Difference between revisions of "Set up Nginx as a Reverse Proxy"

From PKC
Jump to navigation Jump to search
BenKoo>Admin
m (1 revision imported)
 
(12 intermediate revisions by 4 users not shown)
Line 1: Line 1:
The first place to learn Nginx can be found in this book<ref>eJonghe, D. (2017). NGINX cookbook : advanced recipes for operations(First edition. ed., pp. 1 online resource (1 volume)). Retrieved from https://go.oreilly.com/massachusetts-institute-of-technology-mit/library/view/-/9781492049098/?ar</ref>:
#REDIRECT [[Nginx as a Reverse Proxy]]
 
The following content is assuming that you are running an Ubuntu distribution of Linux.
 
=Install Nginx=
The following code can be copied and pasted to perform the task of installing Nginx on Ubuntu:<ref>Edward S., How to Set Up an Nginx Reverse Proxy, Retrieved from https://www.hostinger.com/tutorials/how-to-set-up-nginx-reverse-proxy/</ref>
<syntaxhighlight>
sudo apt-get update
sudo apt-get install nginx -y
</syntaxhighlight>
 
=Disable Default Virtual Host of Nginx=
Then, try to unlink this existing link:
<syntaxhighlight>
sudo unlink /etc/nginx/sites-enabled/default
</syntaxhighlight>
 
=Create the Reverse Proxy=
Now go to the Nginx site-available directory
<syntaxhighlight>
cd /etc/nginx/sites-available
</syntaxhighlight>
 
Use a text editor or copy a file with the following file name: <code>reverse-proxy.conf</code>.
 
For example:
<syntaxhighlight>
vi reverse-proxy.conf
</syntaxhighlight>
 
Use a text editor or copy a file with the following file name: <code>reverse-proxy.conf</code>.
 
For example, use the text editor vi, you can type the following command:
<syntaxhighlight>
vi reverse-proxy.conf
</syntaxhighlight>
 
 
In the file, type in the following content. Please note that this configuration, especially the port number 9352 is a [[PKC]] specific specification.
<syntaxhighlight>
server {
    listen 80;
    location / {
        proxy_pass http://127.0.0.1:9352;
    }
}
</syntaxhighlight>
 
=Test Nginx and the Reverse Proxy=
Activate the directives by linking to /sites-enabled/ using the following command:
<syntaxhighlight>
sudo ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf
</syntaxhighlight>
 
First, verify the syntax of all the above content is legitimate:
<syntaxhighlight>
sudo service nginx configtest
</syntaxhighlight>
 
Then, restart Nginx to kick it into action:
<syntaxhighlight>
sudo service nginx restart
</syntaxhighlight>
 
=Set up Let's Encrypt=
After setting up Nginx, one can consider setting up the free-of-charge Let's Encrypt certificate. The following instructions are modeled after this Medium article<ref>The Mightywomble, How to set up Nginx reverse proxy with let’s encrypt, Retried from:https://medium.com/@mightywomble/how-to-set-up-nginx-reverse-proxy-with-lets-encrypt-8ef3fd6b79e5</ref>:
<syntaxhighlight>
sudo add-apt-repository ppa:certbot/certbot
</syntaxhighlight>
 
Then, install the python3 certbot for Nginx.
<syntaxhighlight>
sudo apt install python3-certbot-nginx
</syntaxhighlight>
 
 
Then, install the python3 certbot for Nginx.
<syntaxhighlight>
cd /etc/nginx/sites-enabled/
</syntaxhighlight>
 
In this directory: <code>/etc/nginx/sites-enabled/</code> create the following file using a text editor or just copy a text file to this location with a name that is similar to this:<code>dev.example.com</code>
For example, if the name of your domain is <code>dev.thewiki.us</code>, then the file name should be: <code>dev.thewiki.us</code>.
Using <code>vi</code> as a text editor, your will type this in command line:
<syntaxhighlight> 
vi dev.thewiki.us.conf     
</syntaxhighlight> 
 
<syntaxhighlight>                                                 
server {
    server_name dev.thewiki.us;
    # The internal IP of the VM that hosts your Apache config
    set $upstream 127.0.0.1:9352;
        location / {
        proxy_pass_header Authorization;
        proxy_pass http://$upstream;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Connection “”;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_read_timeout 36000s;
        proxy_redirect off;
    }
    listen 80;
}
</syntaxhighlight>
 
 
First, test if the above file passes the syntactical test:
<syntaxhighlight>
sudo nginx -t
</syntaxhighlight>
 
Then, you may run:
<syntaxhighlight>
sudo systemctl reload nginx
</syntaxhighlight>
 
==Run the Certbot to get the Let's Encrypt certificate==
Before running the following statement, make sure that the domain names listed here have already had the relevant IP addresses properly associated with the domain names, such as <code>example.com</code>, and <code>dev.example.com</code>
<syntaxhighlight>
certbot — nginx -d example.com -d dev.example.com
</syntaxhighlight>
 
=References=
<References/>

Latest revision as of 00:29, 8 May 2021