← Back to Blog

How to Set Up an Nginx Reverse Proxy on a VPS (2026)

Published May 4, 2026 · 6 min read · Galaxy Cloud Solutions

A reverse proxy sits in front of your applications and routes incoming requests to the right place. Instead of running your Node.js app on port 3000 and telling everyone to go to yourdomain.com:3000, Nginx listens on port 80 and 443 and forwards traffic to the right app based on the domain name. It also handles SSL termination, which means your apps do not need to deal with HTTPS themselves.

⚡ VPS from $5/mo — Use code LAUNCH2026 for 50% off

Why Use a Reverse Proxy?

• Run multiple apps on one server, each on its own domain or subdomain
• Handle SSL in one place instead of configuring it in every app
• Add rate limiting, caching, and security headers centrally
• Hide what ports your apps are actually running on
• Load balance across multiple backend servers if needed

Step 1: Install Nginx

sudo apt update
sudo apt install -y nginx
sudo systemctl enable --now nginx

Step 2: Create a Proxy Config

Say you have a Node.js app running on port 3000 and you want to serve it at app.yourdomain.com:

sudo tee /etc/nginx/sites-available/app.yourdomain.com << 'EOF'
server {
    listen 80;
    server_name app.yourdomain.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }
}
EOF
sudo ln -s /etc/nginx/sites-available/app.yourdomain.com /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx

Step 3: Add SSL With Certbot

sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d app.yourdomain.com

Certbot automatically modifies your Nginx config to redirect HTTP to HTTPS and sets up auto-renewal. Your app is now accessible at https://app.yourdomain.com.

Step 4: Add More Apps

Repeat the process for each additional app. Say you also have a Python API on port 8000 at api.yourdomain.com:

sudo tee /etc/nginx/sites-available/api.yourdomain.com << 'EOF'
server {
    listen 80;
    server_name api.yourdomain.com;

    location / {
        proxy_pass http://localhost:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
EOF
sudo ln -s /etc/nginx/sites-available/api.yourdomain.com /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx
sudo certbot --nginx -d api.yourdomain.com

Useful Nginx Additions

Rate Limiting

limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;

location / {
    limit_req zone=api burst=20 nodelay;
    proxy_pass http://localhost:8000;
}

Gzip Compression

gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml;
gzip_min_length 1000;

Add these to your /etc/nginx/nginx.conf in the http block.

Testing Your Config

Always test before reloading:

sudo nginx -t

If it says "test is successful" you are good. If there is a syntax error, it will tell you which file and line to look at.