A reverse proxy acts as an intermediary between clients and your web application, handling incoming requests and forwarding them to your server. It can provide benefits like SSL termination, load balancing, and security. This guide explains how to set up a simple reverse proxy using Nginx or Caddy on Ubuntu/Debian based machines.
Why Use a Reverse Proxy?
- To serve your application over HTTPS with SSL certificates
- To expose only one port (e.g., 80/443) while keeping your app on an private internal port
- To add security features, such as request filtering
Prerequisites
- A domain name (e.g. yourdomain.com) with proper DNS records pointing to your server’s IP address
- A server with a supported web server installed (Nginx or Caddy)
- Sudo or root access
- Your application listening on an internal port (e.g., localhost:5000)
Option 1: Setting Up with Nginx
Step 1: Install Nginx
sudo apt update
sudo apt install nginx certbot python3-certbot-nginxStep 2: Configure Nginx
Create a new configuration file:
sudo nano /etc/nginx/sites-available/yourappPaste the following, replacing yourdomain.com with your own domain (ensure you’ve set proper DNS records to point to your server):
server {
listen 80;
server_name yourdomain.com;
# Redirect all HTTP requests to HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name yourdomain.com;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
location / {
proxy_pass http://localhost:5000; # Your app's internal port
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Step 3: Enable the Site and Obtain SSL
sudo ln -s /etc/nginx/sites-available/yourapp /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginxObtain SSL certificates
sudo certbot --nginx -d yourdomain.comStep 4: Test
Visit https://yourdomain.com in your browser. Your site should now be securely accessible.
Option 2: Setting Up with Caddy
Step 1: Install Caddy
For Debian/Ubuntu
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/caddy-archive-keyring.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/ any main" | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddyStep 2: Create Caddyfile
sudo nano /etc/caddy/CaddyfileAdd your domain:
yourdomain.com {
reverse_proxy localhost:5000
tls [email protected]
}Replace yourdomain.com and [email protected].
Step 3: Restart Caddy
sudo systemctl restart caddyCaddy will automatically get SSL certificates. Verify by visiting your site at https://yourdomain.com.
Once your reverse proxy is configured and running correctly, your web service will be accessible securely via your domain name over HTTPS. Make sure to test your setup by visiting your domain in a browser and verifying that the connection is secure.
Remember to keep your SSL certificates up to date and monitor your server for any configuration issues. For security, ensure your reverse proxy is properly configured to handle only expected traffic and consider additional security measures as needed.
Leave a Reply