NGINX Reverse Proxy

NGINX Reverse Proxy

Learn how to setup a reverse proxy with NGINX and serve multiple local websites from a single server.

An NGINX reverse proxy comes in use when you need to serve multiple local servers on different ports (remember the localhost:8080?). All you require is a small software called nginx.

What will be covered here?

Although the title talks about setting up a reverse proxy we will be doing that and along with that setting up Cloudflare DNS as well as Certbot certificate generation.


Installing NGINX

Basic installation procedure just run the command

sudo apt-get install nginx

After installing NGINX just run

sudo systemctl start nginx

This should start the NGINX server at port 80. Just input your machine's IP in your browser and a welcome message should be visible.

Installing Certbot

A controversial method yes, but the only method I found convenient was installing Certbot from here using snap. Alternate methods are present too and you are free to check them out! The link above should be self explanatory.

Cloudflare DNS

To setup up a Cloudflare DNS for your domain, ensure your domain is linked to your Cloudflare account. This can be done by "verifying" you are the owner of your domain. Once that is done just head over to the DNS section as shown below.

Add a record and make it A or AAAA depending on what IP address you want to use. A is for IPV4 and AAAA is for IPV6. The IP address is your server IP address which your web servers/applications are hosted on.

If you do not want to use a DDNS service such as No-Ip you can refer this video which explains how to use Cloudflare's API and do it automatically.

NGINX Configuration

Here it is considered your certificate is ready, your DNS configured and you have NGINX installed.

A quick check should reveal an existing folder - /etc/nginx/sites-enabled/

This folder is where all your configurations for the reverse proxy will be.

Creating a configuration file

Create a file in the folder mentioned above with an extension .conf. For example test.conf.

Now all you need to do is copy paste this configuration -

server {
   listen 80;
   listen [::]:80;
   server_name test.your.domain;
   return 301 https://test.your.domain$request_uri;

server {
   listen 443 ssl;
   listen [::]:443 ssl;
   server_name test.your.domain;
   ssl_certificate  /etc/letsencrypt/live/test.your.domain/fullchain.pem;
   ssl_certificate_key  /etc/letsencrypt/live/test.your.domain/privkey.pem;
   ssl_trusted_certificate /etc/letsencrypt/live/test.your.domain/chain.pem;
   ssl_prefer_server_ciphers on;

   location / {
        proxy_http_version 1.1;
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

Some changes you should be making in the configuration file:

  • test.your.domain should be substituted with your domain/subdomain name. The domain/subdomain you input here should be the same as inputted in the Cloudflare DNS section.
  • Your ssl certificates generated by the Certbot should be in the given folder location. If not change in manually.
  • If you have a website which accepts files (for example uploading of images and files) add this line - client_max_body_size 0;
  • Inside location / substitute the domain in front of proxy_pass to your required domain and port.

To conclude, the same steps can be repeated as many number of times you want to create configurations for different domains/subdomains. All you have to do is create a new conf file.

💡 Tips

  • There is a really good tool provided by DigitalOcean for generating configuration files: Check it out
  • If you have another service for example Pi-hole running on port 80 you should switch that over to another port (lighttpd configuration: /etc/lighttpd/lighttpd.conf).