A reverse proxy accepts client requests and forwards them to one or several backend servers. Why: SSL termination (TLS on the proxy only), load balancing, caching, compression. nginx is the most popular. Minimal config — 5 lines with proxy_pass. Important: correct headers (X-Real-IP, X-Forwarded-For), WebSocket upgrade when needed.
Below: step-by-step, working examples, common pitfalls, FAQ.
Free online tool — HTTP header checker: instant results, no signup.
apt install nginxproxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "upgrade";nginx -t && systemctl reload nginx| Scenario | Config |
|---|---|
| Minimal reverse proxy | server {
listen 80;
server_name app.example.com;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
} |
| Load balancing (round-robin) | upstream backend {
server 10.0.0.1:3000;
server 10.0.0.2:3000;
server 10.0.0.3:3000;
}
server {
location / { proxy_pass http://backend; }
} |
| Sticky sessions (IP hash) | upstream backend {
ip_hash;
server 10.0.0.1:3000;
server 10.0.0.2:3000;
} |
| WebSocket upgrade | location /ws/ {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 3600s;
} |
| Caching proxy | proxy_cache_path /var/cache/nginx keys_zone=api_cache:10m;
location /api/ {
proxy_pass http://backend;
proxy_cache api_cache;
proxy_cache_valid 200 5m;
} |
To set up an nginx reverse proxy, install nginx on your server, configure the server block to listen on the desired port, and use the proxy_pass directive to forward requests to your backend server. For example, use proxy_pass http://localhost:3000; to forward requests to a service running on port 3000. Ensure you test your configuration with nginx -t before restarting the service.
Setting up nginx as a reverse proxy is a common practice to manage traffic to your backend servers. This guide will walk you through the process step-by-step.
First, ensure that nginx is installed on your server. You can install it using the package manager appropriate for your operating system. For example, on Ubuntu, you would run:
sudo apt update && sudo apt install nginxFor CentOS, use:
sudo yum install epel-release && sudo yum install nginxAfter installing nginx, you'll need to configure it to act as a reverse proxy. This involves editing the nginx configuration file, typically located at /etc/nginx/nginx.conf or within the /etc/nginx/sites-available/ directory.
To create a new server block, navigate to the /etc/nginx/sites-available/ directory and create a new configuration file:
sudo nano /etc/nginx/sites-available/my_reverse_proxyIn this file, add the following configuration:
server {
listen 80;
server_name yourdomain.com;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}Replace yourdomain.com with your actual domain and localhost:3000 with the address of your backend service.
To enable the new configuration, create a symbolic link in the /etc/nginx/sites-enabled/ directory:
sudo ln -s /etc/nginx/sites-available/my_reverse_proxy /etc/nginx/sites-enabled/Before restarting nginx, it's essential to test the configuration for syntax errors:
sudo nginx -tIf the test is successful, you should see a message indicating that the configuration is OK. If there are errors, review your configuration file for any mistakes.
Finally, restart nginx to apply the changes:
sudo systemctl restart nginxTo verify that your reverse proxy is working correctly, open a browser and navigate to http://yourdomain.com. You should see the response from your backend service running on port 3000. You can also use tools like curl to test the response:
curl -I http://yourdomain.comThis command should return HTTP headers from your backend service, confirming that the reverse proxy is functioning as expected.
Setting up an nginx reverse proxy is a straightforward process that can greatly enhance your web infrastructure. By following these steps, you can efficiently manage traffic to your backend services, improve load balancing, and add an additional layer of security.
nginx — proven stable, Level 7 LB. HAProxy — faster Level 4. Traefik — auto-discovery for Docker/K8s. nginx fits 90% of cases.
Blue-green: upstream with 2 backends, stop/start one at a time. nginx auto-routes to live.
Yes — standard pattern. SSL on nginx (443), backend HTTP (3000). Backend is TLS-unaware.
Tiny. nginx adds ~0.1-0.5ms. Winning features (caching, compression) save 100-500ms.
Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.