Install Nginx as a Reverse Proxy on Ubuntu 20.04 LTS
A reverse proxy is the recommended method to expose an application server to the internet. Whether you are running a Node.js application in production or a minimal built-in web server with Flask, these application servers will often bind to with a TCP port. This means by default, your application will only be accessible locally on the machine it resides on. While you can specify a different bind point to force access through the internet, these application servers are designed to be served from behind a reverse proxy in production environments. This provides security benefits in isolating the application server from direct internet access, the ability to centralize firewall protection, and a minimized attack plane for common threats such as denial of service attacks.
From a client’s perspective, interacting with a reverse proxy is no different from interacting with the application server directly. It is functionally the same, and the client cannot tell the difference. A client requests a resource and then receives it, without any extra configuration required by the client.
This tutorial will demonstrate how to set up a reverse proxy using Nginx, a popular web server and reverse proxy solution. You will install Nginx, configure it as a reverse proxy using the directive, and forward the appropriate headers from your client’s request. If you don’t have an application server on hand to test, you will optionally set up a test application with the WSGI server Gunicorn.
Prerequisites
To complete this tutorial, you will need:
- An Ubuntu 20.04 server, set up according to our initial server setup guide for Ubuntu 20.04,
- The address of the application server you want to proxy, this will be referred to as app_server_address throughout the tutorial. This can be an IP address with TCP port (such as the Gunicorn default of ), or a unix domain socket (such as for pgAdmin). If you do not have an application server set up to test with, you will be guided through setting up a Gunicorn application which will bind to .
http://127.0.0.1:8000http://unix:/tmp/pgadmin4.sockhttp://127.0.0.1:8000 - A domain name pointed at your server’s public IP. This will be configured with Nginx to proxy your application server.
Step 1 — Installing Nginx
Nginx is available for installation with through the default repositories. Update your repository index, then install Nginx:
# apt-get update
# apt-get upgrade
# apt install nginx
Now you can verify that Nginx is running:
# systemctl status nginx
Next you will add a custom server block with your domain and app server proxy.
Step 2 — Configuring your Server Block
It is recommended practice to create a custom configuration file for your new server block additions, instead of editing the default configuration directly. Create and open a new Nginx configuration file using or your preferred text editor:
# nano /etc/nginx/sites-available/your_domain
Insert the following into your new file, making sure to replace
server {
listen 80;
listen [::]:80;
server_name your_domain www.your_domain;
location / {
proxy_pass app_server_address;
include proxy_params;
}
}
This configuration file begins with a standard Nginx setup, where Nginx will listen on port and respond to requests made to your_domain and . Reverse proxy functionality is enabled through Nginx’s directive. With this configuration, navigating to your_domain in your local web browser will be the same as opening app_server_address on your remote machine. While this tutorial will only proxy a single application server, Nginx is capable of serving as a proxy for multiple servers at once. By adding more location blocks as needed, a single server name can combine multiple application servers through proxy into one cohesive web application.
All HTTP requests come with headers, which contain information about the client who sent the request. This includes details like IP address, cache preferences, cookie tracking, authorization status, and more. Nginx provides some recommended header forwarding settings you have included as, and the details can be found in: /etc/nginx/proxy_params
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
Next, enable this configuration file by creating a link from it to the directory that Nginx reads at startup:
# sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/
You can now test your configuration file for syntax errors:
# nginx -t
With no problems reported, restart Nginx to apply your changes:
# systemctl restart nginx
Nginx is now configured as a reverse proxy for your application server, and you can access it from a local browser if your application server is running. If you have an intended application server but do not have it running, you can proceed to starting your intended application server. You can skip the remainder of this tutorial.