Master Nginx: Install, Configure Reverse Proxy, Load Balancing, and HTTPS
This article provides a comprehensive guide to Nginx, covering its purpose as a lightweight web and reverse‑proxy server, step‑by‑step installation on Linux and Windows, essential command‑line controls, and detailed configuration examples for HTTP reverse proxy, load balancing, multiple webapps, HTTPS, static sites, and CORS handling.
What is Nginx?
Nginx (engine x) is a lightweight web server, reverse proxy and mail (IMAP/POP3) proxy.
What is a reverse proxy?
A reverse proxy accepts client requests from the Internet, forwards them to internal servers, and returns the responses to the client.
Installation and usage
Installation
Download the official package from http://nginx.org (Linux or Windows) or compile from source.
Compile from source
$ ./configure
$ make
$ sudo make installBy default Nginx is installed to /usr/local/nginx; the location can be changed with configure options.
Windows installation
Download the Win32 package, unzip, and run nginx.exe from the command line, e.g.:
cd C:
cd C:
ginx-0.8.54
start nginxCommon commands
nginx -s stop – quickly stop Nginx.
nginx -s quit – gracefully stop Nginx.
nginx -s reload – reload configuration.
nginx -s reopen – reopen log files.
nginx -c filename – use a specific configuration file.
nginx -t – test configuration syntax.
nginx -v – show version.
nginx -V – show version, compiler and configure options.
A startup batch file can be created to run common commands.
@echo off
rem stop if already running
nginx.exe -s stop
rem test configuration
nginx.exe -t -c conf/nginx.conf
rem show version
nginx.exe -v
rem start with config
nginx.exe -c conf/nginx.confPractical Nginx configuration
HTTP reverse proxy
Basic reverse‑proxy configuration in nginx.conf:
# worker processes
worker_processes 1;
error_log /path/to/logs/error.log;
pid /path/to/logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /path/to/logs/access.log main;
upstream zp_server1 {
server 127.0.0.1:8089;
}
server {
listen 80;
server_name www.javastack.cn;
root /path/to/webapp;
index index.html;
location / {
proxy_pass http://zp_server1;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location ~ ^/(images|javascript|js|css|flash|media|static)/ {
root /path/to/static;
expires 30d;
}
location /NginxStatus {
stub_status on;
access_log on;
auth_basic "NginxStatus";
auth_basic_user_file conf/htpasswd;
}
location ~ /.ht {
deny all;
}
}
}Load balancing
Define multiple upstream servers with weight and proxy to them:
upstream load_balance_server {
server 192.168.1.11:80 weight=5;
server 192.168.1.12:80 weight=1;
server 192.168.1.13:80 weight=6;
}
server {
listen 80;
server_name www.javastack.cn;
location / {
proxy_pass http://load_balance_server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
}
}Multiple webapps
Separate applications by context and proxy each to a different upstream:
upstream product_server { server www.javastack.cn:8081; }
upstream admin_server { server www.javastack.cn:8082; }
upstream finance_server { server www.javastack.cn:8083; }
server {
location / { proxy_pass http://product_server; }
location /product/ { proxy_pass http://product_server; }
location /admin/ { proxy_pass http://admin_server; }
location /finance/ { proxy_pass http://finance_server; }
}HTTPS reverse proxy
Enable SSL on port 443 and specify certificate files:
server {
listen 443 ssl;
server_name www.javastack.cn;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /root;
index index.html index.htm;
}
}Static site
Serve a static site from /app/dist:
server {
listen 80;
server_name static.zp.cn;
location / {
root /app/dist;
index index.html;
}
}CORS configuration
Example enable-cors.conf to add the necessary headers:
set $ACAO '*';
if ($http_origin ~* (www.javastack.cn)$) {
set $ACAO $http_origin;
}
if ($cors = "trueget") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
if ($request_method = 'OPTIONS') { set $cors "${cors}options"; }
if ($request_method = 'GET') { set $cors "${cors}get"; }
if ($request_method = 'POST') { set $cors "${cors}post"; }Include this file in the server block handling API requests.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.