Guides and tutorials

Hundreds of tutorials and step by step guides carefully written by our support team.

How to create a reverse proxy with Nginx

In this tutorial we will show you how and for what reasons to create a so called "reverse proxy" with the popular web server Nginx, nowadays, the most popular choice for this kind of tasks.

Just started the tutorial, don't you have a Cloud Linux server so can you install your nginx web server? Don't worry! With just one click, you can easily deploy SW Hosting.

cta:cloud_so

What is a reverse proxy?

A reverse proxy refers to a server that displays content from one or more servers that remain hidden from the client or user.

info For example, if you put a reverse proxy in front of a web application, your users will never interact directly with the application, but the reverse proxy will act as an intermediary between your users and the application.

Reverse proxies can be an option to increase security. For example, they allow us to hide the real server where your applications are hosted or also, they allow us to implement additional security layers, such as a TLS connection that is applied by the proxy, but that would not have been natively supported by your application.

Also, a reverse proxy is handy for serving multiple web applications from the same machine. The application will generally run on localhost on infrequent ports such as 4000 or 5000. The reverse proxy will then listen on ports 80/443 and serve the content of one web application or another depending on the SNI or host of the request.

Create a reverse proxy with Nginx, step by step

First of all, you must meet the following requirements:

  1. Have root access to a Linux server.
  2. Have Nginx installed and activated. Make sure you do not have ports 80 and 443 occupied by another process, such as Apache.
  3. Have a web application running on localhost through an arbitrary port that is available (e.g. port 4000). This can be easily accomplished with NodeJs or .NET Core.

1. Create a new virtual host file

You can accomplish this using the nano text editor. A good path to do this is sites-available inside the nginx configuration directory.

nano /etc/nginx/sites-available/mydomain.com.conf

2. Edit the file and add the configuration for the reverse proxy

file mydomain.com.conf

server {
  #Listen in the harbor 80, ipv4.
  listen 80; 
  
  #Here you must enter the name of your domain.
  server_name midominio.com;

  access_log            /var/log/nginx/midominio.com.access.log;

  location / {
      #The proxy settings.
      proxy_pass http://localhost:4000/;
  }
}

3. Restart Nginx

For Debian based operating systems:

systemctl reload nginx

4. Launch your web application

At this point you will need to run your web application, if it is not already running.

In the long run you will want to run it as a service/daemon, but for testing purposes it will be sufficient to run it manually.

For example, if you have a NodeJS application, the syntax is as follows:

node /ruta/applicacion.js

5. Access to your web application from the browser

If you followed the steps in this tutorial correctly and if your machine has no other security settings that would hinder you, you should now be able to access your application from "mydomain.com " (or whatever your domain is).

6. Serve your application securely with a TLS certificate (strongly recommended).

Thanks to Nginx as a reverse proxy, you can easily serve your applications securely over a TLS connection. To achieve this, we only need to modify the configuration file of the Nginx virtual host:

server {
    listen 80;
    #Redirect to a secure connection.
    return 301 https://$host$request_uri;
}

server {

    listen 443;
    #Here you must enter the name of your domain.
    server_name midominio.com;

    #Here you must specify the path of your SSL certificate
    ssl_certificate           /etc/ruta/al/certificado/cert.crt;
    ssl_certificate_key       /etc/ruta/al/certificado/cert.key;

    ssl on;
    ssl_session_cache  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;

    ssl_prefer_server_ciphers on;
    ssl_session_timeout  10m;

    access_log            /var/log/nginx/midominio.com.access.log;

    location / {
    
      proxy_pass          http://localhost:4000;
    }
  }

Finally, save the changes, restart nginx with:

systemctl reload nginx

and run the application again, if you don't already have it as a service or daemon.

success That's it! If you have followed the steps correctly, you will now have a web application served through a reverse proxy by nginx.

Remember that if you do not yet have a Cloud server with a Linux operating system, you can easily deploy it with SW Hosting.

cta:cloud_so