How to Configure Nginx Reverse Proxy for Multiple Internal Servers with Subdomains


2 views

The error message reveals two key issues in your Nginx configuration:

nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2009/01/04 12:22:13 [warn] 1302#0: the "user" directive makes sense only if the master process runs with super-user privileges
2009/01/04 12:22:13 [emerg] 1302#0: "proxy_pass" directive is not allowed here

The main configuration problem is that proxy_pass is placed directly in the server block without a location context. Here's how to fix it:

server {
    server_name app1.domain.eu;
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://10.0.2.5:80;
    }
}

server {
    server_name app2.domain.eu;
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://10.0.2.33:80;
    }
}

The permission errors suggest Nginx doesn't have proper access to write logs. Try these commands:

sudo chown -R www-data:www-data /var/log/nginx
sudo chmod -R 755 /var/log/nginx
sudo systemctl restart nginx

For production environments, consider adding these enhancements:

proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;

After making changes, always test and reload:

sudo nginx -t
sudo systemctl reload nginx

Remember to configure your DNS records (either in your DNS provider or local hosts file) to point your subdomains to the Nginx server's public IP.

When setting up Nginx as a reverse proxy for multiple internal servers, you need proper server block structure. The error occurs because proxy_pass was placed directly in the server context rather than within a location block.

# Incorrect structure (causes error)
server {
  server_name example.com;
  proxy_pass http://internal_server;  # This is wrong placement
}

# Correct structure
server {
  server_name example.com;
  location / {
    proxy_pass http://internal_server;
  }
}

Here's the properly structured configuration for routing multiple subdomains to different internal servers:

# /etc/nginx/sites-available/reverse_proxy.conf
server {
    listen 80;
    server_name domain.eu;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://10.0.2.5:80;
    }
}

server {
    listen 80;
    server_name subdomain.domain.eu;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://10.0.2.33:80;
    }
}

The error log permission problem suggests either:

  • Nginx doesn't have write permissions to /var/log/nginx/
  • You're running nginx -t as non-root user

Quick solutions:

# Fix log directory permissions
sudo chown -R www-data:adm /var/log/nginx
sudo chmod -R 755 /var/log/nginx

# Or test config with sudo
sudo nginx -t

For production environments, consider these enhancements:

location / {
    proxy_pass http://10.0.2.5:80;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_cache_bypass $http_upgrade;
    proxy_read_timeout 300;
    proxy_connect_timeout 300;
    
    # Buffering settings
    proxy_buffering on;
    proxy_buffer_size 4k;
    proxy_buffers 8 16k;
}

Ensure your DNS records point to the Nginx server:

  • A record for domain.eu → WAN IP
  • CNAME record for subdomain.domain.eu → domain.eu
  • Port forwarding on your router (80/443 → Nginx server)