by 
What is Nginx?
NGINX is open-source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers.
A reverse proxy is a type of server that sits between a client and a server, acting as an intermediary between the two. It accepts the requests from clients, forwards those requests to the appropriate server, and then returns the server’s response to the client.
What is Reverse Proxy
A reverse proxy is the recommended method to expose an application server to the internet. Whether you are running a Node.js application in production or a minimal built-in web server with Flask, these application servers will often bind to localhost a TCP port. This means by default, your application will only be accessible locally on the machine it resides on.
While you can specify a different bind point to force access through the internet, these application servers are designed to be served from behind a reverse proxy in production environments. This provides security benefits in isolating the application server from direct internet access, the ability to centralize firewall protection, and a minimized attack plane for common threats such as denial of service attacks.
Basically, the reverse proxy is the gatekeeper dictating which connections are allowed and how traffic will be directed. The rest of the process is handled by the application being proxied.
The Advantages of Using Nginx Reverse Proxy
Let’s delve into the reasons explaining why this tool is so popular:
- It is simple to implement and provides the user with high-end security against Web server attacks such as DDoS and DoS
- Nginx Reverse proxy helps create a balanced load among several back-end servers and provides caching for a slower back-end server
- Nginx does not require setting up a new process for each web request from the client. Rather, the default configuration is to comprise one work process per CPU
- It can act as a reverse proxy server for various protocols such as HTTP, HTTPS, TCP, UDP, SMTP, IMAP, and POP3
- It can handle over 10000 connections with a low memory footprint. Nginx can operate multiple web servers via a single IP address and deliver each request to the right server within a LAN
- Nginx is one of the best web servers for improving the performance of static content. Additionally, it can also be helpful to serve cache content and perform SSL encryption to lower the load from the web server
- It can also be helpful when optimizing content by compressing it to boost the loading time
- Nginx can perform randomized experiments or A/B tests without placing JavaScript codes into pages.
Prerequisites
- AWS Account
- Familiarity with EC2 and Security groups
- Familiarity with Tomcat and Nginx
Agenda:
- Setup Tomcat Server on Amazon Linux 2 on port 8080
- Install and Setup Nginx Server as a reverse proxy
- Test that Tomcat Server should be accessible on EC2 public IP on port 80
Step 1: Setup Tomcat Server on Amazon Linux 2
Log in to the Amazon management console, open EC2 Dashboard, click on the Launch Instance drop-down list, and click on Launch Instance as shown below:
Once the Launch an instance window opens, provide the name of your EC2 Instance:
For this demo, we will select Amazon Linux 2 AMI which is free tier eligible.
Choose an Instance Type. Here you can select the type of machine, number of vCPUs, and memory that you want to have. Select t2.micro which is free-tier eligible.
For this demo, we will select an already existing key pair. You can create new key pair if you don’t have:
Now under Network Settings, Choose the default VPC with Auto-assign public IP in enable mode. For this demo, I will select an existing security group and will make sure under the Inbound rules of my Devops-SG, HTTP, and HTTPS ports are open. Click on Save rules to proceed.
After configuring Nginx as a reverse proxy we will remove all the above rules and allow only port 80 to make the reverse proxy server receive the incoming requests on port 80 and forward those to our tomcat server.
Rest of the settings we will keep them at default and go ahead and click on Launch Instance
On the next screen you can see a success message after the successful creation of the EC2 instance, click on Connect to instance button:
Now connect to instance wizard will open, go to SSH client tab and copy the provided chmod and SSH command:
chmod 400 key.pem
ssh -i "key.pem" ec2-user@ip
Open any SSH Client in your local machine, take the public IP of your EC2 Instance, and add the pem key and you will be able to access your EC2 machine.
Let’s first install Java on the Tomcat Server using the below commands:
amazon-linux-extras install java-openjdk11
Then verify the version of Java using the below command:
java -version
Now let’s first download the Tomcat Server and then install it in the /opt directory:
cd /opt
wget https://downloads.apache.org/tomcat/tomcat-8/v8.5.88/bin/apache-tomcat-8.5.88.zip.sha512
Now extract the file as:
tar -xvzf apache-tomcat-9.0.74.tar.gz
After extracting, let’s rename the folder as tomcat to make things simpler.
mv apache-tomcat-9.0.74 tomcat
Now move into the tomcat directory, then to /bin directory there we need to run the startup.sh script to run the Tomcat services on our Server.
Let’s try to connect our Tomcat server using EC2 public IP on port 8080 from our browser:
Step 2: Install Nginx
Before using Nginx as a reverse proxy we will first install the Nginx on our Amazon Linux 2 EC2 machine using amazon-linux-extras package:
sudo amazon-linux-extras install nginx1 -y
Output:
After installing let’s enable and start the Nginx service. Also check the status of Nginx as:
sudo systemctl enable nginx
sudo systemctl start nginx
sudo systemctl status nginx
Output:
Now if we check using the Public IP of our EC2 Instance on port 80 it should display the default Nginx page as shown below:
Step 3: Configure Nginx as a Reverse Proxy
Here in this step, we will configure Nginx to make sure anytime a request comes on to this IP address on port 80 it forwards that request to our application Tomcat server running on port 8080.
For that, we need to modify the below file:
vi /etc/nginx/nginx.conf
Now start the server block and start adding code. It should look something like this:-
server {
listen 80;
listen [::]:80;
server_name your_domain.com;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Replace your_domain.com with your ec2 domain name and private_ip_address with the private ip address associated or simply with localhost:8080
Save and quit the file using Esc: wq vim command.
Now restart the Nginx services with the below command:
sudo systemctl restart nginx
Step 4: Testing
Now if we go back to our browser and specify the IP address of our EC2 Instance using a default port of 80 we should be able to see the default homepage of the Tomcat Server as shown below:
Also as mentioned earlier we will again edit our security group and remove ports 8080 and 443 and only allow port 80 and SSH then we should be able to access the tomcat server through the nginx proxy server which we will be:
Curl the Public IP on port 80 and should see the output same as below:
Nginx is now set up as a reverse proxy for our Tomcat application.
We can do many other things with Nginx as mentioned in our introduction but the most important is setting up a TLS-enabled server for redirecting HTTP traffic to HTTPS, however, we will discuss that in some other blog.
Also Read How to Convert PPK to PEM File using Command in Linux
