News
New LLM GPT PHI-4 from Microsoft available now!
RF
February 17 2025
Updated February 17 2025

How to deploy and configurate Reverse Proxy server?

Linux NGINX

Among many infrastructure services that form a unified corporate system there is Proxy. Its main purpose is to become an intermediate node in traffic transmission and to fulfil the pre-established functionality of modifying/sniffing connections.

There are two types of such solutions forward and reverse-proxy, where the first redirects traffic to the outside through a single point, and the second vice versa from the external segment to the internal. In this article we will consider the second variant of its implementation and configure the service to work.

What is Reverse Proxy?

As we mentioned earlier, Reverse Proxy is an intermediate node through which external traffic passes to the servers, respectively from clients.

Schema
Screenshot № 1 — Schema

In such cases, this solution is due to the need to balance the load on the nodes, as the processing of the packets themselves can be quite load, then different approaches to balancing them can reduce it. It can also be a node for controlling the passing traffic, for example, a local WAF or a redirection node to ICAP servers.

If you don't have sufficient resources than you can perform actions on powerful cloud servers. Serverspace provides isolated VPS / VDS servers for common and virtualize usage.

Create Server
Screenshot №2 — Create Server

Deployment and configuration

First of all, let's choose a software package that performs such proxying functions, usually simple web servers have this functionality, so let's use the Nginx package:

Installation
Screenshot № 3 — Installation

After we move on to the configuration of our service by the standard directory /etc/nginx, inside we are interested in two files that are responsible for the global configuration of the service and virtual hosts, let's go to the second one:

cd /etc/nginx/sites-available && nano 000-default.conf

If your virtual hosts file is named differently, then go into that particular one with nano. Let's look at the basic syntax for a virtual host, which is determined by the SNI field in the incoming network packet:

server {
listen ip:port;
server_name domain_name;
root /path/to/site-file;
index /index.html;
..
location / {}
..
}

Fill in the basic fields with your web server metadata, what port your web will be available on, what domain name will be handled, etc. Note that the location field will be responsible for acting on the packet that arrived at the specified path. Now this is a normal web server, to make it a reverse-proxy you need to add directives to location:

location /date {
proxy_pass http://192.168.1.10:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
Configuration
Screenshot № 4 — Configuration

To understand the difference between reverse-proxy and web server compare the directives of the two paths /hello and /cats, in the latter case we specify the path where our data resides and in the former we proxy the connection. Note that the proxy_pass directive allows us to establish a connection to a resource and, as a client, transmit packets by modifying them with the proxy_set_header directive.

Each of them also has its own functionality:

  • HOST will specify the hosts to be reached;
  • X-Real-IP will specify the real address of the client before proxying;
  • X-Forwarded-For will specify to whom it proxies;
  • X-Forwarded-Proto will specify which scheme/protocol to use.

The modified packets will then be sent to the Upstream or Backend, where they will be further processed by the web application. Let's save the file and create a link to the config to autoload it:

ln -s /etc/nginx/sites-available/000-default.conf /etc/nginx/sites-enabled/000-default.conf

Or replace the file name with your own and create a link to the enabled part as well. After that restart nginx or make it re-read the config:

sudo systemctl restart nginx && sudo systemctl status nginx

Since the nginx server listens on all interfaces by default, traffic coming to the device will be proxied and sent to the back. If there is a need to pre-terminate SSL traffic, add directives for its processing:

ssl_certificate www.example.com.crt;
ssl_certificate_key www.example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
SSL Termination
Screenshot № 5 — SSL Termination

After that the traffic will be transmitted in the open, where further solutions will be able to process the incoming packets. Also in our knowledge base you can find materials on how you can configure WAF based on such Reverse Proxy solution!

Vote:
5 out of 5
Аverage rating : 5
Rated by: 1
1101 CT Amsterdam The Netherlands, Herikerbergweg 292
+31 20 262-58-98
700 300
ITGLOBAL.COM NL
700 300

You might also like...

We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.