nginx as a reverse proxy

In a previous article I wrote about using Squid for performing reverse proxy services. The new hotness on the block for such activity is called nginx. Nginx is a great tool for performing host proxying and SSL proxying. I'm using it to sit in front of Node apps because of it's support for websockets. Anyways, here's a getting started guide!

Installation

To install the latest version of nginx on Ubuntu 12.04, you will need to add a PPA for nginx stable from launchpad.

sudo apt-get install software-properties-common python-software-properties  

Then we can add the PPA

sudo add-apt-repository ppa:nginx/stable  

Then update apt-get

sudo apt-get update  

Finally we can install nginx

sudo apt-get install nginx  

Voila! You now have nginx installed under a service called nginx. You can check the version with

nginx -v  

Additionally, nginx installs configuration files to /etc/nginx. Of particulare note are the /etc/nginx/sites-available folder that contains the list of available configurations and /etc/nginx/sites-enabled that contains the list of active configurations.

Configuration

The Beginner's Guide has some good information about the basic configuration. Additionally, there is information about configuring Reverse Proxies that can be useful for additional customization.

Remove the default configuration

To start out with what you can do is go remove the default configuration.

cd /etc/nginx/sites-enabled  
sudo rm default  

This will remove the symbolic link to the default configuration. You can refer to this configuration for additional examples of configuration, but I start from scratch with mine.

Step 1: Create a new configuration

Now that we removed the default site, we need to create a new configuration in the sites-available directory.

sudo touch /etc/nginx/sites-available/reverse_proxy  

Then create a symbolic link to it in the sites-enabled directory.

cd /etc/nginx/sites-enabled  
sudo ln -s ../sites-available/reverse_proxy reverse_proxy  

Now you can edit this configuration to set up your reverse proxy.

Step 2: Add default site

You want any unmapped domains to get redirected to the nginx home page. To accomplish this, I create a default server at the top of the configuration.

sudo vim /etc/nginx/sites-enabled/reverse_proxy  
## Default catch all
server {  
  server_name localhost;
  root /usr/share/nginx/www;
  index index.html index.htm;
}

This server configuration maps to localhost and forwards any requests to the nginx home page.

Step 3: Configure a site

Now you want to configure anoter site to forward requests to. This is pretty straightforward as well. We simply add this site below the default site.

## *.derpturkey.com
server {  
  server_name derpturkey.com *.derpturkey.com;

  # Site specific logging
  access_log /var/log/nginx/derpturkey.access.log;
  error_log /var/log/nginx/derpturkey.error.log;

  ## Forward request
  location / {
    proxy_pass http://192.168.0.153:2368;
    proxy_set_header Host            $host;
    proxy_set_header X-Real-IP       $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

The first diretive for configuring the server_name specifes the site with a wildcard and without a subdomain. Note that you will need to specify both if you want the site to be accessible from any subdomain, or lack of subdomain. More information about server_name is available on the documentation site.

After this host is specifed, I added some custom logging for the domain. Normally, logs are found in /var/log/nginx/access.log and /var/log/nginx/error.log. I made these specific for the domain.

We want to forward all traffic, so we specify the lcoation /.

Then configure the proxy_pass option which configures the protocol, URL, and port that requests will be forwarded to.

Lastly, we configure header options. In particular, we sent the Host, X-Real-IP, and X-Forwarded-For headers. These ensure that server is aware that the request was proxied and has proper origin information.

Step 4: Reload configuration

Finally, you just need to reload the configuration for your site.

sudo nginx -s reload  
comments powered by Disqus