How to Setup Nginx Reverse Proxy

A reverse proxy is a service that accepts a client request, sends the request to one or more backend servers, gets a response, and then passes the server's response to the client, usually a browser, but also curl .

Due to its performance and scalability, Nginx is often used as a reverse proxy for HTTP and non-HTTP servers. A typical reverse proxy configuration is to put Nginx in front of a Node.js , Python or Java application.

Some of the benefits that using Nginx as a reverse proxy can bring you. Load balancing , Nginx can act as a load balancer to distribute client requests among proxy servers, improving performance, scalability, and reliability.

Caching , using Nginx as a reverse proxy, you can cache pre-rendered versions of pages to speed up page load times.

It works by caching the content of the response from the proxy server and using the cache to respond to the client without having to connect to the proxy server every time to get the same content.

SSL, Nginx can act as an SSL endpoint to connect with clients. It will handle and decrypt incoming SSL connections and encrypt proxy server responses.

Compression, if the proxy server is not sending a compressed response, you can configure Nginx to compress the response before sending it, using the gzip compression algorithm .

DDoS attacks , you can limit incoming requests and the number of connections per IP address to what is typical for a normal user. Nginx also allows you to block or restrict access based on client location and the value of request headers such as User-Agentand .Referer

This tutorial outlines the steps required to configure Nginx as a reverse proxy. We assume you have Nginx installed on your Ubuntu , CentOS or Debian server.

To configure Nginx as a reverse proxy for an HTTP server, open the nginx virtual server configuration file and in the context of location use the proxy_passdirective to set the server to proxy.

In distributions of Ubuntu and Debian, server configuration files are stored in /etc/nginx/sites-enableddirectories, while in CentOS they are stored in /etc/nginx/conf.ddirectories.

The URL of the proxy server is proxy_passset using the directive, which can be used as the protocol, domain name HTTPor HTTPSIP address as the hostname, and optional port and URI as the address.

server {
    listen 80;
    server_name www.example.com example.com;

    location /app {
       proxy_pass http://127.0.0.1:8080;
    }
}

The above configuration instructs Nginx to pass all /apprequests starting with http://127.0.0.1:8080.

pass header

When Nginx proxies a request, it automatically removes the two header fields defined in the request from the client Hostand Connectionremoves empty headers. Set Hostto $proxy_hostvariable, Connectionset to off.

In order for the application to get the header from the client, you need to use the proxy_set_headerdirective followed by the header value. to set the correct Header to pass the application.

In the following example, we remove the header request header Hostby changing the value of the request header field to $host, and Accept-Encodingsetting the value to an empty string Accept-Encoding.

Whenever a configuration file is modified, the Nginx service must be restarted for the changes to take effect.

location / {
    proxy_set_header Host $host;
    proxy_set_header Accept-Encoding "";
    proxy_pass http://localhost:3000;
}

Nginx fastcgi memcached

To configure Nginx as a reverse proxy for a non-HTTP proxy server, you can use the directive include, fastcgi_passconfigure FastCGI server proxy. uwsgi_passConfigure the uwsgi server proxy.

scgi_passConfigure the SCGI server. memcached_passConfigure the Memcached server proxy.

One of the most common examples is configuring a FastCGI proxy for PHP-FPM.

server {

    # ... other directives

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    }
}

proxy_pass proxy configuration

  location/ {
    proxy_pass http://127.0.0.1:3000;
    proxy_http_version  1.1;
    proxy_cache_bypass  $http_upgrade;

    proxy_set_header Upgrade           $http_upgrade;
    proxy_set_header Connection        "upgrade";
    proxy_set_header Host              $host;
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host  $host;
    proxy_set_header X-Forwarded-Port  $server_port;
  }

proxy_http_version 1.1Defines the HTTP protocol version used for proxying, by default it is set to 1.0. For Websockets and keepaliveconnections you need to use version 1.1.

proxy_cache_bypass $http_upgradeSet up websocket not to get the response from the cache, but directly through the application.

Upgrade $http_upgradeand Connection "upgrade"if your application uses Websockets, these fields are required.

X-Real-IP $remote_addrForwards the real client address to the application. If not set, your application will get the Nginx server IP address.

X-Forwarded-For $proxy_add_x_forwarded_forX-Forwarded-ForForward the fields of the client request header to the application.

X-Forwarded-ForIf the field does not exist in the client request header , the $proxy_add_x_forwarded_forvariable is equivalent to the $remote_addrvariable

X-Forwarded-Proto $schemeThis will forward the HTTP protocol or HTTPS protocol used by the client.

X-Forwarded-Host $host​​Original host to forward X-Forwarded-Port $server_portDefines the original port for client requests.

If you don't have an existing SSL/TLS certificate, use Certbot to get a free one Let’s Encrypt SSL.

Conclusion

You have seen how to use Nginx as a reverse proxy. We also showed you how to pass additional parameters to the server, and how to modify and set different request header fields in proxied requests.

If you have any questions or feedback, please feel free to leave a comment.