In this tutorial we will show you how and for what reasons to create a so called "reverse proxy" with the popular web server Nginx, nowadays, the most popular choice for this kind of tasks.
Just started the tutorial, don't you have a Cloud Linux server so can you install your nginx web server? Don't worry! With just one click, you can easily deploy SW Hosting.
cta:cloud_so
A reverse proxy refers to a server that displays content from one or more servers that remain hidden from the client or user.
info For example, if you put a reverse proxy in front of a web application, your users will never interact directly with the application, but the reverse proxy will act as an intermediary between your users and the application.
Reverse proxies can be an option to increase security. For example, they allow us to hide the real server where your applications are hosted or also, they allow us to implement additional security layers, such as a TLS connection that is applied by the proxy, but that would not have been natively supported by your application.
Also, a reverse proxy is handy for serving multiple web applications from the same machine. The application will generally run on localhost on infrequent ports such as 4000
or 5000
. The reverse proxy will then listen on ports 80/443
and serve the content of one web application or another depending on the SNI or host of the request.
First of all, you must meet the following requirements:
root
access to a Linux server.80
and 443
occupied by another process, such as Apache.localhost
through an arbitrary port that is available (e.g. port 4000
). This can be easily accomplished with NodeJs or .NET Core.You can accomplish this using the nano text editor. A good path to do this is sites-available
inside the nginx configuration directory.
nano /etc/nginx/sites-available/mydomain.com.conf
file mydomain.com.conf
server {
#Listen in the harbor 80, ipv4.
listen 80;
#Here you must enter the name of your domain.
server_name midominio.com;
access_log /var/log/nginx/midominio.com.access.log;
location / {
#The proxy settings.
proxy_pass http://localhost:4000/;
}
}
For Debian based operating systems:
systemctl reload nginx
At this point you will need to run your web application, if it is not already running.
In the long run you will want to run it as a service/daemon, but for testing purposes it will be sufficient to run it manually.
For example, if you have a NodeJS application, the syntax is as follows:
node /ruta/applicacion.js
If you followed the steps in this tutorial correctly and if your machine has no other security settings that would hinder you, you should now be able to access your application from "mydomain.com " (or whatever your domain is).
Thanks to Nginx as a reverse proxy, you can easily serve your applications securely over a TLS connection. To achieve this, we only need to modify the configuration file of the Nginx virtual host:
server {
listen 80;
#Redirect to a secure connection.
return 301 https://$host$request_uri;
}
server {
listen 443;
#Here you must enter the name of your domain.
server_name midominio.com;
#Here you must specify the path of your SSL certificate
ssl_certificate /etc/ruta/al/certificado/cert.crt;
ssl_certificate_key /etc/ruta/al/certificado/cert.key;
ssl on;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
access_log /var/log/nginx/midominio.com.access.log;
location / {
proxy_pass http://localhost:4000;
}
}
Finally, save the changes, restart nginx with:
systemctl reload nginx
and run the application again, if you don't already have it as a service or daemon.
success That's it! If you have followed the steps correctly, you will now have a web application served through a reverse proxy by nginx.
Remember that if you do not yet have a Cloud server with a Linux operating system, you can easily deploy it with SW Hosting.
cta:cloud_so