NGINX as a Reverse Proxy Rumi, August 30, 2019 Configure NGINXPermalink At this point, you could configure Node.js to serve the example app on your Linode’s public IP address, which would expose the app to the internet. Instead, this section configures NGINX to forward all requests from the public IP address to the server already listening on localhost. Basic Configuration for an NGINX Reverse ProxyPermalink Create a configuration file for the app in /etc/nginx/conf.d/. Replace example.com in this example with your app’s domain or public IP address: server { listen 80; listen [::]:80; server_name example.com; location / { proxy_pass http://localhost:3000/; } } The proxy_pass directive is what makes this configuration a reverse proxy. It specifies that all requests which match the location block (in this case the root / path) should be forwarded to port 3000 on localhost, where the Node.js app is running. Disable or delete the default Welcome to NGINX page: sudo mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.disabled Test the configuration: sudo nginx -t If no errors are reported, reload the new configuration: sudo nginx -s reload In a browser, navigate to your public IP address. You should see the “Hello World!” message displayed. Advanced OptionsPermalink For a simple app, the proxy_pass directive is sufficient. However, more complex apps may need additional directives. For example, Node.js is often used for apps that require a lot of real-time interactions. To accommodate, disable NGINX’s buffering feature: location / { proxy_pass http://localhost:3000/; proxy_buffering off; } You can also modify or add the headers that are forwarded along with the proxied requests with proxy_set_header: location / { proxy_pass http://localhost:3000/; proxy_set_header X-Real-IP $remote_addr; } This configuration uses the built-in $remote_addr variable to send the IP address of the original client to the proxy host. Configure HTTPS with CertbotPermalink One advantage of a reverse proxy is that it is easy to set up HTTPS using a TLS certificate. Certbot is a tool that allows you to quickly obtain free certificates from Let’s Encrypt. This guide will use Certbot on Ubuntu 16.04, but the official site maintains comprehensive installation and usage instructions for all major distros. Follow these steps to get a certificate via Certbot. Certbot will automatically update your NGINX configuration files to use the new certificate: Install the Certbot and web server-specific packages, then run Certbot: sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-nginx sudo certbot --nginx Certbot will ask for information about the site. The responses will be saved as part of the certificate: # sudo certbot --nginx Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Which names would you like to activate HTTPS for? ------------------------------------------------------------------------------- 1: example.com 2: www.example.com ------------------------------------------------------------------------------- Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter ‘c’ to cancel): Certbot will also ask if you would like to automatically redirect HTTP traffic to HTTPS traffic. It is recommended that you select this option. When the tool completes, Certbot will store all generated keys and issued certificates in the /etc/letsencrypt/live/$domain directory, where $domain is the name of the domain entered during the Certbot certificate generation step. NoteCertbot recommends pointing your web server configuration to the default certificates directory or creating symlinks. Keys and certificates should not be moved to a different directory. Finally, Certbot will update your web server configuration so that it uses the new certificate, and also redirects HTTP traffic to HTTPS if you chose that option. If you have a firewall configured on your Linode, you can add a firewall rule to allow incoming and outgoing connections to the HTTPS service. On Ubuntu, UFW is a commonly used and simple tool for managing firewall rules. Install and configure UFW for HTTP and HTTPS traffic: sudo apt install ufw sudo systemctl start ufw && sudo systemctl enable ufw sudo ufw allow http sudo ufw allow https sudo ufw enable Related Administrations Configurations (Linux) nginxReverese Proxy
Install MySQL 5.7 on CentOS 7 August 10, 2022 Preqrequsite: It’s better to have installed development tools and disable NetworkManager for a produciton envrionment. You can optionally follow the steps- Disabling NetworkManager: systemctl stop NetworkManager systemctl disable NetworkManager Install Development Tools: yum group install “Development Tools” Remove MariaDB pre-installed libraries- yum -y remove mariadb-libs Enable MySQL Repository First of… Read More
Install ionCube Loader on a CentOS 7 December 8, 2019 1. Log in to your CentOS 7 VPS via SSH as user root # ssh root@IP_Address and update all installed services # yum update 2. Run the ‘arch’ command in the terminal to check if your system is 32-bit (i686) or 64-bit (x86_64) # arch x86_64 3. In our case… Read More
Howto add fonts on openSuSE 10.2 – how to install new fonts in SuSE 10.2 January 24, 2010 On a SuSE 10.2 system – fonts are in: /usr/share/fonts/ Copy your new fonts into one of the already existing sub-folders depending on type of fonts to be added, then run in consol: /usr/sbin/fonts-config To finalize the activation of your newly installed fonts you need to restart your X-server Ctrl… Read More