ORACLE-BASE - NGINX - Reverse Proxy Configuration
ORACLE-BASE - NGINX - Reverse Proxy Configuration
ORACLE-BASE - NGINX - Reverse Proxy Configuration
A reverse proxy can act as a gateway service allowing access to servers on your trusted network from
There are a number of ways to achieve this, but this article discusses how to configure a reverse proxy
Introduction
Installation
HTTP Reverse Proxy
HTTPS Reverse Proxy
Related articles.
Introduction
Using a reverse proxy is a simple and convenient approach to allowing access to servers on your trust
the internet.
Much of its appeal comes from the fact it allows all your servers to remain hidden from the external n
diagram below shows a simple architecture that could be employed to achieve this. Of course, there a
configurations possible depending on your requirements and the products being used.
Reverse proxies provide a number of benefits in terms of security and maintenance, including the foll
The obvious point is none of your application or database servers are exposed to external netw
when trying to build a secure solution.
URLs presented to users can be "pretty", rather than containing specific machine names, ports a
expose the true URL, while a reverse proxy completely hides it from the user.
Following on from the previous point, users bookmark URLs. If that bookmark contains a specif
resilient you try to make your solution, they will go to their bookmark and think your site it dow
implementation of your services make your apparent availability better.
From a security perspective, the less architectural information you expose to the outside world,
actual machine names and ports that are running a service, it makes it significantly easier for th
The fact the URLs no longer point directly to actual machines enables dramatic architecture cha
HTTP Reverse Proxy
The "proxy_pass" parameter is used to tell NGINX how to proxy requests.
In the following example, the "my-app-1.example.com" URL resolves to the IP address of the reverse
"/etc/nginx/conf.d/my-app-1.example.com.conf" with the following content.
server {
listen 80;
#listen [::]:80 ipv6only=on;
server_name my-app-1.example.com;
root /usr/share/nginx/html;
index index.html;
location / {
proxy_pass http://app-server-1.localdomain:7002;
proxy_set_header Host $host;
}
}
If we were proxying to a HTTPS URL from a HTTP endpoint, we will need to add the proxy_ssl_server
server {
listen 80;
#listen [::]:80 ipv6only=on;
server_name my-app-1.example.com;
root /usr/share/nginx/html;
index index.html;
location / {
proxy_ssl_server_name on;
proxy_pass http://app-server-1.localdomain:7002;
proxy_set_header Host $host;
}
}
Changes to the NGINX configuration will not take effect until the service is reloaded or restarted.
Remember, for named virtual hosts to work, the URL must contain the correct name, so to test this yo
entries, or "/etc/hosts" entries. In my case the reverse proxy is running on a server with an IP address
look like this.
192.168.0.190 my-app-1.example.com
http://my-app-1.example.com
server {
listen 443 ssl http2;
#listen [::]:443 ipv6only=on ssl http2;
server_name my-app-1.example.com;
ssl_certificate /etc/letsencrypt/live/my-app-1.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my-app-1.example.com/privkey.pem;
# Disable SSLv3
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1;
root /usr/share/nginx/html;
index index.html;
location / {
proxy_pass http://app-server-1.localdomain:7002;
proxy_set_header Host $host;
}
}
After a restart of the NGINX service, the following URL will be proxied appropriately.
https://my-app-1.example.com
The above example used a Let's Encrypt certificate. For internal servers you may want to create a self-
doing that with OpenSSL.
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout /path/to/certs/${HOSTNAME}_key.pem \
-x509 -days 3650 -out /path/to/certs/${HOSTNAME}_cert.pem \
-subj "CN=${HOSTNAME}, OU=My Department, O=My Company, L=Birmingham, ST=West Midlands, C=