When running a web application on a non-standard port (like 5010), it's common practice to use Nginx as a reverse proxy to handle public-facing traffic on port 80/443. This provides several benefits:
- Hides your actual application server port
- Enables SSL termination
- Provides load balancing capabilities
- Allows serving multiple applications from single IP
Here's a minimal working configuration that proxies requests from port 80 to your application running on port 5010:
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
location / {
proxy_pass http://127.0.0.1:5010;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}Let's break down the key directives:
- proxy_pass: Defines the backend server address
- proxy_set_header: Ensures proper headers are forwarded
- X-Real-IP preserves the client's original IP
- X-Forwarded-Proto maintains the original protocol (http/https)
For production environments, consider adding these optimizations:
location / {
proxy_pass http://127.0.0.1:5010;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
# Timeout settings
proxy_connect_timeout 60s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
# Buffer settings
proxy_buffers 16 32k;
proxy_buffer_size 64k;
}If your application uses WebSockets, add these directives:
location / {
# ... existing directives ...
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}After making changes:
- Test configuration:
sudo nginx -t - Reload Nginx:
sudo systemctl reload nginx - Check logs:
tail -f /var/log/nginx/error.log
- 502 Bad Gateway: Check if backend service is running
- Connection refused: Verify firewall allows port 5010
- Headers missing: Ensure all proxy_set_header directives are present
Here's the minimal Nginx configuration needed to proxy requests from port 80 to your application running on port 5010:
server {
listen 80;
server_name yourdomain.com;
location / {
proxy_pass http://localhost:5010;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
proxy_pass: The core directive that forwards requests to your backend service.
proxy_set_header: Essential for preserving original request information when proxying.
1. SELinux/AppArmor blocking:
If requests aren't reaching your backend, check security modules:
sudo setsebool -P httpd_can_network_connect 1
2. Missing headers:
Without proper headers, your app might misbehave. Always include these:
proxy_set_header Connection '';
proxy_http_version 1.1;
For production environments, consider adding these optimizations:
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 16k;
proxy_busy_buffers_size 24k;
proxy_max_temp_file_size 2048m;
After making changes, always:
sudo nginx -t # Test configuration
sudo systemctl reload nginx # Apply changes
Here's a production-ready configuration handling both HTTP and HTTPS:
server {
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name example.com www.example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
location / {
proxy_pass http://localhost:5010;
# Standard proxy settings
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Timeout settings
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}