#atom

Configuration of Nginx as an intermediary server to forward client requests to backend services

Core Idea: Nginx can function as a reverse proxy by accepting client requests and forwarding them to appropriate backend servers, enabling features like load balancing, SSL termination, and path-based routing.

Key Elements

• Basic Configuration Structure

  • Server block with server_name directive to handle specific domains
  • location blocks to define path-based routing rules
  • proxy_pass directive to forward requests to backend services
  • HTTP/HTTPS port listening configuration

• Essential Proxy Directives

  • proxy_set_header for forwarding client information to backend
  • proxy_http_version for specifying HTTP protocol version
  • proxy_pass for defining the destination server
  • proxy_redirect for URL rewriting in responses
  • proxy_buffering for controlling response buffering

• Common Use Cases

  • SSL termination (handling HTTPS at proxy level)
  • Load balancing across multiple backend instances
  • Serving static content directly while proxying dynamic requests
  • Path-based routing to different applications
  • WebSocket proxying for real-time applications

• Security Considerations

  • Setting appropriate HTTP headers (X-Forwarded-For, X-Real-IP)
  • Configuring HTTPS with modern cipher suites
  • Implementing rate limiting to prevent abuse
  • Adding HTTP Strict Transport Security (HSTS) headers
  • Hiding backend server information

• Implementation Example

  server {
      server_name example.com;
      listen 80;
  
      # Normalize multiple slashes
      merge_slashes on;
  
      location / {
          add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
          proxy_pass http://127.0.0.1:8989;
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
          proxy_set_header Host $http_host;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_set_header X-Forwarded-For $remote_addr;
          proxy_set_header X-Forwarded-Port $server_port;
          proxy_set_header X-Request-Start $msec;
      }
  }
  

## Connections

- **Related Concepts**: Nginx (parent technology), Load Balancing (common function), SSL Termination (security feature)
- **Broader Context**: Web Server Architecture (design pattern)
- **Applications**: Cloud to VPS Migration (common implementation requirement), Microservices Gateway (architectural pattern)
- **Components**: HTTP Headers (configuration detail), WebSocket Proxying (specific capability)

## References

1. Nginx reverse proxy documentation: https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/

#nginx #reverse-proxy #web-server #devops

---
**Connections:**
- 
---
**Sources:**
- From: Getting back to the EU from Google Cloud to Self-Hosted EU Infrastructure