Lewati ke konten
Kembali ke Blog
DevOps Linux

Cara Setup Nginx sebagai Web Server dan Reverse Proxy

Hendra Wijaya
Β· Β· 5 menit baca

Nginx adalah web server yang ringan dan powerful. Mari pelajari cara setup dan konfigurasinya.

Install Nginx

Ubuntu/Debian

# Update packages
sudo apt update

sudo apt install nginx


Start dan enable


sudo systemctl start nginx
sudo systemctl enable nginx


Check status


sudo systemctl status nginx


Test di browser: 
http://your-server-ip

Firewall Configuration

# Allow Nginx through firewall
sudo ufw allow 'Nginx Full'

Or specific ports


sudo ufw allow 80
sudo ufw allow 443


Check status


sudo ufw status

Directory Structure

Important Paths

/etc/nginx/              # Config files
β”œβ”€β”€ nginx.conf           # Main config
β”œβ”€β”€ sites-available/     # Available sites
β”œβ”€β”€ sites-enabled/       # Enabled sites (symlinks)
β”œβ”€β”€ conf.d/              # Additional configs
└── snippets/            # Reusable snippets

/var/www/                # Web root
/var/log/nginx/          # Log files
β”œβ”€β”€ access.log
└── error.log

Basic Configuration

Main Config (nginx.conf)

# /etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;


events {
worker_connections 1024;
multi_accept on;
}


http {


Basic Settings


sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

# MIME types
include /etc/nginx/mime.types;
default_type application/octet-stream;

# Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

# Gzip
gzip on;
gzip_vary on;
gzip_types text/plain text/css application/json application/javascript;

# Virtual Host Configs
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Simple Site Config
# /etc/nginx/sites-available/mysite.com

server {
listen 80;
listen [::]:80;


server_name mysite.com www.mysite.com;
root /var/www/mysite.com;
index index.html index.htm;

location / {
    try_files $uri $uri/ =404;
}

# Logging
access_log /var/log/nginx/mysite.access.log;
error_log /var/log/nginx/mysite.error.log;
}
Enable Site
# Create symlink
sudo ln -s /etc/nginx/sites-available/mysite.com /etc/nginx/sites-enabled/

Test config


sudo nginx -t


Reload Nginx


sudo systemctl reload nginx

Reverse Proxy
Node.js Application
# /etc/nginx/sites-available/nodeapp.com

upstream nodejs {
server 127.0.0.1:3000;
keepalive 64;
}


server {
listen 80;
server_name nodeapp.com;


location / {
    proxy_pass http://nodejs;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_cache_bypass $http_upgrade;
}
}
Multiple Applications
server {
    listen 80;
    server_name example.com;

# API server (Node.js on port 3000)
location /api {
    proxy_pass http://127.0.0.1:3000;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
}

# Frontend (React on port 3001)
location / {
    proxy_pass http://127.0.0.1:3001;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
}

# WebSocket
location /ws {
    proxy_pass http://127.0.0.1:3000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}
}
SSL/TLS Configuration
Install Certbot
# Install Certbot
sudo apt install certbot python3-certbot-nginx

Get certificate


sudo certbot --nginx -d mysite.com -d www.mysite.com


Auto-renewal test


sudo certbot renew --dry-run

Manual SSL Config
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name mysite.com;

# SSL Certificate
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;

# SSL Settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;

# HSTS
add_header Strict-Transport-Security "max-age=63072000" always;

root /var/www/mysite.com;
index index.html;

location / {
    try_files $uri $uri/ =404;
}
}
Redirect HTTP to HTTPS
server {
listen 80;
server_name mysite.com www.mysite.com;
return 301 https://$server_name$request_uri;
}
Load Balancing
Round Robin
upstream backend {
    server 192.168.1.10:3000;
    server 192.168.1.11:3000;
    server 192.168.1.12:3000;
}

server {
listen 80;
server_name example.com;


location / {
    proxy_pass http://backend;
}
}
Weighted Load Balancing
upstream backend {
    server 192.168.1.10:3000 weight=5;
    server 192.168.1.11:3000 weight=3;
    server 192.168.1.12:3000 weight=2;
}

IP Hash (Sticky Sessions)
upstream backend {
    ip_hash;
    server 192.168.1.10:3000;
    server 192.168.1.11:3000;
}

Caching
Proxy Cache
# Define cache zone
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=1g inactive=60m;

server {
listen 80;
server_name example.com;


location / {
    proxy_pass http://backend;
    proxy_cache my_cache;
    proxy_cache_valid 200 60m;
    proxy_cache_valid 404 1m;
    proxy_cache_use_stale error timeout updating;
    add_header X-Cache-Status $upstream_cache_status;
}

# Bypass cache for specific requests
location /api {
    proxy_pass http://backend;
    proxy_cache_bypass $http_cache_control;
}
}
Static File Caching
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff2)$ {
    expires 30d;
    add_header Cache-Control "public, immutable";
}

Security Headers
Secure Configuration
server {
    # ... other config

# Security Headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self';" always;

# Hide Nginx version
server_tokens off;

# Limit request size
client_max_body_size 10M;

# Rate limiting
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

location /api {
    limit_req zone=one burst=5 nodelay;
    proxy_pass http://backend;
}
}
Gzip Compression
Enable Gzip
http {
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types
        text/plain
        text/css
        text/xml
        text/javascript
        application/json
        application/javascript
        application/xml
        application/xml+rss
        application/x-javascript
        image/svg+xml;
}

Common Commands
Nginx Management
# Test configuration
sudo nginx -t

Reload (graceful)


sudo systemctl reload nginx


Restart


sudo systemctl restart nginx


Stop


sudo systemctl stop nginx


View logs


sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log


Check connections


sudo netstat -tlnp | grep nginx

Troubleshooting
Common Issues
# Permission denied
sudo chown -R www-data:www-data /var/www/mysite.com

502 Bad Gateway


- Check if backend is running


- Check proxy_pass URL


- Check firewall


413 Request Entity Too Large


Add: client_max_body_size 50M;


Check error logs


sudo tail -100 /var/log/nginx/error.log

Kesimpulan
Nginx adalah web server yang sangat flexible dan powerful. Mulai dengan basic config lalu explore fitur advanced seperti load balancing dan caching.

Ditulis oleh

Hendra Wijaya
Artikel Sebelumnya Cara Setup Next.js Project dari Awal Artikel Selanjutnya Cara Setup PostgreSQL Database di Linux

Artikel Terkait

Cara Mengatasi Error 53 Saat Akses NFS Linux di Windows (Penyebab & Solusi Lengkap)

April 21, 2026

Cara Akses NFS Linux di Windows (Lengkap + Alternatif Termudah)

April 21, 2026

Tutorial Konfigurasi Fail2ban Ubuntu: Keamanan SSH

Februari 4, 2026

Tinggalkan Komentar

Email tidak akan ditampilkan.