Running server on home network with HTTPS

Your Nginx can handle the a http and https request.

1. Set your nginx to listen on port 80 and redirect 80 request to 443.

   server {
       listen 80 default_server;
       listen [::]:80 default_server;
       server_name example.com www.example.com;
       return 301 https://$server_name$request_uri;
   }
   

2. Add you certificate in your nginx and proxy the request coming from 443 to GO server.

   server {
      listen 443;
      ssl on;
      ssl_certificate /etc/ssl/ssl-bundle.crt;
      ssl_certificate_key /etc/ssl/ssl-tutorials.key;
      server_name ssl-tutorials.com;
      access_log /var/log/nginx/nginx.vhost.access.log;
      error_log /var/log/nginx/nginx.vhost.error.log;
   
      location / {
          proxy_redirect          off;
          proxy_set_header        Host            $host;
          proxy_set_header        X-Real-IP       $remote_addr;
          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
          client_body_buffer_size 512k;
          proxy_connect_timeout   180;
          proxy_send_timeout      180;
          proxy_read_timeout      360;
          proxy_buffering         off
   
          #Proxy request to your GO app
          proxy_pass http://<ip_server>:<port>;
       }
    }
   

HTTPS should be handled by the nginx server, which should be listening on port 443. It can listen on port 80 as well, but it's best that either serve HTTP or redirect to HTTPS (port 443) as this is normal behavior. You do not need any DNS configuration. Applications will typically recognize default ports 80 as HTTP and 443 as HTTPS.

It's best that an application like nginx handle the difficulties of properly handling high performance HTTP and HTTPS so you don't need to think about those things for your web app (I.e. your Go API). Note that the connection between your Nginx and Go application shouldn't need to be HTTPS since they are both on the sample machine.

Check out this Linode guide on setting up an Nginx config for HTTPS and reverse proxy for a web application.

Also, with HTTPS, you need to have a keypair that's been signed by a proper authority (i.e. a certificate chain). Since this is something your just using for your own uses, you could be the proper authority and generate your own self signed certificate. But it also might be easiest to just use Let's Encrypt, which will leverage the fact you own the domain and issue you a valid certificate to use for your site (also explained in Linode guide).