The birdspotting service and Unforget service only support plain HTTP currently. You know that all web traffic should be encrypted, so you set down to figure out how to add HTTPS to Express. One of the options is to let an existing web server technology act as a proxy server. When an HTTPS request arrives, it first passes through the proxy server, which decrypts the message. The server then sends along a plain HTTP message to your service. When your service sends a response, it goes back through the proxy server to get encrypted. If you had a proxy server, you wouldn't have to deal with HTTPS directly in your web service at all.
Apache is a popular web server and it can be configured to act as a proxy server. However, Nginx is favored by many web developers for its speed. You decide to try out Nginx and install it with this command:
sudo apt install nginx
Ports 80 and 443 are already owned by Apache. However, when you install Nginx, it tries to set up a virtual host on port 80. You remove it with this command:
sudo rm /etc/nginx/sites-enabled/default
That command only removes a symbolic link. The real configuration file is available at /etc/nginx/sites-available/default
.
Your Nginx host must use a port that is neither 80 nor 443. Port 8443 is a common alternative you are sending around HTTPS traffic. The full URL will be https://unforget-api.example.com:8443
.
The same wildcard certificate that you used for Apache can be used by Nginx. That leads to this proxy server configuration, which you place in /etc/nginx/sites-available/unforget-api
:
server {
listen 8443 ssl;
listen [::]:8443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
server_name unforget-api.example.com;
location / {
proxy_pass http://localhost:5001;
}
}
Of course, you replace the three instances of example.com
with your actual domain name. Then you enable your server by making a symbolic link and restarting Nginx:
sudo ln -s /etc/nginx/sites-available/unforget-api /etc/nginx/sites-enabled
sudo service nginx restart
Try starting up your service and visiting your /memories/:month/:day
endpoint in your browser. Use the URL that goes through Nginx.