Nginx Web Server

Nginx Adalah server HTTP berperforma tinggi, reverse proxy, dan load balancer yang banyak digunakan untuk aplikasi web dan layanan mikro (microservices).

Instalasi Nginx

Ubuntu/Debian

sudo apt update
sudo apt install nginx

CentOS/RHEL

sudo yum install nginx
# or
sudo dnf install nginx

Konfigurasi Dasar

File Konfigurasi Utama

# /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    include /etc/nginx/conf.d/*.conf;
}

Contoh Server Block

server {
    listen 80;
    server_name example.com www.example.com;
    root /var/www/html;
    index index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
}

Kasus Penggunaan Umum

Reverse Proxy

location / {
    proxy_pass http://backend-server:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
}

Load Balancing

upstream backend {
    server backend1.example.com;
    server backend2.example.com;
    server backend3.example.com;
}

server {
    location / {
        proxy_pass http://backend;
    }
}

SSL Konfigurasi

server {
    listen 443 ssl;
    server_name example.com;
    
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private.key;
    
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
}

Management Commands

# Test configuration
sudo nginx -t

# Reload configuration
sudo nginx -s reload

# Start/Stop/Restart
sudo systemctl start nginx
sudo systemctl stop nginx
sudo systemctl restart nginx

# Enable on boot
sudo systemctl enable nginx

Conton Nginx satu domain menggunakan Upstream

upstream backend-svc {
    server IP:8080;
}

upstream frontend-svc {
    server IP:8081;
}

server {
    listen 80;
    server_name ampkis; 

    location / {
        proxy_pass http://frontend-svc;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_connect_timeout 10s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;

        expires 7d;
        add_header Cache-Control "public";
    }

    location /api/ {
        proxy_pass http://backend-svc/;  
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        client_max_body_size 50M;     
        proxy_connect_timeout 10s;
        proxy_send_timeout 120s;
        proxy_read_timeout 120s;

        add_header Cache-Control "no-store";
    }

    location = /health {
        proxy_pass http://backend-svc/health;
    }
}

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

Contoh Domain Terpisah untuk Frontend dan Backend

# FRONTEND
server {
    listen 80;
    server_name apps.tsg;

    location / {
        proxy_pass http://FRONTEND_IP:8081;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        expires 7d;
        add_header Cache-Control "public";
    }
}

# BACKEND / API
server {
    listen 80;
    server_name api.tsg;

    location / {
        proxy_pass http://BACKEND_IP:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        client_max_body_size 100M;
        proxy_connect_timeout 10s;
        proxy_read_timeout 120s;
        proxy_send_timeout 120s;

        add_header Cache-Control "no-store";
    }
}

Instalasi Nginx​

Ubuntu/Debian​

CentOS/RHEL​

Konfigurasi Dasar​

File Konfigurasi Utama​

Contoh Server Block​

Kasus Penggunaan Umum​

Reverse Proxy​

Load Balancing​

SSL Konfigurasi​

Management Commands​

Conton Nginx satu domain menggunakan Upstream​

Contoh Domain Terpisah untuk Frontend dan Backend​

Instalasi Nginx

Ubuntu/Debian

CentOS/RHEL

Konfigurasi Dasar

File Konfigurasi Utama

Contoh Server Block

Kasus Penggunaan Umum

Reverse Proxy

Load Balancing

SSL Konfigurasi

Management Commands

Conton Nginx satu domain menggunakan Upstream

Contoh Domain Terpisah untuk Frontend dan Backend