NGINX Proxy with SSL and Docker Setup

Overview

This guide covers setting up an NGINX reverse proxy with SSL termination in a Docker container to manage traffic between a React app and backend services. It also defines key concepts like NGINX, proxy forwarding, and reverse proxy.

• NGINX: A high-performance web server commonly used as a reverse proxy, load balancer, and HTTP cache. It efficiently handles large amounts of traffic and routes requests to backend services.
• Proxy Forwarding: The process where a proxy server forwards client requests to another server. This allows clients to interact indirectly with backend services.
• Reverse Proxy: A server (NGINX in this case) that routes incoming client requests to one or more backend servers. It helps secure and manage traffic, ensuring that clients never directly interact with backend services.

Commands Breakdown

OpenSSL Command

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/app.local.key -out /etc/nginx/ssl/app.local.crt
        

Generates a self-signed SSL certificate and private key for HTTPS.

Docker Command

docker run -d --name nginx-proxy -p 80:80 -p 443:443 \
  -v /path/to/app.local.crt:/etc/nginx/ssl/app.local.crt:ro \
  -v /path/to/app.local.key:/etc/nginx/ssl/app.local.key:ro \
  -v /path/to/nginx.conf:/etc/nginx/conf.d/default.conf:ro \
  nginx
        

Runs NGINX in a Docker container with SSL certificates and custom configuration.

NGINX Configuration(nginx.conf)

server {
    listen 80;
    server_name app.local;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name app.local;
    ssl_certificate /etc/nginx/ssl/app.local.crt;
    ssl_certificate_key /etc/nginx/ssl/app.local.key;

    location /api {
        proxy_pass http://backend:1337;
    }

    location / {
        proxy_pass http://frontend:3000;
    }
}
        

• Redirects HTTP to HTTPS.
• Proxies /api to backend (port 1337) and other requests to React app (port 3000).

Benefits

• Reverse Proxy: Manages traffic and improves scalability.
• SSL Termination: NGINX handles SSL encryption.
• Modular Architecture: Keeps backend and frontend separate.

Advantages

1. Performance: NGINX efficiently handles traffic.
2. Security: SSL encryption and restricted backend access.
3. Scalability: Easily scale services independently.
4. Docker: Simplifies deployment.

Disadvantages

1. Self-Signed Certificates: Cause browser warnings.
2. Single Point of Failure: If NGINX fails, traffic is disrupted.
3. Setup Complexity: Additional configuration required.
4. SSL Overhead: SSL termination incurs some performance cost.

Conclusion

This setup provides a secure, scalable, and flexible way to manage traffic between services. For production, using a CA-issued certificate is recommended.