this is my (I don't know, maybe) 5-6 times back to this video, Chris especially in this video is very very my go-to solution in every server I have, I try so many videos about this nginx reverse proxy and SSL things, and no one has very well clear explanation and solving my problem, this video is only one that can solve, and I try in my all servers, and of course, no one fails. really appreciate Chris, you're my man!
Thank you sir, your videos and tutorials are outstanding. Really helped me to get services behind a reverse proxy in a Docker environment where I already have LE certificates for the domain. I just did a happy dance in my lab and I'm sure my client will be doing the same once I show them. Now I must head over to patreon and give a wee bit back for your hard work and generosity!
Hello Christian, great videos! You forgot to mention one thing in 'Check if auto-renew is working' section: the cronjob won't be executed on systems with systemd (it's written in the comment section of the cronjob after 'Important note!'). So the correct way of checking auto-renewal would be verifying if certbot.timer is active (either by systemctl list-timers or systemctl status certbot.timer)
Amazing tutorial, helped me a lot with apache guacamole, as I could not find a specific tutorial and all the ones I found were wayyyy more complicated. Keep up the good work!
Vielen vielen Dank! Das Video hat mir sehr gut weitergeholfen und ich es wurde auch sehr gut erklärt. Zu keiner Zeit habe ich Probleme gehabt zu wissen was ich da überhaupt mache.
What I do now when I want to use the Reverse Proxy only for the incoming host but I want/must request the LE-SSL Certs in the machine where the web application is running?
I cannot ever get a reverse proxy to work. Do I need to install nginx on EVERY container that I want to expose or can I install nginx proxy manager on 1 virtual machine and use that for every other virtual machine I want to expose
I've attempted to learn nginx like 4 times and this was the first video that mentioned that you can just define multiple server blocks. I feel really dumb right now, especially since this video is also already 2 years old, so I probably could've found it the first time.
Hi, in lets encrypt site it said to install certbot through snap… what are the difference by using apt get then? I cannot renew cert from installing through snap and no mention for installing python3-certbot-nginx
Hi, thanks for the video! I first used the nginx proxy with HestiaCP, which has apache & nginx reverse proxy out of the box. And it creates the let's encrypt certificates via nginx conf files (cpanel on the contrary creates real directories and DNS entries to have the acme challenge).
Hi Christian, excellent video. Perhaps in a future video you could do what I'm setting out to set up for myself: nginx reverse proxy with letsencrypt docker container that is able to serve up a site on a separate server (separate machine, IP, OS, etc), as well as from docker containers on the same docker host. I'm still trying to get my head around what I need to accomplish it as I'm a docker newbie myself.
Can you make a video on how you connected to your ssh server file system using Visual Studio Code. I installed Remote SSH in VS Code and logged in under the normal user but I can't login as the root user so I'm getting an error when I try to delete the default file under sites-enabled.
hey Christian, i'm trying to setup a reverse proxy Nginx to catch and route to a torrent web server internally and cant figure how, can you lend a hand?
Hello, I have a reverse proxy with Nginx and a webserver with apache2. The webserver is working well when running "alone" ... But if i add the reverse proxy on the top, it show me the default debian web page .... Any idea ?
Nice tutorial. Yes pls show us how to add wildcards and how to add multiple website configuration. Just btw, this certbot is limited to 5 renews per day, if your encryption isnt working and you already tied 5 times unssuccessfuly, it still counts as a try. You will have to wait a day. You dont understand how many times I tried before finding that out 🤣
Thank you so much for the feedback! I think multiple website configuration is really a great topic, also in combination with wildcard certs, so stay tuned :)
I'm new to linux, but as far as i know, sudo apt update only returns a list of what needs updating, sudo apt upgrade is the command required to actually do the upgrade?
Dear Christian Lempa, I have problems. Safari browser can not connect my website. It's only connect pass with 80 port, no connect with 443 port meanwhile, chorme, firefox ...all connect with my website. I had tried many methods, but it is fault. Please, you and everyone help me. Thank you so much
Hello, Excellent videos. I ask you for advice on the following: I have wordpress installed on amazon linux 2 with nginx, mounted an EFS and an RDS. Connect an ALB to the instance, the instance can be accessed only from the ALB on port 80. All good if I access the ALB on port 80, but when I install the ssl certificate on the ALB, the page generates mixed content (Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure stylesheet ''.)
Another problem I have ... If within the local intranet, I want to access the web server (which is part of the same intranet), I do not want the path to be through the Internet, via a reverse proxy, to finally reach the server that was within the same intranet ... So, I thought about deploying a Split-Brain DNS, where the public address is resolved to an intranet IP, but for this, I need to have the LetsEncrypt certificate, on the local server (in addition to the reverse proxy ) ... again, the only thing I can think of is to export via NFS the directory that contains the certificates in the reverse proxy, to be able to mount them on the corresponding web server ... Is that so, or are other techniques used?
so I just tried this with my docker services, and I tried changing the locations for each of my apps. The first one, emby, works fine if try to access them with ipaddress/emby. However, even though the rest of the services are configured using the same syntax, they don't appear. They don't give me a 404 error either is there a limit on subsites you can configure or something?
I have a question. Does this work with a website inside an Intranet network, that is not reachable from the outside internet ? I still want to secure all requests to be encrypted.
sure that works regardless of the internet or local access, check out my other tutorials about dns server, letsencrypt and traefik. I'm all running it locally
I managed to get it working, but after the last step my nginx returns "404 Not Found nginx/1.14.0 (Ubuntu)" when I visit the site, even though the container is still running in docker-compose. Do you know what could cause this?
Nice video! Unfortunately it doesn't work for me and I can't understand why. I have a domain with cloudflare and the challenge fail the authorization. Any idea? Thanks
And another question I have about it ... If my website uses HTTP2 (which requires SSL), can I point the reverse proxy to https: //mysslserver.intra.local/? (Assume that an SSL certificate issued by a local Root-CA trusted by both the webserver and the reverse proxy has been correctly configured on the destination web server).
Can you please advice how to set up Nginx Proxy for Java app what is running on Ubuntu alongside of Nginx webserver? I made the proxy work for normal TCP 80/443 but I have problem to add there UDP, as the app needs access to TCP/UDP 80/443. I made proxy to localhost:5001 and localhost:5002 But I cannot find any help on internet how to also use UDP
Do you have a tutorial for setting up a NGINX as reverse proxy for more than one web server behind it? Note the multiple web server are on the same system, in other words, they share the same IP address but are under folders of different users. For example, /home/user1/, /home/user2/ . Thanks
Not really, I started using other apps for rev proxy and load balancing that integrate better with my docker and k8s setup. Maybe take a look at my traefik videos :)
You can technically do all this stuff in your app, but usually it's easier to use something like a reverseproxy. Check out my video about nginx proxy manager, it's really easy.
As always good stuff, really enjoy the content this channel will grow mark my word. Please make a video also on traefik, 1 ip with 2 or more container or Web apps. That will help us home users who can get only 1 ip from their ISP Otherwise hack on !!!!
I did it but does not work for me. Says unable to connect but I followed step by step. Also changed port forwarding on the router. All works fine until I install the certificate
Hi Christian, greetings from Colombia, I have a question..do Ihave to install the ssl certificate in the server that it has been proxyed ? thanks in advanced
You can, but usually you just install the SSL cert on the reverse proxy, that terminates the connection. Then you don't need to install the cert on the read website/app itself.
Will this work for multiple apps/websites? Is it just a case of adding a second server block for the second app/website? And can you get 2 certificates the same way?
Hei, danke fürs video, kannst du bitte mal beispiele geben wie es ist wenn man 3 oder 4 server hat die angesprochen werden sollen, wie sieht dann welche conf datei aus? danke
Hi, du kannst einfach mehrere vserver configs hinzufügen, allerdings verwende ich mitlerweile kein nginx mehr für reverse proxies sondern traefik. Oder es gibt auch noch den nginx proxy manager, der ist viel einfacher zu konfigurieren, hab dazu auch schon mal ein video gemacht ;)
@@christianlempa danke, das guck ich mir mal an. hab zwar jetzt die nginx.conf fertig aber es gibt ein problem mit einer endlosschleife bei nextcloud und find den fehler nicht, vielleicht ist es bei traefik ja anders..
Awesome!! Thanks for the video!! I just have one question: what do I need to do if I want to have access to a web app and also a website, in this case, the default nginx web page? I noticed in this tutorial that now, when you go to the website, it is redirected to the Python simulated web app, but what about the nginx default webpage? How do you get to that now?
Hello, Christian, I have docker&portainer installed on my server. Now I want to use nginx as a reverse proxy. So the question is: do I need to install nginx on Ubuntu or deploy the container on docker?
I did a video on some of my favorite VSCode extensions, there is the "Remote SSH" extension that you can use to do that. Here is the full video: ua-cam.com/video/JgEfBpZtmPc/v-deo.html
Hallo Christian, danke für dieses Video. Allerdings hatte ich gehofft, Du zeigst wie man ein wildcard certificate einbindet und man sich so ein certificate für jede subdomain erspart. In meinem Fall habe ich Nextcloud auf Ubuntu server schon mit nginx installiert und möchte diesen jetzt mit einem wildcard certificate versehen, um auf Navidrome und den turnserver (für Nextcloud Talk) zugreifen zu können. Auf Truenas core funktionierte das wunderbar, für Ubuntu bin ich offensichtlich zu blöd.
I will soon make a video about nginx multi-site configuration with wildcard certs, I also will put some other location recommendations in there. Don't know if this is what you're asking for but if you have a specific question you may also check out our discord community, I'm sure we can help you :)
Sure I would like to see how to implement wildcard certificate
Greetings Christian
Thank you for your contributions, these videos are very interesting.
Glad you like them!
this is my (I don't know, maybe) 5-6 times back to this video, Chris especially in this video is very very my go-to solution in every server I have, I try so many videos about this nginx reverse proxy and SSL things, and no one has very well clear explanation and solving my problem, this video is only one that can solve, and I try in my all servers, and of course, no one fails. really appreciate Chris, you're my man!
Thank you sir, your videos and tutorials are outstanding. Really helped me to get services behind a reverse proxy in a Docker environment where I already have LE certificates for the domain. I just did a happy dance in my lab and I'm sure my client will be doing the same once I show them. Now I must head over to patreon and give a wee bit back for your hard work and generosity!
Hello Christian, great videos! You forgot to mention one thing in 'Check if auto-renew is working' section: the cronjob won't be executed on systems with systemd (it's written in the comment section of the cronjob after 'Important note!'). So the correct way of checking auto-renewal would be verifying if certbot.timer is active (either by systemctl list-timers or systemctl status certbot.timer)
Thank you so much! Also for sharing the details!
I finally found the correct content, this is the way to configure reverse proxy and point traffic to out tomcat applications etc. Thanks for the video
Glad it helped!
Amazing tutorial, helped me a lot with apache guacamole, as I could not find a specific tutorial and all the ones I found were wayyyy more complicated. Keep up the good work!
Thank you so much!
Endlich ein Howto ohne Docker. Vielen Dank du sparst mir viel Arbeit!
Hehe gern geschehen 😉
Concise, well presented and straight to the point! Thank you very much
Vielen vielen Dank!
Das Video hat mir sehr gut weitergeholfen und ich es wurde auch sehr gut erklärt. Zu keiner Zeit habe ich Probleme gehabt zu wissen was ich da überhaupt mache.
Thanks man, Really apreciate when someone explains the code instead of just copy pasting for us
Thanks! Glad you liked it :)
This excellent presentation requires more likes and share, thank you
man i LOVE YOU
BRO really you make my day after 6 hours of searching you save me
haha thanks bro :)
Yes, please augment your excellent video by showing how to do certification for Wireguard. Vielen Dank.
This earned my subscription... Excited for video of this on docker
Thanks mate! I already did some videos about Docker, Kubernetes is coming soon as well :)
Wow! This is an exceptional tutorial. Thank you so much, exactly what I needed.Will definitely check out all the rest of your content!
Awesome, thank you!
Interested to see if there is a follow-up for production envs, like with email verification step
This is the video I was looking for
Thank Chirstian, it helps me a lot.
Thanks for watching! :)
Very Great tutorial. Very clear. Thanks for helping!
Thanks! You’re welcome
Thank you very much Christian, you helped me with a big issue, thanks!!
How did nginx open in vscode?
Can someone elaborate
Thank you! This is really helpful man.
Glad it helped!
one of those great tutorials that all you have to do is follow step by step and it really works! huge thanks
A very detailed explanation. Thank you
You're welcome
What I do now when I want to use the Reverse Proxy only for the incoming host but I want/must request the LE-SSL Certs in the machine where the web application is running?
I cannot ever get a reverse proxy to work. Do I need to install nginx on EVERY container that I want to expose or can I install nginx proxy manager on 1 virtual machine and use that for every other virtual machine I want to expose
I've attempted to learn nginx like 4 times and this was the first video that mentioned that you can just define multiple server blocks. I feel really dumb right now, especially since this video is also already 2 years old, so I probably could've found it the first time.
Hi, in lets encrypt site it said to install certbot through snap… what are the difference by using apt get then? I cannot renew cert from installing through snap and no mention for installing python3-certbot-nginx
Hi, thanks for the video! I first used the nginx proxy with HestiaCP, which has apache & nginx reverse proxy out of the box. And it creates the let's encrypt certificates via nginx conf files (cpanel on the contrary creates real directories and DNS entries to have the acme challenge).
¡¡Thanks a lot!! After many research finally got to your video and solved my sites ssl conection errors.
You’re welcome ☺️
thanks for this video. it helped me a lot!
Glad it helped!
Master class content
Thanks :D
great job man!
Thanks!
why would someone want to hide the real server? I've seen this software used by pirate video sites to hid the video host.
thank youuuuuu sooooo muchhhhhhhhh I am trying for last 2 days day and night :-( for this
your really really great thank you sooooo much :-)
Hi Christian, excellent video. Perhaps in a future video you could do what I'm setting out to set up for myself: nginx reverse proxy with letsencrypt docker container that is able to serve up a site on a separate server (separate machine, IP, OS, etc), as well as from docker containers on the same docker host. I'm still trying to get my head around what I need to accomplish it as I'm a docker newbie myself.
Hey man, I've done some video about portainer and nginx proxy manager, which both is about docker. Maybe this is what you need :)
@@christianlempa Great! I will take a look, thank you!
So it is easier than thought. Thanks a lot.
Most welcome 😊
In this example For your domain name which domain name service provider you had gone for
Great explanation, thank you!
Thanks!
Can you make a video on how you connected to your ssh server file system using Visual Studio Code. I installed Remote SSH in VS Code and logged in under the normal user but I can't login as the root user so I'm getting an error when I try to delete the default file under sites-enabled.
So apparently cert bot is a snap now do we still need the python module to generate the certs?
hey Christian, i'm trying to setup a reverse proxy Nginx to catch and route to a torrent web server internally and cant figure how, can you lend a hand?
Great, thanks!
Please add to your next episodes list:
Backup management, if it is Borg, it will be great
Great suggestion!
I need to find someone to help me get set up with a reverse dns proxy to 2 separate Webflow sites. Can anybody help?
Hello, I have a reverse proxy with Nginx and a webserver with apache2. The webserver is working well when running "alone" ... But if i add the reverse proxy on the top, it show me the default debian web page .... Any idea ?
writing the full path of the DocumentRoot of my webserver in the "proxypass" seems to work :)
Nice tutorial. Yes pls show us how to add wildcards and how to add multiple website configuration.
Just btw, this certbot is limited to 5 renews per day, if your encryption isnt working and you already tied 5 times unssuccessfuly, it still counts as a try. You will have to wait a day. You dont understand how many times I tried before finding that out 🤣
Thank you so much for the feedback! I think multiple website configuration is really a great topic, also in combination with wildcard certs, so stay tuned :)
@@christianlempa Did you ever create a video for multi site nginx with wildcard? I wasn't able to find it searching. Thank you!!
I'm new to linux, but as far as i know, sudo apt update only returns a list of what needs updating, sudo apt upgrade is the command required to actually do the upgrade?
Why use Visual Studio? Isn’t it for programming?
Dear Christian Lempa,
I have problems.
Safari browser can not connect my website. It's only connect pass with 80 port, no connect with 443 port
meanwhile, chorme, firefox ...all connect with my website.
I had tried many methods, but it is fault.
Please, you and everyone help me.
Thank you so much
what policy do i put on the firewall to direct request to reverse proxy?
Hello,
Excellent videos. I ask you for advice on the following: I have wordpress installed on amazon linux 2 with nginx, mounted an EFS and an RDS. Connect an ALB to the instance, the instance can be accessed only from the ALB on port 80. All good if I access the ALB on port 80, but when I install the ssl certificate on the ALB, the page generates mixed content (Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure stylesheet ''.)
Another problem I have ...
If within the local intranet, I want to access the web server (which is part of the same intranet), I do not want the path to be through the Internet, via a reverse proxy, to finally reach the server that was within the same intranet ... So, I thought about deploying a Split-Brain DNS, where the public address is resolved to an intranet IP, but for this, I need to have the LetsEncrypt certificate, on the local server (in addition to the reverse proxy ) ... again, the only thing I can think of is to export via NFS the directory that contains the certificates in the reverse proxy, to be able to mount them on the corresponding web server ...
Is that so, or are other techniques used?
Another interesting topic: how to use names instead of IP addresses in your LAN
Thanks!
Great suggestion, thanks!
Great video Chris! Can you show how to configure Nginx on a container to reverse proxy other containers?
so I just tried this with my docker services, and I tried changing the locations for each of my apps.
The first one, emby, works fine if try to access them with ipaddress/emby. However, even though the rest of the services are configured using the same syntax, they don't appear. They don't give me a 404 error either
is there a limit on subsites you can configure or something?
Excellent tutorial. Is there a way to tell certbot to allow both http and https
I have a question. Does this work with a website inside an Intranet network, that is not reachable from the outside internet ? I still want to secure all requests to be encrypted.
sure that works regardless of the internet or local access, check out my other tutorials about dns server, letsencrypt and traefik. I'm all running it locally
Life saver !
Excellent!
Thx!
so much. Can’t wait to start making soft.
I managed to get it working, but after the last step my nginx returns "404 Not Found
nginx/1.14.0 (Ubuntu)" when I visit the site, even though the container is still running in docker-compose. Do you know what could cause this?
That's usually a DNS, Domain issue.
Nice video! Unfortunately it doesn't work for me and I can't understand why. I have a domain with cloudflare and the challenge fail the authorization. Any idea? Thanks
And another question I have about it ...
If my website uses HTTP2 (which requires SSL), can I point the reverse proxy to https: //mysslserver.intra.local/? (Assume that an SSL certificate issued by a local Root-CA trusted by both the webserver and the reverse proxy has been correctly configured on the destination web server).
Can you please advice how to set up Nginx Proxy for Java app what is running on Ubuntu alongside of Nginx webserver?
I made the proxy work for normal TCP 80/443 but I have problem to add there UDP, as the app needs access to TCP/UDP 80/443.
I made proxy to localhost:5001 and localhost:5002
But I cannot find any help on internet how to also use UDP
How to reverse proxy for azure web apps
Do you have a tutorial for setting up a NGINX as reverse proxy for more than one web server behind it? Note the multiple web server are on the same system, in other words, they share the same IP address but are under folders of different users. For example, /home/user1/, /home/user2/ . Thanks
Not really, I started using other apps for rev proxy and load balancing that integrate better with my docker and k8s setup. Maybe take a look at my traefik videos :)
great video, thanks!
Glad you liked it!
can I secure my web app without a web server like nginx or apache or nginx is required for ssl
You can technically do all this stuff in your app, but usually it's easier to use something like a reverseproxy. Check out my video about nginx proxy manager, it's really easy.
@@christianlempa awesome thanks bro
As always good stuff, really enjoy the content this channel will grow mark my word. Please make a video also on traefik, 1 ip with 2 or more container or Web apps. That will help us home users who can get only 1 ip from their ISP
Otherwise hack on !!!!
Traefik is on my list, so that will fit very well with my future plans! Thank's for the great suggestion man!😀
why I can not double like?
I did it but does not work for me. Says unable to connect but I followed step by step. Also changed port forwarding on the router. All works fine until I install the certificate
Take a look at my other tutorials about nginx proxy manager, maybe this offers you an easier way of setting up this.
Amazing video...
رائع جدا 😍😍😍😍
Thanks! ;)
i wanna see the wildcard cert video, sounds pretty gamer
Great stuff. Thanks
Thanks man!
Make sure to forward port 80 and 443 on your router too
Hi Christian, greetings from Colombia, I have a question..do Ihave to install the ssl certificate in the server that it has been proxyed ? thanks in advanced
You can, but usually you just install the SSL cert on the reverse proxy, that terminates the connection. Then you don't need to install the cert on the read website/app itself.
Can it be installed on Sophos XG? Or how can reverse proxy be installed?
You can use XG as a reverse proxy, but not install software on it.
Nice :D
the way you get a domaine is unclaire for me is from lets encrypt certificate ? or from a dedicated domaine server ? thanks for your effort
Np ;)
I need help
You helped me a buch :)
That's great, glad you like it :)
Will this work for multiple apps/websites? Is it just a case of adding a second server block for the second app/website? And can you get 2 certificates the same way?
Yes you can do all this, if you configure it
ore 1 day looking for a app that work, finally i found
i love you man
Haha thx
Hei, danke fürs video, kannst du bitte mal beispiele geben wie es ist wenn man 3 oder 4 server hat die angesprochen werden sollen, wie sieht dann welche conf datei aus? danke
Hi, du kannst einfach mehrere vserver configs hinzufügen, allerdings verwende ich mitlerweile kein nginx mehr für reverse proxies sondern traefik. Oder es gibt auch noch den nginx proxy manager, der ist viel einfacher zu konfigurieren, hab dazu auch schon mal ein video gemacht ;)
@@christianlempa danke, das guck ich mir mal an. hab zwar jetzt die nginx.conf fertig aber es gibt ein problem mit einer endlosschleife bei nextcloud und find den fehler nicht, vielleicht ist es bei traefik ja anders..
Mine looks notNice tutorialng like the way you guys started it would be amazing if soone told how to get the multiple tracks
What terminal you used in that video?
I'm using the Windows Terminal in that vide
@@christianlempa yes i know but What Font do you use in there?
@@m-electronics5977 don't know anymore, I switched it a couple of times and now I'm pretty happy with the Hack Nerd Font
Awesome!! Thanks for the video!!
I just have one question: what do I need to do if I want to have access to a web app and also a website, in this case, the default nginx web page? I noticed in this tutorial that now, when you go to the website, it is redirected to the Python simulated web app, but what about the nginx default webpage? How do you get to that now?
Thank you so much! :) Have you looked into my NPM and Traefik videos? Might be an easier approach!
Hello, Christian, I have docker&portainer installed on my server. Now I want to use nginx as a reverse proxy. So the question is: do I need to install nginx on Ubuntu or deploy the container on docker?
can you do one on a mac
how you can access ssh on vs code ?
I did a video on some of my favorite VSCode extensions, there is the "Remote SSH" extension that you can use to do that. Here is the full video: ua-cam.com/video/JgEfBpZtmPc/v-deo.html
@@christianlempa Big thank's.. 🙏
Letsencrypt is limted to 5 renews per 7 days. If you are trying to issue certs after 5 times even if failed, wait 1 week or use a different domain.
Hallo Christian, danke für dieses Video. Allerdings hatte ich gehofft, Du zeigst wie man ein wildcard certificate einbindet und man sich so ein certificate für jede subdomain erspart.
In meinem Fall habe ich Nextcloud auf Ubuntu server schon mit nginx installiert und möchte diesen jetzt mit einem wildcard certificate versehen, um auf Navidrome und den turnserver (für Nextcloud Talk) zugreifen zu können. Auf Truenas core funktionierte das wunderbar, für Ubuntu bin ich offensichtlich zu blöd.
Thank you😀
Aaaaah I want this tutorial but with Docker so I can put it in my docker-compose homelab
I need wildcard tutorial please
wildcard video please..really an effective one
I did a video on wildcard certs on npm. Hope that is what you are looking for
Thanks for this video! Can you show some more complicated configuration with "IF" and other conditions? I find IF to be vvery problematic in Nginx
I will soon make a video about nginx multi-site configuration with wildcard certs, I also will put some other location recommendations in there. Don't know if this is what you're asking for but if you have a specific question you may also check out our discord community, I'm sure we can help you :)
But the video is very cool😊