CentOS Stream 9
Sponsored Link

Nginx : Reverse Proxy
2022/03/17
 
Configure Nginx as a Reverse Proxy Server.
For example, Configure Nginx that HTTP/HTTPS accesses to [www.srv.world] are forwarded to [node01.srv.world].
[1]
[2] Configure Nginx.
# for HTTP setting

[root@www ~]#
vi /etc/nginx/nginx.conf
# change [server] section like follows

    server {
        listen      80 default_server;
        listen      [::]:80 default_server;
        server_name www.srv.world;

        proxy_redirect      off;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    Host $http_host;

        location / {
            proxy_pass http://node01.srv.world/;
        }
    }

# for HTTPS setting

[root@www ~]#
vi /etc/nginx/conf.d/proxy-ssl.conf
# create new
# replace certifictates to your own one

server {
    listen      443 ssl http2 default_server;
    listen      [::]:443 ssl http2 default_server;
    server_name www.srv.world;

    ssl_certificate "/etc/letsencrypt/live/www.srv.world/fullchain.pem";
    ssl_certificate_key "/etc/letsencrypt/live/www.srv.world/privkey.pem";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers PROFILE=SYSTEM;
    ssl_prefer_server_ciphers on;

    proxy_redirect      off;
    proxy_set_header    X-Real-IP $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header    Host $http_host;

    location / {
        proxy_pass http://node01.srv.world/;
    }
}

[root@www ~]#
systemctl reload nginx

[3] If SELnux is enabled, change boolean setting.
[root@www ~]#
setsebool -P httpd_can_network_connect on
[4] Configure backend Nginx server to log X-Forwarded-For header.
[root@node01 ~]#
vi /etc/nginx/nginx.conf
# make sure settings [log_format] in [http] section
# OK if set [http_x_forwarded_for]

http {
        log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for"';

# add into [server] section
# specify your local network for [set_real_ip_from]

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  node01.srv.world;
        root         /usr/share/nginx/html;
        set_real_ip_from   10.0.0.0/24;
        real_ip_header     X-Forwarded-For;

[root@node01 ~]#
systemctl reload nginx

[5] Verify it works fine to access to frontend Nginx Server from any Client Computer.
[6]
It's possible to proxy requests of multiple hostnames or domainnames.
For example, [www.srv.world], [rx-7.srv.world], [rx-8.srv.world] are assigned the same IP address (10.0.0.31 on here) by DNS setting and Nginx on the server with its IP address receives all requests to those hostname.
This example shows to use servers which have the same domainname but it's no ploblem if domainnames are not the same one.
The example below shows to configure Nginx that requests to [www.srv.world] are forwarded to local Nginx default site,
requests to [rx-7.srv.world] are forwarded to the backend server [rx-7.srv.world (10.0.0.101)],
requests to [rx-8.srv.world] are forwarded to the backend server [rx-8.srv.world (10.0.0.102)].
[root@www ~]#
vi /etc/nginx/conf.d/rx-7.srv.world.conf
# create new

server {
        listen      80;
        listen      [::]:80;
        listen      443 ssl http2;
        listen      [::]:443 ssl http2;
        server_name rx-7.srv.world;

        ssl_certificate "/etc/letsencrypt/live/rx-7.srv.world/fullchain1.pem";
        ssl_certificate_key "/etc/letsencrypt/live/rx-7.srv.world/privkey1.pem";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;

        proxy_redirect      off;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    Host $http_host;

        location / {
                proxy_pass http://rx-7.srv.world/;
        }
}

[root@www ~]#
vi /etc/nginx/conf.d/rx-8.srv.world.conf
# create new

server {
        listen      80;
        listen      [::]:80;
        listen      443 ssl http2;
        listen      [::]:443 ssl http2;
        server_name rx-8.srv.world;

        ssl_certificate "/etc/letsencrypt/live/rx-8.srv.world/fullchain1.pem";
        ssl_certificate_key "/etc/letsencrypt/live/rx-8.srv.world/privkey1.pem";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;

        proxy_redirect      off;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    Host $http_host;

        location / {
                proxy_pass http://rx-8.srv.world/;
        }
}

[root@www ~]#
systemctl reload nginx

[7] Verify it works fine to access to each hostname from any Client Computer.
Matched Content