Configuring HTTPS for Express and Nginx

You don't need to use HTTPS between your nginx reverse proxy and Node app running on the same host. You can proxy both HTTP requests to port 80 and HTTPS requests to port 443 to the same port in your Node app - 8080 in this case - and you don't need to configure TLS certificates in that case.

You can change your server.js file to:

var app = express();app.listen(8080, console.log("Server running"));

and use an nginx config that has proxy_pass http://localhost:8080; for both HTTP on port 80 and HTTPS on port 443.

This is how it is usually done. Encrypting traffic on the loopback interface doesn't add any security because to sniff the traffic you need root access to the box and when you have it then you can read the certs and decrypt the traffic anyway. Considering the fact that most of the posts on https://nodejs.org/en/blog/vulnerability/ are related to OpenSSL, one could argue that using SSL in Node can make it less secure in that particular case of encrypting loopback interface traffic. See this discussion on the Node project on GitHub for more info.

Thanks to @rsp solution, here is the working Nginx configuration :

server {listen 80;listen 443 ssl;server_name fire.mydomain.me;ssl_certificate     /etc/letsencrypt/live/fire.mydomain.me/fullchain.pem;ssl_certificate_key /etc/letsencrypt/live/fire.mydomain.me/privkey.pem;location / {    proxy_pass http://localhost:8080;    proxy_http_version 1.1;    proxy_set_header Upgrade $http_upgrade;    proxy_set_header Connection 'upgrade';    proxy_set_header Host $host;    proxy_cache_bypass $http_upgrade;   }}