Breaking News

Home / Security / How to use NGINX as a reverse proxy

How to use NGINX as a reverse proxy

A reverse proxy can do wonders for your network and its security. Learn how to configure NGINX to serve this very purpose.

nginxhero.jpg

Image: Jack Wallen

There are two types of proxies that admins typically work with:

  • A forward proxy, or simply “proxy,” is used by clients to bypass firewall restrictions, or to serve as a cache server for a LAN

  • A reverse proxy is used to help achieve load balancing and high availability for web servers

Obviously, the most important of the two for admins is the reverse proxy. It is this type of proxy that allows a company to use multiple servers for their website, with the reverse proxy serving as a traffic manager to direct packets from clients and direct them to any one of the backend servers.

One of the more popular reverse proxy tools at the moment is NGINX. Although NGINX itself is a web server, it does an outstanding job of serving as a reverse proxy. With this in place, you can gain the following benefits:

  • Single point of access to your servers

  • Simplifies access control tasks

  • Reduce risks to sensitive data

  • Helps achieve compliance

  • Enables transparent maintenance of backend servers

  • Load balancing and failover

I’m going to walk you through the process of setting up a very basic reverse proxy, using NGINX. In later tutorials, we’ll build on that foundation to add to its functionality.

SEE: SSL Certificate Best Practices Policy (TechRepublic Premium)

What you’ll need

The only thing you’ll need to make this work is a running instance of Linux. I’m going to be demonstrating on Ubuntu Server 18.04, but you can use any distribution that supports NGINX. If you use a distribution that isn’t Debian-based, you’ll need to modify any and all installation instructions.

How to install NGINX

I’m going to assume you don’t have NGINX installed. To do this, log in to your Ubuntu Server instance and issue the command:

sudo apt-get install nginx -y

Start and enable the service with the commands:

sudo systemctl start nginx
sudo systemctl enable nginx

How to create a new NGINX config file

We’re going to create a brand new default NGINX configuration file. Before we do that, it’s important to unlink the original default config with the command:

sudo unlink /etc/nginx/sites-enabled/default

Now we’ll create the new config file with the command:

sudo nano /etc/nginx/sites-available/proxy_config.conf

In that new file, paste the following:

server {

listen 80;

location / {

proxy_pass http://SERVER;

}

}

Where SERVER is the IP address or domain of the server you want to send traffic to.

Save and close the file.

With this new configuration file created, we need to activate it by creating a link with the command:

sudo ln -s /etc/nginx/sites-available/proxy_config.conf /etc/nginx/sites-enabled/proxy_config.conf

Restart NGINX with the command:

sudo systemctl restart nginx

How to test the reverse proxy

With NGINX now configured as the reverse proxy, open a browser and point it to the address of the server hosting the proxy. The address should automatically be redirected to the address you set with the proxy_pass directive in the proxy_config.conf file. 

Congratulations, your basic NGINX proxy server is up and running. Now you can direct traffic that is supposed to go to the target server to the reverse proxy server and it will wind up at the correct destination. 

Although this configuration doesn’t do too much, you now have a basic understanding of how to set this up. Next time around, we’ll use the same type of configuration to handle load balancing with NGINX as the reverse proxy.

Also see


Source link

About admin

Check Also

A real-life Maze ransomware attack – “If at first you don’t succeed…” – Naked Security

You’ve probably heard terms like “spray-and-pray” and “fire-and-forget” applied to cybercriminality, especially if your involvement ...

Leave a Reply

Your email address will not be published. Required fields are marked *