Open in app

Sign in

Write

Sign in

Understanding Nginx As A Reverse Proxy

Amit Kumar Shinde
Globant
Published in
4 min readJan 12, 2021
(Image courtesy from NGINX)

Nginx is open-source web server that provides capabilities like reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP/2, TCP, and UDP protocols.

High Requests Handling Architecture

Nginx utilizes an event-driven architecture and deals with the requests asynchronously. It was designed to use a non-blocking event-driven connection handling algorithm. Hence, its process can handle thousands of connections (requests) within 1 processing thread. Such connections process modules allow Nginx to work very fast and wide with limited resources. Also, you can use Nginx to handle more than 10,000 simultaneous connections with low (CPU & Memory) resources under heavy request loads.

Nginx Reverse Proxy Overview

Nginx reverse proxy acts as an intermediate server that intercepts client requests and forwards them to the appropriate upstream backend server and subsequently forwarded a response from the server back to the client. The reverse proxy provides various benefits as an abstract layer above upstream servers.

Important Benefits of Nginx as a Reverse Proxy

Load balancing: Nginx load balance the client request to multiple upstream servers evenly which improve performance and provide redundancy in case of server failure. This helps to keep the application up all the time to serve client requests and provide better SLA for application.

Security: Nginx server provides security to backend servers that exist in the private network by hiding their identity. The backend servers are unknown to the client that are making requests. it also provides a single point of access to multiple backend servers regardless of the backend network topology.

Caching: Nginx can serve static content like image, videos, etc directly and deliver better performance. It reduces the load on the backend server by serving static content directly instead of forwarding it to the backend server for processing.

Logging: Nginx provides centralized logging for backed server request and response passing through it and provides a single place to audit and log for troubleshooting issues.

TLS/SSL support: Nginx allows secure communication between client and server using TLS/SSL connection. User data remains secure & encrypted while transferring over the wire using an HTTPS connection.

Protocol Support: Nginx supports HTTP, HTTPS, HTTP/1.1, HTTP/2, gRPC - Hypertext Transport Protocol along with both IP4 & IP6 internet protocol.

Setting Up an Nginx Reverse Proxy on Ubuntu

Prerequisite

We are assuming the .net core web application is running on a lightweight Kestrel web server on Ubuntu and serving the request at port 5001 and it’s inaccessible from the internet. We like to hide this application behind Nginx reverse proxy server and serve requests from the internet. A reverse proxy forwards the request to the ASP.NET Core application

Kestrel is significant for serving dynamic content from ASP.NET Core. However, the web serving capabilities aren’t as feature-rich as servers such as IIS, Apache, or Nginx. A reverse proxy server can provide additional capabilities such as serving static content, caching requests, compressing requests, and SSL termination from the HTTP server.

Configuration Steps

  1. Update the apt package and install Nginx webserver
sudo apt update
sudo apt install nginx

2. Disable default preconfigured virtual host

sudo unlink /etc/nginx/sites-enabled/default

3. Navigate to the directory /etc/nginx/sites-available and create a reverse proxy configuration file.

cd /etc/nginx/sites-available
nano reverse-proxy.conf

4. Add the reverse proxy configuration as mentioned below

server {
        listen 80;
        server_name   example.com *.example.com;

        access_log /var/log/nginx/reverse-access.log;
        error_log /var/log/nginx/reverse-error.log;

        location / {
                    proxy_pass http://127.0.0.1:5001;
  }
}

Server names are defined using the server_name directive and determine which server block will handle the given user request. Server name is what DNS hosts - Nginx will listen for, together with your port settings. So let’s say you have a domain, you point your DNS A record, like example.com, to your server IP.

The proxy server redirects all traffic all incoming traffic to port 5001 where .net core web application running on Kestrel server. proxy_pass defines backend server address.

5. Create a symbolic link. copy the configuration from /etc/nginx/sites-available to /etc/nginx/sites-enabled

sudo ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf

Test and Restart Nginx

To test Nginx:

sudo service nginx configtest

To restart Nginx:

sudo service nginx restart

Additional Nginx Reverse Proxy Options

In this section, we will see an example of recommended Nginx proxy properties & settings.

location/ {
    proxy_pass http://127.0.0.1:5001;
    proxy_http_version  1.1;
    proxy_cache_bypass  $http_upgrade;

    proxy_set_header Upgrade           $http_upgrade;
    proxy_set_header Connection        "upgrade";
    proxy_set_header Host              $host;
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host  $host;
    proxy_set_header X-Forwarded-Port  $server_port;
  }
  • proxy_http_version 1.1 - Defines the HTTP protocol version for proxying, by default it is set to 1.0.
  • proxy_cache_bypass $http_upgrade - Sets conditions to avoid cache response.
  • Upgrade $http_upgrade and Connection "upgrade" - These header fields are required if your application is using Websockets.
  • X-Real-IP $remote_addr - Forwards the real client remote IP address to the proxied server.
  • X-Forwarded-For $proxy_add_x_forwarded_for - A list containing the IP addresses of every server the client has been proxied through.
  • X-Forwarded-Proto $scheme - for HTTPS server block, each HTTP response from the proxied server is rewritten to HTTPS.
  • X-Forwarded-Host $host - Defines the original host requested by the client.
  • X-Forwarded-Port $server_port - Defines the original port requested by the client.

Conclusion

Nginx is a feature-rich web server that can act as an advance reverse proxy, which is simple & easy to configure and manage.

Nginx
Nginx Reverse Proxy
Reverse Proxy
Aspnetcore
Globant

--

--

Amit Kumar Shinde
Globant

Written by Amit Kumar Shinde

8 Followers
Writer for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams