Merge pull request #1582 from lnbits/docs-nginx

docs: add nginx ssl proxy info to installation

docs/guide/installation.md

@@ -298,7 +298,8 @@ Save the file and run the following commands:
 sudo systemctl enable lnbits.service
 sudo systemctl start lnbits.service
 ```
-## Reverse proxy with automatic https using Caddy
+
+## Reverse proxy with automatic HTTPS using Caddy
 
 Use Caddy to make your LNbits install accessible over clearnet with a domain and https cert.
 
@@ -310,11 +311,15 @@ https://caddyserver.com/docs/install#debian-ubuntu-raspbian
 ```
 sudo caddy stop
 ```
+
 Create a Caddyfile
+
 ```
 sudo nano Caddyfile
 ```
+
 Assuming your LNbits is running on port `5000` add:
+
 ```
 yourdomain.com {
   handle /api/v1/payments/sse* {
@@ -331,22 +336,30 @@ yourdomain.com {
   }
 }
 ```
+
 Save and exit `CTRL + x`
+
 ```
 sudo caddy start
 ```
 
-## Running behind an apache2 reverse proxy over https
-Install apache2 and enable apache2 mods
+## Running behind an Apache2 reverse proxy over HTTPS
+
+Install Apache2 and enable Apache2 mods:
+
 ```sh
 apt-get install apache2 certbot
 a2enmod headers ssl proxy proxy-http
 ```
-create a ssl certificate with letsencrypt
+
+Create a SSL certificate with LetsEncrypt:
+
 ```sh
-certbot certonly --webroot --agree-tos --text --non-interactive --webroot-path /var/www/html -d lnbits.org
+certbot certonly --webroot --agree-tos --non-interactive --webroot-path /var/www/html -d lnbits.org
 ```
-create a apache2 vhost at: /etc/apache2/sites-enabled/lnbits.conf
+
+Create an Apache2 vhost at: `/etc/apache2/sites-enabled/lnbits.conf`:
+
 ```sh
 cat <<EOF > /etc/apache2/sites-enabled/lnbits.conf
 <VirtualHost *:443>
@@ -371,11 +384,57 @@ cat <<EOF > /etc/apache2/sites-enabled/lnbits.conf
 </VirtualHost>
 EOF
 ```
-restart apache2
+
+Restart Apache2:
+
 ```sh
 service restart apache2
 ```
 
+## Running behind an Nginx reverse proxy over HTTPS
+
+Install nginx:
+
+```sh
+apt-get install nginx certbot
+```
+
+Create a SSL certificate with LetsEncrypt:
+
+```sh
+certbot certonly --nginx --agree-tos -d lnbits.org
+```
+
+Create an nginx vhost at `/etc/nginx/sites-enabled/lnbits.org`:
+
+```sh
+cat <<EOF > /etc/nginx/sites-enabled/lnbits.org
+server {
+    server_name lnbits.org;
+
+    location / {
+        proxy_pass http://127.0.0.1:5000;
+    }
+
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Host $host;
+    proxy_set_header X-Forwarded-Proto $scheme;
+
+    listen [::]:443 ssl;
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/live/lnbits.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/lnbits.org/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}
+EOF
+```
+
+Restart nginx:
+
+```sh
+service restart nginx
+```
 
 ## Using https without reverse proxy
 The most common way of using LNbits via https is to use a reverse proxy such as Caddy, nginx, or ngriok. However, you can also run LNbits via https without additional software. This is useful for development purposes or if you want to use LNbits in your local network.