We will see how to setup Nginx as a proxy to other web server. I used this configuration while transiting from lighttpd to Nginx. After installing Nginx I setup it to redirect all the web traffic to the lighttpd serrver. The aimed is to switch gradually from Nginx to lighttpd the different services served by lighttpd we as little interruption as possible.
Setup of the proxy for web traffic
An example of configuration file to transfer all request on port 80 to an other web server listening on port 8080.
1 server {
2 listen 80;
3 listen [::]:80;
4 location / {
5 proxy_set_header X-Real-IP $remote_addr;
6 proxy_set_header X-Forwarded-For $remote_addr;
7 proxy_set_header Host $host;
8 proxy_pass
9 http://127.0.0.1:8080/;
10 }
11 }
The proxy_set_header Host allow to tranfer address at which the proxy
had been reach. Therefore, if the server listening on port 8080 as virtualhost
they will work.
Setup of the proxy for encrypted web traffic
This is an enhancement of the previous one that redirect the traffic of port 443 to a https server listening on port 8081. In our case the TLS encrypted connection is setup on the proxy and the web server with letsencrypt and use the same certificates.
1 server {
2 listen 443;
3 listen [::]:443;
4 ssl on;
5 ssl_protocols TLSv1.2;
6 ssl_certificate /etc/letsencrypt/live/mydomain.tld/fullchain.pem;
7 ssl_certificate_key /etc/letsencrypt/live/mydomain.tld/privkey.pem;
8 ssl_dhparam /etc/ssl/certs/dhparam.pem;
9 ssl_ecdh_curve secp384r1;
10 ssl_prefer_server_ciphers on;
11 ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
12 location / {
13 proxy_set_header X-Real-IP $remote_addr;
14 proxy_set_header X-Forwarded-For $remote_addr;
15 proxy_set_header Host $host;
16 proxy_set_header X-Forwarded-Proto $scheme;
17 add_header Front-End-Https on;
18 proxy_pass https://127.0.0.1:8081/;
19 proxy_redirect off;
20 }
21 }