Nginx reverse proxy

Photo by Vishal Bansal on Unsplash

Photo by Vishal Bansal on Unsplash

Proxy from one port to another? No problem!
Updated 19. January 2025

Content:

Intro Install Nginx Create proxy TLS

Nginx is the simplest webserver I have ever used. Thankfully, it's just as easy to set up as a reverse proxy for web-based services that must run on an internal port on your VPS.

In this article, I will show how you can set up a quick and dirty proxy for any service on running on any port that needs to be served on port 80 (HTTP) and 443 (HTTPS) on a VPS running Ubuntu 24.04

Install Nginx

If you don't have Nginx already installed Nginx, you must start by doing so.

sudo apt update
sudo apt install nginx

Once installed, Nginx will run, but to make it auto-start when the VPS boots, you must enable systemctl to do so.

sudo systemctl enable nginx

Next, you must allow the external host to connect to ports 80 and 443 through the firewall.

sudo ufw allow http
sudo ufw allow https

Verify by checking the firewall status.

sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
80/tcp                     ALLOW       Anywhere
443                        ALLOW       Anywhere
80/tcp (v6)                ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)

Create proxy

Routing from HTTP(S) to another port.

The reverse proxy has one job. Take web connections from web ports, and route them to another internal port on your host. 

To do so, you must create a virtual host on your VPS. To make everything simple, you should have a DNS record ready. In this article, I will use the hostname testservice.haxor.no. 

Create a file in the hosts-available directory on your VPS.

sudo vim /etc/nginx/sites-available/testservice.haxor.no
testservice.haxor.no 
server {
    server_name testservice.haxor.no;
    listen 80;

    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_read_timeout 60;
        proxy_connect_timeout 60;
        proxy_redirect off;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

This reverse proxy config simply maps from the publicly available port 80 to the publicly unavailable port 8080 on the VPS.

To make the reverse proxy available, you must create a symlink from the sites-enable directory to the newly create config.

sudo ln -s /etc/nginx/sites-available/testservice.haxor.no /etc/nginx/sites-enabled/testservice.haxor.no

To check for spelling erros and other breaking errors in your config, test it.

sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Finally, to make the reverse proxy operational, you need to restart nginx.

sudo systemctl restart nginx

TLS

Adding HTTPS to the service

A final and optional step is to enable HTTPS on the reverse proxy. This is very easy, thanks to Certbot.

To install Certbot, run this command.

sudo apt install certbot python3-certbot-nginx

To automatically create the TLS cert, and apply it to your nginx config, run this command.

sudo certbot --nginx -d testservice.haxor.no

That's it! You now have a very primitive but working reverse proxy that uses HTTPS. 🎉