Nginx is an open source high performace web server which can be effectively configured as Nginx Reverse proxy server. Nginx has an asynchronous event driven architecture which provides efficient throughput ideal for production and enterprise environment.
Example Assumption :
– Domain : www.abc.com
– LAN IP address of origin server where is www.abc.com is running : 10.0.0.10
– LAN IP address of proxy server : 10.0.0.20
– Origin Server and Nginx Proxy servers are running on Separate Hardware
Step 1 :
In Proxy server create a proxy configuration file in nginx conf.d folder
# vi /etc/nginx/conf.d/proxy.conf |
Make below entries in proxy.conf
proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffers 32 4k; |
These parameters will define proxy send and read timeout , buffer chunk size , header information for proxy server etc , For different domains different configuration files can be made eg. def.com will use proxy.conf , ghi.com will use proxy1.conf etc.
Send timeout and Read timeout can be adjusted to tune the performance. But this configuration seems better for most of the environment and adjustment in proxy.conf is necessary unless you are well versed with Nginx.
Step 2 :
We would be required to define proxy cache path where cache files will get stored for abc.com in proxy server. We need to make an entry in nginx.conf within http block
# vi /etc/nginx/nginx.conf |
http { proxy_cache_path /data1/proxy_cache levels=1:2 keys_zone=proxy-cache:8m max_size=1000m inactive=600m; proxy_temp_path /data1/proxy_cache/temp;include /etc/nginx/mime.types; |
In above configuration block you can see , proxy_cache_path and proxy_temp_path have been added . Proxy cache path is defining directory where cache will be build . Remember to create directory and provide proper ownership for the defined cache directory.
Supposing Nginx is running with privileges of www-data username and group name we will do the below steps
# mkdir -p /data1/proxy_cache# chown -R www-data:www-data /data1/proxy_cache |
Step 3 :
Now we will define configuration file for www.abc.com in proxy server , Proxy server will be responsible for
– Fetching data from origin server
– Caching the data for defined time interval
– Serving data to the world
# vi /etc/nginx/conf.d/www.abc.com.conf |
upstream abc { server www.abc.com; } server { server_name www.abc.com; #access_log /var/www/example1.com/log/nginx.access.log; location / { include conf.d/proxy.conf; proxy_pass http://abc; proxy_cache proxy-cache; proxy_cache_valid 200 302 30m; proxy_cache_valid 404 1m; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; } } |
– You can see in upstream block origin server;s hostname is defined , from where proxy server will fetch and cache the data.
– In server block proxy.conf is included which will activate the proxy directives defined in proxy.conf.
– proxy_cache directive tells to use proxy-cache key for cache location which is defined in nginx.conf
– proxy_cache_valid tells the proxy server to cache the data for 30 minutes for every HTTP 200 or 301 request. So every successful HTTP request will get cached for 30 minutes.
– proxy_cache_use_stale directive is the most modern feature of caching , whenever proxy server will fail to fetch data from origin server it will show the stale data , without any downtime. Isn’t it great!!! in proxy_cache key defined in nginx.conf httpd block we have defined inactive=600M , which means it will cache last 600 minutes data for the purpose of serving to stale cache.
Step 4 :
Check nginx configuration file and restart the service if everything seems ok.
# nginx -t |
# /etc/init.d/nginx restart |
Step 5 :
Change DNS Authoritative(A) record for www.abc.com which should point to Proxy server rather then origin server. In our example it will be as follows
Old Record :
www.abc.com IN A 10.0.0.10
New Record :
www.abc.com IN A 10.0.0.20
Note :
WAN/Public IP also will require a change unless their is a mapping change
Hosts file entry in proxy server for origin server is mandatory for www.abc.com domain
httpproxymodule should already be compiled in installed nginx , Use nginx -V command to check