Setting up Nginx as a Reverse Proxy on AlmaLinux 8

NGINX is open-source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. … In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. In this article, we are going to learn how to Set-up Nginx as a Reverse Proxy on AlmaLinux 8. So, let’s get started.

Checkout the Nginx Project Here.

Pre-requisites :

  • A system with AlmaLinux 8 installed and running.
  • root access to the system.
  • LEMP Stack installed and running, for this, you can refer to one of our guides on installing the LEMP Stack (Nginx, MariaDB, and PHP).

Once you’re all set, we’ll proceed with Nginx as a Reverse Proxy configuration Setup.

Configuring Nginx as a Reverse Proxy

Let’s configure nginx.conf with the following command:

nano /etc/nginx/nginx.conf

Replace the nginx.conf file with the below configuration.

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
}

Now, type in Ctrl+O and type Ctrl+X to save and exit the file.

For SELinux enabled systems, Run the below command

setsebool -P httpd_can_network_connect 1

Enable Port Forwarding to Domain

Create a new Nginx configuration file dev.conf for the domain with the following command:

vi /etc/nginx/conf.d/dev.conf

Add the following codes:

Replace dev.domainhere.info & 127.0.0.1 with Your Domain Name & IP and Change SSL Path according to your SSL Path.

upstream app {
    server 127.0.0.1:8080;
}

server {
listen 80 default_server;
server_name dev.domainhere.info;
return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl; # managed by Certbot
    # The host name to respond to
    server_name dev.domainhere.info;

    ssl_certificate /etc/letsencrypt/live/dev.domainhere.info/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/dev.domainhere.info/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
    proxy_pass http://app;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Real-Port $server_port;
    proxy_set_header X-Real-Scheme $scheme;
    }
}

Now, press the Esc key, and type in :wq! and press the Enter key to save and exit the file.

For SELinux enabled systems, Run the below command

setsebool -P httpd_can_network_connect 1

Basic .conf file for Domain with SSL in CentOS / AlmaLinux 8/ Rocky Linux 8 Servers

Create a new Nginx configuration file dev.conf for the domain with the following command:

vi /etc/nginx/conf.d/dev.conf

Add the following codes:

Replace dev.domainhere.info with Your Domain Name and Change SSL Path according to your default Path.

And also replace the root path, /var/www/html/ with the actual path where your website’s data are stored.

server {
listen 80;

server_name dev.domainhere.info;
root /var/www/html/;
index index.php index.html index.htm;

location / {
try_files $uri $uri/ /index.php?$args;
}

location = /favicon.ico {
log_not_found off;
access_log off;
}

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

listen 443 http2 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/dev.domainhere.info/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/dev.domainhere.info/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

Now, press the Esc key, and type in :wq! and press the Enter key to save and exit the file.

For access, follow the below commands:

chmod -R 755 /var/www/html/

chown -R nginx:nginx /var/www/html/

For SELinux enabled systems, Run the below command

setsebool -P httpd_can_network_connect 1

Now, restart & check the Nginx with the following commands:

    systemctl restart nginx

    systemctl status nginx

Enable http and https ( 80/443 )

To enable http and https connection through the firewall, follow the commands:

firewall-cmd --permanent --zone=public --add-service=http

firewall-cmd --permanent --zone=public --add-service=https

firewall-cmd --reload

Now you have successfully Enabled Nginx as a Reverse Proxy on AlmaLinux 8.

Related posts

How to Create Remote Desktop Gateway via Apache Guacamole on AlmaLinux 9

How to Secure Nginx with Let’s Encrypt on AlmaLinux 9

How to Install Glances on AlmaLinux 8