Blog Winston AI @CustomerPanel
UnderHost
Knowledgebase Docs
/
Tools
CloudPanel Nginx Intermediate

How to set up a reverse proxy in CloudPanel

Use CloudPanel's reverse proxy site type to forward public HTTP/HTTPS traffic to a backend application running on a different port on the same or another server.

UnderHost NOC Network Operations
6 min read Updated June 2026
On this page

A reverse proxy sits in front of your application. Visitors connect to Nginx on port 80/443, and Nginx forwards the request to your backend app running on a different port (e.g., 3000, 8080). The visitor never sees the backend port-they just use your domain over HTTPS.

What is a reverse proxy?

Common reasons to use a reverse proxy in CloudPanel:

  • Expose a Node.js, Python, Go, or Java application running on a non-standard port
  • Add SSL (HTTPS) to an application that does not handle SSL itself
  • Add a custom domain to a service running on a different server or IP
  • Route traffic from a subdomain (e.g., api.yourdomain.com) to a backend microservice

Create a reverse proxy site

  1. Add a new site

    Log in to CloudPanel, go to Sites → + New Site → Create a Reverse Proxy.

  2. Configure the proxy

    • Domain Name: The domain visitors will use (e.g., api.yourdomain.com)
    • Reverse Proxy URL: The backend URL including port-e.g., http://127.0.0.1:3000 for a local app, or http://192.168.1.5:8080 for a remote server

  3. Create

    Click Create. CloudPanel generates an Nginx configuration that proxies yourdomain.com to the backend URL.

After creating the site, point the domain's DNS A record to the server, then issue an SSL certificate.

WebSocket support

If your backend application uses WebSockets (common with Node.js real-time apps, Socket.io, etc.), the default reverse proxy configuration may need adjustment. WebSocket proxying requires additional Nginx directives. Edit the vHost configuration for the site:

  1. Go to Sites → your site → Vhost
  2. Add these lines inside the location / block:
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;

Save the vHost and restart Nginx (Admin → Services → Nginx → Restart).

SSL with a reverse proxy

SSL is handled by Nginx, not by the backend app. Issue a Let's Encrypt certificate the same way as any other site:

  1. Point the domain's A record to this server
  2. Go to Sites → your site → SSL/TLS → Let's Encrypt
  3. Click Save & Install Certificate

Nginx terminates SSL and communicates with the backend over plain HTTP. The backend does not need its own certificate.

Common use cases

Use caseProxy URL example
Node.js app on port 3000http://127.0.0.1:3000
Python/Django on port 8000http://127.0.0.1:8000
Grafana dashboard on port 3000http://127.0.0.1:3000
Portainer on port 9000http://127.0.0.1:9000
App on separate internal serverhttp://10.0.0.2:8080

Related: How to create a website in CloudPanel | SSL certificates in CloudPanel-Let's Encrypt free SSL | How to manage vHost settings in CloudPanel | How to create a Node.js site in CloudPanel

Was this article helpful?

Need CloudPanel on a server?

Use CloudPanel on an UnderHost VPS or dedicated server for fast PHP app and WordPress hosting without a heavy panel stack.

View CloudPanel CustomerPanel

Related articles

Back to CloudPanel