Learn how to setup Nginx Reverse Proxy on CentOS 7 with this step-by-step guide. Configure your server to efficiently manage and balance web traffic, improving your site’s performance and security. #centlinux #linux #nginx
Table of Contents
What is Nginx?
Nginx is a free and open-source web server. Nginx can also be used as reverse proxy, load balancer, mail proxy and HTTP cache. Currently, it is the second most widely used web server over the Internet. Also, there are many web servers that are using Nginx as the Reverse Proxy and Load Balancer.
Nginx, pronounced “engine-x,” is a high-performance open-source web server and reverse proxy server software. Originally developed to address the C10k problem, which refers to efficiently handling a large number of simultaneous connections, Nginx has become widely popular for its speed, scalability, and versatility. It efficiently serves static content, manages dynamic content through FastCGI or other modules, and acts as a load balancer to distribute incoming traffic across multiple servers.
One of Nginx’s key strengths lies in its event-driven, asynchronous architecture, allowing it to handle numerous connections simultaneously with low resource consumption. Its modular design supports various add-ons and extensions, making it adaptable for diverse use cases. Nginx is often utilized as a front-end proxy to improve the performance and security of web applications, and it excels in serving as a reverse proxy for distributing incoming requests to backend servers.
In addition to its role as a web server, Nginx is employed as a caching server, SSL/TLS terminator, and as a general-purpose TCP/UDP proxy. Its widespread adoption by high-traffic websites, content delivery networks (CDNs), and as a component in containerized applications underscores its reliability and efficiency in handling modern web infrastructure challenges.
Recommended Online Training: Learn Bash Shell in Linux for Beginners
What is a Reverse Proxy?
A reverse proxy is a server that sits between client devices and backend servers, forwarding client requests to the appropriate backend server and returning the server’s response to the client. Unlike a traditional proxy server that serves as an intermediary for client requests to external servers, a reverse proxy serves as an intermediary for requests from external clients to a server on a private network.
Key Functions and Benefits of a Reverse Proxy
- Load Balancing:
- Distribute Traffic: Distributes incoming network traffic across multiple backend servers to ensure no single server becomes overwhelmed. This improves performance and reliability by balancing the load.
- Security and Anonymity:
- Hide Backend Servers: Masks the identity and structure of backend servers from clients, enhancing security by preventing direct access to backend servers.
- SSL Termination: Can handle SSL encryption/decryption, offloading this resource-intensive task from backend servers.
- Caching:
- Improve Performance: Stores frequently requested content and serves it directly to clients, reducing the load on backend servers and speeding up response times.
- Web Acceleration:
- Optimize Content Delivery: Compresses and optimizes content before sending it to clients, improving load times and overall performance.
- Application Firewall:
- Protect Servers: Acts as a shield against malicious traffic, implementing security policies to protect backend servers from attacks like DDoS, SQL injection, and XSS.
- Centralized Authentication:
- Single Sign-On: Implements centralized authentication mechanisms, simplifying user management and enhancing security.
How Reverse Proxy Works
When a client makes a request to a web server, the reverse proxy intercepts the request and performs the following steps:
- Receive Client Request:
- The reverse proxy receives the client’s request intended for the backend server.
- Process and Forward Request:
- The proxy processes the request, applies any configured rules (e.g., load balancing, caching), and forwards the request to the appropriate backend server.
- Receive Server Response:
- The backend server processes the request and sends its response back to the reverse proxy.
- Forward Response to Client:
- The reverse proxy forwards the backend server’s response to the client, appearing as if it originated from the proxy itself.
Common Use Cases for Reverse Proxy
- Load Balancing:
- Distributing client requests across multiple servers to ensure even distribution of traffic and prevent server overload.
- Content Delivery Networks (CDNs):
- Serving cached content from edge servers located closer to the end-users to reduce latency and improve load times.
- Microservices Architecture:
- Acting as a gateway in a microservices architecture to route requests to the appropriate service based on the request URL.
- API Gateways:
- Managing and routing API requests, providing features like rate limiting, authentication, and logging.
System Specification
In this article, we are using three virtual machines. Two VMs to deploy and run two websites and One VM to configure as the reverse proxy and HTTP load balancer.
Hostname | web-01.example.com | web-02.example.com | proxy-02.example.com |
IP Address | 192.168.116.51/24 | 192.168.116.52/24 | 192.168.116.54/24 |
Operating System | CentOS 7.6 | CentOS 7.6 | CentOS 7.6 |
Web Server | Apache | Apache | Nginx |
We have already configured web-01.example.com and web-02.example.com as the web servers and hosted a simple and distinct webpage on both servers.
Install Nginx on CentOS 7
Connect to proxy-02.example.com using ssh.
Nginx can be installed from EPEL (Extra Packages for Enterprise Linux) yum Repository. Therefore, we have to install EPEL yum repository.
# yum install -y epel-release
Let the yum create cache of repositories using following command.
# yum makecache
Install Nginx web server from EPEL yum repository.
# yum install -y nginx
Start and enable nginx.service.
# systemctl start nginx.service # systemctl enable nginx.service Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
Allow http service in Linux Firewall.
# firewall-cmd --permanent --add-service=http success # firewall-cmd --reload success
Browse URL http://proxy-02.example.com in a client browser.
Nginx Web Server has been installed.
Setup Nginx Reverse Proxy in CentOS 7
Our Nginx web server is already configured and running at default HTTP port 80.Although, we can configure the same HTTP port as reverse proxy load balancer, but we will keep it clean and add new configurations for the port 8888.
Create a new Nginx configuration file.
# vi /etc/nginx/conf.d/app.conf
Add following directives therein.
upstream appset { server web-01.example.com; server web-02.example.com; } server { listen 8888; location / { proxy_pass http://appset; } }
Adjust SELinux policy to allow Nginx to run HTTP service on port 8888.
# semanage port -a -t http_port_t -p tcp 8888
Allow service port 8888/tcp in Linux Firewall.
# firewall-cmd --permanent --add-port=8888/tcp success # firewall-cmd --reload success
Restart nginx.service.
# systemctl restart nginx.service
Browse URL http://proxy-02.example.com:8888/ in a client browser.
Our request has been served by web-02.example.com.
Refresh webpage again.
Now it forwards, our request to web-01.example.com.
We have configured a Reverse Proxy and Load Balancer using Nginx Web Server. Here, the configurations are basic and are solely for the demonstration purpose. However, you can amend the same configurations according to your environment to create a relatively advanced Load Balancer.
If you are new to Linux and facing difficulty in working at Linux Bash prompt. We recommend that, you should read The Linux Command Line, 2nd Edition: A Complete Introduction by William Shotts.
Final Thoughts
Setting up an Nginx Reverse Proxy on CentOS 7 can significantly enhance your web server’s performance and security. This guide provides the steps needed to configure your server effectively.
If you need professional assistance or have specific requirements, I offer expert services for Nginx Reverse Proxy setup and management. Visit my Fiverr profile for more details and to get started: Linux Cloud Engineer
Optimize your web server with a tailored Nginx Reverse Proxy solution today!