NGINX Reverse Proxy
This document provides the most basic reference on setting up a NGINX Reverse Proxy. For more detailed usage of NGINX as reverse proxy, the NGINX document can be referred.
NGINX
NGINX, proununced "Engine-ex", is an open source web server, load balancer, HTTP Cache as well as a reverse proxy. A reverse proxy is a service that stays in front of web servers and proxies the requests to the web server. The requests made from clients to the web server will first reach the reverse proxy before reaching the origin server. It directs the client requests to appropriate backend servers. Web proxies have many advantages:
a. Load Balancing
b. Security
c. Anonymity
d. SSL Termination
e. Caching etc.
For more details on reverse proxy and their use cases Cloudflare has a really good article on it.
Setting up NGINX Reverse Proxy
This article assumes that NGINX has already been installed and running on port 80 in the system. The NGINX sites-enabled directory consists of the configuration files for the virtual hosts served by the server. The most general location would be /etc/nginx/sites-enabled/.
The proxy_pass directive is used inside the location blocks for configuring reverse proxy with NGINX. The most basic form of reverse proxy is:
location / {
proxy_pass http://server_ip:port;
}
Here, any requests coming to the default location of the server will be proxied to server_ip:port. The server_ip would be the IP Address of the server in which the backend application is running. If it is running in the same server where NGINX is installed then 127.0.0.1 or localhost can be used, else the IP address of the backend server needs to be used. port is the port in which the application is listening to.
For example, we have a Rails application running in server with IP address 10.5.17.2 and listening on port 3000. This backend server is not available publicly to the world, but we have another server with IP address 202.15.67.23 which is accesible publicly.
Now, we need to configure NGINX server which has IP address of 202.15.67.23 and port 80 so that users can access the Rails app with IP address of NGINX server, then the basic configuration will be:
location / {
proxy_pass http://10.5.17.2:3000;
}
After this configuration, the Rails application will be available for the users at location 202.15.67.23.
Note
The backend server should be reachable from the NGINX server. Else the proxy_pass will not work.
Similary, if we need the previous Rails app to be served in a different location than /, let's say /api/ then the configuration will be:
location /api {
proxy_pass http://10.5.17.2:3000;
}
202.15.67.23/api.
Advanced configuration
By default NGINX eliminates the header fields from the requests made by the clients when forwarding the request to the backend. So additional configurations may be required in the location block. The configurations depends on the use cases, but some of the common configurations are listed below.
- proxy_set_header Forwarded $proxy_add_forwarded;
- proxy_set_header X-Forwarded-For "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
For more details on NGINX and it's configuration it is recommended to read the official documentations or the NGINX Cookbook available in Gurzu Library.
-
Contributors: Avash Mulmi ↩