Skip to main content
HashnodeSecuring with Nginx and Certbot

Command Palette

Search for a command to run...

šŸ”’ My Experience Setting Up HTTPS with Nginx and Certbot

Published
ā€¢4 min read
šŸ”’ My Experience Setting Up HTTPS with Nginx and Certbot
K
Kuldeep Ghorpade

Passionate developer with a keen interest in solving real-world problems using efficient algorithms. I write about Java, data structures, and algorithmic challenges, focusing on performance and simplicity. Currently exploring cloud computing, DevOps, and building web apps with React.js. On a journey to help others with tips and insights from my coding adventures. Letā€™s code and grow together!

Thereā€™s something oddly satisfying about seeing that little padlock icon next to your domain. Itā€™s a small thing, but it means your app has finally stepped into the world of secure communication no more ā€œNot Secureā€ warnings staring back from the browser bar.

I recently went through this journey while deploying one of my projects to the cloud. It was running perfectly on port 8000, but the moment I accessed it publicly, the absence of HTTPS bugged me. Thatā€™s when Nginx and Certbot entered the picture.

šŸ§© The Missing Piece: Nginx

Iā€™d always heard developers talk about Nginx some called it a reverse proxy, others treated it like this mysterious server that magically handled requests.
But once I actually worked with it, it clicked.

It wasnā€™t about magic it was about direction.

Nginx simply stands between the internet and your app, deciding where each request should go. It felt like hiring a receptionist for my backend someone who knows exactly which desk to send visitors to.

For my setup:

  • My FastAPI app was running in a Docker container on port 8000.

  • Nginx listened on ports 80 (HTTP) and 443 (HTTPS).

  • Whenever a request hit https://kuldeepghorpade-fastapi-beyond-crud.duckdns.org, Nginx forwarded it to my app inside the container.

That small layer changed everything my app wasnā€™t this lonely process on port 8000 anymore. It was part of a real web server setup, handling proper production traffic.

šŸ” The Free SSL Hero: Certbot

Then came Certbot, the real MVP.
Itā€™s one of those tools that quietly does something very powerful it connects to Letā€™s Encrypt and gives you a free SSL certificate for your domain.

With just a few commands like:

sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d kuldeepghorpade-fastapi-beyond-crud.duckdns.org

ā€¦ Certbot handled everything:

  • Verified my domain.

  • Generated SSL certificates.

  • Updated my Nginx configuration automatically.

When I saw this line:

ā€œCongratulations! Your certificate has been successfully installed.ā€

I felt like I had just unlocked a level in DevOps.

And the best part? Certbot even sets up auto-renewal, so I never have to worry about the certificate expiring.

Now my app was running on https://, and Chrome stopped complaining.
That tiny padlock symbol made my project feel legitimate.

ā˜ļø From Localhost to the Cloud

Locally, I was running everything inside Docker the backend, Redis, Celery, even PostgreSQL.
But in the cloud, things got interesting.

I had to:

  • Expose port 8000 from the container (-p 8000:8000)

  • Connect it with Nginx on the VM.

  • Open ports 80 and 443 on the VMā€™s firewall/security group.

  • Configure the domain with DuckDNS to point to my public IP.

Once that was done, everything justā€¦ clicked.
Requests flowed through Nginx ā†’ to my container ā†’ and back securely.

Certbot renewed the SSL automatically, and I could finally share my public link without hesitation.

It wasnā€™t about showing off a domain with HTTPS it was about doing things the right way, even for a small project.

āœØ What I Took Away

Setting up HTTPS wasnā€™t just another deployment step.
It was a mindset shift.

It taught me that:

  • Security and structure are not just for large-scale production apps.

  • Every project, even personal ones, deserves to be taken seriously.

  • Good architecture builds confidence in your work.

Nginx taught me about architecture.
Certbot taught me about trust.
Docker taught me about isolation and portability.
The cloud taught me about deployment reality.

Together, they made my little FastAPI project feel truly production-ready.

Now, every time I open
šŸ‘‰ https://kuldeepghorpade-fastapi-beyond-crud.duckdns.org
that green lock in the corner quietly reminds me how far both the project and I have come.

šŸ§  Key Takeaways

  • Use Nginx as a reverse proxy it gives structure to your app.

  • Use Certbot + Letā€™s Encrypt for free, auto-renewing SSL.

  • Dockerize your app to keep deployments clean and consistent.

  • Cloud firewalls (ports 80/443) must be open for HTTPS to work.

  • Always map your domain correctly before running Certbot.

Tags: #nginx #certbot #letsencrypt #docker #fastapi #cloud #devops #https #security #reverseproxy #webdevelopment

Connect with me

#nginx#certbot#letsencrypt#https#security

Comments

Join the discussion

No comments yet. Be the first to comment.