DEV Community

Akbar Nafisa
Akbar Nafisa

Posted on

Setup NGINX

In the previous setup, we used an API gateway to connect our client to the server. In this part, we will add NGINX to our server as a reverse proxy for our Backend app. To do so, let’s follow these steps:

Open HTTPS Port

Firstly, let’s add port 443 to our security rule to enable our server to serve HTTPS.

Image description

Add Routes Traffic

Next, let’s add a new API api.akbarnafisa.com as a new API. To do so, let’s open AWS Route 53 and create a new traffic routing record.

Image description

Image description

Image description

Add New Docker Networks

Then, let’s add new Docker networks to connect our Backend app to the NGINX app. In this case, we add two new networks:

  • nginx.docker
  • my-project-server-prod-network

Image description

Image description

Image description

Image description

Add NGINX Config

In this config, we will add NGINX to act as a reverse proxy to our Backend App. You can clone the repository here.

Image description

Image description

Separate NGINX conf

In this config, we will separate the configuration to create Certbot and redirect to the Backend server. We do this because we need to set up the Certbot first before adding the reverse proxy config.

Image description

Connect to Server

Next, we connect to the EC2 server using VSCode. To do so, make sure we have the SSH extensions.

Image description
Then, click the icon in the bottom left corner.

Image description

Next, click connect to host.

Image description

Then, add the config by adding the Hostname and .pem file.

Image description

Change the Configuration

We need to change some configurations:

  • Change {email} inside docker-compose.yml to your email.
  • Change {api} inside docker-compose.yml and client.conf to your domain.

Image description

Image description

Create Certificate

To add the certificate, we can run the docker-compose up command.

Image description

If the process is successful, we will get this notification from the terminal.

Image description

To check the files inside, we can run this command:

docker exec -it ssl-api-akbarnafisa-com-nginx-1 /bin/sh
cd /etc/letsencrypt/live/
Enter fullscreen mode Exit fullscreen mode

Image description

Enable Reverse Proxy

After we create the certificate, the next step is to enable the reverse proxy. To do so, let’s uncomment this code from the client.conf.

Image description

Image description

Then, let’s run the docker container

 docker compose up -d
Enter fullscreen mode Exit fullscreen mode

Finaly, let’s open the the URL to check if the NGINX is working or not

Image description

Add New Reverse Proxy Path

There is a case where we want to add a new path to the reverse proxy. To do so, let’s add new config inside client.conf.

Image description

Then, let’s run this command to build the nginx image:

docker compose up --force-recreate --build -d nginx
Enter fullscreen mode Exit fullscreen mode

Image description

Make sure the image name is the same as the image in docker-compose.yml file.

Image description

Then, when we open the URL, we can see the new path is working.

Image description

Top comments (2)

Collapse
 
manchicken profile image
Mike Stemle

In this article you have told me which IP belongs to your EC2, you’ve told me which ports are open on it, and you’ve told me what you’ve got running on that host. You’ve left those ports open and the processes running. You’ve disabled the access logs and you’ve made public all of these facts.

If you keep this article up as-is, and you don’t disable the infrastructure described in this post, I am gravely worried that you will experience a breach.

Please be more careful. I recommend you shut down all infrastructure mentioned in this article, and harden it to prevent attacks.

AWS accounts like yours, when compromised, can easily be used by attackers in other attacks against other targets, and leave you with the AWS bill.

Collapse
 
akbarnafisa profile image
Akbar Nafisa

The service has been shut down, and the article has been updated. Thank you for your concern.