NGINX:Reverse Proxy

Template for new hosts[edit | edit source]

This template can be used on the majority of virtual hosts within NGINX. To use:

1. Access your NGINX reverse proxy.
2. Create the config file at /etc/nginx/conf.d/<file>.conf (Example: touch /etc/nginx/conf.d/gitlab.conf)
3. Edit the file you created with your favorite text editor - vi, vim, nano, doesn't matter.
4. Paste in the template below and adjust to your needs.
   1. Replace HOSTNAME with the actual hostname, e.g. gitlab.example.com (don't forget the semicolon at the end!).
   2. Replace the IP address in "proxy_pass" with the internal IP address and port of the service you are trying to reach internally. Make note if the service uses http or https and if it uses a non-standard port.
5. Once adjusted, save the file.
6. Run the command nginx -t to test the syntax. If no errors, restart the nginx service.
7. Create a DNS record for the hostname you created and point it to the external IP. Make sure the record resolves.
8. On your reverse proxy, run the command certbot and then create a certificate for the reverse proxy host you just created. Certbot will automatically request, install, and renew the SSL certificate for you.
9. That's it! Test your reverse proxy!

server {   

   server_name HOSTNAME;
   
   location / {
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-Host $host;
       proxy_set_header X-Forwarded-Server $host;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Real-IP $remote_addr;
       real_ip_header X-Forwarded-For;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_pass http://10.12.13.14:8080;
   }
   
   listen 80;
}