Now that you have a good understanding of what role a reverse proxy plays in your deployments, and how to set up a reverse proxy with Apache, it's time to learn how to set up another popular web server as a reverse proxy - Nginx. This lesson will guide you how to configure Nginx reverse proxy for your deployments. You will also use the Let's Encrypt certificate previously installed by Certbot to enable HTTPS.
Install Nginx - Ubuntu
If you are coming into this lesson directly from the previous lesson on Apache (or if you just happen to have Apache installed on your Ubuntu server), go ahead and disable it and remove the default HTML page before proceeding (via SSH):
$ sudo systemctl stop apache2
$ sudo systemctl disable apache2
$ sudo mv /var/www/html/index.html /var/www/html/index.html_apache
Now you can install Nginx on Ubuntu:
$ sudo apt update
$ sudo apt install nginx
Point a browser to your domain, and you should now see that Nginx has taken over.
Configure your Nginx Reverse Proxy
With Nginx up and running, you can modify its configuration to act as a reverse proxy for your application.
Much like Apache uses virtual hosts, Nginx uses server blocks to define configuration details for multiple domains on a single server. Also, like Apache, these server blocks can be defined across multiple files in the following location:
/etc/nginx/sites-available/
To enable a configuration file, you create a symlink (shortcut) to it in the sites-enabled folder.
/etc/nginx/sites-enabled/
To get started, create a new configuration file for your domain (change yourdomain.com to your domain name):
$ sudo nano /etc/nginx/sites-available/yourdomain.com
Paste the following (again, changing yourdomain.com to your actual domain name) into this new file, then save and exit.
upstream tomcat {
server localhost:8080 fail_timeout=0;
}
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
location / {
include proxy_params;
proxy_pass http://tomcat/;
}
}
This configuration will forward all requests and their relevant headers to the upstream tomcat, which simply points to your local application running on port 8080.
Next, you'll want to disable the existing default site by removing the default symlink from the sites-enabled folder (the original file will still exist in sites-available folder).
$ sudo rm /etc/nginx/sites-enabled/default
And now enable your new configuration by creating a symlink (shortcut) to it in the sites-enabled folder:
$ sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/
Run the following commands to test the configuration for errors, then restart the Nginx service.
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ sudo systemctl restart nginx
Navigate to your domain with a browser again, and this time you should receive that incredible Hello World!
At this point, you would typically use Certbot to install a new certificate, just as you did in the previous lesson on Apache. Since a certificate already exists on your server, you don't need it to be re-issued, but you do need Certbot to load Nginx-specific configuration files.
To accomplish this, run the certbot command, but this time with the --nginx flag.
$ sudo certbot certonly --nginx -d yourdomain.com -d www.yourdomain.com
Now you can reference the existing certificate in a new server block. Edit your site configuration file once again.
$ sudo nano /etc/nginx/sites-available/yourdomain.com
This time, place the following inside.
upstream tomcat {
server localhost:8080 fail_timeout=0;
}
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://www.yourdomain.com$request_uri;
}
server {
listen 443;
server_name yourdomain.com;
return 301 https://www.yourdomain.com$request_uri;
}
server {
listen 443 ssl default_server;
server_name www.yourdomain.com;
location / {
include proxy_params;
proxy_pass http://tomcat/;
}
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
You now have three server blocks:
- The first one redirects all HTTP requests to HTTPS.
- The second redirects HTTPS requests that come in without www to the third block.
- The third block serves www over HTTPS and includes your TLS/SSL certificates as well as the reverse proxy setup.
So, no matter how a request comes in it will end up in the third block - HTTPS + www.
Once more, test the Nginx config and restart the service.
$ sudo nginx -t
$ sudo systemctl restart nginx
Go ahead and open your web browser to give it a try. Nice job!!
Summary: Nginx Reverse Proxy
You've now learned how to install and set up two popular web servers as a reverse proxy for your application deployments. This knowledge is not limited to Java or Spring applications - it can be applied to an array of deployment configurations.
With your now fully functional deployment in action, it's time to learn about using AWS tools for load balancing and auto-scaling!