Introduction

What is an Nginx reverse proxy?

Nginx (pronounced “Engine X”) is a reverse proxy application. A standard proxy server works on behalf of clients, often by providing privacy or filtering content. A reverse proxy works on behalf of a server, intercepting traffic and routing it to a separate server.

There are several reasons you might want to install a reverse proxy. One of the main reasons is privacy. Just like a proxy server can conceal the identity of a Firefox user, a reverse proxy can conceal the real IP address of your servers. If you have multiple servers, a reverse proxy can help balance loads between servers and smooth out traffic. Since a reverse proxy provides a single point of contact for clients, it can centralize logging and report across multiple servers.

Finally, Nginx can improve performance by serving static content quickly, and passing dynamic content requests to Apache servers.

This guide will help you install and configure an Nginx proxy on your system.

NOTE

Many of the instructions in this guide are for Debian-based Linux installations like Ubuntu.

Prerequisites

  • A Linux server with Apache, PHP, and a firewall
  • Access to a root user with sudo access

Tools/Software

  • Linux command line or terminal (Ctrl-Alt-T for Ubuntu, Alt-F2 for CentOS)
  • Package manager (such as APT)

Setting Up An Nginx Reverse Proxy

Step 1: Install Nginx From the Default Repositories

Open a terminal window and enter the following:

sudo apt-get update

Allow the package manager to finish refreshing the software lists, then enter the following:

sudo apt-get install nginx

Allow the process to complete.

NOTE

This is the easiest way to install Nginx, but it may not load the latest stable release. Move on to Step 2 to add and install from the Nginx software repositories.

Step 2 (optional): Install Nginx From the Official Repository

Step 2a: Add the Security Key

In a terminal window, enter the following:

sudo wget https://nginx.org/keys/nginx_signing.key

sudo apt-key add nginx_signing.key

This downloads the signing key for Nginx, which verifies that you’re downloading authentic software.

Step 2b: Open the sources.list File for Editing

In the terminal, enter the following:

sudo vi /etc/apt/sources.list

NOTE

You can substitute your favorite text editor in place of Vi.

Step 2c: Add the Nginx Sources to the Repository List

Enter the following lines in the /etc/apt/sources.list file you just opened:

deb https://nginx.org/packages/mainline/debian/ <CODENAME> nginx

deb-src https://nginx.org/packages/mainline/debian/ <CODENAME> nginx

Replace <CODENAME> with the codename for your distribution of Debian.  Save the file and exit.

NOTE

The Nginx developers maintain different directories for different Linux distributions.  This guide suggests installing the mainline supported release.  As with most software, there are more recent but less-tested packages.  See the documentation for the specific package for your distribution.

Step 2d: Install the Latest Release

In a terminal window, enter the following:

sudo apt-get remove nginx-common

sudo apt-get update

sudo apt-get install nginx

Step 3: Start Nginx and Configure to Launch on Reboot

In a terminal window, enter the following:

sudo systemctl start nginx

sudo systemctl enable nginx

Step 4: Unlink the Default Configuration File

In the terminal, enter the following:

sudo unlink /etc/nginx/sites-enabled/default

Step 5: Create a New Configuration File

In the terminal, enter the following:

cd /etc/nginx/sites-available/

sudo vi custom_server.conf

Replace custom_server with a name that’s meaningful to you.  In the new file, enter the following:

server {

listen 80;

location / {

proxy_pass http://my_server;

}

}

This is a very basic Nginx reverse proxy example.  Nginx is set to listen for all traffic on port 80 for all traffic.  The proxy_pass command directs all traffic on port 80 to http://my_server.  Just change http://my_server to the location of your choice, and Nginx will intercept client requests and route them to the location you specify. Once you’ve finished, save the file and exit.

Step 6: Link and Activate the Configuration File

In a terminal window, enter the following:

ln -s /etc/nginx/sites-available/custom_server.conf /etc/nginx/sites-enabled/custom_server.conf

As usual, replace custom_server with the name of the configuration file you created in Step 5.

Step 7: Test and Restart Nginx

In a terminal window, enter the following:

sudo service nginx configtest

sudo service nginx restart

Optional: Additional Configuration Options

Proxy Buffers

By default, Nginx buffers traffic for servers that it proxies for.  This helps improve performance since a server response isn’t sent until the client finishes sending a complete response.  This can save server time if the client is slower than the proxied server.  To turn the buffer off, open the configuration file from Step 5.  Under the location/section, add the following:

proxy_buffering off;

You can also control the size and number of buffers per request using the proxy_buffers entry and the proxy_buffer_size entries.

Request Headers

Headers give a server information about the requests made, or about the client.  Nginx redefines two of the header fields: host is configured for $proxy_host, and connection is configured for close.  If you use those headers, be sure to change the behavior in the configuration file.

If any header strings are empty, Nginx simply eliminates those fields.

To change the way Nginx handles heathers, use the following commands in your configuration file:

location / {

proxy_set_header Host $host;

}

This example tells Nginx to set host to the $host variable.

If you’d like to prevent a header field from being passed to the proxied server, use an empty string as follows:

location / {

proxy_set_header header-variable "";

}

Load Balancing

You can use the configuration file to route traffic to several servers.  If you’re going to use this configuration, your configuration file will look something like this:

http   {

server   {

proxy_pass http://my_server

}

}

In other words, the http configuration goes outside the server configuration from Step 5.

Use the upstream command to create a name for a group of servers:

http   {

upstream server_group   {

server my.server1.com weight=3;

server my.server2.com;

}

server  {

location / {

proxy_pass http://server_group;

}

}

}

This designation takes two servers – my.server1.com and my.server2.com – and bundles them together.  Nginx proxies that group of servers under the name http://server_group. You can rename them anything you’d like.  To a client, the transition is invisible – all they see is the front that Nginx provides.

This example uses the weight command to route three requests to my.server1.com, then 1 request to my.server2.com.  This is one way to manually balance client load between servers.  Another method is to simply omit any designation, in which Nginx will round-robin the requests evenly among the listed servers.

Other load-balancing options include least_conn, which routes traffic to the server with the fewest active connections;  IP_hash, which guarantees that clients from the same client IP address get the same server (if available);  least_time, which routes new connections to the server with the lowest latency;  and random, which routes requests randomly between listed servers.

For more information about load balancing, see the Nginx Load Balancing documentation.

Conclusion

Configuring Nginx can be as complicated as you want to make it.  It’s an excellent tool for a multiple-server environment, creating a unified client experience.  It can also be useful for simpler tasks like keeping a single server anonymous.