Difference between revisions of "Nginx as Reverse Proxy"
Bkoo>Admin |
Bkoo>Admin m (Admin moved page Set up Nginx as a Reverse Proxy to Nginx as a Reverse Proxy: Simplifying terms) |
(No difference)
| |
Revision as of 05:06, 25 April 2021
The first place to learn Nginx can be found in this book[1]:
The following content is assuming that you are running an Ubuntu distribution of Linux.
Install Nginx
The following code can be copied and pasted to perform the task of installing Nginx on Ubuntu:[2]
sudo apt-get update
sudo apt-get install nginx -yDisable Default Virtual Host of Nginx
Then, try to unlink this existing link:
sudo unlink /etc/nginx/sites-enabled/defaultCreate the Reverse Proxy
Now go to the Nginx site-available directory
cd /etc/nginx/sites-availableUse a text editor or copy a file with the following file name: reverse-proxy.conf.
For example:
vi reverse-proxy.confUse a text editor or copy a file with the following file name: reverse-proxy.conf.
For example, use the text editor vi, you can type the following command:
vi reverse-proxy.conf
In the file, type in the following content. Please note that this configuration, especially the port number 9352 is a PKC specific specification.
server {
listen 80;
location / {
proxy_pass http://127.0.0.1:9352;
}
}Test Nginx and the Reverse Proxy
Activate the directives by linking to /sites-enabled/ using the following command:
sudo ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.confFor websites that must handle upload more than 2Mb in size, one must add the following entry to the file /etc/nginx/nginx.conf[3]:
# set client body size to 50M #
client_max_body_size 50M;
First, verify the syntax of all the above content is legitimate:
sudo service nginx configtestThen, restart Nginx to kick it into action:
sudo service nginx restartSet up Let's Encrypt
After setting up Nginx, one can consider setting up the free-of-charge Let's Encrypt certificate. The following instructions are modeled after this Medium article[4]:
sudo add-apt-repository ppa:certbot/certbotThen, install the python3 certbot for Nginx.
sudo apt install python3-certbot-nginx
Then, install the python3 certbot for Nginx.
cd /etc/nginx/sites-enabled/In this directory: /etc/nginx/sites-enabled/ create the following file using a text editor or just copy a text file to this location with a name that is similar to this:dev.example.com
For example, if the name of your domain is dev.thewiki.us, then the file name should be: dev.thewiki.us.
Using vi as a text editor, your will type this in command line:
vi dev.thewiki.us.conf
server {
server_name dev.thewiki.us;
# The internal IP of the VM that hosts your Apache config
set $upstream 127.0.0.1:9352;
location / {
proxy_pass_header Authorization;
proxy_pass http://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection “”;
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
}
listen 80;
}
First, test if the above file passes the syntactical test:
sudo nginx -tThen, you may run:
sudo systemctl reload nginxRun the Certbot to get the Let's Encrypt certificate
Before running the following statement, make sure that the domain names listed here have already had the relevant IP addresses properly associated with the domain names, such as example.com, and dev.example.com
sudo certbot --nginx -d thewiki.us -d dev.thewiki.usReverse Proxy
After succeeded in running the certbot program, files in /etc/nginx/conf.d/ will be updated. The file to pay attention to is the domain_name.conf file.
Specifically, in the directory: /etc/nginx/conf.d/ create the following file using a text editor or just copy a text file to this location with a name that is similar to this:dev.example.com.conf
For example, if the name of your domain is thewiki.us, then the file name should be: thewiki.us.conf.
Using vi as a text editor, your will type this in command line:
vi thewiki.us.confThe following content can be copied and pasted into your example.com.conf file.
server {
root /var/www/html;
server_name thewiki.us www.thewiki.us;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/thewiki.us/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/thewiki.us/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://localhost:9352;
}
}
server {
if ($host = thewiki.us) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name thewiki.us www.thewiki.us;
return 404; # managed by Certbot
location / {
proxy_pass http://localhost:9352;
}
}References
- ↑ eJonghe, D. (2017). NGINX cookbook : advanced recipes for operations(First edition. ed., pp. 1 online resource (1 volume)). Retrieved from https://go.oreilly.com/massachusetts-institute-of-technology-mit/library/view/-/9781492049098/?ar
- ↑ Edward S., How to Set Up an Nginx Reverse Proxy, Retrieved from https://www.hostinger.com/tutorials/how-to-set-up-nginx-reverse-proxy/
- ↑ Vivek Gite, Nginx: 413 – Request Entity Too Large Error and Solution, https://www.cyberciti.biz/faq/linux-unix-bsd-nginx-413-request-entity-too-large/
- ↑ The Mightywomble, How to set up Nginx reverse proxy with let’s encrypt, Retried from:https://medium.com/@mightywomble/how-to-set-up-nginx-reverse-proxy-with-lets-encrypt-8ef3fd6b79e5