This step-by-step tutorial will show you how you can easily set up a reverse proxy with Nginx to improve security and performance.
One of the more popular reverse proxy tools at the moment is Nginx. Although Nginx itself is a web server, it does an outstanding job serving as a reverse proxy.
What is a Reverse Proxy?
A reverse proxy is a server that sits between internal applications and external clients, forwarding client requests to the appropriate server.
The reverse proxy service acts as a front-end, handles all incoming client requests, and distributes them to the back-end web, database, or other servers.
Using Nginx as a reverse proxy gives you several additional benefits:
- Load Balancing – Nginx can perform load balancing to distribute clients’ requests across proxied servers, improving performance, scalability, and reliability.
- Improved Security – With a reverse proxy, clients will not have information about our backend servers, so there is no way any malicious client cannot access them directly to exploit any vulnerabilities. From the client’s point of view, this makes it look as though everything is coming from one place.
- Better Performace – With Nginx as a reverse proxy, you can cache the pre-rendered versions of pages to speed up page load times. It works by caching the content received from the proxied servers’ responses and using it to respond to clients without contacting the proxied server for the same content every time.
- SSL Termination – Nginx can act as an SSL endpoint for connections with the clients. It will handle and decrypt incoming SSL connections and encrypt the proxied server’s responses.
How to Set Up a Reverse Proxy with Nginx
1. Installing Nginx
Nginx is the most popular web server suite deployed across the internet. It can work as a reverse proxy server by directing web traffic to specific servers.
Let me show you how to install Nginx on various Linux distributions.
Related: How to Install and Configure Nginx Web Server
To install Nginx on Debian, Ubuntu, Linux Mint, Kali, and other Debian or Ubuntu derivatives, run the following commands:
sudo apt update
sudo apt install nginx
On Fedora, CentOS, Red Hat, and other Fedora or Red Hat derivatives, run the following commands:
sudo dnf upgrade
sudo dnf install nginx
To install Nginx on Arch Linux, Manjaro, and other Arch derivatives, run the following commands:
sudo pacman -Syu
sudo pacman -S nginx
After installation is completed, you can verify that Nginx is installed correctly by checking the software version. Enter the following:
nginx -v
nginx version: nginx/1.18.0 (Ubuntu)
2. Configuring Nginx
We’ve installed the primary site at example.com
domain name on the same server that runs our Nginx. However, our WordPress blog site is installed at blog.example.com
subdomain on a different server with IP address 127.0.1.10
.
Related: How to Configure Nginx to Work with PHP via PHP-FPM
We need to configure a reverse proxy with Nginx to proxying requests for the blog.example.com
subdomain so that all requests are forwarded to 127.0.1.10
. To do that, follow the steps shown below.
1. Disable the default pre-configured Nginx virtual host:
unlink /etc/nginx/sites-enabled/default
2. Enter the directory /etc/nginx/sites-available
and create a reverse proxy configuration file.
cd /etc/nginx/sites-available
sudo vim example.conf
Paste the following Nginx configuration.
server {
listen 80;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
}
server {
listen 80;
server_name blog.example.com;
location / {
proxy_pass http://127.0.1.10:80;
}
}
As you can see, you could continue running example.com
on the same Nginx instance, but Nginx will redirect all incoming connections for blog.example.com
on port 80
to the 127.0.1.10
server, listening on port 80
.
3. Save the file and then activate it by creating a symlink:
sudo ln -s /etc/nginx/sites-available/example.conf /etc/nginx/sites-enabled/
4. Test Nginx for any configuration errors:
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
5. If there are no errors, restart Nginx for the changes to take effect:
sudo systemctl restart nginx
Launch a web browser and go to your WordPress blog URL. You will be proxied through Nginx to 127.0.1.10
, hosting your WordPress blog.
Congratulations, you’ve successfully set up Nginx to work as a reverse proxy. Now you can direct traffic that is supposed to go to the target server to the reverse proxy server, which will wind up at the correct destination.
You can learn more about all the reverse proxy directives in Nginx’s detailed index of directives.
Conclusion
Now you know how to set up a reverse proxy with Nginx. As you can see, the Nginx reverse proxy configuration is a simple process. But, of course, there are many ways to install and configure it, which depend entirely upon your requirement.
You are great.Than you.
At 78 I’m fascinated by Centos stream and NGINX. It is like Magic.
Thank you.
Tony.
Keep the spirit, Tony.
Thank you for reading Linuxiac!
Best,
Bobby
So clean and easy to understand, surprised. Other founded articles looks toxic, and overloaded, and in same time explained close to nothing.
Thank You
The pleasure is all mine.
Thanks for the kind words!
Are the 172.0.1.10 vs. 127.0.1.10 typos? assuming so, excellent, and thanks!
Hi Amgine,
Thank you for the remark!
Of course, it’s a typo. I apologize. It has already been fixed.
Bobby, your article hit home on something I want to do, that is to set up two (or more) web servers behind my firewall, both accessible from Internet browser clients using the normal port 80 and the URL. For example webserver1 http://www.abc.com and webserver2 http://www.def.com.
Assume the two servers are on the private IP addresses 10.0.0.100 and 10.0.0.110, respectively and my firewall router is on a public address 1.2.3.4. What I want is for port 80 traffic with URL http://www.abc.com to go to address 10.0.0.100 as port 80 and likewise for port 80 traffic with URL http://www.def.com to go to 10.0.0.110.
From your article it sounds like I need to configure a “reverse proxy” server (say 10.0.1.50) listening for all port 80 traffic. It would then act like a traffic cop for routing incoming requests?? Is it really that simple?? I assume the the Internet client is unaware of any of this? Thanks for your article and any comments you might have relating to my project.
ps…like Tony I’m also in the mid+ 70’s and enjoy “fighting” with my computers (Windows and Raspberry Pi’s)….
Hi,
Yes, it really is that simple. There is no magic here. 🙂
All you have to do is configure a reverse proxy and have your router redirect inbound traffic coming to port 80 to your reverse proxy server. Everything else is described above. In fact, it’s a straightforward scenario.
And last but definitely not least, thank you for reading Linuxiac!
Keep “fighting”!
So I need another server to work as a target right? it is possible to use nginx as web server & reverse proxy?
Yes!
You can use a separate server just for NGinx…….BUT
You can be utilizing NGinx already as a webserver……And run the reverse proxying on the same machine for other things..like emby or diaspora or wordpress…etc