Nginx – Reverse proxy – HTTP/HTTPS

I started a vitalization project of my home server and after that I needed a reverse
proxy server to handle the requests to my backend servers.
I have done some
reading about the different proxy servers and was actually hoping that Squid
would be the end candidate for this, but i discovered squid had a higher CPU usage
vs performance.
Acutally Apache should be the best regarding to this slide
but I have seen that the combination of Apache and Nginx should give a really good
resolut if Nginx is configured to served static cache.

One of the great thing with an reverse proxy server is that you can have multiple
backend servers going out on the same ports and you can have all of your SSL

  • certificates in one place.

    I have forged a http and https configuration file to make it easier to setup a reverse proxy in
    nginx. I have saved mine as ProxyHTTP and ProxyHTTPS so there is going to be
    two files, one for HTTP and one for HTTPS.

    You will only have to change the following lines to make the reverse proxy server working

    server_name example.com;
    ssl_certificate /etc/nginx/ssl/yourcertificate.crt;
    ssl_certificate_key /etc/nginx/ssl/yourcertificate.key;
    ssl_trusted_certificate /etc/nginx/ssl/yourcertificate.pem;
    proxy_pass http(s)://LocalIP;

    you should place the files in

    /etc/nginx/sites-available

    apache have the a2ensite but in nginx we have to do it a little
    different, but still simple
    sudo ln -s /etc/nginx/sites-available/reverseproxy /etc/nginx/sites-enabled/reverseproxy

    • Ty Mixon

      Ok, so I chatted w/ you on Reddit about this some, and you suggested asking here. How do make a site file so that it will listen to both ssl & standard?

      I’m not sure how I’d make the proxpass line work.

      • What kind of site are you trying to let throug the proxy if I may ask?
        There is some unwritten rules with Nginx such as create a new .conf file for each site and each connection, it will help you in the future if you need to troubleshoot a problem. (How is your network setup?)

        So you should just create a http-yoursite.con and a https-yoursite.conf
        The only thing you need to hange in the configuration is the :
        Server_Name [insert our domain here] and

        proxy_pass https://[insert your server ip here];

        And then grab a free ssl cert at https://letsencrypt.org/
        You want to place the SSL Certs on the reverse proxy so you can manage all your certs from there.

        and of course change the path’s for your SSL Certs

        • Ty Mixon

          So . . . then if I want say wiki.mydomain.net to be accessible on both http & https I would use https-wiki.mydomain.net.conf & http-wiki.mydomanin.net both in sites available and linked back to sites-enabled?

          • if i understand your Q correct then Yes :)