Nginx Reverse Proxy | Darin.web.id

Reverse Proxy

Reverse proxy is a server that sits between internal applications and external clients, forwarding client requests to the appropriate server. NGINX has a number of advanced load balancing, security, and acceleration features that most specialized applications lack. Using NGINX as a reverse proxy enables you to add these features to any application.

Logical topology (different server)

   RvrsProxy
  :80->https://xxx
  :802->web01
  :803->web02
  :803->web03
        |
 ---------------
web01 web02 web03
        |
     dbserver

All server using CentOS 7

rvproxy.darin.web.id        - 103.23.22.x   
webserver01.darin.web.id    - 103.43.47.x   
webserver02.darin.web.id    - 103.43.47.x   
webserver03.darin.web.id    - 103.43.47.x       
database.darin.web.id       - 103.41.188.x

Preparation

Update and upgrade every server
Install nginx, php, php-mysql on web
Install mysql/mariadb on database
Make sure nginx running on every web
Create user, database, and allow remote connection on db
Test connection between web and db by create php mysql connection

Nginx Installation

yum -y update && upgrade
yum -y clean all; yum autoremove
yum -y install nginx
cp -r /etc/nginx/ /root/nginx.default

Reverse Proxy configuration

Note : Disable server block port 80 in /etc/nginx.conf (default)

Create reverse proxy configuration
touch /etc/nginx/conf.d/reverseproxy.conf
vim /etc/nginx/conf.d/reverseproxy.conf

server {
    listen 80;
    location / {
    proxy_pass https://darin.web.id;
    }
}

server {
    listen 802;
    location / {
    proxy_pass http://103.43.47.x;
    }
}

server {
    listen 803;
    location / {
    proxy_pass http://103.43.47.x;
    }
}

server {
    listen 804;
    location / {
    proxy_pass http://103.43.47.x;
    }
}

systemctl restart nginx
systemctl enable nginx

Testing

Point domain to IP Reverse Proxy
Access domain with domain:port
Documentation can be found at here

Real IP Module (Log client ip)

A common problem that people often run into when reverse proxying is the inability to retrieve the client IP Address because nginx is proxying the request to the backend. The Real IP module in nginx solves this problem.

How to enable real ip module?

To enable real ip, you need to install and configure it on your nginx server and any nginx load balancers. On the load balancer, add the real_ip_header directive.

http {
    real_ip_header X-Real-IP;
    server {
...
    }
}