Setting up Nginx as a Reverse Proxy on Rocky Linux 8
NGINX is open-source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. ... In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. In this article, we are going to learn how to Set-up Nginx as a Reverse Proxy on Rocky Linux 8. So, let’s get started.
Checkout the Nginx Project Here.
Try this wiki on our VPS. Starting at just $5/month with 24x7 In-house customer support.
Pre-requisites :
-
A system with Rocky Linux 8 installed and running.
-
root
access to the system. - LEMP Stack installed and running, for this, you can refer to one of our guides on installing the LEMP Stack (Nginx, MariaDB, and PHP).
Once you're all set, we'll proceed with Nginx as a Reverse Proxy configuration Setup.
Configuring Nginx as a Reverse Proxy
Let's configure nginx.conf
with the following command:
nano /etc/nginx/nginx.conf
Replace the nginx.conf
file with the below configuration.
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
Now, type in Ctrl+O
and type Ctrl+X
to save and exit the file.
For SELinux enabled systems, Run the below command
setsebool -P httpd_can_network_connect 1
Enable Port Forwarding to Domain
Create a new Nginx configuration file dev.conf
for the domain with the following command:
vi /etc/nginx/conf.d/dev.conf
Add the following codes:
Replace
dev.domainhere.info & 127.0.0.1
withYour Domain Name & IP
and Change SSL Path according to your SSL Path.
upstream app {
server 127.0.0.1:8080;
}
server {
listen 80 default_server;
server_name dev.domainhere.info;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl; # managed by Certbot
# The host name to respond to
server_name dev.domainhere.info;
ssl_certificate /etc/letsencrypt/live/dev.domainhere.info/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dev.domainhere.info/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://app;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-Port $server_port;
proxy_set_header X-Real-Scheme $scheme;
}
}
Now, press the Esc
key, and type :wq!
and press the Enter
key to save and exit the file.
For SELinux enabled systems, Run the below command
setsebool -P httpd_can_network_connect 1
Basic .conf file for Domain with SSL
Create a new Nginx configuration file dev.conf
for the domain with the following command:
vi /etc/nginx/conf.d/dev.conf
Add the following codes:
Replace
dev.domainhere.info
withYour Domain Name
and Change SSL Path according to your default Path.And also replace the root path,
/var/www/html/
with the actual path where your website's data are stored.
server {
listen 80;
server_name dev.domainhere.info;
root /var/www/html/;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
listen 443 http2 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/dev.domainhere.info/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dev.domainhere.info/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Now, press the Esc
key, and type :wq!
and press the Enter
key to save and exit the file.
For SELinux enabled systems, Run the below command
setsebool -P httpd_can_network_connect 1
Now, restart & check the Nginx with the following commands:
systemctl restart nginx
systemctl status nginx
Enable http and https ( 80/443 )
To enable http and https connection through the firewall, follow the commands:
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload
Now you have successfully Enabled Nginx as a Reverse Proxy on Rocky Linux 8.
CrownCloud - Get a SSD powered KVM VPS at $4.5/month!
Use the code WELCOME
for 10% off!
1 GB RAM / 25 GB SSD / 1 CPU Core / 1 TB Bandwidth per month
Available Locations: LAX | MIA | ATL | FRA | AMS