View Categories

Setting Up a Reverse Proxy for any Port in HestiaCP

🌐 HestiaCP Reverse Proxy Configuration (Port 4000 Example)

This guide explains how to configure HestiaCP to proxy traffic from your domain to a service running on port 4000 using Nginx reverse proxy templates.

You can do this in 3 different ways:

πŸ“– Methods Overview

πŸ“ Method 1: Manual Creation
πŸ”„ Method 2: Copy & Modify Existing Template
⚑ Method 3: Automatic Bash Script

πŸ‘‰ Click the method above to jump to it.

πŸ“ Manual Template Creation

This method creates new proxy templates for HTTP and HTTPS manually.

Β Check for Existing Proxy Templates 
ls /usr/local/hestia/data/templates/web/nginx | grep proxy
  • ls lists files in the Nginx template directory.
  • grep proxy filters the list to show only files containing proxy.
  • This lets you know if a template like proxy3000 or proxy[PORT_NUMBER] Β already exists.
  • If found, you might prefer Method 2 if not, or continue with Method 1.
Create HTTP Template 
cd /usr/local/hestia/data/templates/web/nginx

vim proxy4000.tpl
  • cd changes the directory to where Nginx templates are stored.
  • vim opens a new file called proxy4000.tplΒ for editing.

Paste the following content:

##### HTTP Reverse Proxy Template - Port 4000 ##########

server {
    listen      %ip%:%proxy_port%;
    server_name %domain_idn% %alias_idn%;

    include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;

    location = /favicon.ico { access_log off; log_not_found off; }

    # Maximum file upload size.
    client_max_body_size 6400M;

    location / {
        proxy_pass  http://127.0.0.1:4000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_pass_request_headers on;
    }

    location /error/ {
        alias   %home%/%user%/web/%domain%/document_errors/;
    }

    location @fallback {
        proxy_pass      http://%ip%:%web_port%;
    }

    location ~ /\.ht    {return 404;}
    location ~ /\.svn/  {return 404;}
    location ~ /\.git/  {return 404;}
    location ~ /\.hg/   {return 404;}
    location ~ /\.bzr/  {return 404;}

    include %home%/%user%/conf/web/%domain%/nginx.conf_*;
}

##### HTTP Reverse Proxy Template - Port 4000 ##########
  • This config listens on %proxy_port% and forwards all traffic to http://%ip%:4000.
  • Blocks access to hidden files like .git or .htaccess.
  • Handles favicon requests and large file uploads.
Create HTTPS Template 
vim /usr/local/hestia/data/templates/web/nginx/proxy4000.stpl
  • Opens a new file for HTTPS reverse proxy.
  • The .stpl extension is used by HestiaCP for SSL templates.

Paste the following content:

##### HTTPS Reverse Proxy Template - Port 4000 ##########

server {
    listen      %ip%:%proxy_ssl_port% ssl http2;
    server_name %domain_idn% %alias_idn%;
    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;
    ssl_stapling on;
    ssl_stapling_verify on;
    error_log  /var/log/%web_system%/domains/%domain%.error.log error;

    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

    # Maximum file upload size.
    client_max_body_size 6400M;

    # Enable content compression for text types.
    gzip on;
    gzip_types text/plain text/css application/x-javascript image/svg+xml;
    gzip_comp_level 1;
    gzip_disable msie6;
    gzip_http_version 1.0;
    gzip_proxied any;
    gzip_vary on;

    location = /favicon.ico { access_log off; log_not_found off; }

    location / {
        proxy_pass  http://127.0.0.1:4000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_pass_request_headers on;
    }

    location /error/ {
        alias   %home%/%user%/web/%domain%/document_errors/;
    }

    location @fallback {
        proxy_pass      https://%ip%:%web_ssl_port%;
    }

    location ~ /\.ht    {return 404;}
    location ~ /\.svn/  {return 404;}
    location ~ /\.git/  {return 404;}
    location ~ /\.hg/   {return 404;}
    location ~ /\.bzr/  {return 404;}

    include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
}

########## HTTPS Reverse Proxy Template - Port 4000 ##########
  • Same as HTTP, but adds SSL certificates and HTTP/2 support.
  • Enables gzip compression for better performance.
Correct Permissions 
chmod 755 /usr/local/hestia/data/templates/web/nginx/proxy4000.tpl
chmod 755 /usr/local/hestia/data/templates/web/nginx/proxy4000.stpl
  • Sets permissions to allow HestiaCP and Nginx to read and execute the templates.
Restart Nginx and Apply Changes 
systemctl restart nginx
v-rebuild-web-domains admin
  • systemctl restart nginx` reloads Nginx to apply new templates.
  • v-rebuild-web-domains admin` rebuilds all domains for the admin user to apply the new proxy template.

βœ… Done! HTTP and HTTPS templates are ready.

πŸ”„Β  Copy & Modify Existing Template
Copy Existing Template 
cp -prf /usr/local/hestia/data/templates/web/nginx/proxy3000.tpl /usr/local/hestia/data/templates/web/nginx/proxy4000.tpl
cp -prf /usr/local/hestia/data/templates/web/nginx/proxy3000.stpl /usr/local/hestia/data/templates/web/nginx/proxy4000.stpl

Copies existing templates to create new ones for port 4000.

Replace Values 
sed -i 's/3000/4000/g' /usr/local/hestia/data/templates/web/nginx/proxy4000.tpl
sed -i 's/3000/4000/g' /usr/local/hestia/data/templates/web/nginx/proxy4000.stpl

Replaces all instances of 3000 with 4000 inside the copied files.

Correct Permissions 
chmod 755 /usr/local/hestia/data/templates/web/nginx/proxy4000.tpl
chmod 755 /usr/local/hestia/data/templates/web/nginx/proxy4000.stpl
Restart & Rebuild 
systemctl restart nginx
v-rebuild-web-domains admin
  • systemctl restart nginx` reloads Nginx to apply new templates.
  • v-rebuild-web-domains admin` rebuilds all domains for the admin user to apply the new proxy template.

βœ… Done! HTTP and HTTPS templates are ready.

⚑ Automatic Bash Script
One-Line Command 
wget -qO- https://panelwebhosting.org/hcp/RProxy.sh | bash -s -- PORT_NUMBER
wget -qO- https://panelwebhosting.org/hcp/RProxy.sh | bash -s -- 4000
  • Downloads and runs the script to automatically create proxy templates for port 4000.
Manual Download & Run 
cd /usr/src
wget https://panelwebhosting.org/hcp/RProxy.sh
chmod +x RProxy.sh
bash RProxy.sh
  • Downloads the script to /usr/src, makes it executable, and runs it.
🌐 Apply Proxy Template in HestiaCP

1. Log in to HestiaCP
2. Go to Web β†’ Edit Domain
3. Under Proxy Template, select proxy4000
4. Click Save

πŸ”Ž Verify Setup 
tail -f /var/log/nginx/error.log

Watches Nginx error logs for any issues while testing the domain.