Master Nginx: Reverse Proxy, Load Balancing, Rate Limiting & HTTPS Made Easy

What is Nginx?

Nginx is a high‑performance reverse proxy server that forwards external requests to backend services, handles tens of thousands of concurrent connections, serves static files, compresses data, and provides basic security features.

Scenario 1: Reverse Proxy & Load Balancing

Use Nginx to hide backend IPs and distribute traffic across multiple servers, automatically removing unhealthy nodes.

# Global settings
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

upstream backend_servers {
    server 192.168.1.10:8080;
    server 192.168.1.11:8080;
    server 192.168.1.12:8080;
    least_conn;
    keepalive 32;
    proxy_next_upstream error timeout http_500;
}

server {
    listen 80;
    server_name www.yourdomain.com;
    location /api/ {
        proxy_pass http://backend_servers/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout 30s;
        proxy_read_timeout 60s;
        proxy_send_timeout 60s;
    }
}

Key points: backend IPs stay hidden; traffic is evenly spread during high‑load events.

Scenario 2: Static Resource Handling & Separation

Configure Nginx to serve images, CSS, and JavaScript directly, reducing backend load and improving page speed.

server {
    listen 80;
    server_name www.yourdomain.com;
    location /static/ {
        root /data/;
        autoindex off;
        expires 30d;
        gzip on;
        gzip_types text/css application/javascript image/png;
    }
    location /images/ {
        root /data/;
        valid_referers none blocked www.yourdomain.com;
        if ($invalid_referer) { return 403; }
    }
    location /api/ { proxy_pass http://backend_servers/; }
}

Key points: static files are served 10× faster; browser caching and compression make repeat visits instantaneous.

Scenario 3: Rate Limiting & IP Black/White List

Protect APIs from malicious traffic by limiting concurrent connections and request rates, and by blocking unwanted IPs.

http {
    limit_conn_zone $binary_remote_addr zone=ip_conn:10m;
    limit_req_zone $binary_remote_addr zone=ip_req:10m rate=5r/s;
    set $allow_ip "192.168.1.0/24";
    deny 10.0.0.1;
}

server {
    listen 80;
    server_name www.yourdomain.com;
    location /api/login {
        limit_conn ip_conn 10;
        limit_req zone=ip_req burst=10 nodelay;
        if ($remote_addr !~* $allow_ip) { return 403; }
        proxy_pass http://backend_servers/;
    }
}

Key points: abusive IPs are blocked, logs stay clean, login endpoint is protected from CC attacks.

Scenario 4: HTTPS Configuration

Enable TLS to encrypt traffic and display the green lock in browsers.

server {
    listen 443 ssl;
    server_name www.yourdomain.com;
    ssl_certificate /etc/nginx/ssl/yourdomain.crt;
    ssl_certificate_key /etc/nginx/ssl/yourdomain.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers on;
    rewrite ^(.*)$ https://$host$1 permanent;
    location / { proxy_pass http://backend_servers/; }
}

Key points: encrypted transmission protects passwords; the green lock satisfies product managers.

How to Deploy Nginx

Install via yum install nginx (CentOS) or apt-get install nginx (Ubuntu) or download the binary for Windows.

Start or restart with sudo systemctl start nginx and sudo systemctl restart nginx.

Validate the configuration using nginx -t before going live.

Summary

Reverse proxy hides backend IPs and protects services.

Load balancing distributes traffic to avoid server overload.

Static file handling speeds up front‑end performance.

Rate limiting and IP blacklisting stop malicious requests.

HTTPS encrypts data, giving users confidence.