Skip to content
This repository has been archived by the owner on Feb 16, 2024. It is now read-only.

Nginx reverse proxy

Jump to bottom
DewGew edited this page Mar 24, 2020 · 17 revisions

Configuring NGINX as a reverse proxy

NGINX is a highly configurable, lightweight, yet easily deployed webserver allowing features such as a reverse proxying using secure sockets layer with authentication and much more.

Installing NGINX using your Operating Systems package manager of choice is pretty straight forward. For Debian Linux it is a simple

sudo apt-get install nginx
sudo service nginx start

Register dynamic dns

Register to a dynamic DNS service like here: https://www.noip.com/. Change all dzga.noip.com below to match your address

Open ports in your router

Assign port 443 and port 80 to nginx server in your router.

Configuration

Once NGINX is installed you will need to modify the configuration file. For Debian Linux the config is located at /etc/nginx/sites-enabled/default

server {
    listen 80;
    listen [::]:80;
    server_name dzga.noip.com;
    return 301 https://$server_name$request_uri;
}

server {
        listen 443 ssl;
        listen [::]:443 ssl;

        server_name dzga.example.com;

        ssl_certificate /etc/letsencrypt/live/dzga.noip.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/dzga.noip.com/privkey.pem;

        ssl on;
        ssl_session_cache  builtin:1000  shared:SSL:10m;
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        ssl_prefer_server_ciphers on;

        location / {
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Scheme $scheme;
                proxy_pass http://localhost:3030;
                proxy_read_timeout  90;
        }
}

Restart server

sudo service nginx restart

Obtaining a SSL certificate

Your OS may or may not ship with openssl preinstalled. In the case it doesn't, simply install openssl using your package manager of choice. eg: sudo apt-get install openssl.

Below you can choose between creating a self signed certificate useful if you do not have a fqdn (fully qualified domain name), or if you by chance do have a fqdn you can use certbot to obtain a Let's Encrypt CA signed certificate.

To create a self signed certificate:

sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

To obtain a Let's Encrypt CA signed certificate:

Install certbot, a client to obtain signed ssl certificates for your domain.

sudo apt-get install certbot

Run the following command:

certbot certonly --standalone -d dzga.noip.com -d dzga.noip.com

Now you should reach your dzga at https://dzga.noip.com/settings

Clone this wiki locally