1. [Follow this guide to get your SSL certificates:](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04)
2. Configure Nginx at /etc/nginx/sites-available/default

```
# Default server configuration
server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name example.com www.example.com;
	return 301 https://$server_name$request_uri;
}

# Virtual Host/SSL/Reverse proxy configuration for example.com

server {
    # Listen on both HTTP and HTTPS - between Nginx and Express the traffic is HTTP but this is not a major
    # security concern as both services are on the same box
    listen 80;
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    include snippets/ssl-example.com.conf;
    include snippets/ssl-params.conf;

    server_name example.com www.example.com;

    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
    
    # Allow location for Acme challenge - you also might need to allow 'dotfiles' in Express (see next section)
    location ~ /.well-known {
        allow all;
	      proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
    }	
}
```
3. Configure Express as below (assuming you have a /build folder for production)