====== Web Servers - Nginx - Setup Nginx Reverse Proxy ====== A Reverse Proxy sits between a client and a web server (or servers) and acts as a **frontend** by handling all incoming client requests and distributing them to the backend web, database, and/or other server(s). Other benefits of a Reverse Proxy include: * **Load balancing**: The reverse proxy distributes incoming connections to backend servers, and can even do so according to the current load that each server is under. * This ensures that none of the backend servers get overloaded with requests. * It also prevents downtime, since the reverse proxy can reroute traffic if a backend server happens to go offline. * **Central logging**: Rather than having multiple servers generate log files, the reverse proxy can log all relevant information in a single location. * This makes the administrator’s job immensely easier, since problems can be isolated much more quickly and there is no need to parse log files from multiple locations when troubleshooting issues. * **Improved security**: A reverse proxy will obfuscate information about the backend servers, as well as act as a first line of defense against incoming attacks. * Since the reverse proxy is filtering out traffic prior to forwarding it to the backend, only innocuous traffic is passed along to the other servers. * **Better performance**: A reverse proxy server can make smart decisions about how to distribute the load across backend servers, which results in speedier response times. * Other common server tasks such as caching and compression can also be offloaded to the reverse proxy server, freeing up resources for the backend servers. ---- ===== Install NginX ===== sudo apt install nginx ---- ===== Disable the default virtual host ===== unlink /etc/nginx/sites-enabled/default ---- ===== Create a reverse proxy configuration file ===== All of the settings for the reverse proxy will go inside of a configuration file, and this file needs be placed inside the **sites-available** directory. cd /etc/nginx/sites-available Create the configuration file: /etc/nginx/sites-available/reverse-proxy.conf server { listen 80; location /some/path/ { proxy_pass http://example.com; } } **NOTE:** This will work for HTTP servers, but Nginx also supports other protocols. * Replace example.com with the IP address or hostname of the server you are forwarding to. * A port can also be specified with the hostname, such as 127.0.0.1:8080. ---- ===== Enable the proxy ===== Enable the new configuring by creating a symbolic link to the **sites-enabled** directory: ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf ---- ===== Proxy Non-HTTP servers ===== Nginx can also act as a reverse proxy for FastCGI, uwsgi, SCGI, and memcached. Rather than using the **proxy_pass** directive shown above, replace it with the appropriate type: * **proxy_pass**: (HTTP server – as seen above) * **fastcgi_pass**: FastCGI server. * **uwsgi_pass**: uwsgi server. * **scgi_pass**: SCGI server. * **memcached_pass**: Mmemcached server. ---- ===== Pass Headers ===== To configure what headers the reverse proxy server passes to the other server(s), define them in the same /etc/nginx/sites-available/reverse-proxy.conf configuration file. Use the **proxy_set_header** directive to adjust the headers. * They can be configured in the server, location, or http block. location /some/path/ { proxy_set_header HOST $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://example.com; } **NOTE:** This defines three types of headers and sets them to the respective variables. * There are a lot of different options for passing headers. * **Host**: contains information about which host is being requested. * **X-Forwarded-Proto**: species if the request is HTTP or HTTPS. * **X-Real-IP**: contains the IP address of the requesting client.