A reverse proxy is a server that sits in front of web servers and forwards client (e.g., web browser) requests to those web servers. NGINX is a high-performance HTTP server that can also serve as a reverse proxy. By using NGINX as a reverse proxy, you can improve the security, reliability, and performance of your web application.

Benefits of Using NGINX as Reverse Proxy

Load Balancing: Distribute traffic across multiple servers to ensure no single server becomes overburdened.
Improved Security: By positioning NGINX as a gatekeeper, you protect your application from exposure to the public internet.

Caching: NGINX can cache content, reducing the load on your application servers and improving response times.
SSL Termination: Handle SSL/TLS encryption at the proxy level, offloading the performance overhead from the application servers.
Compression: Compress files to reduce bandwidth and speed up transfer times.

Prerequisites

To get the most out of this article, you should have the following:

Access to a Linux server
Basic understanding of Linux command line

An existing website or web application

Installing NGINX

Before setting up your reverse proxy, you need to install NGINX. You can install it using your package manager:

sudo apt update 
sudo apt install nginx

On CentOS, use:

sudo yum install epel-release 
sudo yum install nginx

Configuring NGINX as a Reverse Proxy

Edit the NGINX configuration file typically located at /etc/nginx/nginx.conf or under /etc/nginx/sites-available/ for more granular configuration. Below is a basic example of a reverse proxy setup:

server {
    listen 80;

    server_name example.com;
    location / {
        proxy_pass http://backend-server-ip:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

This configuration instructs NGINX to listen on port 80 and forward all requests to the specified backend server.

Load Balancing Configuration

You can improve the availability and performance of your application by distributing traffic across multiple servers. Here’s a simple round-robin load balancing configuration:

http {
    upstream backend {
        server backend1.example.com;
        server backend2.example.com;
        server backend3.example.com;
        # ... add as many servers as you need
    }

    server {
        listen 80;

        location / {
            proxy_pass http://backend;
            # ... other proxy parameters
        }
    }
}

SSL Termination

NGINX can handle SSL transactions on behalf of the backend servers. Here’s how you would configure SSL termination:

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/ssl/example.com.crt;
    ssl_certificate_key /etc/ssl/example.com.key;

    location / {
        proxy_pass http://backend-server-ip:8080;
        # ... other proxy parameters
    }
}

Testing Your Configuration

After making changes to your NGINX configuration, you should test the configuration for syntax errors:

sudo nginx -t

If the test is successful, reload NGINX to apply the changes:

sudo systemctl reload nginx

Conclusion

Setting up an NGINX reverse proxy does more than just improve your web application’s performance and security. It provides a scalable and flexible solution to manage your web traffic effectively. Remember, the configurations above are starting points; fine-tune them according to your specific needs and environment.

Next Article: NGINX vs Apache: Which is better?

Previous Article: How to migrate from Apache to NGINX

Series: NGINX Tutorials

DevOps