A reverse proxy is a server that sits in front of web servers and forwards client requests to those web servers. It acts as an intermediary, intercepting and inspecting incoming client requests before forwarding them to the web server. Reverse proxies can provide additional levels of abstraction, control, security, and performance optimization. They are commonly used for load balancing, web acceleration, and to hide implementation details about the web servers.
Don’t forget to join my Discord: https://discord.gg/YbSYGsQYES
Requirements
- A Debian Bookworm (or other Debian based) server
- Root access
- Internet connection
- A running web app or site (we will use an Nginx in Podman here on port 80)
- SSL certificates (we will generate some for testing)
- Coffee
Installing Nginx on the host
You can install nginx straight from the package repository.
apt install nginx -y
Disabling the “default site”
rm -f /etc/nginx/sites-enabled/default
Setting up the reverse proxy configuration
Create a site configuration that will act as the reverse proxy.
vim /etc/nginx/sites-available/reverse_proxy.conf
Consult with the Nginx documentation for more config details.
This config example creates an SSL reverse proxy that forwards the connection to an internal IP.
server {
listen443 ssl;
server_name prodsite.com;
ssl_certificate /etc/nginx/conf.d/cert.pem;
ssl_certificate_key /etc/nginx/conf.d/key.pem;
location / {
proxy_pass http://192.168.1.102;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Enable the reverse proxy site.
ln -s /etc/nginx/sites-available/reverse_proxy.conf /etc/nginx/sites-enabled/
Configuring the certificate
Put the certifictate and key file in their place.
cd /etc/nginx/conf.d/
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
Start the Nginx reverse proxy
nginx -t
systemctl start nginx
Testing and validating the configuration
Test the config with opening https://testsite.org and it must proxy the browser to the Nginx default page while securing the transmission with SSL.
Don’t forget to join my Discord: https://discord.gg/YbSYGsQYES
Tom's IT Cafe 