Getting Started with Nginx Reverse Proxy

Overview

Nginx Reverse Proxy: Reverse proxy means that the server obtains resources from one or more groups of backend servers (such as Web servers) based on the client's request, and then returns these resources to the client. The client only knows the IP address of the reverse proxy, but does not know the existence of the server cluster behind the proxy server.

The role of reverse proxy

• Hide the IP address of the server (cluster) from the client
• Security: As an application layer firewall, it provides protection for websites against web-based attacks (such as DoS/DDoS, making it easier to detect malware, etc.)
• Provide unified encryption and SSL acceleration (such as SSL terminal proxy) for back-end servers (clusters)
• Load balancing: if there is a server with a higher load in the cluster, the reverse proxy rewrites the URL and obtains the same resources or backup from the server with a lower load according to the connection request.
• Provides cache services for static content and dynamic content that has a large number of access requests in a short period of time
• Compress some content to save bandwidth or provide services to networks with poor network bandwidth
• Slow down upload
• Provide HTTP access authentication

Practice Nginx reverse proxy intranet penetration 8081 port

Purpose: Hide port 8081 and access port 80 by accessing port 80

Implementation steps

We configured the API on port 8081 and deployed it successfully. Now 8081 is open to the public, so it can be accessed

Take Ubuntu environment as an example

$ cd /etc/nginx/
$ vim nginx.conf

Configure the reverse proxy for port 8081 under the Nginx http node as follows

 server {
        listen 80 default_server;
        listen [::]:80 default_server;
        location /api/ {
                        proxy_pass http://127.0.0.1:8081;
                }

                location /apidocs/ {  
                        proxy_pass http://localhost:8081/api/;
                        index swagger-ui.html;
                        error_page 404 http://localhost:8081/api/swagger-ui.html;
                }
         }

After the configuration is complete, restart the Nginx service

$ service nginx restart

Visit http://ip/apidocs/swagger-ui.html successfully

We can turn off the server security group rules, remove the 8081 port-security group rules, and log in to Alibaba Cloud to configure. Take Alibaba Cloud as an example. The same applies to other

http://ip/apidocs/swagger-ui.html is still accessible

http://ip:8081/api/swagger-ui.html is not accessible

So far, we have achieved the purpose of nginx reverse proxy port 8081 by accessing port 80 and proxying to port 8081

Focus on understanding the Ngnix location & proxy_pass field rules

Implementation method 2: Configure upstream

Under the http node, add the upstream node

upstream demo { 
   server ip:8080; 
   server ip:8081; 
}

Configure proxy_pass in the location node under the server node to: http:// + upstream name

location / { 
      proxy_pass http://demo; 
}

Nginx configuration https support

 ##
        # add cnn SSL Settings
        ##
        server{
                listen 443;
                server_name demo.com;
                ssl on;
                ssl_certificate /etc/nginx/cert/test.pem;
                ssl_certificate_key /etc/nginx/cert/test.key;
                ssl_session_timeout 5m;
                location / {
                							#Root domain name or IP
                                proxy_pass http://demo.com;
                        }
        }

Summarize

This is the end of this article about the introduction to Nginx reverse proxy. For more relevant Nginx reverse proxy content, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!