Skip to content

How to Set Up a Reverse Proxy

Key idea:

A reverse proxy accepts client requests and forwards them to one or several backend servers. Why: SSL termination (TLS on the proxy only), load balancing, caching, compression. nginx is the most popular. Minimal config — 5 lines with proxy_pass. Important: correct headers (X-Real-IP, X-Forwarded-For), WebSocket upgrade when needed.

Below: step-by-step, working examples, common pitfalls, FAQ.

Check your site →

Step-by-Step Setup

  1. Install nginx: apt install nginx
  2. Identify upstream backend(s): IP:port or hostname
  3. Create /etc/nginx/sites-available/myapp.conf with a server block
  4. location / { proxy_pass http://backend:3000; }
  5. Add headers: proxy_set_header Host \$host; X-Real-IP \$remote_addr
  6. For WebSocket: proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "upgrade";
  7. nginx -t && systemctl reload nginx
  8. Verify: Enterno HTTP checker — inspects response headers

Working Examples

ScenarioConfig
Minimal reverse proxyserver { listen 80; server_name app.example.com; location / { proxy_pass http://127.0.0.1:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
Load balancing (round-robin)upstream backend { server 10.0.0.1:3000; server 10.0.0.2:3000; server 10.0.0.3:3000; } server { location / { proxy_pass http://backend; } }
Sticky sessions (IP hash)upstream backend { ip_hash; server 10.0.0.1:3000; server 10.0.0.2:3000; }
WebSocket upgradelocation /ws/ { proxy_pass http://backend; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 3600s; }
Caching proxyproxy_cache_path /var/cache/nginx keys_zone=api_cache:10m; location /api/ { proxy_pass http://backend; proxy_cache api_cache; proxy_cache_valid 200 5m; }

Common Pitfalls

  • Without proxy_set_header Host — backend sees "backend" instead of the real domain
  • Without X-Real-IP — backend logs 127.0.0.1 instead of client IP
  • proxy_buffer too small for large responses — 502 errors
  • WebSocket without Upgrade header — connection closes after 60 s
  • upstream without health checks — traffic keeps going to a dead backend

TL;DR: Setting Up an nginx Reverse Proxy

To set up an nginx reverse proxy, install nginx on your server, configure the server block to listen on the desired port, and use the proxy_pass directive to forward requests to your backend server. For example, use proxy_pass http://localhost:3000; to forward requests to a service running on port 3000. Ensure you test your configuration with nginx -t before restarting the service.

Step-by-Step Guide to Configuring nginx as a Reverse Proxy

Setting up nginx as a reverse proxy is a common practice to manage traffic to your backend servers. This guide will walk you through the process step-by-step.

1. Install nginx

First, ensure that nginx is installed on your server. You can install it using the package manager appropriate for your operating system. For example, on Ubuntu, you would run:

sudo apt update && sudo apt install nginx

For CentOS, use:

sudo yum install epel-release && sudo yum install nginx

2. Configure nginx

After installing nginx, you'll need to configure it to act as a reverse proxy. This involves editing the nginx configuration file, typically located at /etc/nginx/nginx.conf or within the /etc/nginx/sites-available/ directory.

3. Create a New Server Block

To create a new server block, navigate to the /etc/nginx/sites-available/ directory and create a new configuration file:

sudo nano /etc/nginx/sites-available/my_reverse_proxy

In this file, add the following configuration:

server {
    listen 80;
    server_name yourdomain.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Replace yourdomain.com with your actual domain and localhost:3000 with the address of your backend service.

4. Enable the Configuration

To enable the new configuration, create a symbolic link in the /etc/nginx/sites-enabled/ directory:

sudo ln -s /etc/nginx/sites-available/my_reverse_proxy /etc/nginx/sites-enabled/

5. Test the Configuration

Before restarting nginx, it's essential to test the configuration for syntax errors:

sudo nginx -t

If the test is successful, you should see a message indicating that the configuration is OK. If there are errors, review your configuration file for any mistakes.

6. Restart nginx

Finally, restart nginx to apply the changes:

sudo systemctl restart nginx

7. Verify the Setup

To verify that your reverse proxy is working correctly, open a browser and navigate to http://yourdomain.com. You should see the response from your backend service running on port 3000. You can also use tools like curl to test the response:

curl -I http://yourdomain.com

This command should return HTTP headers from your backend service, confirming that the reverse proxy is functioning as expected.

Conclusion

Setting up an nginx reverse proxy is a straightforward process that can greatly enhance your web infrastructure. By following these steps, you can efficiently manage traffic to your backend services, improve load balancing, and add an additional layer of security.

Learn more

Frequently Asked Questions

nginx vs HAProxy vs Traefik?

nginx — proven stable, Level 7 LB. HAProxy — faster Level 4. Traefik — auto-discovery for Docker/K8s. nginx fits 90% of cases.

How to zero-downtime restart backends?

Blue-green: upstream with 2 backends, stop/start one at a time. nginx auto-routes to live.

Reverse proxy + SSL termination?

Yes — standard pattern. SSL on nginx (443), backend HTTP (3000). Backend is TLS-unaware.

Performance: does reverse proxy add latency?

Tiny. nginx adds ~0.1-0.5ms. Winning features (caching, compression) save 100-500ms.

Try the live tool that powered this guide

Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.