A proxy server is a go‑between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. A reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate backend server. A reverse proxy provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and servers.
1. Nginx installation
Install Nginx from Advanced Packaging Tool (APT) package manager:
2. Firewall configuration
Create UFW rule for allowing all Nginx listen ports:
3. Generate SSL certificate and key files
OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.
OpenSSL contains an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available. Wikipedia.
For "HTTP to HTTPS" redirection Nginx requires SSL certificate and key. Use OpenSSL library for generate self-signed SSL certificate:
Outuput:
4. Configure Nginx
Add Nginx configuration for your site. For example: /etc/nginx/sites-available/your-project.com:
server {
# This block need for redirect HTTP to HTTPS
listen 80;
server_name your-project.com www.your-project.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name your-project.com www.your-project.com;
# Path to certificates
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
# Set reverse proxy
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:8000;
}
}
Create symlink for configuration file:
Test new configurations:
Output:
Restart Nginx for apply new configurations:
5. Testing in browser
When you first time open url address with self-signed certificate you get "Privacy error":
Click on "Advanced" button, then "Proceed to your-project.com (unsafe)" link: