How to Install and Configure Nginx as a Reverse Proxy
Nginx is one of the most popular choices for reverse proxy deployments, serving as a gateway between clients and backend servers. It offers high performance, SSL termination, load balancing, and caching. This guide walks you through setting up Nginx as a reverse proxy for your web applications.
📑 Table of Contents
What is a Reverse Proxy?
A reverse proxy sits in front of your web servers and forwards client requests to the appropriate backend. Benefits include SSL termination, load balancing, caching, security through obscurity, and serving multiple applications on a single IP address.
Installation
# Debian/Ubuntu
sudo apt update
sudo apt install nginx
# RHEL/CentOS/Fedora
sudo dnf install nginx
# Start and enable
sudo systemctl start nginx
sudo systemctl enable nginxBasic Reverse Proxy Configuration
# /etc/nginx/sites-available/myapp
server {
listen 80;
server_name myapp.example.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
}
# Enable the site
sudo ln -s /etc/nginx/sites-available/myapp /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginxSSL/TLS with Let’s Encrypt
# Install Certbot
sudo apt install certbot python3-certbot-nginx
# Obtain certificate
sudo certbot --nginx -d myapp.example.com
# Auto-renewal is configured automatically
sudo certbot renew --dry-runLoad Balancing Configuration
upstream backend {
least_conn; # Load balancing method
server 192.168.1.10:3000 weight=3;
server 192.168.1.11:3000;
server 192.168.1.12:3000 backup;
}
server {
listen 80;
server_name myapp.example.com;
location / {
proxy_pass http://backend;
# ... other proxy headers
}
}Caching Configuration
# In http block
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=1g inactive=60m;
# In server block
location / {
proxy_cache my_cache;
proxy_cache_valid 200 60m;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
add_header X-Cache-Status $upstream_cache_status;
proxy_pass http://backend;
}Security Headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "default-src 'self'" always;Conclusion
Nginx as a reverse proxy provides a robust, high-performance gateway for your applications. With proper configuration, you gain SSL termination, load balancing, caching, and enhanced security for your web services.
Was this article helpful?
About Ramesh Sundararamaiah
Red Hat Certified Architect
Expert in Linux system administration, DevOps automation, and cloud infrastructure. Specializing in Red Hat Enterprise Linux, CentOS, Ubuntu, Docker, Ansible, and enterprise IT solutions.
