Using Nginx as a Reverse Proxy in Dockerized Environments

The DevOps DojoThe DevOps Dojo
4 min read

Table of contents

Introduction

As containerization becomes the norm in modern software development, managing network traffic efficiently is crucial. Nginx, a lightweight and high-performance web server, excels as a reverse proxy for Dockerized applications. It enables developers to route traffic to different containers, balance loads across multiple instances, and secure communications with SSL/TLS encryption.

This article will guide you through setting up Nginx as a reverse proxy in a Docker environment. We will cover:

  • The role of a reverse proxy

  • Setting up Nginx in a Dockerized environment

  • Configuring Nginx to route traffic to multiple containers

  • Load balancing with Nginx

  • Securing communication with SSL certificates

By the end of this tutorial, you'll have a fully functional Nginx reverse proxy that efficiently manages traffic within your Docker ecosystem.

Understanding a Reverse Proxy

A reverse proxy is a server that sits between clients and backend services. Instead of clients communicating directly with the backend, the reverse proxy handles requests, forwards them to the appropriate service, and returns the response. This architecture provides several benefits:

  • Load Balancing: Distributes traffic across multiple backend servers to prevent overload.

  • Security: Shields backend services from direct exposure to the internet, reducing attack vectors.

  • SSL Termination: Offloads SSL processing from backend services, improving performance.

  • Path-based Routing: Directs requests to specific containers based on URL patterns.

Setting Up Nginx in a Dockerized Environment

To get started, let's define a simple Nginx setup using Docker and Docker Compose.

Step 1: Create the Project Directory

Begin by creating a directory for your project:

mkdir nginx-reverse-proxy && cd nginx-reverse-proxy

Inside this directory, create the following files:

  • docker-compose.yml

  • nginx.conf

Step 2: Define the Docker Compose File

Create docker-compose.yml with the following content:

version: '3.8'

services:
  nginx:
    image: nginx:latest
    container_name: nginx_proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      - ./certs:/etc/nginx/certs
    depends_on:
      - app1
      - app2

  app1:
    image: myapp1:latest
    container_name: app1
    expose:
      - "8001"

  app2:
    image: myapp2:latest
    container_name: app2
    expose:
      - "8002"

This setup defines an Nginx container that acts as a reverse proxy for two backend services (app1 and app2). The expose directive makes their ports accessible within the Docker network but not externally.

Step 3: Configure Nginx

Create nginx.conf and define the reverse proxy configuration:

worker_processes auto;

http {
    upstream backend {
        server app1:8001;
        server app2:8002;
    }

    server {
        listen 80;

        location / {
            proxy_pass http://backend;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}

This configuration:

  • Defines an upstream group named backend with two backend servers.

  • Sets up a server listening on port 80 to forward incoming requests to the backend group.

  • Adds headers to preserve client information.

Step 4: Start the Containers

Run the following command to start the services:

docker-compose up -d

Your Nginx reverse proxy is now running and forwarding requests to app1 and app2.

Load Balancing with Nginx

Nginx supports multiple load-balancing strategies. By default, it uses round-robin, but you can specify others:

Least Connections Strategy

Modify the upstream block in nginx.conf:

upstream backend {
    least_conn;
    server app1:8001;
    server app2:8002;
}

This directs traffic to the backend with the fewest active connections.

IP Hashing Strategy

upstream backend {
    ip_hash;
    server app1:8001;
    server app2:8002;
}

This ensures that requests from the same client always go to the same backend server.

Securing Communication with SSL

Step 1: Obtain SSL Certificates

Use Let's Encrypt to generate SSL certificates:

sudo apt install certbot
sudo certbot certonly --standalone -d yourdomain.com -d www.yourdomain.com

Copy the generated certificates to the certs/ directory.

Step 2: Configure Nginx for HTTPS

Modify nginx.conf to include SSL settings:

server {
    listen 443 ssl;
    server_name yourdomain.com;

    ssl_certificate /etc/nginx/certs/fullchain.pem;
    ssl_certificate_key /etc/nginx/certs/privkey.pem;

    location / {
        proxy_pass http://backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

This configuration enables HTTPS and redirects traffic to the backend securely.

Conclusion

Using Nginx as a reverse proxy in a Dockerized environment simplifies service management, enhances security, and optimizes performance. We've covered:

  • Setting up Nginx in Docker

  • Routing traffic to multiple containers

  • Implementing load balancing

  • Securing communication with SSL

With these concepts, you can build scalable and secure applications efficiently. Happy coding!

0
Subscribe to my newsletter

Read articles from The DevOps Dojo directly inside your inbox. Subscribe to the newsletter, and don't miss out.

nginxnginx ingressnginx-projectNginx installation tutorialNginx configuration guideDockerdocker images

Written by

The DevOps Dojo
The DevOps Dojo