BLOG
Setup Nginx reverse proxy and redirect HTTP to HTTPS
A proxy server is a go‑between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. A reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate backend server. A reverse proxy provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and servers.
1. Nginx installation
Install Nginx from Advanced Packaging Tool (APT) package manager:
2. Firewall configuration
Create UFW rule for allowing all Nginx listen ports:
3. Generate SSL certificate and key files
OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.
OpenSSL contains an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available. Wikipedia.
For "HTTP to HTTPS" redirection Nginx requires SSL certificate and key. Use OpenSSL library for generate self-signed SSL certificate:
Outuput:
...+.......+...+............+..+......+.+.....+...+.+++++++++++++++++++++++++++++++++++++++*....+.........+..+...+.........+...+...+....+...+............+...+...+..+....+...+..+++++++++++++++++++++++++++++++++++++++*....+....+..+...+....+......+......+...+.....+.+.....+.......++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
4. Configure Nginx
Add Nginx configuration for your site. For example: /etc/nginx/sites-available/your-project.com:
server {
# This block need for redirect HTTP to HTTPS
listen 80;
server_name your-project.com www.your-project.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name your-project.com www.your-project.com;
# Path to certificates
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
# Set reverse proxy
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:8000;
}
}
Create symlink for configuration file:
Test new configurations:
Output:
nginx: configuration file /etc/nginx/nginx.conf test is successful
Restart Nginx for apply new configurations:
5. Testing in browser
When you first time open url address with self-signed certificate you get "Privacy error":
Attackers might be trying to steal your information from your-project.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
Click on "Advanced" button, then "Proceed to your-project.com (unsafe)" link:
