Nur Hamim
Nur Hamim Anak desa yang gemar berkomunitas, suka menulis dan mencari hal baru seputar Unix/Linux dan Cloud. Saat ini sedang menempuh pendidikan S1 TI di Unindra dan kebetulan bekerja di PT Biznet GIO Nusantara

Cara Konfigurasi Nginx Reverse Proxy (Standalone)


Cara Konfigurasi Nginx Reverse Proxy (Standalone)

Pada tutorial sebelumnya kita sudah membahas tentang pengertian, cara kerja, fungsi dan keuntungan jika menggunakan Nginx Reverse Proxy berikut: Memahami Cara Kerja Nginx Reverse Proxy

Untuk mengikuti tutorial ini pastikan Anda sudah mengikuti tutorial berikut, karena pada tutorial kali ini akan dibahas langsung inti dan tahapan melakukan Nginx Reverse Proxy

Berikut skema topologi yang akan digunakan pada tutorial kali ini

Topologi diatas hanya menggunakan 1 server/VM/VPS (standalone) dengan demikian pastikan Anda sudah running ke dua webser Apache dan Nginx dalam satu server.

Disini kami set Nginx berjalan di port default web server 80 dan untuk backend (Apache) berjalan di port 8080.

Pastikan status masing – masing web server running sebagai berikut

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

# Nginx 
[root@tutorial ~]#
[root@tutorial ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/nginx.service.d
           └─php-fpm.conf
   Active: active (running) since Sun 2020-08-23 04:56:25 UTC; 8h ago
  Process: 14723 ExecReload=/bin/kill -s HUP $MAINPID (code=exited, status=0/SUCCESS)
  Process: 14755 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
  Process: 14752 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
  Process: 14743 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
 Main PID: 14756 (nginx)
    Tasks: 5 (limit: 23813)
   Memory: 8.6M
   CGroup: /system.slice/nginx.service
           ├─14756 nginx: master process /usr/sbin/nginx
           ├─14757 nginx: worker process
           ├─14758 nginx: worker process
           ├─14759 nginx: worker process
           └─14760 nginx: worker process

Aug 23 04:56:24 tutorial.nurhamim.my.id systemd[1]: Starting The nginx HTTP and reverse proxy server...
Aug 23 04:56:25 tutorial.nurhamim.my.id nginx[14752]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Aug 23 04:56:25 tutorial.nurhamim.my.id nginx[14752]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Aug 23 04:56:25 tutorial.nurhamim.my.id systemd[1]: Started The nginx HTTP and reverse proxy server.
[root@tutorial ~]#

# Apache
[root@tutorial httpd]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/httpd.service.d
           └─php-fpm.conf
   Active: active (running) since Sun 2020-08-23 13:49:08 UTC; 4s ago
     Docs: man:httpd.service(8)
  Process: 14707 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
 Main PID: 16332 (httpd)
   Status: "Started, listening on: port 8080"
    Tasks: 213 (limit: 23813)
   Memory: 37.4M
   CGroup: /system.slice/httpd.service
           ├─16332 /usr/sbin/httpd -DFOREGROUND
           ├─16333 /usr/sbin/httpd -DFOREGROUND
           ├─16334 /usr/sbin/httpd -DFOREGROUND
           ├─16335 /usr/sbin/httpd -DFOREGROUND
           └─16336 /usr/sbin/httpd -DFOREGROUND

Aug 23 13:49:08 tutorial.nurhamim.my.id systemd[1]: Starting The Apache HTTP Server...
Aug 23 13:49:08 tutorial.nurhamim.my.id systemd[1]: Started The Apache HTTP Server.
Aug 23 13:49:08 tutorial.nurhamim.my.id httpd[16332]: Server configured, listening on: port 8080
[root@tutorial httpd]#

Disini kami akan mencoba membuat file website sederhana menggunakan HTML saja, silakan pindah ke direktori /var/www/ dan buat direktori website Anda

1
2
3
4
5
6
7

[root@tutorial ~]#
[root@tutorial ~]# cd /var/www/
[root@tutorial www]# mkdir belajarlinux
[root@tutorial www]# cd belajarlinux/
[root@tutorial belajarlinux]#
[root@tutorial belajarlinux]# echo "<h1>Belajar Reverse Proxy Nginx di @BelajarLinuxID</h1>" > index.html
[root@tutorial belajarlinux]#

Membuat vhost (Virtual Host) untuk website belajarlinux

1
2

[root@tutorial belajarlinux]#
[root@tutorial belajarlinux]# vim /etc/httpd/conf.d/vhost-belajarlinux.conf

Berikut isi dari vhost nya

1
2
3
4
5
6
7
8

<VirtualHost *:8080>
  ServerName vhost.nurhamim.my.id
  DocumentRoot /var/www/belajarlinux

  <Directory /var/www/belajarlinux>
    Require all granted
  </Directory>
</VirtualHost>

Jika sudah silakan reload web server Apache Anda

1
2

[root@tutorial belajarlinux]#
[root@tutorial belajarlinux]# systemctl reload httpd

Verifikasi domain atau subdomain yang Anda gunakan, silakan akses menggunakan port 8080

Selanjutnya mengubah LogFormat dari Access_Log Apache untuk mempermudah melihat access log dan membedakan menggunakan Reverse Proxy Nginx dengan tidak menggunakan Reverse Proxy Nginx.

Sebelum mengubah silakan backup terlebih dahulu file original apache Anda

1
2

[root@tutorial belajarlinux]#
[root@tutorial belajarlinux]# cp /etc/httpd/conf/httpd.conf{,-orig}

Jika sudah silakan edit access log apache

1

[root@tutorial belajarlinux]# vim /etc/httpd/conf/httpd.conf

Kemudian tambahkan _ %v _ pada LogFormat seperti berikut

  • Before

    1
2
3
4
5
6

      #
  # The following directives define some format nicknames for use with
  # a CustomLog directive (see below).
  #
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  LogFormat "%h %l %u %t \"%r\" %>s %b" common

  • After

    1
2
3
4
5
6

      #
  # The following directives define some format nicknames for use with
  # a CustomLog directive (see below).
  #
  LogFormat "%v %a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  LogFormat "%h %l %u %t \"%r\" %>s %b" common

Noted:

  • %v : Digunakan untuk mencatat informasi virtualhost Anda
  • %a : Digunakan untuk merekam (capture) IP klien yang bukan IP Reverse Proxy Nginx nantinya dan kita perlu menambahkan header di sisi vhost nantinya supaya dapat terekan IP klien.

Kemudian cek log access nya seperti menggunakan perintah berikut

1

# tail -f /var/log/httpd/access_log

  • Before

    103.58.102.219 - - [23/Aug/2020:13:58:36 +0000] “GET /noindex/common/images/pb-apache.png HTTP/1.1” 200 103267 “http://vhost.nurhamim.my.id:8080/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0” 103.58.102.219 - - [23/Aug/2020:13:58:51 +0000] “GET / HTTP/1.1” 200 56 “-“ “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0” 103.58.102.219 - - [23/Aug/2020:13:58:51 +0000] “GET /robots.txt?1598191115128 HTTP/1.1” 404 208 “-“ “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0” 103.58.102.219 - - [23/Aug/2020:13:58:51 +0000] “GET /favicon.ico HTTP/1.1” 404 209 “-“ “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0”

  • After

    vhost.nurhamim.my.id 127.0.0.1 - - [23/Aug/2020:14:16:07 +0000] “GET / HTTP/1.0” 304 - “-“ “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0” vhost.nurhamim.my.id 127.0.0.1 - - [23/Aug/2020:14:16:07 +0000] “GET /robots.txt?1598192151211 HTTP/1.0” 404 208 “-“ “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0” vhost.nurhamim.my.id 127.0.0.1 - - [23/Aug/2020:14:16:09 +0000] “GET / HTTP/1.0” 304 - “-“ “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0” vhost.nurhamim.my.id 127.0.0.1 - - [23/Aug/2020:14:16:09 +0000] “GET /robots.txt?1598192153302 HTTP/1.0” 404 208 “-“ “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0” vhost.nurhamim.my.id 127.0.0.1 - - [23/Aug/2020:14:16:10 +0000] “GET / HTTP/1.0” 304 - “-“ “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0” vhost.nurhamim.my.id 127.0.0.1 - - [23/Aug/2020:14:16:11 +0000] “GET /robots.txt?1598192154846 HTTP/1.0” 404 208 “-“ “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0” vhost.nurhamim.my.id 127.0.0.1 - - [23/Aug/2020:14:16:14 +0000] “GET / HTTP/1.0” 304 - “-“ “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0” vhost.nurhamim.my.id 127.0.0.1 - - [23/Aug/2020:14:16:14 +0000] “GET /robots.txt?1598192158142 HTTP/1.0” 404 208 “-“ “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0”

Menentukan port listen konfigurasi apache dan virtual host apache di sini akan menggunakan port 8080 listen 127.0.0.2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

#### Konfigurasi Apache
[root@tutorial belajarlinux]#
[root@tutorial belajarlinux]# vim /etc/httpd/conf/httpd.conf

#Listen 12.34.56.78:80
#Listen 80
Listen 127.0.0.2:8080

### Konfigurasi Vhost Apache
[root@tutorial belajarlinux]# vim /etc/httpd/conf.d/vhost-belajarlinux.conf

<VirtualHost 127.0.0.2:8080>
  ServerName vhost.nurhamim.my.id
  DocumentRoot /var/www/belajarlinux

  <Directory /var/www/belajarlinux>
    Require all granted
  </Directory>
</VirtualHost>

Jika sudah, selanjutnya membuat konfigurasi Nginx Reverse Proxy

1
2

[root@tutorial belajarlinux]#
[root@tutorial belajarlinux]# vim /etc/nginx/conf.d/proxy-belajarlinux.conf

Berikut isi dari file Nginx Reverse Proxy nya

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

upstream belajarlinux8080 {
    server 127.0.0.2:8080;
}

server {
    listen 80;
    server_name vhost.nurhamim.my.id;

    location / {
        proxy_pass http://belajarlinux8080;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Catatan:

  • Disini kami menggunakan upstream, kita perlu mendifine ip dan port yang sudah kita tentukan di konfigurasi apache sebelumnya
  • Server Name: isikan sub domain atau domain sesuai dengan yang ada di vhost
  • Proxy_pass: Merupakan konfigurasi reverse proxy nya, pastikan sama dengan yang ada di upstream

Selanjutnya reload nginx dan apache dan pastikan tidak ada miss atau kesalahan konfigurasi dari ke dua web server tersebut

1
2
3
4
5
6
7
8

[root@tutorial belajarlinux]#
[root@tutorial belajarlinux]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@tutorial belajarlinux]#
[root@tutorial belajarlinux]# systemctl reload httpd
[root@tutorial belajarlinux]# systemctl reload nginx
[root@tutorial belajarlinux]#

Jika sudah silakan akses sub domain Anda tanpa port 8080 karena sudah menggunakan reverse proxy

Baik saat ini website sudah dapat diakses tanpa port dan artinya reverse proxy sudah berjalan, silakan cek log access apache Anda

1
2
3
4

vhost.nurhamim.my.id 127.0.0.1 - - [23/Aug/2020:14:38:38 +0000] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0"
vhost.nurhamim.my.id 127.0.0.1 - - [23/Aug/2020:14:40:30 +0000] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0"
vhost.nurhamim.my.id 127.0.0.1 - - [23/Aug/2020:14:40:31 +0000] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0"
vhost.nurhamim.my.id 127.0.0.1 - - [23/Aug/2020:14:40:31 +0000] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0"

Di log access saat ini IP Klien belum terekan hanya IP localhost untuk itu kita perlu menambahkan beberapa konfigurasi header disisi vhost seperti berikut

1
2

[root@tutorial belajarlinux]#
[root@tutorial belajarlinux]# vim /etc/httpd/conf.d/vhost-belajarlinux.conf

Berikut isi dari vhost terbaru

1
2
3
4
5
6
7
8
9
10
11

<VirtualHost 127.0.0.2:8080>
  ServerName vhost.nurhamim.my.id
  DocumentRoot /var/www/belajarlinux

  RemoteIPHeader X-Forwarded-For
  RemoteIPInternalProxy 127.0.0.1/8

  <Directory /var/www/belajarlinux>
    Require all granted
  </Directory>
</VirtualHost>

Jika sudah silakan reload kembali nginx dan apache Anda lalu akses kembai subdomain atau domain Anda dan lihat kembali log access nya akan seperti berikut

1
2
3
4
5
6

vhost.nurhamim.my.id 103.58.102.219 - - [23/Aug/2020:14:43:08 +0000] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0"
vhost.nurhamim.my.id 103.58.102.219 - - [23/Aug/2020:14:43:08 +0000] "GET /robots.txt?1598193772224 HTTP/1.0" 404 208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0"
vhost.nurhamim.my.id 103.58.102.219 - - [23/Aug/2020:14:43:17 +0000] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0"
vhost.nurhamim.my.id 103.58.102.219 - - [23/Aug/2020:14:43:17 +0000] "GET /robots.txt?1598193781007 HTTP/1.0" 404 208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0"
vhost.nurhamim.my.id 103.58.102.219 - - [23/Aug/2020:14:43:17 +0000] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0"
vhost.nurhamim.my.id 103.58.102.219 - - [23/Aug/2020:14:43:18 +0000] "GET /robots.txt?1598193782512 HTTP/1.0" 404 208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0"

Dari Accesss Log diatas kita dapat melihat IP 103.58.102.219 (client) sedang mengakses website vhost.nurhamim.my.id dan berikut detail untuk informasi reverse proxy nya

Selamat mencoba 😁

comments powered by Disqus