First of all, a proxy serves the basic purpose of working on behalf of another machine. By facilitating various online connections, traffic, and client requests, proxies enhance the user experience.
All in all, forward proxy fulfils the same purpose and becomes a mediator between web servers, clients, other backend servers, etc. Due to its structural position, forward proxy has several roles and uses.
Let’s start this article about How to Setup Nginx Forward Proxy on Ubuntu 20.04 / 22.04.
What is a Forward Proxy?
Primarily speaking, a forward proxy acts as a mediator or intermediate between the users and the internet. All the HTTP connection requests (made by users’ devices)transit through the proxy server, and then get filtered through the policies established by the operations team or the system administrators.
In other words, a forward proxy server reviews a client request, takes mandatory actions, and redirects the request to the target on the client’s behalf. The proxy then assesses and scrutinizes, then takes any necessary action. If necessary the proxy passes it to the originating client.
This approach ensures that a forward proxy server gateway directs all organizational traffic. All access levels (servers, external resources, and websites) are safeguarded and monitored.
Types of Forward Proxy
Interestingly, forward proxy mainly consists of two types: Residential Proxy and Datacenter Proxy. The primary purpose of both is to conceal the user’s IP address. Below we explain them both.
1. Residential Proxy
Residential Proxy connects to real residences and devices in countries and uses IP addresses. ISPs (Internet Service Providers) directly issue these IP addresses, making it difficult for websites to recognize a proxy user and block them. During web scraping, residential proxies simply rotate their IP addresses. However, these IPs must be purchased or rented from ISPs.
- There are more expensive static and mobile proxies with advanced features of residential proxies. Mobile proxies make sure your IP address changes with every connection, whereas static proxies use a single IP home address (such as one connected through 3G, 4G, or 5G).
- Mobile proxies are difficult to identify by anti bot systems. When a user wishes for the same IP address for a series of sessions, they use static proxy.
- Do not use Residential Proxies from unverified sources since they pose several risks, such as loss of business operations, harm to one’s reputation, and even possible legal issues.
2. Datacenter Proxy
Datacenter proxies are not connected to any Internet Service Providers (ISP), but users still remain anonymous through a private company providing IP authentication. Cloud hosting services mostly use datacenter proxies. However, some anti bot detectors recognise these IPs (since they are not listed as ISP providers). So, there is a need to implement some protective steps.
- A datacenter proxy’s IP addresses come from a data centre full of servers to conceal an original IP address with another IP. This commonly results in datacenter proxies running more quickly and with reduced latencies.
- Datacenter proxies are inexpensive and fast. However, users often get banned as spam on websites (if the user generates a lot of traffic).
What are Forward Proxy Used for?
Organisations and individual users use forward proxy servers for several reasons, including:
To gain access in geo restricted areas
Generally, forward proxy servers are useful to gain access to geographically restricted content. Users view content tailored to their location while exploring. Additionally, users access a range of content meant for other nations. For businesses that offer ad verification services regardless of their geolocation, these businesses are able to monitor advertisements.
Prevents threat
SaaS programmes are a medium for the transmission of viruses, as it always goes for the preferable route for data exfiltration. Rapid sharing features then result in the spreading of malicious data both inside and outside of organisations. Thankfully, a forward proxy enables technologies like advanced threat protection (ATP) and cloud sandbox to function inline. This intercepts threats in transit, preventing infected data from being uploaded to cloud services.
Provides anonymity
Additionally, forward proxy keeps the user’s identity anonymous. Since proxies reroute every request, no online services can recognise the user, similar to how VPNs work. The forward proxy ensures monitoring and recording of all traffic from authorised user devices, enabling recognition of unauthorised apps and controlling access to them individually or in groups.
Web scraping
It is the most prevalent use of forward proxy. Usually, businesses collect data to enhance their pricing, marketing, and other business activities. Web scraping assists businesses to keep up in a competitive market. Furthermore, forward proxies are used to manage and set up social media accounts, regulate internet consumption, and much more.
Now we have arrived to the main part of the article How to Setup Nginx Forward Proxy on Ubuntu 20.04 / 22.04.
How to Setup Nginx Forward Proxy on Ubuntu 20.04 / 22.04
Requirements
- A server running Ubuntu 20.04 or Ubuntu 22.04.
- A root user or a user with sudo privileges.
Step 1 - Install Apache Web Server
apt install apache2 libapache2-mod-php -y
After installing the Apache web server packages, start the Apache service and enable it to start at system reboot.
systemctl start apache2
systemctl enable apache2
Next, you will need to change the Apache default ports from 80 to 8080. You can do it by editing the Apache port configuration file.
nano /etc/apache2/ports.conf
Find the following line:
Listen 80
Replaced it with the following line.
Listen 127.0.0.1:8080
Save and close the file then deactivate the Apache default virtual host using the following command.
a2dissite 000-default.conf
Next, restart the Apache service to apply the configuration.
systemctl restart apache2
Now verify the Apache listening port using the following command.
ss -antpl | grep 8080
You will get the following output.
LISTEN 0 511 127.0.0.1:8080 0.0.0.0:* users:(("apache2",pid=27163,fd=3),("apache2",pid=27162,fd=3),("apache2",pid=27161,fd=3),("apache2",pid=27160,fd=3),("apache2",pid=27159,fd=3),("apache2",pid=27158,fd=3))
Step 2 - Configure Apache Backend Server
Next, you need to configure the Apache as a backend server that listens on localhost on port 8080. Let’s create an Apache virtual host configuration file.
nano /etc/apache2/sites-available/backend.conf
Add the following configuration.
<VirtualHost 127.0.0.1:8080>
ServerName 127.0.0.1
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/
DirectoryIndex info.php
<Directory /var/www/html/>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/backend-error.log
CustomLog ${APACHE_LOG_DIR}/backend-access.log combined
</VirtualHost>
Save and close the file when you are finished. Then, activate the Apache virtual host with the following command.
a2ensite backend.conf
Next, create an info.php file which we have defined in the Apache virtual host.
nano /var/www/html/info.php
Add the following code.
<?php
phpinfo();
?>
Save and close the file then set proper permission for the file.
chmod 755 /var/www/html/info.php
Once you are done, restart the Apache service to apply the changes.
systemctl restart apache2
Step 3 - Install Nginx Web Server
First, install the Nginx server with the following command.
apt install nginx -y
After the successful installation, start and enable the Nginx service with the following command.
systemctl start nginx
systemctl enable nginx
Next, verify the Nginx version with the following command.
nginx -V
You should get the following output.
nginx version: nginx/1.18.0 (Ubuntu)
built with OpenSSL 3.0.2 15 Mar 2022
By default, Nginx listens on port 80. You can check it with the following command.
ss -antpl | grep nginx
You will see the Nginx port in the following output.
LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=27628,fd=6),("nginx",pid=27627,fd=6),("nginx",pid=27624,fd=6))
LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=27628,fd=7),("nginx",pid=27627,fd=7),("nginx",pid=27624,fd=7))
Step 4 - Setup Nginx Forward Proxy
First, create an Nginx virtual host configuration file with the following command.
nano /etc/nginx/conf.d/proxy.conf
Add the following configuration:
server {
listen 80;
server_name proxy.example.com;
location / {
try_files $uri @apache;
}
location @apache {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
location ~[^?]*/$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
}
Save and close the file when you are done. Then, verify the Nginx configuration using the following command.
nginx -t
You will get the following output.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Next, restart the Nginx service to apply the changes.
systemctl restart nginx
Step 5 - Verify the Nginx Forward Proxy
At this point, the Nginx server is installed and configured as a forward proxy. Now, it’s time to verify whether its working or not. To verify it, open your web browser and type the URL http://proxy.example.com. You should see the info.php page hosted on the Apache backend server.
Thank you for reading How to Setup Nginx Forward Proxy on Ubuntu 20.04 / 22.04. We will conclude this article blog.
How to Setup Nginx Forward Proxy on Ubuntu 20.04 / 22.04 Conclusion
Forward proxy provides privacy and security to their users. Forward proxy eliminates the cost of buying and maintaining other tools while scaling to match market demand. The main issue of evaluating TLS/SSL encrypted traffic is data leaks, which are also resolved by forward proxy.
Do explore more of our Proxy (Nginx) content by navigating over here.
