Nginx: Hands-On Projects

Set Up Nginx as a Reverse Proxy and Load Balancer#

A reverse proxy forwards client requests to backend services, enhancing security and performance. Nginx also supports load balancing to distribute traffic efficiently across multiple backend servers.

Configuring Nginx as a Reverse Proxy#

server {
    listen 80;
    server_name example.com;
    location / {
        proxy_pass http://127.0.0.1:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Implementing Load Balancing for Multiple Backend Servers#

upstream backend {
    server backend1.example.com;
    server backend2.example.com;
}
server {
    listen 80;
    location / {
        proxy_pass http://backend;
    }
}

Testing the Setup#

curl -I http://example.com

Implement SSL/TLS-Secured Web Applications#

Securing web traffic with SSL/TLS is essential for data protection.

Installing Let’s Encrypt and Generating an SSL Certificate#

sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d example.com -d www.example.com

Configuring SSL/TLS in Nginx#

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}

Enforcing HTTPS Redirection#

server {
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;
}

Configure Nginx Ingress for Kubernetes Applications#

Nginx Ingress Controller manages external access to Kubernetes services.

Deploying the Nginx Ingress Controller#

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install my-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace

Creating an Ingress Resource#

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: myapp-ingress
spec:
  rules:
    - host: myapp.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: myapp-service
                port:
                  number: 80

Applying and Testing the Ingress Setup#

kubectl apply -f myapp-ingress.yaml
kubectl get ingress

Secure and Optimize an Nginx Deployment for Production#

Implementing Rate Limiting to Prevent Abuse#

limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
location / {
    limit_req zone=one burst=5;
}

Enabling Gzip Compression for Faster Page Loads#

gzip on;
gzip_types text/css application/javascript;

Setting Up Monitoring with Prometheus and Grafana#

• Deploy Prometheus to collect Nginx metrics.
• Use Grafana dashboards to visualize traffic and performance.

Applying Security Headers to Prevent Attacks#

add_header X-Frame-Options DENY;
add_header Content-Security-Policy "default-src 'self'";

Final Challenge: Deploy a High-Performance Nginx Setup#

• Configure Nginx as a full-featured reverse proxy.
• Secure with SSL/TLS, rate limiting, and access control.
• Optimize caching and compression for better performance.
• Deploy and manage Nginx in a Kubernetes environment.

By completing these hands-on projects, you’ll gain practical experience in deploying, securing, and optimizing Nginx for real-world applications.