Nginx
webserver
Gateway
Reverse proxy
caching
rate limit
Host static site
Host multi site
Load balancer
Install nginx : yum install nginx
Nginx configurations file: /etc/nginx
We can check the conf: /etc/nginx/nginx.conf
To check syntax error in nginx: nginx -t
All the configuration we can add in: /etc/nginx/conf.d
add virtual server inside conf.d
Create a new file for your virtual server, such as example.com.conf:
sudo vi example.com.confInside the configuration file, define your virtual server. Here’s an example for a basic HTTP server:
server {
listen 80;
server_name example.com www.example.com;
root /var/www/my-website;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
}
Test Nginx Configuration: sudo nginx -t
Reload Nginx: sudo systemctl reload nginx
Create username and password to access the website for dev or stage
To secure your development server with a username and password, you can use HTTP Basic Authentication in Nginx. Here’s how you can do it:
Step 1: Install htpasswd Utility
Ensure you have the htpasswd utility installed, which is part of the Apache tools.
- On CentOS/RHEL:
sudo yum install httpd-tools
Step 2: Create a Password File
Create a password file with the username and password.
sudo htpasswd -c /etc/nginx/.htpasswd username- Replace
usernamewith the desired username. - You will be prompted to enter and confirm the password.
(Note: Do not use the -c flag for subsequent users, as it will overwrite the file.)
Step 3: Update the Virtual Server Configuration
Edit your virtual server configuration file (e.g., example.com.conf) inside /etc/nginx/conf.d/:
server {
listen 80;
server_name example.com;
root /var/www/example;
index index.html index.htm;
location / {
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
try_files $uri $uri/ =404;
}
}auth_basic "Restricted Access";sets the authentication realm (the prompt text).auth_basic_user_file /etc/nginx/.htpasswd;points to the password file.
Step 4: Test Nginx Configuration
Check for syntax errors:
sudo nginx -tStep 5: Reload Nginx
Reload Nginx to apply the changes:
sudo systemctl reload nginxStep 6: Verify Authentication
Access your server in a browser (http://example.com). You should now be prompted to enter the username and password.
Load Balancers || Reverse Proxy || Forward Proxy
Load Balancer
==> A load balancer distributes incoming network traffic across multiple backend servers (or
instances) to ensure no single server is overwhelmed.
==> Purpose: To improve reliability, scalability, and performance by balancing the workload among several servers.
==> Use Case:
○ Web Applications: Ensures availability by distributing user requests across
multiple servers.
Reverse Proxy
***************
==>A reverse proxy sits in front of backend servers and forwards client requests to them. It typically receives requests on behalf of servers and can modify or inspect the requests before passing them along.
==>Purpose: To provide security, load distribution, caching, and SSL termination for backend servers.
==>Use Case:
○ Web Acceleration: Caches static content to improve response times for users.
Forward Proxy
***************
==> A forward proxy stands between client devices and the internet, making requests to servers on behalf of clients. It’s often used for internet access control, content filtering and privacy.
==> Purpose: To control or filter outbound client traffic, or to anonymize client IPs when accessing the internet.
==> Use Case:
○ Content Filtering: Used in corporate networks to block access to restricted websites.
Configure the Load Balancer
Open the configuration file:
sudo nano /etc/nginx/conf.d/load_balancer.conf
Add the following configuration:
upstream backend_servers {
server server1.example.com; # Replace with the IP or domain of your backend server
server server2.example.com; # Add as many servers as needed
}
server {
listen 80;
server_name loadbalancer.example.com; # Replace with the domain of your load balancer
location / {
proxy_pass http://backend_servers;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}