Using nginx as a reverse proxy and php server on different domains

I am trying to achieve this: on blog.stevemu.com, it hosts a php server where I can use a wordpress blog. On test.stevemu.com, it acts as reverse proxy to port 4000, where another app is running. Those two domains points to the same IP address with an A record. In all these two domains, it redirect http to https.

Reference 1: Set up SSL with Let’s Encrypt

Reference 2: Set up reverse proxy

Reference 3: Install php on nginx

Reference 4: Install MySql

Some commands that used pretty often:

Checking config file syntax:

sudo nginx -t

Restarting nginx:

sudo systemctl restart nginx

Generate SSL with letsencrypt for a domain

sudo certbot certonly — webroot — webroot-path=/var/www/test.stevemu.com -d test.stevemu.com

Edit the nginx config file:

sudo vim /etc/nginx/sites-available/default

Edit the SSL config snippet for nginx:

vim /etc/nginx/snippets/ssl-test.stevemu.com.conf

Here is an example of nginx config file:

server {
listen 80;
listen [::]:80;
server_name test.stevemu.com;
return 301 https://$server_name$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name blog.stevemu.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name test.stevemu.com;
include snippets/ssl-test.stevemu.com.conf;
location /.well-known {
alias /home/ubuntu/test.stevemu.com/.well-known;
}
location / {
proxy_pass https://localhost:4000; # my existing apache instance
proxy_set_header Host $host;
# re-write redirects to http as to https, example: /home
proxy_redirect http:// https://;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name blog.stevemu.com;
include snippets/ssl-blog.stevemu.com.conf;
# include snippets/ssl-params.conf;
root /var/www/html;
index index.php index.html;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}

It redirect http traffic to https too.

Example content for snippets/ssl-blog.stevemu.com.conf:

ssl_certificate /etc/letsencrypt/live/test.stevemu.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test.stevemu.com/privkey.pem;
Show your support

Clapping shows how much you appreciated Steve Mu’s story.