NGINX reverse proxy

Aug 22, 2021 nginx linux proxy
Share on:

An Nginx reverse proxy enables client requests to be forwarded on to a backend server. In this scenario the backend server provides responses to the client. A setup like this can be useful in a number of situations where Nginx is used to control the processing. It is also a nice security setup as the Nginx acts as a gateway and only passes traffic based on appropriate content on to the backend server.

Overview

In this blog post learn how to configure a reverse proxy for Google Cloud Run. Use the container to communicate with a backend service. With this deployment in place all traffic can be routed to this service.

Nginx container

Create a Dockerfile manifest based on a Nginx image.

  1. Create a Dockerfile
1FROM nginx
2
3COPY nginx/default.conf /etc/nginx/conf.d/default.conf

Nginx configuration

Add a Nginx configuration that will perform the necessary work. In this example the Nginx configuration will set to listen on Port 8080 so it can be used for Cloud Run traffic. If you are not using Cloud Run, then the server should be set up to listen on HTTP (TCP 80) or HTTPS (TCP 443). Any matching traffic will be passed on to the named backend server i.e. 10.128.0.2 on TCP:8081

  1. Create a directory nginx
1mkdir nginx && cd $_
  1. In the nginx subdirectory create a new file default.conf
 1# HTTP Default Redirect to HTTPS
 2#
 3server {
 4    # Editor HTTP configuration
 5    # Ref: https://stackoverflow.com/questions/56318026/nginx-container-fails-to-start-on-cloud-run
 6    listen 8080 default_server;
 7    listen [::]:8080 default_server;
 8    access_log /dev/stdout;
 9    error_log /dev/stdout;
10
11    server_name _;
12
13    location / {
14        proxy_pass http://10.128.0.2:8081;
15        proxy_set_header Host $host;
16        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
17        proxy_set_header X-Forwarded-Proto $scheme;
18        proxy_http_version 1.1;
19        proxy_set_header Upgrade $http_upgrade;
20        proxy_set_header Connection "Upgrade";
21        # proxy_set_header Accept-Encoding gzip;
22    }
23
24    # redirect server error pages to the static page /50x.html
25    error_page   500 502 503 504  /50x.html;
26    location = /50x.html {
27        root   /usr/share/nginx/html;
28    }
29}

Cloud Build configuration

Cloud Build provides a great way to automate multiple commands on Google Cloud. In this example, Cloud Build is used to build the Dockerfile and add the image into Container Registry.

  1. Create a file cloudbuild.yaml
 1steps:
 2  - name: 'gcr.io/cloud-builders/docker'
 3    args: ['build', '-t', 'gcr.io/$PROJECT_ID/${_PROXY_NAME}:${_PROXY_VERSION}',
 4           '-t', 'gcr.io/$PROJECT_ID/${_PROXY_NAME}',
 5           '.']
 6substitutions:
 7  _PROXY_VERSION: 1.0.0
 8  _PROXY_NAME: nginx-proxy 
 9
10images:
11  - 'gcr.io/$PROJECT_ID/${_PROXY_NAME}:latest'
12  - 'gcr.io/$PROJECT_ID/${_PROXY_NAME}:${_PROXY_VERSION}'
13tags: ['nginx', 'proxy', 'googlecloud']
  1. Perform the build
1gcloud builds submit --config cloudbuild.yaml

Deployment

NOTE: If Cloud Run is deploy the nginx container, it cannot natively communicate with private resources. To make this solution work in that scenario, deploy a VPC connector to allow Cloud Run to communicate with VPC based resources.

With the container image now built and stored, the next step is to deploy. Using docker the nginx configuration will look for a device with the selected IP. The designated IP is an internal address, meaning it is not accessible over the internet.