Learn how to set up Nginx as a reverse proxy server. This guide uses an example configuration where HTTP/HTTPS accesses to www.emc.world are forwarded to node01.emc.world.
Ensure you have SSL certificates for secure connections. Refer to relevant SSL certificate generation documentation.
Edit the Nginx configuration file for HTTP settings:
[root@www ~]# vi /etc/nginx/nginx.conf
# Modify the server section as follows:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name www.emc.world;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
location / {
proxy_pass http://node01.emc.world/;
}
}
Create a new configuration file for HTTPS settings:
[root@www ~]# vi /etc/nginx/conf.d/proxy-ssl.conf
# Add the following configuration:
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.emc.world;
ssl_certificate "/etc/letsencrypt/live/www.emc.world/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/www.emc.world/privkey.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
location / {
proxy_pass http://node01.emc.world/;
}
}
[root@www ~]# systemctl reload nginx
If SELinux is enabled, modify the SELinux boolean setting:
[root@www ~]# setsebool -P httpd_can_network_connect on
On the backend server (node01.emc.world), configure Nginx to log the X-Forwarded-For header:
[root@node01 ~]# vi /etc/nginx/nginx.conf
# Ensure the log_format directive includes http_x_forwarded_for in the http section:
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
...
}
# Add real_ip_header configuration in the server block:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name node01.emc.world;
root /usr/share/nginx/html;
set_real_ip_from 10.0.0.0/24;
real_ip_header X-Forwarded-For;
...
}
[root@node01 ~]# systemctl reload nginx
Test the setup by accessing the frontend Nginx server from a client computer.
Configure Nginx to forward requests to different backends based on hostname.
Configure proxy settings for www.emc.world, rx-7.emc.world, and rx-8.emc.world:
# Configuration for rx-7.emc.world
[root@www ~]# vi /etc/nginx/conf.d/rx-7.emc.world.conf
# Add server block configuration
# Configuration for rx-8.emc.world
[root@www ~]# vi /etc/nginx/conf.d/rx-8.emc.world.conf
# Add server block configuration
[root@www ~]# systemctl reload nginx
Test the setup by accessing each hostname from a client computer to ensure proper forwarding and functionality.