Nginx Reverse Proxy Server Setup: A Comprehensive Walkthrough for Beginners

Ahmed K.
4 min readMay 28, 2023

--

Photo by Florian Krumm on Unsplash

Introduction:

In this tutorial, we will learn how to set up a reverse proxy server using Nginx. A reverse proxy acts as an intermediary between client requests and backend servers, helping to improve performance, security, and flexibility. I will explain the code snippet provided and guide you through the process of configuring Nginx to act as a reverse proxy server.

Prerequisites:

Before getting started, make sure you have the following:

  • A Linux-based server with Nginx installed.
  • Basic familiarity with Nginx configuration or Perl.

Nginx Configuration File:

Log in to your server via SSH or open a terminal session.

  1. Locate the Nginx configuration file. Typically, it is located at /etc/nginx/nginx.conf .
  2. Create a new file /etc/nginx/sites-available/default to set up the logic for configuration.
  3. Include /etc/nginx/sites-available/default in nginx.conf as:
# some other code
http {
# some other code
include /etc/nginx/sites-enabled/*;
}

Code breakdown and its functionality:

First open /etc/nginx/sites-available/default in a text editor of your choice.

  1. Setting up the basic structure
server {
# listen 80;
listen 443 ssl;
listen [::]:443 ssl;
}
  1. server: This keyword starts the server block, which defines the configuration for a specific server.
  2. # listen 80;: This line is commented out, but it would normally specify that the server should listen on port 80 for HTTP traffic. When uncommented, it would allow the server to handle both HTTP and HTTPS traffic.
  3. listen 443 ssl;: This line tells Nginx to listen on port 443 for HTTPS traffic. The ssl parameter enables SSL/TLS encryption for secure communication.
  4. listen [::]:443 ssl;: This line specifies that the server should also listen on IPv6 addresses for HTTPS traffic on port 443.

By setting up the server block in this way, you are configuring Nginx to handle HTTPS traffic on port 443 with SSL/TLS encryption. This is typically used for secure communication and requires a valid SSL/TLS certificate to be installed on the server.

2. Configuring the Reverse Proxy Server:

server {
# listen 80;
listen 443 ssl;
listen [::]:443 ssl;

server_name www.example.com;

location / {
root /var/www/your-html-source/;
index index.html index.htm;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
try_files $uri $uri/ /index.html;
}
}

a. server_name www.example.com; This line specifies the server name that this configuration block applies to. In this case, it is set to “www.example.com", meaning that this configuration will be used when handling requests for the “www.example.com" domain.

b. location / This directive defines a location block that matches requests for the root URL (“/”). It is used to specify how requests to the root URL should be handled.

c. root /var/www/your-html-source/; This line sets the root directory for serving files for this location. It specifies that the files should be served from the “/var/www/your-html-source/” directory.

d. index index.html index.htm; This line specifies the list of files that Nginx should try to serve if a directory is requested. In this case, it will first look for “index.html” and then “index.htm” in the requested directory.

e. proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;

These lines set various proxy-related headers and configuration options. They ensure that the proxying is performed correctly, including handling HTTP/1.1, upgrading the connection if needed, setting the host header, and bypassing any caching mechanisms.

f. try_files $uri $uri/ /index.html; This line specifies a fallback mechanism if the requested file or directory does not exist. It tells Nginx to first attempt to serve the requested file, then if it doesn’t exist, try to serve the corresponding directory. If that also doesn’t exist, it will serve the “index.html” file.

You can add as many as blocks you want to.

Add these lines to use certificates:

ssl_certificate_key /path/to/ssl_certificate_key.pem;
ssl_certificate /path/to/ssl_certificate.pem;
  • Another server block can be added to perform a redirect from HTTP to HTTPS for your domain:
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
}
listen 80;
listen [::]:80;
server_name www.example.com;
return 301 https://$server_name$request_uri;
}

Test if all is okay with the syntax:

sudo nginx -t 

Now we need to restart the Nginx service, you can use the following command:

sudo service nginx restart

This command will restart the Nginx service, applying any changes made to the configuration files.

Conclusion:

Remember to adjust the configuration according to your specific requirements, such as domain names, file paths, and ports. Regularly update and maintain your SSL/TLS certificates to ensure the highest level of security for your website or application.

With this newfound knowledge, you are now equipped to utilize Nginx as a powerful reverse proxy server to optimize your web infrastructure. Happy proxying!

--

--

Ahmed K.

Software Engineer; Coding while time-traveling through World History!