NGINX Reverse Proxy
NGINX Reverse Proxy is a web server configuration that forwards client requests to one or more backend servers, acting as an intermediary between clients and those servers.
Installing Nginx
Run this command to install the nginx
1
sudo apt install nginx-core -y
Configuring Nginx
After installed, go to “/etc/nginx/sites-available”, here is stored all the web served by Nginx
1
cd /etc/nginx/sites-available
Delete any exisiting file and create new one named “reverse-proxy”
1
sudo nano reverse-proxy
First we will configure a simple HTTP Reverse Proxy, where all the traffic on port 80 will be redirected to the backend server on the same port
1
2
3
4
5
6
7
8
9
10
11
12
13
14
server {
# Defining the proxy listening port
listen 80;
server_name rproxy.helena.gg;
# forwarding to backend
location / {
proxy_pass http://198.18.0.32:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
After that, create as symlink from the created file to “/etc/nginx/sites-enabled/”
1
sudo ln -s /etc/nginx/sites-available/reverse-proxy /etc/nginx/sites-enabled/reverse-proxy
Run this command to verify nginx configuration
1
sudo nginx -t
Now reload the nginx for the configuration to take effect
1
sudo systemctl reload nginx
Now accessing the Reverse Proxy’s IP on port 80 should show the the web served on 198.18.0.32:80
Reverse Proxy Load Balancing
Now we will configure the Reverse Proxy to load balance between 3 different backend web servers
First we define an upstream named “backend” containing the web servers and point it on proxy_pass
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# Define backend servers
upstream backend {
server 198.18.0.32:80;
server 198.18.0.32:8080;
server 198.18.0.32:8081;
}
server {
listen 80;
server_name rproxy.helena.gg;
# Point to the backend upstream
location / {
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Reload the nginx, and now the Reverse Proxy should return alternating backend web server in a round robin fashion
Configuring SSL for HTTPS Reverse Proxy
To configure SSL, first generate CSR using openssl
1
openssl req -new -newkey rsa:2048 -nodes -keyout helena.key -out helena.csr
This command generates a CSR and Key pair
Go to the CA Server, sign the CSR to get the Certificate
Save the Certificate in the same directory
Now on the reverse-proxy configuration, set the port 80 to redirect to port 443
1
2
3
4
5
6
7
server {
listen 80;
server_name rproxy.helena.gg;
# Redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
Move the proxy configuration that before was on port 80 to the port 443
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
upstream backend {
server 198.18.0.32:80;
server 198.18.0.32:8080;
server 198.18.0.32:8081;
}
server {
listen 443 ssl;
server_name rproxy.helena.gg;
# Point to the certificates
ssl_certificate /home/helena/certs/helena.crt;
ssl_certificate_key /home/helena/certs/helena.key;
location / {
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Here’s the full configuration
Reload the Nginx, and now it should redirect to HTTPS using the Certificate configured earlier
