Configure Nginx as a Reverse Proxy on Ubuntu 22.04

Nginx as a Reverse Proxy on Ubuntu

This tutorial will gently guide you through how to install and configure the NginX web server and reverse proxy server on Ubuntu Server 22.04 LTS.

Prerequisites

To complete this tutorial, you will need:

• An Ubuntu 22.04 cloud server with SSH enabled
• A valid domain name pointed to your server’s IP
• A root password or a user with sudo privileges
• Nginx. Follow the instructions to install Nginx on Ubuntu 22.04. If you navigate to your server’s ip address, you should now see the default NginX webpage. This means that NginX is working properly
• Git. Follow the instructions to install Git on Ubuntu 22.04
• Docker and Docker Compose. Follow the instructions to install Docker and Docker Compose on Ubuntu 22.04
• Let’s Encrypt. Follow the instructions to secure Nginx with Let’s Encrypt on Ubuntu 22.04

Clone and run the Web API project

The first step is to navigate to the /var/www/ directory:

cd /var/www/

Clone the Web API project:

git clone https://github.com/mikeoye25/dockerized-web-api-project web-api

Navigate to the web-api directory:

cd web-api

To start your application, run the following command:

docker-compose up -d

Set Up an Nginx Reverse Proxy

Next, follow the below command to disable the virtual host:

sudo unlink /etc/nginx/sites-enabled/default

After disabling the virtual host, we can create a file in the /etc/nginx/sites-available/ directory called reverse-proxy.conf. This file will serve a few purposes: redirecting <domain_name> to www.<domain_name>, redirecting http to https, and reverse proxying to port 8080 on localhost.

In the file, we need to paste in these strings below:

# Redirect www http traffic to www https
server {
    listen 80;
    server_name www.<domain_name>;
    return 301 https://www.<domain_name>$request_uri;
}

# Redirect non-www http traffic to www https
server {
    listen 80;
    server_name <domain_name>;
    return 301 https://www.<domain_name>$request_uri;
}

# Redirect non-www https traffic to www https
server {
    listen 443 ssl;
    server_name <domain_name>;
    ssl_certificate /etc/letsencrypt/live/<domain_name>/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/<domain_name>/privkey.pem;
 return 301 https://<domain_name>$request_uri;

}

# Main server block for www https
server {

    listen 443 ssl;
    server_name www.<domain_name>;
 root /var/www/web-api;

    ssl_certificate /etc/letsencrypt/live/<domain_name>/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/<domain_name>/privkey.pem;

    location / {

      # Set the proxy headers

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      # Configure which address the request is proxied to

      proxy_pass          http://localhost:8080/;
      proxy_read_timeout  90;
      proxy_redirect      http://localhost:8080 https://www.<domain_name>;

      # Security headers
      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
      add_header X-Frame-Options DENY;
      add_header X-Content-Type-Options nosniff;
      add_header X-XSS-Protection "1; mode=block";
      add_header Referrer-Policy "origin";

      # Add the trailing slash
      rewrite ^([^.]*[^/])$ $1/ permanent;
    }
}

The first server block, which will listen on www.<domain_name> port 80 and redirect visitors to https (port 443).

The next server block, which will listen on <domain_name> port 80 and redirect visitors to www.<domain_name> with https.

The third server block will listen on <domain_name> port 443, and redirect the https traffic to www.<domain_name>. This server block also contains information about the SSL certificates, which we will modify later when we obtain them.

This last server block will perform the actual proxying. It will listen on www.<domain_name> port 443 and proxy requests to localhost port 8080.

After adding these lines, save the file and close your editor.

Next, enable this configuration file by creating a link from it to the sites-enabled directory that Nginx reads at startup:

sudo ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf

You can now test your configuration file for syntax errors:

sudo nginx -t

Finally, restart NginX using the following command:

sudo systemctl restart nginx

Nginx is now configured as a reverse proxy for your application server, and you can access the web api project from https://<domain_name>/swagger to verify it’s working.

Conclusion

In this tutorial, you learnt how to set up a reverse proxy using Nginx, a popular web server and reverse proxy solution on Ubuntu 22.04.

References

• https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-reverse-proxy-on-ubuntu-22-04
• https://blog.yeetpc.com/how-to-set-up-an-nginx-reverse-proxy-with-ssl-on-ubuntu-server-20-04-lts/
• https://www.hostinger.com/tutorials/how-to-set-up-nginx-reverse-proxy/