How to config Nginx proxy with SSL with two apps on one EC2?

I have one EC2 Ubuntu server, two Meteor apps, running on different subdomains and different ports ( &

Is there a way to config Nginx proxy with SSL to each? I don’t mind/care what SSL I use – I’ll pay for it if it makes things easier somehow.

I found this Nginx config on the web:, would this work?

SO question:


If you look at our sample nginx conf you will see how SSL is configured. You will obviously duplicate this conf file for your second app (changing the ports of course).

When you create your certificate, you can have different domain names for a single cert and re-use the same, or generate two different ones and use them in your different nginx files.

We use Let’s encrypt and generate all our domains for a single server so we have a single SSL certificate for all domains and subdomains on that machine.

1 Like

Forgot to mention, we use tengine and not nginx directly as it comes with load balancer. As DO rolls out a hardware load balancer, we might revert back. That should affect the first few lines (session sticky)

1 Like

Thanks. This is all one one box right?

Yes, the conf files and setups are all for one box. You will have to replicate on other boxes when ready and link (shard) the DB’s

1 Like

So this is what I have: is the EC2 Server,

DNS A Record => =>

DNS A Record => =>

Meteor apps,

mup deploy admin => => port 8080

mup deploy client => => port 8081

Nginx /etc/nginx/sites-available,,

server { server_name },

server { server_name }

I can get to, but if just doing, how do I know to get to port 8080?

If I add SSL, I’m even more confused.

I guess what I’m confused about is, if we have only one entry point on the server (either 80 HTTP or 443 HTTPS), from the URL address bar, how can we tell nginx what subdomain we want to go to?

For example, say I want to go to From outside the server, goes to the same IP as And when we hit the server, say just port 80, the DNS is just resolving both the request to the same IP. The only difference is the Port on the server. Shouldn’t we be listening on different ports in the nginx config?

In your example, Nginx is listening on Port 80 for both subdomains (leaving out HTTPS for now):

I don’t know what your DNS A records look like, but these two subdomains are on the same box, so they have the same IP, right?

How does Nginx understand when you type into the URL bar: you want to go to that subdomain instead of if the IP and Port are the same?

Here’s another example I found, maybe the upstream config is important, but I don’t know how…

When I deploy using MUP, my app names are set to “admin” for on port 8080 and “client” for on port 8081.

would my upstream look like this?

upstream app_admin {

upstream app_client {

How would these uptream configs get tied to my meteor apps?

Each server block is defined for a domain or domains listening at a particular port. the domains are mentioned after server_name keyword. Within this block you proxy to the meteor apps defined in the upstream block

Nginx unserstands which URL is being called from the request it is getting. It uses that to handle / route the request. Nginx will listen on two ports which are 80 and 443 (if you follow a normal setup, like you seem to be doing), and handle all requests that come on these two ports.

Looking at the last example again: I can see the proxies:

But the “entry” into the server looks to be accoring to the server_name (both 80 & 443). I don’t see in the config how it determines which application to route to… for example, here, how would go to https://app_geoforce when it looks like is the entry point?

Also, do the “location” configs need to map to the meteor apps on the file system? In the example above, would path “/pcodes/” need to map to a meteor app on the file system?

And what about the DNS settings. From my domain provider, I’d like to use and A Records – yet they would both point to the same IP Address?

Does this example set things up like this?

Anything to goes to https://app_geoforce

Anything to goes to https://app_pcodes