This configuration file handles your HTTPS setup. Update it to include the reverse proxy settings for forwarding /api
requests to your Node.js app.
-
Open the file for editing:
sudo nano /etc/apache2/sites-available/your-domain-le-ssl.conf
-
Add the reverse proxy directives inside the
<VirtualHost *:443>
block:<IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin webmaster@localhost ServerName your-domain.com ServerAlias www.your-domain.com DocumentRoot /var/www/your-domain.com ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined RewriteEngine on # Proxy settings for Node.js API ProxyPass /api http://localhost:3000/api ProxyPassReverse /api http://localhost:3000/api Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/your-domain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/your-domain.com/privkey.pem </VirtualHost> </IfModule>
-
Save and exit the file.
-
Check the Apache configuration for syntax errors:
sudo apache2ctl configtest
-
Reload Apache to apply the changes:
sudo systemctl reload apache2
-
Make sure your Node.js app is bound only to
localhost
:app.listen(3000, '127.0.0.1', () => { console.log(`Node.js API is running on http://localhost:3000`); });
-
Start the Node.js app using a process manager like
pm2
for better reliability:npm install -g pm2 pm2 start app.js --name node-api pm2 startup pm2 save
-
Visit your domain to check if the API works:
curl https://your-domain.com/api/test
-
You should see the JSON response:
{"message": "Hello from Node.js API!"}
-
Ensure port
3000
is not accessible externally:sudo ufw deny 3000
-
Monitor your Node.js app with
pm2
logs:pm2 logs node-api