Reverse Proxy | Host your app with Nginx and Certbot

01kg - Sep 11 - - Dev Community

Recently, I created a FastAPI app as the backend for my multiple frontend services.

If any fronend visits https://some-api.somecompany.com/my-api, then backend would respond.

TL;DR:

Installations

  1. Create a VM in any Cloud platform. (I use Ubuntu 24.04 LTS)
  2. Create a DNS record points to VM's IP. (let's say some-api.somecompany.com)
  3. Install Nginx using Ubuntu's apt package manager.
  4. Create and edit a configuration file sudo vim /etc/nginx/conf.d/some-api.conf with the following content:

    server {
        listen 80;
        server_name some-api.somecompany.com
    
        location /my-api/ {
            proxy_pass http://0.0.0.0:8000
        }
    }
    
  5. Install CertBot using snap. snap is included in Ubuntu 24.04 LTS

    # Install Certbot
    sudo snap install --classic certbot
    
    # Prepare the Certbot command
    sudo ln -s /snap/bin/certbot /usr/bin/certbot
    
  6. Run sudo certbot --nginx to start fetching a cert to enable HTTPS.
    After providing an email "for urgent renewal and security notices", agreeing Terms of Service, agreeing sharing your email address, Certbot scan all files under /etc/nginx/conf.d (only one in this case) and list domain names:

    Which names would you like to activate HTTPS for?
    We recommend selecting either all domains, or all domains in a VirtualHost/server block.
    ---------------------
    1: some-api.somecompany.com
    --------------------- 
    

    Select 1, hit Enter.

Testing

  1. Spin up the FastAPI app cd /THE/ABSOLUTE/PATH/TO/YOUR/APP && source .venv/bin/activate && uvicorn main:app --host 0.0.0.0 --port 8080

    1. cd /THE/ABSOLUTE/PATH/TO/YOUR/APP: Changes the current directory to the absolute path specified. This is where your application code is located.
    2. &&: This is a logical operator in the shell that allows you to run multiple commands in sequence. The command following && will only run if the command before it was successful.
    3. source .venv/bin/activate: Sources (executes) the activate script located in the .venv/bin directory. This script is typically used to activate a virtual environment in Python. When you activate a virtual environment, it sets up the environment variables and paths specific to that virtual environment.
    4. uvicorn main:app --host 0.0.0.0 --port 8080: This command starts the Uvicorn ASGI server to run your application. main:app refers to the Python file main.py and the app object within it that Uvicorn should run. The --host 0.0.0.0 flag specifies that the server should listen on all network interfaces, and --port 8080 specifies the port number (8080) on which the server should listen for incoming connections.
  2. Visit https://some-api.somecompany.com/my-api see if it works

Deploying

  1. Make sure your VM's IP is a "static" one, which means it will never change after VM stop (deallocated) and start.

  2. Let Ubuntu run FastAPI app after any unexpected restart:

    echo "@reboot root bash -c 'cd /THE/ABSOLUTE/PATH/TO/YOUR/APP && source .venv/bin/activate && uvicorn main:app --host 0.0.0.0 --port 8080 > /tmp/YOU_NAME_IT.log 2>&1'" | sudo tee -a /etc/crontab

    this command sets up a cron job that will run the specified command at system reboot. The command changes to the app directory, activates the virtual environment, starts the Uvicorn server, and logs the output to a specified file.

    ***Why bash -c?
    In the result of my practice, without bash -c the FastAPI app won't run successfully after reboot.

  3. Restart your VM to see if it still works.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .