Guide: Set up a reverse proxy using nginx on Linux

A reverse proxy is a server that handles incoming traffic and responds with data this proxy retrieves from one or more instances located in it’s own local network. Look at the reverse proxy as the bridge to the island that is your app environment.

Instance — an optimized computer generally running Linux that is available in your app environment’s local network.

Now why would you need this?

  • Load balancing — distribute incoming traffic across multiple server resources to improve performance.
  • Web acceleration — compress inbound and outbound data, as well as cache commonly requested content to speed up traffic flow.
  • Security — protect the identities of your back end machines. Set up SSL to serve your web app over HTTPS

We’ll be using nginx to set up our reverse proxy on an instance running Linux Debian 9 “stretch”.

This guide requires some basic knowledge of the following subjects: Creating and managing computing instances, SSH, Linux CLI commands, configuring your domain’s A-records.

What exactly are we setting up?

We will be configuring a very basic reverse proxy setup. Our fictional app environment has 2 significant instances: the reverse proxy instance and the target instance that’s running something (e.g. an app) on port 3000. We want to be able to access this app via the reverse proxy when we navigate to our fictional domain www.example.com. Let’s begin!

1. Install nginx

Make sure the instance you set up to act as reverse proxy is configured to allow HTTP traffic. SSH into your reverse proxy instance and run the following commands:

$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install nginx

When you navigate to the reverse proxy instance’s public IP using your web browser, you should see a welcome message like this:

nginx welcome message

Congratulations, your instance is now a server.

Some Basic operating commands

$ sudo systemctl start nginx
$ sudo systemctl stop nginx
$ sudo systemctl restart nginx
$ sudo systemctl status nginx

2. Configure routes

Change you working directory to the nginx config files location for sites.

cd /etc/nginx/sites-available/

Files containing routing rules go in the sites-available/ folder. To activate those rules you need to create a symlink of those files to the sites-enabled/ folder. By default this has already been done for you with the file default. This file has some example configuration rules. We won’t need them so feel free to delete everything inside the file default. Add following lines to the file default:

server {
listen 80;
listen [::]:80;
    server_name example.com www.example.com;
    location / {
proxy_pass http://10.0.0.3:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}

You can add multiple config files, a config file can contain multiple server{} server blocks, a server block can contain multiple location{} blocks.

Replace the following parameters with yours

  • example.com www.example.com add all domains that will need to be handled
  • 10.0.0.3 insert the local IP address you want your proxy to get the response from
  • 3000 insert the port to use

Test your nginx configuration and reload to enable the changes.

$ sudo nginx -t
$ sudo systemctl reload nginx
Important — Don’t forget to point your domain’s A-records to the configured reverse proxy’s public IP address. Depending on your DNS provider A-records can take some time to update.

Done! When you navigate to your domain now, the proxy will respond with the app running on the internal target instance.

SSL/HTTPS

Continue configuring your reverse proxy with our next guide to enable SSL/HTTPS for your domain.

Like what you read? Give Tom Delerue a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.