Free HTTPS on nginx (and how to reverse proxy plain HTTP servers behind SSL AND serve multiple sites AND multiple apps)

letsencrypt-ssl-nginx-multiple-sites.md

Deploy Web Apps on a Linux Server (Multiple Apps & Multiple Domains)

Initial Setup (once per machine)

Install Certbot:

$ sudo apt install certbot

Stop any programs running on port 80 in order for certbot to communicate: $ sudo service nginx stop

Your email will only be asked for the 1st time:
$ sudo certbot certonly --standalone -d example1.com -d www.example1.com
(you can repeatedly do this for each new site)

Backup and overwrite the contents of sites-enabled:
$ sudo nano /etc/nginx/sites-enabled/default

# redirect all http traffic to https
server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
        return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name  example1.com;
    server_name  www.example1.com;
    ssl_certificate     /etc/letsencrypt/live/example1.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example1.com/privkey.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    location / {
        proxy_pass http://127.0.0.1:4567;
        proxy_set_header   Host $http_host;
        proxy_set_header   X-Forwarded-For $remote_addr;
    }
}

server {
       listen 443 ssl;
       server_name         example2.com;
       ssl_certificate     /etc/letsencrypt/live/example2.com/fullchain.pem;
       ssl_certificate_key /etc/letsencrypt/live/example2.com/privkey.pem;
       ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
       ssl_ciphers         HIGH:!aNULL:!MD5;
       location / {
                proxy_pass http://127.0.0.1:8080;
                proxy_set_header   Host $http_host;
                proxy_set_header   X-Forwarded-For $remote_addr;
       }
       location /some-path-this-app-is-served-at/ {
                proxy_pass http://127.0.0.1:5678;
                proxy_set_header   Host $http_host;
                proxy_set_header   X-Forwarded-For $remote_addr;
                rewrite ^/some-path-this-app-is-served-at/(.*)? /$1 break;
       }
}

# redirect from www to non-www
server {
    listen 443 ssl;
    server_name www.example.com;
    return 301 $scheme://example.com$request_uri;
    ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    keepalive_timeout 5;
}

Start nginx:
$ sudo service nginx start

Renewing with a Cron Job

This runs every day, but the cert will only be renewed within 30 days of expiration (see here)
0 6 * * * sudo service stop nginx && sudo certbot renew --text >> /var/log/letsencrypt/certbot-cron.log && sudo service nginx restart && sudo service nginx reload

Manual Renew

$ certbot renew

Sources

Virtual Hosts on nginx
Path rewrite

Based on your configuration, it seems like you want to proxy traffic from an HTTPS URL to an HTTPS backend server. However, your configuration is missing a few essential directives that are required to proxy HTTPS traffic correctly. This article on Nginx proxy_pass https complements the answers given so far.

There exists a graphical user interface (GUI) known as Nginx Proxy Manager, which may appeal to individuals who prefer not to work with code directly. The suggested approach to utilizing the Nginx Proxy Manager involves installing it on Docker and utilizing it to forward traffic to Docker containers within the same network. Following installation, generating SSL certificates is a simple process that can be achieved with a single click.

See this video if this sound like a solution: Nginx Proxy Manager using Docker Compose in Ubuntu 20.04

Manual Configuration of SSL: Nginx proxy_pass https