Nginx is a powerful web server that can also be used as a reverse proxy, making it ideal for forwarding requests to backend services. In this blog, we’ll walk you through setting up Nginx as a reverse proxy on a fresh Debian 12 installation.
Prerequisites
- A server running Debian 12.
- Root or user privileges with sudo access.
- Basic familiarity with the terminal and SSH.
Step 1: Update Your System
Start by updating your package index and upgrading your system:
sudo apt update && sudo apt upgrade -y
This ensures your system has the latest security patches and software updates.
Step 2: Install Nginx
Nginx is available in the default Debian repositories, so you can install it easily using apt.
sudo apt install nginx -y
Once the installation is complete, check if Nginx is running:
sudo systemctl status nginx
You should see an output indicating that Nginx is active and running. If it’s not running, you can start and enable it:
sudo systemctl start nginx
sudo systemctl enable nginx
Step 3: Configure the Firewall (if needed)
If you have a firewall configured, you’ll need to allow traffic on HTTP (port 80) and HTTPS (port 443):
sudo ufw allow 'Nginx Full'
Check the status of the firewall to make sure the rules have been applied:
sudo ufw status
Step 4: Configure Nginx as a Reverse Proxy
Let’s set up a reverse proxy for a backend service running on port 3000 (you can adjust this to your backend service’s port).
- Create a New Nginx Configuration File
sudo nano /etc/nginx/sites-available/reverse-proxy.conf
- Add the Following Configuration Replace
your_domain.comwith your actual domain name or IP address, and adjust theproxy_passURL to match your backend server:
server {
listen 80;
server_name your_domain.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
- Save and Exit Press
CTRL + X, thenY, and hitEnterto save the configuration.
Step 5: Enable the Configuration
- Create a Symlink to Enable the Configuration
sudo ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/
- Test the Nginx Configuration
sudo nginx -t
If everything is set up correctly, you should see a message like syntax is okay and test is successful.
- Reload Nginx to Apply Changes
sudo systemctl reload nginx
Step 6: (Optional) Configure SSL with Let’s Encrypt
If you’re running your reverse proxy on a domain, it’s highly recommended to secure it using SSL. You can use Let’s Encrypt for this purpose:
- Install Certbot
sudo apt install certbot python3-certbot-nginx -y
- Obtain an SSL Certificate
sudo certbot --nginx -d your_domain.com
Follow the prompts to agree to the terms and specify your email address. Certbot will automatically configure SSL for your Nginx setup.
- Verify SSL Auto-Renewal Let’s Encrypt certificates are valid for 90 days, so it’s important to set up auto-renewal:
sudo systemctl status certbot.timer
If it’s not enabled, you can activate it using:
sudo systemctl enable certbot.timer
Step 7: Testing Your Setup
- Open your web browser and navigate to
http://your_domain.com. You should be forwarded to your backend service. - If you configured SSL, test the HTTPS version:
https://your_domain.com.
Troubleshooting
- Check Nginx Logs: If something isn’t working, you can check the error logs using:
sudo tail -f /var/log/nginx/error.log
- Verify Your Backend Service: Make sure your backend service is running and accessible on the specified port.
Conclusion
Congratulations! You’ve successfully set up Nginx as a reverse proxy on Debian 12. This setup provides a basic reverse proxy configuration that can be easily expanded or customized to handle multiple services, load balancing, or even advanced caching strategies.
Enjoy your newly configured Nginx reverse proxy!
