How to Setup Nginx Forward Proxy on Ubuntu 20.04 / 22.04

How to Setup Nginx Forward Proxy on Ubuntu 20.04 / 22.04. In this guide, we introduce forward proxy, its types, advantages and after navigate to set up Nginx forward proxy on Ubuntu.

First of all, a proxy serves the basic purpose of working on behalf of another machine. By facilitating various online connections, traffic, and client requests, proxies enhance the user experience.

All in all, forward proxy fulfils the same purpose and becomes a mediator between web servers, clients, other backend servers, etc. Due to its structural position, forward proxy has several roles and uses.

Let’s start this article about How to Setup Nginx Forward Proxy on Ubuntu 20.04 / 22.04.

What is a Forward Proxy?

Primarily speaking, a forward proxy acts as a mediator or intermediate between the users and the internet. All the HTTP connection requests (made by users’ devices)transit through the proxy server, and then get filtered through the policies established by the operations team or the system administrators.

In other words, a forward proxy server reviews a client request, takes mandatory actions, and redirects the request to the target on the client’s behalf. The proxy then assesses and scrutinizes, then takes any necessary action. If necessary the proxy passes it to the originating client.

This approach ensures that a forward proxy server gateway directs all organizational traffic. All access levels (servers, external resources, and websites) are safeguarded and monitored.

Types of Forward Proxy

Interestingly, forward proxy mainly consists of two types: Residential Proxy and Datacenter Proxy. The primary purpose of both is to conceal the user’s IP address. Below we explain them both. 

1. Residential Proxy

Residential Proxy connects to real residences and devices in countries and uses IP addresses. ISPs (Internet Service Providers) directly issue these IP addresses, making it difficult for websites to recognize a proxy user and block them. During web scraping, residential proxies simply rotate their IP addresses. However, these IPs must be purchased or rented from ISPs.

  • There are more expensive static and mobile proxies with advanced features of residential proxies. Mobile proxies make sure your IP address changes with every connection, whereas static proxies use a single IP home address (such as one connected through 3G, 4G, or 5G).
  • Mobile proxies are difficult to identify by anti bot systems. When a user wishes for the same IP address for a series of sessions, they use static proxy.
  • Do not use Residential Proxies from unverified sources since they pose several risks, such as loss of business operations, harm to one’s reputation, and even possible legal issues.

2. Datacenter Proxy

Datacenter proxies are not connected to any Internet Service Providers (ISP), but users still remain anonymous through a private company providing IP authentication. Cloud hosting services mostly use datacenter proxies. However, some anti bot detectors recognise these IPs (since they are not listed as ISP providers). So, there is a need to implement some protective steps.

  • A datacenter proxy’s IP addresses come from a data centre full of servers to conceal an original IP address with another IP. This commonly results in datacenter proxies running more quickly and with reduced latencies.
  • Datacenter proxies are inexpensive and fast. However, users often get banned as spam on websites (if the user generates a lot of traffic).

What are Forward Proxy Used for?

Organisations and individual users use forward proxy servers for several reasons, including:

To gain access in geo restricted areas

Generally, forward proxy servers are useful to gain access to geographically restricted content. Users view content tailored to their location while exploring. Additionally, users access a range of content meant for other nations. For businesses that offer ad verification services regardless of their geolocation, these businesses are able to monitor advertisements.

Prevents threat

SaaS programmes are a medium for the transmission of viruses, as it always goes for the preferable route for data exfiltration. Rapid sharing features then result in the spreading of malicious data both inside and outside of organisations. Thankfully, a forward proxy enables technologies like advanced threat protection (ATP) and cloud sandbox to function inline. This intercepts threats in transit, preventing infected data from being uploaded to cloud services.

Provides anonymity

Additionally, forward proxy keeps the user’s identity anonymous. Since proxies reroute every request, no online services can recognise the user, similar to how VPNs work. The forward proxy ensures monitoring and recording of all traffic from authorised user devices, enabling recognition of unauthorised apps and controlling access to them individually or in groups.

Web scraping

It is the most prevalent use of forward proxy. Usually, businesses collect data to enhance their pricing, marketing, and other business activities. Web scraping assists businesses to keep up in a competitive market. Furthermore, forward proxies are used to manage and set up social media accounts, regulate internet consumption, and much more.

Now we have arrived to the main part of the article How to Setup Nginx Forward Proxy on Ubuntu 20.04 / 22.04.

How to Setup Nginx Forward Proxy on Ubuntu 20.04 / 22.04

In this section, we learn how to install and configure Apache as a backend server. We then set up Nginx as a forward proxy to the Apache backend server.

Requirements

  • A server running Ubuntu 20.04 or Ubuntu 22.04.
  • A root user or a user with sudo privileges.

Step 1 - Install Apache Web Server

By default, the Apache package is available in the Ubuntu default repository. Also, install it easily via the APT package manager.

				
					apt install apache2 libapache2-mod-php -y
				
			

After installing the Apache web server packages, start the Apache service and enable it to start at system reboot.

				
					systemctl start apache2
systemctl enable apache2
				
			

Next, you will need to change the Apache default ports from 80 to 8080. You can do it by editing the Apache port configuration file.

				
					nano /etc/apache2/ports.conf
				
			

Find the following line:

				
					Listen 80
				
			

Replaced it with the following line.

				
					Listen 127.0.0.1:8080
				
			

Save and close the file then deactivate the Apache default virtual host using the following command.

				
					a2dissite 000-default.conf
				
			

Next, restart the Apache service to apply the configuration.

				
					systemctl restart apache2
				
			

Now verify the Apache listening port using the following command.

				
					ss -antpl | grep 8080
				
			

You will get the following output.

				
					LISTEN 0 511 127.0.0.1:8080 0.0.0.0:* users:(("apache2",pid=27163,fd=3),("apache2",pid=27162,fd=3),("apache2",pid=27161,fd=3),("apache2",pid=27160,fd=3),("apache2",pid=27159,fd=3),("apache2",pid=27158,fd=3))

				
			

Step 2 - Configure Apache Backend Server

Next, you need to configure the Apache as a backend server that listens on localhost on port 8080. Let’s create an Apache virtual host configuration file.

				
					nano /etc/apache2/sites-available/backend.conf
				
			

Add the following configuration.

				
					<VirtualHost 127.0.0.1:8080>

ServerName 127.0.0.1
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/
DirectoryIndex info.php

<Directory /var/www/html/>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>

ErrorLog ${APACHE_LOG_DIR}/backend-error.log
CustomLog ${APACHE_LOG_DIR}/backend-access.log combined
</VirtualHost>

				
			

Save and close the file when you are finished. Then, activate the Apache virtual host with the following command.

				
					a2ensite backend.conf
				
			

Next, create an info.php file which we have defined in the Apache virtual host.

				
					nano /var/www/html/info.php
				
			

Add the following code.

				
					<?php

phpinfo();

?>
				
			

Save and close the file then set proper permission for the file.

				
					chmod 755 /var/www/html/info.php
				
			

Once you are done, restart the Apache service to apply the changes.

				
					systemctl restart apache2
				
			

At this point, your Apache web server is configured to listen on localhost on port 8080. Now proceed to configure Nginx as a forward proxy server.

Step 3 - Install Nginx Web Server

First, install the Nginx server with the following command.

				
					apt install nginx -y
				
			

After the successful installation, start and enable the Nginx service with the following command.

				
					systemctl start nginx
systemctl enable nginx
				
			

Next, verify the Nginx version with the following command.

				
					nginx -V
				
			

You should get the following output.

				
					nginx version: nginx/1.18.0 (Ubuntu)
built with OpenSSL 3.0.2 15 Mar 2022
				
			

By default, Nginx listens on port 80. You can check it with the following command.

				
					ss -antpl | grep nginx
				
			

You will see the Nginx port in the following output.

				
					LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=27628,fd=6),("nginx",pid=27627,fd=6),("nginx",pid=27624,fd=6))
LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=27628,fd=7),("nginx",pid=27627,fd=7),("nginx",pid=27624,fd=7))
				
			

Step 4 - Setup Nginx Forward Proxy

In this section, we configure Nginx as a forward proxy server that forward all requests coming on port 80 to the Apache backend server.

First, create an Nginx virtual host configuration file with the following command.

				
					nano /etc/nginx/conf.d/proxy.conf
				
			

Add the following configuration:

				
					server {
listen 80;

server_name proxy.example.com;

location / {
try_files $uri @apache;
}

location @apache {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}

location ~[^?]*/$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}

location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
}

				
			

Save and close the file when you are done. Then, verify the Nginx configuration using the following command.

				
					nginx -t
				
			

You will get the following output.

				
					nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
				
			

Next, restart the Nginx service to apply the changes.

				
					systemctl restart nginx
				
			

Step 5 - Verify the Nginx Forward Proxy

At this point, the Nginx server is installed and configured as a forward proxy. Now, it’s time to verify whether its working or not. To verify it, open your web browser and type the URL http://proxy.example.com. You should see the info.php page hosted on the Apache backend server.

Thank you for reading How to Setup Nginx Forward Proxy on Ubuntu 20.04 / 22.04. We will conclude this article blog. 

How to Setup Nginx Forward Proxy on Ubuntu 20.04 / 22.04 Conclusion

In this tutorial, you have learned how to set up Nginx forward proxy on Ubuntu 20.04 / 22.04. I hope this guide assists you in setting up Nginx forward proxy to any server.

Forward proxy provides privacy and security to their users. Forward proxy eliminates the cost of buying and maintaining other tools while scaling to match market demand. The main issue of evaluating TLS/SSL encrypted traffic is data leaks, which are also resolved by forward proxy.

Do explore more of our Proxy (Nginx) content by navigating over here

Avatar for Hitesh Jethva
Hitesh Jethva

I am a fan of open source technology and have more than 10 years of experience working with Linux and Open Source technologies. I am one of the Linux technical writers for Cloud Infrastructure Services.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x