Open in app

Sign in

Write

Sign in

Configure Nginx as a web server and reverse proxy for Nodejs application on Azure Windows

Sudip Purkayastha
ideahive
Published in
4 min readOct 3, 2018

Introduction:

NodeJs applications are “Single threaded Event Loop” i.e there is a single thread listening to all incoming requests. On receiving a request, it immediately publish it to its internal “event queue” and is ready to receive the next request. It also polls event queue for any pending tasks and processes Non-blocking I/O tasks. For any blocking I/O tasks like (interfacing with database, file system) it picks up a free thread from its internal thread pool and assign this request to it.

Image Credits — https://cdn.journaldev.com

Keeping NodeJs servers up are hard. Whenever a node.js error is unhandled, it unwinds the stack and leaves v8 in an unrecoverable state. The only recovery is to restart the process. There are few modules that help and PM2 seems to be the most popular.

For public facing website, you shouldn’t run Node app on port 80. This exposes node servers to internet traffic. Instead you should run the app on a different port like 3000 and use nginx as a reverse proxy in front of the Node.js app. You should install SSL on the proxy server. This setup helps you take advantage of cache, scale node servers and load balance them.

Nginx can be used as web server, reverse proxy, load balancer and HTTP cache.

Image Credits — https://www.nginx.com

Installing Nginx on Azure VM Instance with Windows

  • Download Nginx from http://nginx.org/en/download.html
  • Unpack the file in c:\nginx and start a command prompt
  • Go to C:\nginx and runnginx.exe
  • You should be able to go to http://localhost/ and you should see the “Welcome to Nginx” default page. If you see that page, then we can be sure that Nginx has been installed properly.

Install Nginx Windows Service

We will be using the WINSW to create a service out of the existing Nginx binaries. The first step is to download WINSW and save it in the same folder as Nginx asnginx-winsw.exe.

Now create a file, named nginx-winsw.xmlwith following contents and place it inside Nginx folder.

<service> 
  <id>nginx-1.14.0</id>
  <name>nginx-1.14.0</name>
  <description>nginx-1.14.0</description>
  <executable>C:\nginx\nginx.exe</executable>
  <logpath>C:\nginx\</logpath>
  <logmode>roll</logmode>
  <depend></depend>
  <startargument>-p</startargument>
  <startargument>c:\nginx</startargument>  
  <stopexecutable>C:\nginx\nginx.exe</stopexecutable>
  <stopargument>-p</stopargument>
  <stopargument>C:\nginx</stopargument>
  <stopargument>-s</stopargument>
  <stopargument>stop</stopargument>  
</service>

You are now ready to install and run the Windows service, you can proceed to run the following commands:

C:/nginx/nginx-winsw.exe install
C:/nginx/nginx-winsw.exe start

At this point, you have Nginx as a service and you can set it up to start automatically after machine boot!

Install SSL Certificate on Nginx

To encrypt communication between user and proxy server, you should have SSL certificate.

Self-signed TLS certificates are suitable for personal use or for applications that are used internally within an organization. How to create a self signed certificate

For internet facing applications, you should get certificate from trusted Certificate Authority. First, you have to generate a private key, called yourdomain.com.key, and a CSR, called yourdomain.com.csr using openssl . Run this command (replace the yourdomain.com with the name of your domain).

openssl req -newkey rsa:2048 -nodes -keyout yourdomain.com.key -out yourdomain.com.csr

At this point, you will be prompted for several lines of information that will be included in your certificate request. The most important part is the Common Name field which should match the name that you want to use your certificate with — for example, example.com, www.yourdomain.com, or (for a wildcard certificate request) *.yourdomain.com.

This will generate you two files:

  • yourdomain.com.key
    Your Private key. You’ll need this later to configure NGINX.
  • yourdomain.com.csr
    Your CSR file.

You will need to copy and paste your yourdomain.com.csr certificate content to request for a SSL Certificate with a Certificate Authority.

Download Certificate

Once your domain is verified, you will receive an email with a link to download SSL certificate. Download .crt files inside C:/nginx/bin/certs.

If your Certificate Authority included an intermediate certificate, you must create a single chained certificate file that contains your certificate and the CA’s intermediate certificates.

type yourdomain.com.crt intermediate.crt > yourdomain.com.chained.crt

Open NGINX config points to the right cert file and to the private key you generated.

<script type=”text/javascript” src=”https://platform.linkedin.com/badges/js/profile.js" async defer></script>

<div class=”LI-profile-badge” data-version=”v1" data-size=”medium” data-locale=”en_US” data-type=”vertical” data-theme=”light” data-vanity=”sudipp”><a class=”LI-simple-link” href=’https://www.linkedin.com/in/sudipp?trk=profile-badge'>Sudip Purkayastha</a></div>

Ssl
Nginx
Nodejs

--

--

Sudip Purkayastha
ideahive

Written by Sudip Purkayastha

7 Followers
Editor for

Ideahive.me — Ideas worth spreading Linkedin: https://www.linkedin.com/in/sudipp

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams