This article describe how to setup Nginx proxy server for backend http server located in Azure and without internet access. Access to the web server is denied from the internet. To get access to web content the user needs to connect through Nginx proxy server. Two servers proxy and web are communicating via internal Azure network. When the clients wants to access web server all requests goes through proxy server and back to client.
1. Install proxy and web servers in Azure
First create two CentOS 7.5 (or any other operating system) virtual machines and install Nginx server. Nginx version used for the setup:
# nginx -v nginx version: nginx/1.12.2
For Nginx proxy server setup security to allow HTTP, HTTPS and SSH in Internet:
Nginx web server could only has SSH enabled to configure the server. Once it is done SSH access can be disabled by removing the rule:
2. Prepare Nginx web server
Web server will be working on port 45000 and for testing purpose create very simple html page and put in new folder app1:
# ll /usr/share/nginx/app1/ total 4 -rwxr-xr-x. 1 root root 83 Jul 10 09:54 index.html # cat /usr/share/nginx/app1/index.html <!DOCTYPE html> <html> <head> </head> <body> <p> Page 2 </p> </body> </html>
In CentOS install semanage utility and open port 45000:
# yum install policycoreutils-python # semanage port -a -t http_port_t -p tcp 45000
The main Nginx config file won’t has any changes. There is only needed to create new configuration file in /etc/nginx/conf.d/ folder:
# mkdir /etc/nginx/conf.d/myweb.conf
Open myweb.conf and add the following lines:
server {
listen 45000;
index index.html;
root /usr/share/nginx/app1;
location / {
}
}
Then test if the configuration file is correct and restart Nginx server:
# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful # # nginx -s reload
3. Prepare Nginx proxy server
Backend server (web server) will be serving web page on port 45000 so it is needed to allow ports in selinux. First install semange:
# yum install policycoreutils-python
Then allow port 45000 in selinux:
# semanage port -a -t http_port_t -p tcp 45000
Open Ngnix configuratio file /etc/nginx/nginx.conf and add proxy_pass in location area that point to the web server IP and port:
proxy_pass http://10.0.1.5:45000;
Full config:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/app1;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://10.0.1.5:45000;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
At the end test the configuration and restart Nginx server:
# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful # # nginx -s reload
4. Testing configuration
Open the web browser and type Nginx proxy server public IP address:
When we type the Nginx proxy server address it redirect the request to web server where there is configured virtual server on port 45000.
Leave a Reply