If you want a single public face for multiple backend webservers without sacrificing your sanity this guide will get you there. We keep the facts straight and the jokes lightly grim. Topics covered include installing Nginx, creating server blocks, proxy_pass configuration, upstreams for load balancing, SSL with Let s Encrypt and common troubleshooting tips.
On Debian or Ubuntu run the usual package manager dance and start the service. For Red Hat derivatives use the equivalent yum or dnf commands. Then check that port 80 responds and that Nginx is not sulking.
sudo apt update
sudo apt install nginx
sudo systemctl enable nginx
sudo systemctl start nginx
sudo nginx -t
nginx -t validates configuration before you reload. That one command will save you from the small panic attack that comes from reloading broken config on a production box.
Place a server block file under /etc/nginx/sites-available
and symlink it into /etc/nginx/sites-enabled
if your distro uses that layout. Give the server_name the domain that clients will visit. That domain is the mask while your backend apps hide in the basement.
Inside the server block add a location that forwards requests to an upstream group or directly to a backend. Use proxy_pass to send traffic along. Preserve useful headers so backend apps can still see client IPs and host values.
X-Real-IP
and X-Forwarded-For
and pass the original Host headerDo not forget that proxy_pass and other directives require the correct syntax in the config file. If it helps sleep at night test the file with nginx -t before reloading.
An upstream block lets you name a backend pool and reference it from many server blocks. That makes load balancing, maintenance and clarity less painful.
Use curl or an equivalent HTTP client to request the site and confirm the content comes from the intended backend. Inspect response headers to ensure forwarding worked and check status codes for the usual suspects.
curl -I example.com
If you get the wrong content check that the server block points to the right upstream name and that the backend host and port match what the app actually listens on.
Automated certificate issuance is your friend. Use certbot or another ACME client to request a certificate for the public domain. Configure Nginx to listen on 443 and reference the certificate files. Redirect plain HTTP to HTTPS so users do not complain in capital letters.
sudo certbot --nginx -d example.com -d www.example.com
Certbot can edit your Nginx configuration for you or provide snippets to paste. Either way make sure the HTTPS server block includes the proxy configuration so encrypted requests are forwarded correctly.
Validate config with nginx -t then reload the service. Enable the service so reboots do not result in awkward downtime during a caffeine deprived morning.
sudo nginx -t
sudo systemctl reload nginx
sudo systemctl enable nginx
Typical errors include typos in backend hostnames ports that do not match the app and forgetting to include required headers. The logs tell you the truth even when your team does not.
There you go. You have a reverse proxy that routes traffic to backend services handles SSL and can grow into a load balancer. If something breaks turn to the logs first and then to a calming beverage second.
I know how you can get Azure Certified, Google Cloud Certified and AWS Certified. It's a cool certification exam simulator site called certificationexams.pro. Check it out, and tell them Cameron sent ya!
This is a dedicated watch page for a single video.