How Does Nginx Reverse Proxy Work ? (Explained)
How Does Nginx Reverse Proxy Work?. If you are going to work with Nginx server then you will frequently encounter reverse proxy and would be required to setup one. For beginners understanding the key concepts can actually make their task quite easy. In this article, we will dive into Ngin, reverse proxy and how it works.
What is a HTTP Proxy?
The HTTP Proxy is a robust, high-speed filter for online content. It evaluates Internet traffic to discover potentially dangerous information, such as spyware, infected data, or another form of assault. A second defense mechanism it has is the use of protocol anomaly detection rules to identify and deny strange packets, which can help defend your web server against attacks from the external network.
HTTP Proxy Features
HTTP proxy offers:
- Only permit content that follows Web server and client RFC specs.
- Limit the browser network access to only those URLs that meet the requirements of fully qualified domain names, path names, file names, or extensions.
- Block incoming content, limit the types of MIME content the browser permits into your network.
- It can prevent all file types, including Java and ActiveX, from being downloaded by matching the file header hexadecimal signature.
- It examines the HTTP header to ensure that the source of suspicious content is not known.
What is a Proxy Server?
Any system that converts traffic between networks or protocols is referred to as a proxy server. It is a server that acts as a middleman between end-user clients and the places they browse. Proxy servers offer varied degrees of functionality, security, and privacy, depending on the application, requirements, or organizational policy.
If you’re utilizing a proxy server, traffic is routed through the proxy server to the requested address. The request is then redirected through the same proxy server (exceptions apply), and the proxy server then sends the data obtained from the website to you.
In a nutshell, a proxy server forwards the requests from client or clients to the server or servers and sends corresponding response to the clients as if it is sent from the proxy server itself. The primary purpose of proxy server is to balance the load between the servers.
What is a Reverse Proxy?
A reverse proxy acts as a connection point for clients, users, and application servers. It manages all access policies and traffic routing, as well as protecting the identity of the server that handles the request.
Difference between Reverse Proxy and Forward Proxy?
Multiple clients can use a typical forward proxy server to route traffic to an external network. A company, for example, might use a proxy to route and filter employee traffic to the public Internet. A reverse proxy, on the other hand, is a server that routes traffic for many servers.
What is Nginx?
The open-source web server Nginx is most well known for its use as a web server, but its features also include those of a reverse proxy, HTTP cache, and load balancer.
Numerous big companies such as Autodesk, Atlassian, Intuit, T-Mobile, GitLab, DuckDuckGo, Microsoft, IBM, Google, Adobe, Salesforce, VMWare, Xerox, LinkedIn, Cisco, Facebook, Target, Citrix Systems, Twitter, Apple, Intel, and numerous others are using Nginx.
Igor Sysoev created and released the first version of Nginx in October 2004. When Igor first designed the software, he did so in response to the C10k problem, which is a challenge regarding the processing power of handling 10,000 concurrent connections. Read Ngnix Azure to learn about setting Ngnix server.
How does Ngnix Reverse Proxy work?
Nginx was created with low memory use and high concurrency in mind. Nginx utilises an asynchronous, event-driven method where requests are handled in a single thread rather than generating separate processes for each web request.
One master process can control several worker processes with Nginx. The worker processes are maintained by the master, while the workers conduct the actual processing. Because Nginx is asynchronous, each request may be processed concurrently by the worker without causing other requests to be blocked.
Nginx has a number of common features, including:
- IPv6 load balancing through reverse proxy with caching.
- WebSocket caching and FastCGI support.
- SNI handles static files, index files, and auto-indexes TLS/SSL.
You can also read more about setting up nginx reverse proxy on various cloud platform.
Its popularity stems in part from the fact that it keeps all of your servers concealed from external networks and users. The diagram below depicts a basic architecture that could be used to accomplish this. Of course, based on your needs and the products you’re using, you can create an almost infinite number of configurations.
There are several approaches through which Ngnix reverse proxy can be made to work. However, the two most popular approaches are Http Reverse Proxy and Https Reverse Proxy
Http Reverse Proxy
The simplest sort of proxy is one that sends a request to a single server that can communicate using http. The proxy_pass directive handles this form of proxy, which is known as a general proxy_pass.
The proxy_pass directive is primarily used in contexts of location. When a request matches a location that contains a proxy pass directive, the request is routed to the directive’s specified URL.
# server context
location /match/here {
proxy_pass http://my-app-server.com;
}
. . .
No URI is specified after the server in the proxy_pass specification in the preceding setup sample. For definitions that match this pattern, the client’s URI request is forwarded directly to the upstream server.
For instance, when this block processes a request for /match/here/please, the request’s URI is delivered to the my-app-server.com server as http://my-app-server.com/match/here/please.
Header Processing by Ngnix
One issue that may not be obvious is that if you expect the upstream server to handle the request properly, you must supply more than simply the URI. A request sent by Nginx on behalf of a client will differ from a request sent by the client directly. The headers that accompany the request play an important role in this.
Nginx automatically modifies the request headers it receives from the client when it proxies a request:
- Nginx removes any empty headers.
- By default, Nginx removes any header containing underscores from the proxy request. Set the underscores_in_headers directive to on to include them in headers.
- The value of the $proxy_host variable is rewritten in the Host header. This will be the upstream’s IP address or name, as well as the port number, as set by the proxy_pass directive.
- The Connection header is replaced with close. This header is used to communicate information about the specific connection that two parties have created. In this case, Nginx sets this to close to communicate to the upstream server that once the initial request is responded to, the connection will be closed. This connection should not be expected to last long by the upstream.
HTTPs Reverse Proxy
The other approach by which Nginx reverse proxy works is Https. Https reverse proxy configuration has similar configuration to that of Http reverse proxy except the SSL-related options are added to the configuration as shown here in the example. The SSL certificate and SSL certificate key arguments, which point to the certificates used for HTTPS, are the most crucial.
server {
listen 443 ssl http2;
#listen [::]:443 ipv6only=on ssl http2;
server_name poc-tomhawk-1.cloudinfrastructureservices.co.uk;
ssl_certificate /etc/letsencrypt/live/poc-tomhawk-1.cloudinfrastructureservices.co.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/poc-tomhawk-1.catwa/privkey.pem;
# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
# Enable server-side protection against BEAST attacks
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
# Disable SSLv3
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1;
# DHE ciphersuites Diffie-Hellman parameter
# $ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
#ssl_dhparam /etc/ssl/certs/dhparam.pem;
# HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/cloudinfrastructureservices.co.uk/fullchain.pem;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
root /usr/share/nginx/html;
index index.html;
location / {
proxy_pass http://tomhawk-server-1.localdomain:7003;
proxy_set_header Host $host;
}
}
How Does Nginx Reverse Proxy Work Explained
Nginx is primarily a reverse proxy that also functions as a web server. Proxying requests to other servers is relatively straightforward as a result of this design decision. On the other hand, Nginx is exceptionally flexible, allowing for more complex control of your proxy configuration if desired.
