Nginx reverse proxy

Hi, I am Noob to Nginx and I am trying to set it up as a reverse proxy on IPfire - loaded via Pacfire. I have edited the Config file with some simple directives - basically listen on 443 and 80 and Proxy Pass to the web server IP. The very basic question I have is how do I get traffic to go to the Reverse Proxy.
All incoming traffic from my ISP hits the firewall. Previously, I used port forwarding to direct the traffic to the correct server. Web server, mail server etc.
Do I need to direct the incoming traffic to the reverse proxy? I have tried turning off the port forward.
I know this may seem like a very basic question but sometimes you just get stuck on the most basic problems.
In case you ask why - I have implemented NEMS on a Raspberry Pi - which means I have two web servers on different IPs. Right now I’ve worked around this by appending :81 to the URL and used NAT on the firewall to direct the URL to the correct server. Would be much cleaner to set up a reverse proxy to direct different URLs to different web servers.

Hi,
Instructions for this are available in the wiki:

3 Likes

Thank you - that was the part I was missing. How to expose the Reverse Proxy directly to the internet.

2 Likes

I need to do something similar in my home network in the near future. Can I ask a brief tutorial of what you have leaned when you are done with this project? It would be greatly appreciated.

1 Like

Hi cfusco.
Basically, I have an IPFire with Nginx runningt. Behind that I have a number of virtual servers running different functions and a raspberry Pi run NEMS. Since each server has its own Web App I want to forward the relevant URL to the relevant server.
So far I have http (Port 80) working fine. It is the https (Port 443) I haven’t got working yet. Need to do some more reading and watching videos on how to do this.

1 Like

I agree, the topic is confusing, especially because there are at least two modules that can be used in nginx for this purpose, http proxy and stream.

The second is much more powerful, as it can be used for any UDP/TCP/Socket connection, while the first is simpler in its design as it focuses only on the web based protocols. Which one to use, the question is quite nuanced and I do not yet understand the implications of the choice.

The other confusing aspect of reverse proxy-ing using either of two modules is that there are several possible configurations for the stream module, while I believe the HTTP proxy has only one (the first).

  1. TLS termination: the back-end (upstream in nginx parlance) does not understand encryption, therefore nginx receives the encrypted streams, decrypt them and pass them to the upstream server unencrypted;
  2. TLS wrapping, the opposite of the previous; nginx listen for unencrypted connections, and pass them upstream encrypted;
  3. TLS re-encryption, where nginx will receive encrypted traffic, decrypt it, and re-encrypt it for the usptream server using its specific keys.

This is very nuanced and I struggle understanding the security implication of the possible choices (HTTP vs Stream, TLS termination or TLS re-encryption).

I like the idea of TLS re-encryption, as I am a big fan of encryption. The more the better. On the other end, I also like simplicity. Definitely, the devil is in the details and copying an pasting config files from online tutorial is becoming more scary for me. I am delaying this project just because of this.