> ## Documentation Index
> Fetch the complete documentation index at: https://testdocs.riad.com.bd/llms.txt
> Use this file to discover all available pages before exploring further.

# Setting Up a Production-Ready API with Nginx and Let’s Encrypt

> A comprehensive guide to deploying a production-ready API using Nginx as a reverse proxy and securing it with Let's Encrypt SSL certificates.

## Introduction

Deploying a production-ready API requires careful consideration of security, scalability, and reliability. In this guide, we will walk through the steps to set up an API using Nginx as a reverse proxy and securing it with Let's Encrypt SSL certificates.

<Info>
  ## Prerequisites

  Before we begin, ensure you have the following prerequisites in place:

  * A server or virtual machine with a public IP address.
  * A domain name pointing to your server's IP address.
  * Basic knowledge of Linux command line and server administration.
</Info>

## Step 1: Install Nginx

a. Update your package list and install Nginx:

```bash theme={null}
sudo apt update
sudo apt install nginx
```

b. Start and enable Nginx to run on boot:

```bash theme={null}
sudo systemctl start nginx
sudo systemctl enable nginx
```

## Step 2: Configure Nginx as a Reverse Proxy

a. Create a new Nginx configuration file for your API:

```bash theme={null}
sudo nano /etc/nginx/sites-available/myapi.conf
```

b. Add the following configuration to the file, replacing `your_domain` and `api_backend` with your actual domain name and backend API address:

```nginx theme={null}
server {
    listen 80;
    listen [::]:80;
    server_name hrmsapi.riad.com.bd www.hrmsapi.riad.com.bd;

    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;

    location /.well-known/acme-challenge/ {
        root /var/www/html;
        allow all;
    }

    location / {
        proxy_pass http://localhost:8069;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;

        proxy_connect_timeout 600s;
        proxy_send_timeout 600s;
        proxy_read_timeout 600s;
        send_timeout 600s;
    }

    location ~ ^/web/database/(manager|selector) {
        deny all;
    }

    location ~ ^/api/login {
        allow all;
    }
}
```

c. Enable the new configuration by creating a symbolic link:

```bash theme={null}
sudo ln -s /etc/nginx/sites-available/myapi.conf /etc/nginx/sites-enabled/
```

d. Test the Nginx configuration for syntax errors:

```bash theme={null}
sudo nginx -t
```

e. Reload Nginx to apply the changes:

```bash theme={null}
sudo systemctl reload nginx
```

f. allow Nginx through the firewall:

```bash theme={null}
sudo ufw allow 'Nginx Full'
```

## Step 3: Install Certbot and Obtain SSL Certificates

a. Install Certbot and the Nginx plugin:

```bash theme={null}
sudo apt install certbot python3-certbot-nginx
```

b. Obtain SSL certificates for your domain:

```bash theme={null}
sudo certbot --nginx -d your_domain -d www.your_domain
```

c. Follow the prompts to complete the certificate installation. Certbot will automatically configure Nginx to use the obtained SSL certificates.

## Step 4: Verify SSL Configuration

a. Test your Nginx configuration again:

```bash theme={null}
sudo nginx -t
```

b. Reload Nginx to apply the SSL configuration:

```bash theme={null}
sudo systemctl reload nginx
```

c. Open your web browser and navigate to `https://your_domain`. You should see a secure connection indicated by a padlock icon in the address bar.

## Conclusion

You have successfully set up a production-ready API using Nginx as a reverse proxy and secured it with Let's Encrypt SSL certificates. Your API is now accessible over HTTPS, ensuring secure communication between clients
