Nginx Reverse Proxy Explained: Managing Your Traffic

You built an app listening on port 3000. You deploy it. But users expect to visit example.com (Port 80/443), not example.com:3000.

The Traffic Cop

A Reverse Proxy (Nginx, Caddy, Apache) sits in front of your apps. It accepts public traffic and "routes" it to the correct internal service.

server {
    listen 80;
    server_name example.com;

    location / {
        # Forward traffic to local node process
        proxy_pass http://localhost:3000;
        
        # Pass headers so Node knows the real user IP
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Why Not Just Expose Node.js?

1. SSL Termination: Nginx handles HTTPS certificates (Let's Encrypt). Your Node app doesn't need to know about encryption complexity; it just speaks HTTP locally.
2. Static Files: Nginx serves images/CSS 10x faster than Node.js (which is single-threaded).
3. Load Balancing: Run 3 instances of your app and let Nginx distribute the traffic round-robin.

Rate Limiting

Nginx can also protect you from simple DDoS attacks.

limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;

location /api/ {
    limit_req zone=mylimit burst=20;
    proxy_pass http://localhost:3000;
}

Quiz

Conclusion

Nginx is the industry standard traffic manager. Even if you use cloud load balancers (like AWS ALB), knowing how to configure a simple nginx.conf is a superpower when debugging connectivity issues.