NGINX REVERSE PROXY ARCHITECTURE Nginx SSL Termination Load Balancing Caching Compression Rate Limiting Nginx routes client requests to the appropriate backend server

Nginx est l’un des reverse proxies les plus deployes au monde. Ce guide couvre tout, de la configuration basique proxy_pass aux configurations avancees incluant le support WebSocket, le cache et les health checks.

Qu’est-ce qu’un Reverse Proxy ?

Un reverse proxy se place entre les clients et vos serveurs backend. Les avantages incluent :

  • Terminaison SSL — Gerer HTTPS au niveau du proxy
  • Equilibrage de charge — Distribuer le trafic entre les instances
  • Cache — Servir le contenu frequemment demande
  • Securite — Masquer les details du serveur backend
  • Compression — Comprimer les reponses

Configuration Basique

server {
    listen 80;
    server_name app.knowledgexchange.xyz;

    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Terminaison SSL

server {
    listen 443 ssl http2;
    server_name app.knowledgexchange.xyz;

    ssl_certificate /etc/letsencrypt/live/app.knowledgexchange.xyz/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/app.knowledgexchange.xyz/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Proxy WebSocket

location /ws/ {
    proxy_pass http://127.0.0.1:3000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 86400s;
}

Equilibrage de Charge

upstream backend_pool {
    least_conn;
    server 10.0.1.10:3000;
    server 10.0.1.11:3000;
    server 10.0.1.12:3000;
}

Limitation de Debit

limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;

location /api/ {
    limit_req zone=api_limit burst=20 nodelay;
    limit_req_status 429;
    proxy_pass http://127.0.0.1:3000;
}

Securite

server_tokens off;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
client_max_body_size 10m;

Test de Configuration

sudo nginx -t
sudo systemctl reload nginx

Conclusion

Nginx en tant que reverse proxy fournit une couche fiable et performante entre vos utilisateurs et vos applications backend. Commencez simplement avec proxy_pass, puis ajoutez terminaison SSL, cache, limitation de debit et equilibrage de charge selon vos besoins.