Configurations for Nginx (Reverse Proxy Server)

Nginx service in Ubuntu server is used as a reverse proxy for connecting the hosts in vcenter server 7

Installing Nginx Server

sudo apt-get update
sudo apt-get install nginx
sudo nginx -v

Configurations in Nginx Server

Navigate to Nginx folder path and create the SSL key using the below command

cd /etc/nginx
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/cert.key -out /etc/nginx/cert.crt

Edit the default configuration file using the command sudo nano /etc/nginx/sites-enabled/default
Type the below in the configuration file replace the domain name with the server IP address or server name.

log_format postdata '$remote_addr - $remote_user [$time_local] $args  "$request" $status $bytes_sent "$http_referer" "$http_user_agent" "$request_body"';

server {
   listen 80;
   return 301 https://$host$request_uri;
}

server {
	listen 443;

	ssl_certificate /etc/nginx/cert.crt;
	ssl_certificate_key /etc/nginx/cert.key;
	ssl on;
	ssl_session_cache builtin:1000 shared:SSL:10m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
	ssl_prefer_server_ciphers on;

	location /<HOST-IP-ADDRESS>/ {
		access_log /var/log/nginx/access.log postdata;
		error_log /var/log/nginx/error.log warn;
	
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_pass https://<HOST-IP-ADDRESS>/;
		proxy_read_timeout 90;
		proxy_redirect https://<HOST-IP-ADDRESS>/ https://<NGINX-SERVER-IP>/;

		# WebSocket support
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
	}

	location /<HOST2-IP-ADDRESS>/ {
		access_log /var/log/nginx/access.log postdata;
		error_log /var/log/nginx/error.log warn;
	
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_pass https://<HOST2-IP-ADDRESS>/;
		proxy_read_timeout 90;
		proxy_redirect https://<HOST2-IP-ADDRESS>/ https://<NGINX-SERVER-IP>/;
	
		# WebSocket support
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
	}
}

Save the edited configuration file
Let's now test the configuration file using command sudo nginx -t. When the test was successful, we will see the test is successfull message. When the test was a failure check the configuration file for syntax errors and resolve it to pass the test.
Restart the Nginx server using the command sudo service nginx restart

Important Files:

Nginx Configuration file: /etc/nginx/nginx.conf
Proxy Configuration file: /etc/nginx/sites-enabled/default
Access Logs: /var/log/nginx/access.log
Error Logs: /var/log/nginx/error.log

PreviousPre-Requisites NextTroubleshoot

Last updated 1 year ago

Was this helpful?

Configurations in Nginx Server

Navigate to Nginx folder path and create the SSL key using the below command

cd /etc/nginx

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/cert.key -out /etc/nginx/cert.crt

Edit the default configuration file using the command sudo nano /etc/nginx/sites-enabled/default

Type the below in the configuration file replace the domain name with the server IP address or server name.

log_format postdata '$remote_addr - $remote_user [$time_local] $args  "$request" $status $bytes_sent "$http_referer" "$http_user_agent" "$request_body"';

server {
   listen 80;
   return 301 https://$host$request_uri;
}

server {
	listen 443;

	ssl_certificate /etc/nginx/cert.crt;
	ssl_certificate_key /etc/nginx/cert.key;
	ssl on;
	ssl_session_cache builtin:1000 shared:SSL:10m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
	ssl_prefer_server_ciphers on;

	location /<HOST-IP-ADDRESS>/ {
		access_log /var/log/nginx/access.log postdata;
		error_log /var/log/nginx/error.log warn;
	
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_pass https://<HOST-IP-ADDRESS>/;
		proxy_read_timeout 90;
		proxy_redirect https://<HOST-IP-ADDRESS>/ https://<NGINX-SERVER-IP>/;

		# WebSocket support
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
	}

	location /<HOST2-IP-ADDRESS>/ {
		access_log /var/log/nginx/access.log postdata;
		error_log /var/log/nginx/error.log warn;
	
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_pass https://<HOST2-IP-ADDRESS>/;
		proxy_read_timeout 90;
		proxy_redirect https://<HOST2-IP-ADDRESS>/ https://<NGINX-SERVER-IP>/;
	
		# WebSocket support
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
	}
}

Save the edited configuration file

Let's now test the configuration file using command sudo nginx -t. When the test was successful, we will see the test is successfull message. When the test was a failure check the configuration file for syntax errors and resolve it to pass the test.

Restart the Nginx server using the command sudo service nginx restart