What is Reverse Proxy?
Reverse proxy is a type of proxy server that lives inside a private network and redirect client requests (from outside the network) to appropriate hosts inside the private network.
Just to explain how nginx reverse proxy works. Let's say a Windows client request access to mail.com. The request will go straight to 188.8.131.52 (or google) to get the IP address of the mail.com. Let's say the returned IP address is 123.456.50.1 (which is the address of the nginx server. As soon as the request goes to nginx server it decides where to forward this request. The decision is made upon the configuration file stored in the nginx server. In our example let's say the (internal) IP address of mail server is 192.168.0.1. The request will be forwarded to it and the communication channel will be created between client and the mail server.
Install nginx on Ubuntu:
Before we start let's make sure our system is up-to-date. So let's type:
sudo apt-get update
After the system is updated type the following command to install nginx:
sudo apt install nginx
Configuring the firewall:
Before moving forward we need to configure the firewall on Ubuntu and make sure nginx is registered as a service. In Ubuntu the firewall software is called ufw. To list the configuration of firewall type the following command:
sudo ufw app list
This should produce the output similar to the following:
Available applications: Nginx Full Nginx HTTP Nginx HTTPS OpenSSH
According to the above output there are three profiles available for nginx:
- Nginx Full: This profile opens both port 80 (which is http) and port 443 (which is https) tsl/ssl encrypted traffic
- Nginx HTTP: This profile only opens port 80 (HTTP)
- Nginx HTTPS: This profile only opens port 443 (HTTPS)
In order to allow traffic only on port 80 you can type:
sudo ufw allow 'Nginx HTTP'
To verify the change, type:
sudo ufw status
You should be able to see the HTTP traffic allowed:
Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere Nginx HTTP ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) Nginx HTTP (v6) ALLOW Anywhere (v6)
NOTE: Nginx HTTP (v6) means IPV6 and you can ignore that if you are using IPV4 which is default these days.
Checking nginx server status:
In order to check the status of nginx server type:
sudo systemctl status nginx
You should be able to see the following output:
● nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: active (running) since Monday 2019-09-09 16:24:47 UTC; 12h ago Docs: man:nginx(8) Main PID: 8416 (nginx) Tasks: 2 (limit: 1018) CGroup: /system.slice/nginx.service ├─2369 nginx: master process /usr/sbin/nginx -g daemon on; master_process on; └─2380 nginx: worker process
Other useful commands:
sudo systemctl start nginx
sudo systemctl restart nginx
sudo systemctl stop nginx
sudo service nginx start
sudo service nginx restart
sudo service nginx stop
sudo /etc/init.d/nginx start
sudo /etc/init.d/nginx restart
sudo /etc/init.d/nginx stop