Reverse Proxying with Nginx by Simple Editing of the File /etc/nginx/conf.d/default.conf. Reverse proxies can hide the existence and characteristics of an origin server. Few Basic Stuffs are required to be known for performing the whole work.
We think, it is better to know the basics, at least should be mentioned under separate headers by the tutorial providing websites for wider range of the readers. Unfortunately, most of the Blog websites on Technology are mainly AdSense Generated Money driven, thereby the quality of contents are becoming worser, shorter and too much keyword driven. One can expect, a tutorial on Reverse Proxying with Nginx will start with opening the default.conf file without really communicating with the reader.
Reverse Proxying with Nginx : Basics for the Beginners
We do not think that all the users searching with Reverse Proxying with Nginx has enough good knowledge on basics. It is good to have idea about SOCKS Protocol and Proxy, Proxy and Proxy Server, some idea on nginx HTTP Server.
As far with ngnix part only; we have some related tutorials like Installing nginx on Rackspace Cloud Server Video, Shifting WordPress From Apache to nginx Web Server, Installing Nginx With PHP5, MySQL on Rackspace Cloud Server, Install nginx on Rackspace Cloud Server with Centmin Mod Nginx Auto Installer or Proxy related guide – How to Use Rackspace Cloud Server as Own Proxy.
---
Obviously there will be readers who are more knowledgeable about ngnix administration but might not be aware about this particular topic.
The reverse proxy is a proxy, where the resources for a client of one or more servers becomes obsolete. The address translation is performed in the opposite direction, whereby the true address of the target system is hidden from the client. During a typical proxy multiple clients can be used for to an internal (private – self-contained) to an external resource to grant access; a reverse proxy works in the other way.
The reverse proxy initially offer the same functionality as port forwarding and so it allows to externally connect to a behind the relay server on the internal network. The reverse proxy can distribute the load across multiple servers. In web server, the reverse proxy URLs may need to be rewritten in every web page. Reverse proxies can perform A/B testing and multivariate testing without placing javascript tags or code into pages.
Reverse Proxying with Nginx
Minimum two servers are required, take that the main domain resolves example.com and the other server resolves reverse.example.com ; both points to publicly available IP addresses.
Official guide can be found here :
1 | http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass |
Ubuntu also has helpful resource :
1 | https://help.ubuntu.com/community/Nginx/ReverseProxy |
We will build from noarch source :
1 | http://www.redhat.com/archives/shrike-list/2003-April/msg00504.html |
Manually point your browser towards :
1 | http://nginx.org/packages/rhel/6/noarch/RPMS/ |
to check if any update is available, the command below is for the current version (and you might be reading after 3 years). We need to wget it and build :
1 2 3 4 | # Step 1 wget http://nginx.org/packages/rhel/6/noarch/RPMS/nginx-release-rhel-6-0.el6.ngx.noarch.rpm # Step 2 rpm -iv nginx-release-rhel-6-0.el6.ngx.noarch.rpm |
and install it :
1 | yum install nginx |
The configuring part is important, we are editing with command line Vim (vi) text editor, one can use nano. Open the default.conf file :
1 | vi /etc/nginx/conf.d/default.conf |
A typical example is provided here :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 | ## Basic reverse proxy server ## ## Apache (vm02) backend for www.example.com ## upstream apachephp { server 192.168.1.11:80; #Apache1 } ## Lighttpd (vm01) backend for reverse.example.com ## upstream lighttpd { server ANY_IP:80; #Lighttpd1 } ## Start example.com ## server { listen ANY_IP:80; server_name example.com; access_log /var/log/nginx/log/example.access.log main; error_log /var/log/nginx/log/example.error.log; root /usr/share/nginx/html; index index.html index.htm; ## send request back to apache1 ## location / { proxy_pass http://apachephp; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_redirect off; proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } ## End example.com ## ## START reverse.example.com ## server { listen OTHER_IP:80; server_name reverse.example.com; access_log /var/log/nginx/log/reverse.example.com.access.log main; error_log /var/log/nginx/log/reverse.example.com.error.log; root /usr/local/nginx/html; index index.html; location / { proxy_pass http://lighttpd; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_redirect off; proxy_buffering off; proxy_set_header Host reverse.example.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } ## END reverse.example.com ## |
Configuring firewall is not described here. This part is important but is dependent on the infrastructure. On KVM virtualization, we usually open only the ports 80 and 443 on eth0 and set eth1 as trusted device.
