DEV Community

Cover image for #DAY 11: High Availability – Deploying a Reverse Proxy (Nginx)
Samuel Adeduntan
Samuel Adeduntan

Posted on

#DAY 11: High Availability – Deploying a Reverse Proxy (Nginx)

Enhancing Security and Reliability with Nginx

Introduction

Securing and simplifying service access becomes crucial as systems grow and external traffic rises. In order to improve security and performance, a reverse proxy serves as a mediator between clients and backend servers. I used Nginx as a reverse proxy throughout this stage to control traffic flow, improve reliability, and add a layer of security. The benefits from this configuration were load distribution, SSL termination, and defense against backend services being directly exposed. I increased the monitoring environment's resiliency and made sure that services were delivered more securely and effectively by utilizing Nginx.

Objective
By implementing HTTPS and setting up a new domain, I hoped to improve security and professionalism. This enhanced user trust, made sure that all interactions were secured, and produced a more dependable and professional public-facing status page.

Procedure: Deploying a Reverse Proxy with HTTPS
Install Nginx
sudo apt update
Image1

Sudo apt install nginx -y

Image1

Image2

Image3

Image4

Image5

I ensured Nginx was running: sudo systemctl status nginx

Image1

Configure Reverse Proxy for Uptime Kuma

I created a new site config:
Sudo nano /etc/nginx/sites-available/uptimekuma

Image1

I added the following configuration (replace with your actual domain and port where Kuma is running, e.g., 3001):

Image2

Enabled the site:
sudo ln -s /etc/nginx/sites-available/uptimekuma /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

Secure with Let’s Encrypt SSL (Certbot)
Installed Certbot + Nginx plugin:
Sudo apt install certbot python3-certbot-nginx -y

Image1

Image2

Image3

Image4

Image5

Image6

Requested SSL certificate:
sudo certbot --nginx -d status.mydomain.com

sudo certbot --nginx -d status.mydomain.com -m adedunsam220@gmail.com --agree-tos

Image1

Confirm DNS is correct.
Run this from your terminal: dig +short status.mydomain.com

Image2

Check firewall/ports.

Port 80 (HTTP) must be open to the Internet. Run: sudo ufw status.

Image1

Sudo ufw allow 443/tcp

Image4

http://192.168.92.134:8080
Image1

Image2

Image3

Image4

Conclusion
The effective implementation of Nginx as Uptime Kuma's reverse proxy is a critical turning point in the development of a reliable and expert monitoring system. This method adds a crucial layer of abstraction and control by successfully separating the backend service from the public-facing endpoint. Nginx now takes care of the cryptographic hard lifting by ending SSL at the proxy, protecting all client communications with HTTPS. This increases user trust by authenticating the service using a trusted certificate in addition to encrypting data in transit. Additionally, by displaying a regular web port (443) and facilitating future scalability with features like load balancing, the reverse proxy configuration makes client access easier. A production-grade status page can now be built on a stronger foundation thanks to the overall architecture's increased security, manageability, and resilience.

Success Goal
The primary goal was to enhance security and professionalism by implementing HTTPS and configuring a custom domain for the Uptime Kuma status page. This goal was successfully achieved.

Top comments (0)