Tech Tutorial: Implementing Nginx as a Web Server and Reverse Proxy #
Introduction #
In this tutorial, we will delve into setting up Nginx as both a web server and a reverse proxy. This guide is tailored for system administrators and developers who are preparing for exams or need to deploy Nginx in a production environment. We will cover the installation, basic configuration, setting up a reverse proxy, and security enhancements.
Step-by-Step Guide #
Prerequisites #
- A Linux server (Ubuntu 20.04 LTS is used in examples)
- Sudo or root privileges
- Basic understanding of Linux and networking
1. Installing Nginx #
First, update your package manager and install Nginx:
sudo apt update
sudo apt install nginx
Once installed, you can start and enable Nginx to run on boot:
sudo systemctl start nginx
sudo systemctl enable nginx
Verify that Nginx is running:
sudo systemctl status nginx
2. Configuring Nginx as a Web Server #
Create a new configuration file for your website:
sudo nano /etc/nginx/sites-available/mywebsite.com
Add the following configuration:
server {
listen 80;
server_name mywebsite.com www.mywebsite.com;
location / {
root /var/www/mywebsite.com;
index index.html index.htm;
}
}
Link your configuration to the sites-enabled directory and test for configuration errors:
sudo ln -s /etc/nginx/sites-available/mywebsite.com /etc/nginx/sites-enabled/
sudo nginx -t
Reload Nginx to apply the changes:
sudo systemctl reload nginx
3. Setting Up Nginx as a Reverse Proxy #
Edit your site’s configuration file:
sudo nano /etc/nginx/sites-available/mywebsite.com
Add a reverse proxy configuration inside the server block:
location /app {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
This configuration forwards traffic from http://mywebsite.com/app
to http://localhost:8080
.
Test and reload Nginx:
sudo nginx -t
sudo systemctl reload nginx
4. Security Enhancements #
a. Restricting Access by IP #
To restrict access to your site by IP, modify the server block:
location /secure {
allow 192.168.1.100;
deny all;
}
b. Implementing SSL/TLS #
First, obtain SSL certificates (Let’s Encrypt or any other CA). For this example, we assume you have the certificates ready.
Modify the server block to include SSL configuration:
server {
listen 443 ssl;
server_name mywebsite.com www.mywebsite.com;
ssl_certificate /etc/ssl/certs/mywebsite.com.crt;
ssl_certificate_key /etc/ssl/private/mywebsite.com.key;
location / {
root /var/www/mywebsite.com;
index index.html index.htm;
}
}
Redirect HTTP traffic to HTTPS:
server {
listen 80;
server_name mywebsite.com www.mywebsite.com;
return 301 https://$server_name$request_uri;
}
Test and reload Nginx:
sudo nginx -t
sudo systemctl reload nginx
Conclusion #
This tutorial covered the essentials of setting up Nginx as both a web server and a reverse proxy. Through detailed examples, you’ve learned how to configure Nginx for serving static content, acting as a reverse proxy, and enhancing security with IP restrictions and SSL/TLS configurations. With these skills, you’re well-prepared to deploy Nginx in various production scenarios efficiently.