A reverse proxy sits in front of your application server, handling SSL, load balancing, caching, and security headers. This guide covers a production-ready Nginx reverse proxy config from scratch.
Prerequisites
A Linux server (Ubuntu/Debian or RHEL/CentOS)
A domain name pointing to your server's IP
Your app running on a local port (e.g., localhost:3000)
Preserves the original Host header from the client
Upgrade / Connection
Required for WebSocket connections to work
Useful Commands
Test, reload, and debugbash
1
# Test config syntax before reloading
2
sudo nginx -t
3
4
# Reload without downtime
5
sudo systemctl reload nginx
6
7
# Watch access logs in real-time
8
sudo tail -f /var/log/nginx/access.log
9
10
# Watch error logs
11
sudo tail -f /var/log/nginx/error.log
Always run nginx -t before reloading. A syntax error in the config will take down all sites on the server if you use systemctl restart instead of reload.
For load balancing across multiple app instances, use an upstream block. See the Nginx upstream docs for round-robin, least-connections, and IP-hash strategies.