Blog

Nginx reverse proxy

How to Configure Nginx as a Reverse Proxy on EC2

  • Post author:
  • Post category:Nginx
  • Post last modified:October 9, 2024
  • Reading time:9 mins read

Running Amazon Linux 2

Setting up Nginx as a reverse proxy is a great way to manage HTTP traffic for your web application while improving security and performance. In this guide, we’ll walk you through installing Nginx as a reverse proxy on an EC2 instance running Amazon Linux

Why use a reverse proxy?

When you run a web app, it typically listens on a non-privileged port like 8080 or 3000. However, web servers need privileged access to ports like 80 (HTTP) or 443 (HTTPS) to serve traffic from the internet. Instead of giving your application this privileged access, it’s better to set up a reverse proxy like Nginx.

A reverse proxy accepts public traffic, forwards it to your application, and handles things like:

  • Caching
  • DDoS protection
  • Load balancing
  • SSL/TLS encryption

This allows your app to focus solely on business logic while Nginx handles the network traffic.

Steps to Install Nginx as a Reverse Proxy

1. Launch an EC2 Instance

Start by logging into your AWS Management Console and navigate to the EC2 dashboard. Here’s how to create an instance:

  1. Choose the Amazon Linux 2 AMI: This is a lightweight Linux distribution specifically designed for AWS environments.
  2. Select the t2.micro instance type: It’s part of the AWS free tier, perfect for testing and development.
  3. Configure instance details: Leave the default settings unless you need to customize them.
  4. Add storage: The default 8 GB is fine for most basic use cases.
  5. Configure security group: By default, the security group will allow SSH access on port 22. You will also need to allow HTTP traffic on port 80 for Nginx to work. Initially, we’ll allow traffic on all TCP ports for testing purposes, but we’ll lock it down later.

After launching, give your instance a name like “Nginx Reverse Proxy” for easy identification.

2. Connect to the EC2 Instance

Once your instance is running, click Connect, select the SSH client tab, and follow the instructions to connect via SSH. Make sure to modify the command to point to your .ssh directory where your key pair is stored.

3. Set Up Your Web Application

For this guide, we’re using a Node.js application, but you can use any web app that listens for HTTP requests. The goal is to run your app on a non-privileged port, like 8080.

set up the Node.js app. Once running, it should be accessible by visiting http://<your-ec2-ip>:8080.

4. Install Nginx

Nginx can be installed via the Amazon Linux Extras package manager. Here’s the command:

sudo amazon-linux-extras install nginx1

Once installed, start and enable Nginx so it runs automatically after reboots:

sudo systemctl enable nginx

sudo systemctl start nginx

5. Configure Nginx as a Reverse Proxy

To make Nginx forward HTTP traffic to your web app running on port 8080, edit the Nginx configuration file:

sudo vim /etc/nginx/nginx.conf

In the server block, remove the default configuration and replace it with the following:

server {
    listen 80;
    server_name <your-ec2-ip>;
    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

This configuration listens for traffic on port 80 and forwards it to the app running on localhost:8080.

Save and exit the editor, then restart Nginx to apply the changes:

sudo systemctl restart nginx

6. Test Your Reverse Proxy

Now, visit your EC2 instance’s public IP (without specifying port 8080), and you should see your web application being served through Nginx.

If you still see the default Nginx page, ensure your configuration file is correct and restart Nginx again.

7. Lock Down Security Group Settings

At this point, your web app should be accessible via the reverse proxy. However, you don’t want the app to be directly accessible on port 8080 anymore. To fix this:

  1. Go to the EC2 dashboard and select Security Groups.
  2. Find the security group associated with your instance.
  3. Edit the inbound rules and only allow traffic on:
    • Port 80 (HTTP)
    • Port 22 (SSH) for remote access

This ensures that all HTTP traffic goes through Nginx.

8. (Optional) Enable HTTPS

For production environments, you should enable HTTPS. Nginx includes a default configuration template for this. You can use services like Let’s Encrypt to get a free SSL certificate. Setting up HTTPS ensures encrypted traffic, providing an extra layer of security for your application.

Conclusion

Setting up Nginx as a reverse proxy on an EC2 instance running Amazon Linux 2 is a straightforward process that adds flexibility, scalability, and security to your web app deployment. By using Nginx, you separate HTTP-related tasks from your application logic, allowing your app to run more efficiently.

See Also:

techlinux.in

techlinux.in

I’m a DevOps engineer with 8 years of experience in automation and cloud infrastructure. I’m passionate about optimizing software delivery and love sharing practical DevOps tips.Outside of work, I enjoy hiking, cooking, and contributing to open-source projects.Thanks for visiting my blog