techlogia — AI and Web Development Berlin
All courses
Free to read – no sign-up

nginx as a reverse proxy

You put nginx in front of a python3 backend that only listens on 127.0.0.1:9000. Classic web stack: backend produces content, nginx handles port 80, caching, logs and SSL. Four tasks, around 40 minutes. Prequel to the deploy-and-tls module (that's this architecture + Let's Encrypt).

Duration: 40 minLevel: BeginnerExercises: 4

Put a backend behind nginx

nginx as a reverse proxy

A reverse proxy is a server that accepts requests from the internet and forwards them to a backend behind the scenes. The browser only talks to nginx (port 80/443); the actual program (here a Python backend) listens only locally on 127.0.0.1:9000 and is not reachable from outside at all.

Why do this?

  • Security: the backend is not directly exposed.
  • TLS/HTTPS: nginx handles encryption centrally.
  • Caching, logs, load balancing: nginx can do this for many backends in one place.

This is the classic web stack — and the precursor to the module "Deploy a live website with HTTPS".

Key terms

  • Backend: the program that produces the content (here listening on 127.0.0.1:9000).
  • proxy_pass: the nginx directive that forwards requests to the backend.
  • sites-available / sites-enabled: nginx stores site configs in sites-available/ and activates them via a symlink in sites-enabled/.

Your goal

You configure nginx so that port 80 forwards requests to the local backend on port 9000.

Exercises

  1. 1. nginx is running

    Concept: service status. A reverse proxy is useless if nginx is not running. Make sure the nginx service is active.

    sudo systemctl enable --now nginx

    Check: systemctl is-active nginx reports active.

  2. 2. Site config written

    Concept: site configuration. A site config describes how nginx handles a particular website. With proxy_pass you forward all requests to the local backend.

    Create /etc/nginx/sites-available/lab-proxy.conf (sudo nano ...) with:

    server {
    listen 80;
    location / {
        proxy_pass http://127.0.0.1:9000;
        proxy_set_header Host $host;
    }
}

    Check: /etc/nginx/sites-available/lab-proxy.conf contains proxy_pass http://127.0.0.1:9000.

  3. 3. Enable the site

    Concept: enabling a site (symlink). A config in sites-available/ is only present, not active. It becomes active through a symlink into sites-enabled/. Remove the default site so it doesn't interfere, and reload nginx.

    sudo ln -sf /etc/nginx/sites-available/lab-proxy.conf /etc/nginx/sites-enabled/lab-proxy.conf
sudo rm -f /etc/nginx/sites-enabled/default
sudo nginx -t && sudo systemctl reload nginx

    Check: /etc/nginx/sites-enabled/lab-proxy.conf exists and contains proxy_pass http://127.0.0.1:9000.

  4. 4. Proxy delivers backend content

    Concept: end-to-end test. Checking the config means: test live that nginx really serves the backend content. Request localhost on port 80 — you must see the backend's response.

    curl -s http://localhost/ > /tmp/nginx-output.txt
cat /tmp/nginx-output.txt

    Check: /tmp/nginx-output.txt contains Hello from Lab-Backend (the proxy passes the backend content through).

Now practice it yourself

Reading is good – doing is better. Start this course on a real Linux VM, right in your browser. A free account is all it takes.

Start for free

Lab content under CC BY 4.0 – free to use with attribution (© TechLogia).

nginx as a reverse proxy