Install and Configure NGINX as a Reverse Proxy on RHEL 9

Using NGINX as a reverse proxy is a powerful way to route traffic to back-end services, add SSL termination, and improve the performance and security of your applications. In this guide, we’ll walk through installing and configuring NGINX as a reverse proxy on a RHEL 9 server.

1. Install NGINX on RHEL 9

First, update your package index and install NGINX:

sudo dnf update -y
sudo dnf module enable nginx:1.22 -y
sudo dnf install nginx -y

sudo dnf update -y
sudo dnf module enable nginx:1.22 -y
sudo dnf install nginx -y

Enable and start the service:

sudo systemctl enable --now nginx

sudo systemctl enable --now nginx

Verify NGINX is running:

sudo systemctl status nginx

sudo systemctl status nginx

2. Open Firewall Ports

Allow HTTP and HTTPS traffic through the firewall:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

3. Configure the Reverse Proxy

Create a new NGINX configuration file for your domain. For example:

sudo vim /etc/nginx/conf.d/reverse-proxy.conf

sudo vim /etc/nginx/conf.d/reverse-proxy.conf

Add the following configuration:

server {
    listen 80;
    server_name example.com;

    location / {
        proxy_pass http://127.0.0.1:8080;  # Replace with your backend service address
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
    listen 80;
    server_name example.com;

    location / {
        proxy_pass http://127.0.0.1:8080;  # Replace with your backend service address
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Save the file, then test and reload NGINX:

sudo nginx -t
sudo systemctl reload nginx

sudo nginx -t
sudo systemctl reload nginx

4. Add SSL (Optional but Recommended)

To enable HTTPS, install Certbot using Snap:

sudo dnf install snapd -y
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
sudo snap install core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

sudo dnf install snapd -y
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
sudo snap install core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Obtain a certificate:

sudo certbot --nginx -d example.com

sudo certbot --nginx -d example.com

Certbot will automatically configure your NGINX to use SSL.

Finally, restart NGINX to apply changes:

sudo systemctl restart nginx

sudo systemctl restart nginx

Visit https://example.com in your browser to verify that the reverse proxy is working.

Benefits of Using NGINX as a Reverse Proxy

• Centralized SSL/TLS termination
• Load balancing and fail-over support
• Improved security with controlled access
• Ability to host multiple applications behind a single IP

With these steps, you have successfully installed and configured NGINX as a reverse proxy on RHEL 9!