0

For the life of me, I cannot seem to get my NGINX reverse proxy server working for virtual hosts. And before anyone tells me to use NPM, I'm already using it; however, the server is (1) virtual, (2) being overwhelmed by the ever-increasing number of AI bot requests, and (3) only have dedicated 8 GB of RAM for.

I now have a dedicated server running with 16 GB RAM and 120 GB SSD.

Despite my best efforts for getting the reverse proxy to get through, it continues the Cylon red-eye of Death (nod to Battlestar Galactica).

I want to be able to get rid of as much overhead as I can, and NPM has already crashed - twice - for me; translation: NPM (and Docker for that matter) isn't an option.

My configuration is as follows:

/etc/nginx/nginx.conf:

user web; worker_processes auto; pid /run/nginx.pid; events { worker_connections 1024; multi_accept on; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; error_log /var/log/nginx/error.log warn; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; }

/etc/nginx/header.conf:

 proxy_hide_header Upgrade; proxy_hide_header X-Powered-By; proxy_hide_header Expect-CT; #-- added 22sep2025 proxy_hide_header Vary; proxy_hide_header Cache-Control; proxy_hide_header Access-Control-Allow-Methods; proxy_hide_header Access-Control-Max-Age; proxy_hide_header Access-Control-Allow-Headers; proxy_hide_header Permissions-Policy; proxy_hide_header Content-Length; proxy_hide_header Accept-Ranges; proxy_hide_header Last-Modified; proxy_hide_header X-Frame-Options; proxy_hide_header X-Content-Type-Options; proxy_hide_header X-Content-Type-Options; proxy_hide_header Content-Security-Policy; proxy_hide_header X-XSS-Protection; proxy_hide_header X-Permitted-Cross-Domain-Policies; proxy_hide_header Referrer-Policy; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $http_host; proxy_cookie_path / "/; Secure"; proxy_ignore_headers Set-Cookie; error_page 502 = http://somewhere.com/error.html;

/etc/nginx/sites-available/domain.com.conf:

 server { listen 80; server_name domain.com; access_log /var/log/nginx/access/domain.com:access.log; error_log /var/log/nginx/error/domain.com:error.log; location / { include /etc/nginx/header.conf; proxy_pass http://10.1.1.40:80; } }
Improve this question

1 Answer 1

Reset to default
0

From the content of this and your previous question, I can conclude that you don't really understand the purpose of using a reverse proxy server (which is not a WAF).

Let me briefly outline the functions a reverse proxy server can provide to reduce the load on the main web server (in your case, as I understand it, a Node.js web application):

  1. TLS termination;
  2. Static content serving;
  3. Caching;
  4. Load balancing between several web application instances on different servers;
  5. Limiting the number of simultaneous connections or requests per time frame from a single client.

Which of the above are you using in your nginx configuration? None. In fact, the only thing your nginx reverse proxy server is doing right now is adding extra load to your network gateway. Probably you could benefit from options (2) and (3), but since you haven't provided any information about the nature of your web application, we can't give you any specific advice.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.