====== Web Servers - Nginx - Setup Nginx Reverse Proxy ======
A Reverse Proxy sits between a client and a web server (or servers) and acts as a **frontend** by handling all incoming client requests and distributing them to the backend web, database, and/or other server(s).
Other benefits of a Reverse Proxy include:
* **Load balancing**: The reverse proxy distributes incoming connections to backend servers, and can even do so according to the current load that each server is under.
* This ensures that none of the backend servers get overloaded with requests.
* It also prevents downtime, since the reverse proxy can reroute traffic if a backend server happens to go offline.
* **Central logging**: Rather than having multiple servers generate log files, the reverse proxy can log all relevant information in a single location.
* This makes the administrator’s job immensely easier, since problems can be isolated much more quickly and there is no need to parse log files from multiple locations when troubleshooting issues.
* **Improved security**: A reverse proxy will obfuscate information about the backend servers, as well as act as a first line of defense against incoming attacks.
* Since the reverse proxy is filtering out traffic prior to forwarding it to the backend, only innocuous traffic is passed along to the other servers.
* **Better performance**: A reverse proxy server can make smart decisions about how to distribute the load across backend servers, which results in speedier response times.
* Other common server tasks such as caching and compression can also be offloaded to the reverse proxy server, freeing up resources for the backend servers.
----
===== Install NginX =====
sudo apt install nginx
----
===== Disable the default virtual host =====
unlink /etc/nginx/sites-enabled/default
----
===== Create a reverse proxy configuration file =====
All of the settings for the reverse proxy will go inside of a configuration file, and this file needs be placed inside the **sites-available** directory.
cd /etc/nginx/sites-available
Create the configuration file: /etc/nginx/sites-available/reverse-proxy.conf
server {
listen 80;
location /some/path/ {
proxy_pass http://example.com;
}
}
**NOTE:** This will work for HTTP servers, but Nginx also supports other protocols.
* Replace example.com with the IP address or hostname of the server you are forwarding to.
* A port can also be specified with the hostname, such as 127.0.0.1:8080.
----
===== Enable the proxy =====
Enable the new configuring by creating a symbolic link to the **sites-enabled** directory:
ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf
----
===== Proxy Non-HTTP servers =====
Nginx can also act as a reverse proxy for FastCGI, uwsgi, SCGI, and memcached.
Rather than using the **proxy_pass** directive shown above, replace it with the appropriate type:
* **proxy_pass**: (HTTP server – as seen above)
* **fastcgi_pass**: FastCGI server.
* **uwsgi_pass**: uwsgi server.
* **scgi_pass**: SCGI server.
* **memcached_pass**: Mmemcached server.
----
===== Pass Headers =====
To configure what headers the reverse proxy server passes to the other server(s), define them in the same /etc/nginx/sites-available/reverse-proxy.conf configuration file.
Use the **proxy_set_header** directive to adjust the headers.
* They can be configured in the server, location, or http block.
location /some/path/ {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://example.com;
}
**NOTE:** This defines three types of headers and sets them to the respective variables.
* There are a lot of different options for passing headers.
* **Host**: contains information about which host is being requested.
* **X-Forwarded-Proto**: species if the request is HTTP or HTTPS.
* **X-Real-IP**: contains the IP address of the requesting client.