Reverse Proxy with Nginx

Reverse Proxy with Nginx: A Step-by-Step Setup Guide

This step-by-step tutorial will show you how you can easily set up a reverse proxy with Nginx to improve security and performance.

One of the more popular reverse proxy tools at the moment is Nginx. Although Nginx itself is a web server, it does an outstanding job serving as a reverse proxy.

What is a Reverse Proxy?

A reverse proxy is a server that sits between internal applications and external clients, forwarding client requests to the appropriate server.

The reverse proxy service acts as a front-end, handles all incoming client requests, and distributes them to the back-end web, database, or other servers.

Using Nginx as a reverse proxy gives you several additional benefits:

  • Load Balancing – Nginx can perform load balancing to distribute clients’ requests across proxied servers, improving performance, scalability, and reliability.
  • Improved Security – With a reverse proxy, clients will not have information about our backend servers, so there is no way any malicious client cannot access them directly to exploit any vulnerabilities. From the client’s point of view, this makes it look as though everything is coming from one place.
  • Better Performace – With Nginx as a reverse proxy, you can cache the pre-rendered versions of pages to speed up page load times. It works by caching the content received from the proxied servers’ responses and using it to respond to clients without contacting the proxied server for the same content every time.
  • SSL Termination – Nginx can act as an SSL endpoint for connections with the clients. It will handle and decrypt incoming SSL connections and encrypt the proxied server’s responses.
How Nginx Reverse Proxy Works

How to Set Up a Reverse Proxy with Nginx

1. Installing Nginx

Nginx is the most popular web server suite deployed across the internet. It can work as a reverse proxy server by directing web traffic to specific servers.

Let me show you how to install Nginx on various Linux distributions.

Related: How to Install and Configure Nginx Web Server

To install Nginx on DebianUbuntuLinux Mint, Kali, and other Debian or Ubuntu derivatives, run the following commands:

sudo apt update
sudo apt install nginx

On FedoraCentOS, Red Hat, and other Fedora or Red Hat derivatives, run the following commands:

sudo dnf upgrade
sudo dnf install nginx

To install Nginx on Arch LinuxManjaro, and other Arch derivatives, run the following commands:

sudo pacman -Syu
sudo pacman -S nginx

After installation is completed, you can verify that Nginx is installed correctly by checking the software version. Enter the following:

nginx -v
nginx version: nginx/1.18.0 (Ubuntu)

2. Configuring Nginx

We’ve installed the primary site at example.com domain name on the same server that runs our Nginx. However, our WordPress blog site is installed at blog.example.com subdomain on a different server with IP address 127.0.1.10.

Related: How to Configure Nginx to Work with PHP via PHP-FPM

We need to configure a reverse proxy with Nginx to proxying requests for the blog.example.com subdomain so that all requests are forwarded to 127.0.1.10. To do that, follow the steps shown below.

1. Disable the default pre-configured Nginx virtual host:

unlink /etc/nginx/sites-enabled/default

2. Enter the directory /etc/nginx/sites-available and create a reverse proxy configuration file.

cd /etc/nginx/sites-available
sudo vim example.conf

Paste the following Nginx configuration.

server {
        listen 80;
        server_name example.com www.example.com;

        location / {
                try_files $uri $uri/ /index.php?$query_string;
        }
}

server {
        listen 80;
        server_name blog.example.com;

        location / {
                proxy_pass http://127.0.1.10:80;
        }
}

As you can see,  you could continue running example.com on the same Nginx instance, but Nginx will redirect all incoming connections for blog.example.com on port 80 to the 127.0.1.10 server, listening on port 80.

3. Save the file and then activate it by creating a symlink:

sudo ln -s /etc/nginx/sites-available/example.conf /etc/nginx/sites-enabled/

4. Test Nginx for any configuration errors:

sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

5. If there are no errors, restart Nginx for the changes to take effect:

sudo systemctl restart nginx

Launch a web browser and go to your WordPress blog URL. You will be proxied through Nginx to 127.0.1.10, hosting your WordPress blog.

Congratulations, you’ve successfully set up Nginx to work as a reverse proxy. Now you can direct traffic that is supposed to go to the target server to the reverse proxy server, which will wind up at the correct destination.

You can learn more about all the reverse proxy directives in Nginx’s detailed index of directives.

Conclusion

Now you know how to set up a reverse proxy with Nginx. As you can see, the Nginx reverse proxy configuration is a simple process. But, of course, there are many ways to install and configure it, which depend entirely upon your requirement.

10 Comments

Leave a Reply

Your email address will not be published.

  1. So clean and easy to understand, surprised. Other founded articles looks toxic, and overloaded, and in same time explained close to nothing.
    Thank You

  2. Bobby, your article hit home on something I want to do, that is to set up two (or more) web servers behind my firewall, both accessible from Internet browser clients using the normal port 80 and the URL. For example webserver1 http://www.abc.com and webserver2 http://www.def.com.

    Assume the two servers are on the private IP addresses 10.0.0.100 and 10.0.0.110, respectively and my firewall router is on a public address 1.2.3.4. What I want is for port 80 traffic with URL http://www.abc.com to go to address 10.0.0.100 as port 80 and likewise for port 80 traffic with URL http://www.def.com to go to 10.0.0.110.

    From your article it sounds like I need to configure a “reverse proxy” server (say 10.0.1.50) listening for all port 80 traffic. It would then act like a traffic cop for routing incoming requests?? Is it really that simple?? I assume the the Internet client is unaware of any of this? Thanks for your article and any comments you might have relating to my project.

    ps…like Tony I’m also in the mid+ 70’s and enjoy “fighting” with my computers (Windows and Raspberry Pi’s)….

    • Hi,

      Yes, it really is that simple. There is no magic here. 🙂
      All you have to do is configure a reverse proxy and have your router redirect inbound traffic coming to port 80 to your reverse proxy server. Everything else is described above. In fact, it’s a straightforward scenario.

      And last but definitely not least, thank you for reading Linuxiac!
      Keep “fighting”!