To setup and install NGINX Open Source on to Linux Ubuntu Server on any of the cloud platforms (Azure, AWS,GCP), the easiest way is to use the available template in the marketplaces on the below links. The template image fully sets up a Ubuntu server running NGINX Open Source, ready to use in the cloud. Nginx is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. NGINX is highly scalable as well, meaning that its service grows along with its clients traffic.
A reverse proxy server can act as a “traffic cop,” sitting in front of your backend servers and distributing client requests across a group of servers in a manner that maximizes speed and capacity utilization while ensuring no one server is overloaded, which can degrade performance. If a server goes down, the load balancer redirects traffic to the remaining online servers.
Web Acceleration
Reverse proxies can compress inbound and outbound data, as well as cache commonly requested content, both of which speed up the flow of traffic between clients and servers. They can also perform additional tasks such as SSL encryption to take load off of your web servers, thereby boosting their performance.
Security and Anonymity
By intercepting requests headed for your backend servers, a reverse proxy server protects their identities and acts as an additional defense against security attacks. It also ensures that multiple servers can be accessed from a single record locator or URL regardless of the structure of your local area network.
Nginx Load Balancing
NGINX open source allows you to configure as an application load balancer. Distribute traffic to several application servers and improve performance. Load balancing across multiple application instances is a commonly used technique for optimizing resource utilization, maximizing throughput, reducing latency, and ensuring fault-tolerant configurations. You can use Nginx as an HTTP load balancer to distribute traffic to several application servers and to improve performance, scalability and reliability of web applications.
Load Balancer Options with NGINX
Round-robin — Requests to the application servers are distributed in a round-robin fashion.
Least-connected — Next request is assigned to the server with the least number of active connections.
IP-hash — A hash-function is used to determine what server should be selected for the next request (based on the client’s IP address).
Session persistence – With ip-hash, the client’s IP address is used as a hashing key to determine what server in a server group should be selected for the client’s requests. This method ensures that the requests from the same client will always be directed to the same server.
Weighted load balancing – It is also possible to influence Nginx load balancing algorithms even further by using server weights
Load balancing with in-band health checks
Continually test your HTTP upstream servers, avoid the servers that have failed, and gracefully add the recovered servers into the load‑balanced group. Nginx includes in-band (or passive) server health checks.
Passive Health Checks
Health check a URI
Define Custom Conditions
Test your TCP upstream servers
UDP Health Checks
Nginx Mail Proxy
NGINX can proxy IMAP, POP3 and SMTP protocols to one of the upstream mail servers that host mail accounts and thus can be used as a single endpoint for email clients. This will bring in a number of benefits, such as
Easy scaling the number of mail servers
Choosing a mail server basing on different rules, for example, choosing the nearest server basing on a client’s IP address
Distributing the load among email servers
Mail Proxy Server Features
POP3/SMTP/IMAP over SSL/TLS
Optimised SSL/TLS for mail Proxy – Faster & more secure
Load balance mail server traffic
Load balancer in-band health checks
Reverse proxy support
Test your TCP mail upstream servers
Keep-alive and pipelined connections support
Access control based
Response rate limiting
HTTP authentication (LDAP)
STARTTLS support
TLS/SSL with SNI and OCSP stapling support, via OpenSSL
NGINX can also be used as a cache for static and dynamic content. Increasing the speed for users access.
Getting Started with Nginx server
Once your NGINX server has been deployed, the following links explain how to connect to a Linux VM:
Once connected and logged in, the following section explains how to configure NGINX as per your requirements.
NGINX on Ubuntu Server
This solution is built using NGINX Open Source.
The configuration files/modules can be found in /etc/nginx
/etc/nginx
Controlling NGINX Processes at Runtime
Master and Worker Processes
NGINX has 1 master process and one or more worker processes. If caching is enabled, the cache loader and cache manager processes also run at startup.
The main purpose of the master process is to read and evaluate configuration files, as well as maintain the worker processes.
The worker processes do the actual processing of requests. NGINX relies on OS-dependent mechanisms to efficiently distribute requests among worker processes. The number of worker processes is defined by the worker_processes directive in the nginx.conf configuration file and can either be set to a fixed number or configured to adjust automatically to the number of available CPU cores.
Controlling NGINX
To reload your configuration, you can stop or restart NGINX, or send signals to the master process. A signal can be sent by running the nginx command (invoking the NGINX executable) with the -s argument as the following:
nginx -s
The <SIGNAL> can be one of the following:
quit – Shut down gracefully (the SIGQUIT signal)
reload – Reload the configuration file (the SIGHUP signal)
reopen – Reopen log files (the SIGUSR1 signal)
stop – Shut down immediately (or fast shutdown, the SIGTERM singal)
The kill utility can also be used to send a signal directly to the master process.
HTTP Load Balancing
Load balancing across multiple application instances is a commonly used technique for optimizing resource utilization, maximizing throughput, reducing latency, and ensuring fault‑tolerant configurations.
Refer to the following NGINX Docs on setting up HTTP Load Balancing.
Cache both static and dynamic content from your proxied web and application servers, to speed delivery to clients and reduce the load on the servers. When caching is enabled, NGINX saves responses in a disk cache and uses them to respond to clients without having to proxy requests for the same content every time.
Refer to the following guide on setting up and enabling caching:
Configure NGINX as a reverse proxy for HTTP and other protocols, with support for modifying request headers and fine-tuned buffering of responses. Proxying is typically used to distribute the load among several servers, seamlessly show content from different websites, or pass requests for processing to application servers over protocols other than HTTP.
Refer to the following guide on setting up a reverse proxy:
In this example we will show the steps to setup Nginx Reverse Proxy to redirect traffic to access your Web Server on your internal network.
We need to create a virtual host configuration file that will be used to configure your reverse proxy, so run the following commands:
cd /etc/nginx/conf.d
Create Configuration File
sudo nano web.conf
In your Nginx configuration file this is where you setup your config. In the following example is a basic Nginx reverse proxy example. Nginx is set to listen for all traffic on port 80 for all traffic accessing the domain name of your Nginx server. You can put the IP address if your Nginx server isn’t associated with a domain name (remove http:// if using IP address).
The proxy_pass command directs all traffic on port 80 to http://another_server. Just change http://another_server to the location of your choice, and Nginx will intercept client requests and route them to the location you specify. Once you’ve finished, save the file and exit.
Refer to the following guide on setting up more options on your reverse proxy:
Run the following command to test your Nginx configuration file syntax is correct:
sudo nginx -t
Run the following command to reload Nginx:
sudo nginx -s reload
If you open a new browser and access the domain name or IP address of your nginx server it should now redirect to the location of the address you put in your proxy_pass.
Security Controls
NGINX provides many different security controls you can apply to secure your traffic, here we’ve linked to the different types of controls:
Simplify your email service and improve its performance with NGINX open source as a proxy for the IMAP, POP3, and SMTP protocols. Once you’ve deployed our Cloud Mail Proxy from any of the platforms (Azure, AWS, GCP), Refer to the following guide on setting up the NGINX mail proxy:
The prerequisites are already installed, so skip to ‘Configuring SMTP/IMAP/POP3 Mail Proxy Servers‘ on the following documentation:
NGINX on Ubuntu has the following ports already enabled. Depending on what you want to use NGINX for, you will need to enable your required ports if you are using a firewall/Network Security Groups
If you require any help with the installation of NGINX, leave a comment below or contact us directly if you are experiencing any issues
Disclaimer: This solution is built using Nginx, Inc. and its contributors, an opensource software. This solution is Licensed under the 2-clause BSD license. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud.
00votes
Article Rating
Subscribe
Login and comment with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Login and comment with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.