Introduction to Nginx
Nginx (pronounced «engine-ex») is a high-performance web and proxy inverse server that has gained popularity for its ability to handle thousands of simultaneous connections with low resource consumption. Originally created by Igor Sysoev in 2004 to solve the problem of traditional web servers under heavy loads, Nginx today drives a significant part of the world's most visited sites. In this article you will learn to install it in a Linux distribution, configure it as a static web server, use it as proxy inverse and apply it as a load swimmer, as well as review good security practices.
Linux installation
The easiest way to install Nginx in Debian / Ubuntu-based distributions is through the APT package manager:
- Update the package index:
sudo apt update - Install Nginx:
sudo apt install nginx - Check that the service is active:
systemctl status nginx
RHEL / CentOS / Fedora distributions use DHF or YUM:
- Install the EPEL repository (if necessary):
sudo dnf install epel-release - Install Nginx:
sudo dnf install nginx - Enable and start the service:
sudo systemctl enable --now nginx
After installation, port 80 (HTTP) and, if SSL is enabled, 443 (HTTPS) will be opened by default. You can prove it by accessinghttp://tu_ip_o_dominiofrom a browser and you should see the Nginx welcome page.
Basic configuration as a static web server
Nginx configuration files are found in/etc/nginx/. The main file isnginx.confbut the most common thing is to create blocksserverwithin/etc/nginx/sites-available/and link them to/etc/nginx/sites-enabled/.
Example of a simple site that serves static files from/var/www/mi-sitio:
server {
listen 80;
server_name ejemplo.com www.ejemplo.com;
root /var/www/mi-sitio;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
After creating or editing the file, check the syntax withsudo nginx -tand recharges the configuration:sudo systemctl reload nginx.
Use as a proxy inverse
One of the most powerful uses of Nginx is to act as an intermediary between the client and one or more backend applications (e.g., a Node.js server, Python / Flask or a REST API). In this role, Nginx receives the HTTP request, sends it back to the backend process and returns the customer response.
Basic proxy reverse configuration for an application you listen to in port 3000:
server {
listen 80;
server_name app.ejemplo.com;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
The directivesproxy_set_headerensure that the backend application receives correct information about the original customer, which is essential for recording and generating absolute links.
Load Balancing with Upstream
When you have several instances of an application, Nginx can distribute traffic between them using a blockupstream. This improves availability and responsiveness.
upstream nodos_app {
server 127.0.0.1:3001;
server 127.0.0.1:3002;
server 127.0.0.1:3003;
}
server {
listen 80;
server_name balanceo.ejemplo.com;
location / {
proxy_pass http://nodos_app;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
By default, Nginx uses a round-robin algorithm, but you can specify others asleast_conn(less active connections) orip_hash(persistent sessions based on the customer's IP).
Security and best practices
- SSL / TLS:Get a free certificate with Let's Encrypt using Certbot and configure Nginx to listen at port 443 with the directives
ssl_certificateandssl_certificate_key. - Limit HTTP methods:If your API only needs GET and POST, block the others with
if ($request_method !~ ^(GET|POST)$) { return 405; }. - Rate limiting:Protect your backend from abuse using
limit_req_zoneandlimit_reqinside the blockslocation. - Hide versions:Add
server_tokens off;innginx.confto prevent Nginx from revealing its version number in the answers. - Keep up to date:Subscribe to your distribution security lists and apply
sudo apt upgrade nginx(or the equivalent) regularly.
Conclusion
Nginx is a key part of modern web infrastructure thanks to its performance, flexibility and low resource consumption. Whether you use it as a static web server, as a proxy inverse for dynamic applications or as a load swimmer against a server cluster, its configuration is clear and its documentation abundant. Following the steps and good practices described in this article you can deploy a robust and secure environment in any Linux distribution, ready to scale as your traffic grows.
