sudo nginx -t # Test config
sudo systemctl reload nginx # Reload without downtime
sudo systemctl restart nginx # Full restart
sudo nginx -T # Print full parsed config
sudo tail -f /var/log/nginx/error.log # Watch errors live
