Setting up an NGINX Reverse Proxy 

If you've ever set up an application like Plex with a web server on a non-standard port, wanted a bit more security to go into accessing applications over networks that you may not fully trust, or even just wanted to ensure all of your requests to your web services just go to one place so you don't have to mess with firewall rules every time you make something new then this article is for you. My start with NGINX reverse proxies came out of my laziness to remember to specify ports when accessing different apps I had set up and its turned into a powerful tool that allows me to access certain resources that I'm either to lazy to configure for HTTPS or it simply isn't supported. Don't get me wrong, I'm not being disingenuous , if you have an insecure HTTP application, the traffic between the proxy and the app will be via HTTP, but what makes this cool is that the subsequent traffic between you and the proxy is all via HTTPS, meaning as long as you trust your LAN this makes accessing those applications from the greater internet a bit more safe. 

Install NGINX

This tutorial is gonna be made assuming you're using an Ubuntu, but all of the steps will be the same regardless of operating system except actually installing the package from your distribution's archives.

sudo apt install -y nginx

Its that simple, I promise  if you want to ensure nginx is installed properly you can run a nginx -v or simply browse to the address of the server you installed it on or run a curl on localhost. 

Configuring NGINX

Now I'm making this assuming you already know about SSL certs and hopefully already have your own (they're free with LetsEncrypt), but if you just want the simplest solution self-signed certs are usually fine if it's just a personal thing. You can generate some self-signed certs using the following command. 

openssl req -newkey rsa:4096 \ 

            -x509 \

            -sha256 \

            -days 3650 \

            -nodes \

            -out example.crt \

            -keyout example.key

Next we're going to edit the default NGINX configuration file located at /etc/nginx/sites-enabled/default

server {

    listen 80;

    return 301 https://$host$request_uri;

}

...

  listen 443;

  server_name www.example.com;


  ssl_certificate           /etc/nginx/example.crt;

  ssl_certificate_key       /etc/nginx/example.key;


  ssl on;

  ssl_session_cache  builtin:1000  shared:SSL:10m;

  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;

  ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;

  ssl_prefer_server_ciphers on;

  ...


...

location / {


    proxy_set_header        Host $host;

    proxy_set_header        X-Real-IP $remote_addr;

    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header        X-Forwarded-Proto $scheme;

    proxy_pass          http://192.168.1.80:8080;

    proxy_read_timeout  90;


    proxy_redirect      http://192.168.1.80:8080 https://www.example.com;

}

...