Difference between revisions of "Set up Nginx as a Reverse Proxy"

From PKC
Jump to navigation Jump to search
BenKoo>Admin
Bkoo>Admin
(Admin moved page Set up Nginx as a Reverse Proxy to Nginx as a Reverse Proxy: Simplifying terms)
Line 1: Line 1:
The first place to learn Nginx can be found in this book<ref>eJonghe, D. (2017). NGINX cookbook : advanced recipes for operations(First edition. ed., pp. 1 online resource (1 volume)). Retrieved from https://go.oreilly.com/massachusetts-institute-of-technology-mit/library/view/-/9781492049098/?ar</ref>:
#REDIRECT [[Nginx as a Reverse Proxy]]
 
The following content is assuming that you are running an Ubuntu distribution of Linux.
 
=Install Nginx=
The following code can be copied and pasted to perform the task of installing Nginx on Ubuntu:<ref>Edward S., How to Set Up an Nginx Reverse Proxy, Retrieved from https://www.hostinger.com/tutorials/how-to-set-up-nginx-reverse-proxy/</ref>
<syntaxhighlight>
sudo apt-get update
sudo apt-get install nginx -y
</syntaxhighlight>
 
=Disable Default Virtual Host of Nginx=
Then, try to unlink this existing link:
<syntaxhighlight>
sudo unlink /etc/nginx/sites-enabled/default
</syntaxhighlight>
 
=Create the Reverse Proxy=
Now go to the Nginx site-available directory
<syntaxhighlight>
cd /etc/nginx/sites-available
</syntaxhighlight>
 
Use a text editor or copy a file with the following file name: <code>reverse-proxy.conf</code>.
 
For example:
<syntaxhighlight>
vi reverse-proxy.conf
</syntaxhighlight>
 
Use a text editor or copy a file with the following file name: <code>reverse-proxy.conf</code>.
 
For example, use the text editor vi, you can type the following command:
<syntaxhighlight>
vi reverse-proxy.conf
</syntaxhighlight>
 
 
In the file, type in the following content. Please note that this configuration, especially the port number 9352 is a [[PKC]] specific specification.
<syntaxhighlight>
server {
    listen 80;
    location / {
        proxy_pass http://127.0.0.1:9352;
    }
}
</syntaxhighlight>
 
=Test Nginx and the Reverse Proxy=
Activate the directives by linking to /sites-enabled/ using the following command:
<syntaxhighlight>
sudo ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf
</syntaxhighlight>
 
First, verify the syntax of all the above content is legitimate:
<syntaxhighlight>
sudo service nginx configtest
</syntaxhighlight>
 
Then, restart Nginx to kick it into action:
<syntaxhighlight>
sudo service nginx restart
</syntaxhighlight>
 
=Set up Let's Encrypt=
After setting up Nginx, one can consider setting up the free-of-charge Let's Encrypt certificate. The following instructions are modeled after this Medium article<ref>The Mightywomble, How to set up Nginx reverse proxy with let’s encrypt, Retried from:https://medium.com/@mightywomble/how-to-set-up-nginx-reverse-proxy-with-lets-encrypt-8ef3fd6b79e5</ref>:
<syntaxhighlight>
sudo add-apt-repository ppa:certbot/certbot
</syntaxhighlight>
 
Then, install the python3 certbot for Nginx.
<syntaxhighlight>
sudo apt install python3-certbot-nginx
</syntaxhighlight>
 
 
Then, install the python3 certbot for Nginx.
<syntaxhighlight>
cd /etc/nginx/sites-enabled/
</syntaxhighlight>
 
In this directory: <code>/etc/nginx/sites-enabled/</code> create the following file using a text editor or just copy a text file to this location with a name that is similar to this:<code>dev.example.com</code>
For example, if the name of your domain is <code>dev.thewiki.us</code>, then the file name should be: <code>dev.thewiki.us</code>.
Using <code>vi</code> as a text editor, your will type this in command line:
<syntaxhighlight> 
vi dev.thewiki.us.conf     
</syntaxhighlight> 
 
<syntaxhighlight>                                                 
server {
    server_name dev.thewiki.us;
    # The internal IP of the VM that hosts your Apache config
    set $upstream 127.0.0.1:9352;
        location / {
        proxy_pass_header Authorization;
        proxy_pass http://$upstream;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Connection “”;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_read_timeout 36000s;
        proxy_redirect off;
    }
    listen 80;
}
</syntaxhighlight>
 
 
First, test if the above file passes the syntactical test:
<syntaxhighlight>
sudo nginx -t
</syntaxhighlight>
 
Then, you may run:
<syntaxhighlight>
sudo systemctl reload nginx
</syntaxhighlight>
 
==Run the Certbot to get the Let's Encrypt certificate==
Before running the following statement, make sure that the domain names listed here have already had the relevant IP addresses properly associated with the domain names, such as <code>example.com</code>, and <code>dev.example.com</code>
<syntaxhighlight>
sudo certbot --nginx -d thewiki.us -d dev.thewiki.us
</syntaxhighlight>
 
===Reverse Proxy===
After succeeded in running the certbot program, files in /etc/nginx/conf.d/ will be updated. The file to pay attention to is the <code>domain_name.conf</code> file.
 
Specifically, in the directory: <code>/etc/nginx/conf.d/</code> create the following file using a text editor or just copy a text file to this location with a name that is similar to this:<code>dev.example.com.conf</code>
For example, if the name of your domain is <code>thewiki.us</code>, then the file name should be: <code>thewiki.us.conf</code>.
Using <code>vi</code> as a text editor, your will type this in command line:
<syntaxhighlight> 
vi thewiki.us.conf     
</syntaxhighlight> 
 
The following content can be copied and pasted into your <code>example.com.conf</code> file.
<syntaxhighlight>
server {
    root /var/www/html;
    server_name thewiki.us www.thewiki.us;
 
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/thewiki.us/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/thewiki.us/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 
    location / {
      proxy_pass  http://localhost:9352;
    }
 
 
}
server {
    if ($host = thewiki.us) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
 
 
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name thewiki.us www.thewiki.us;
    return 404; # managed by Certbot
 
    location / {
      proxy_pass  http://localhost:9352;
    }
}
</syntaxhighlight>
 
=References=
<References/>

Revision as of 05:06, 25 April 2021

Redirect to:

Retrieved from "https://pkc.pub/index.php?title=Set_up_Nginx_as_a_Reverse_Proxy&oldid=753"