208.4 Implementing Nginx as a web server and a reverse proxy (weight: 2)

Tech Tutorial: Implementing Nginx as a Web Server and Reverse Proxy #

Introduction #

In this tutorial, we will delve into setting up Nginx as both a web server and a reverse proxy. This guide is tailored for system administrators and developers who are preparing for exams or need to deploy Nginx in a production environment. We will cover the installation, basic configuration, setting up a reverse proxy, and security enhancements.

Step-by-Step Guide #

Prerequisites #

  • A Linux server (Ubuntu 20.04 LTS is used in examples)
  • Sudo or root privileges
  • Basic understanding of Linux and networking

1. Installing Nginx #

First, update your package manager and install Nginx:

sudo apt update
sudo apt install nginx

Once installed, you can start and enable Nginx to run on boot:

sudo systemctl start nginx
sudo systemctl enable nginx

Verify that Nginx is running:

sudo systemctl status nginx

2. Configuring Nginx as a Web Server #

Create a new configuration file for your website:

sudo nano /etc/nginx/sites-available/mywebsite.com

Add the following configuration:

server {
    listen 80;
    server_name mywebsite.com www.mywebsite.com;

    location / {
        root /var/www/mywebsite.com;
        index index.html index.htm;
    }
}

Link your configuration to the sites-enabled directory and test for configuration errors:

sudo ln -s /etc/nginx/sites-available/mywebsite.com /etc/nginx/sites-enabled/
sudo nginx -t

Reload Nginx to apply the changes:

sudo systemctl reload nginx

3. Setting Up Nginx as a Reverse Proxy #

Edit your site’s configuration file:

sudo nano /etc/nginx/sites-available/mywebsite.com

Add a reverse proxy configuration inside the server block:

location /app {
    proxy_pass http://localhost:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

This configuration forwards traffic from http://mywebsite.com/app to http://localhost:8080.

Test and reload Nginx:

sudo nginx -t
sudo systemctl reload nginx

4. Security Enhancements #

a. Restricting Access by IP #

To restrict access to your site by IP, modify the server block:

location /secure {
    allow 192.168.1.100;
    deny all;
}

b. Implementing SSL/TLS #

First, obtain SSL certificates (Let’s Encrypt or any other CA). For this example, we assume you have the certificates ready.

Modify the server block to include SSL configuration:

server {
    listen 443 ssl;
    server_name mywebsite.com www.mywebsite.com;

    ssl_certificate /etc/ssl/certs/mywebsite.com.crt;
    ssl_certificate_key /etc/ssl/private/mywebsite.com.key;

    location / {
        root /var/www/mywebsite.com;
        index index.html index.htm;
    }
}

Redirect HTTP traffic to HTTPS:

server {
    listen 80;
    server_name mywebsite.com www.mywebsite.com;
    return 301 https://$server_name$request_uri;
}

Test and reload Nginx:

sudo nginx -t
sudo systemctl reload nginx

Conclusion #

This tutorial covered the essentials of setting up Nginx as both a web server and a reverse proxy. Through detailed examples, you’ve learned how to configure Nginx for serving static content, acting as a reverse proxy, and enhancing security with IP restrictions and SSL/TLS configurations. With these skills, you’re well-prepared to deploy Nginx in various production scenarios efficiently.