nginx-reverse-proxy

---

sidebar_label: NGINX Reverse Proxy

---

# Reverse Proxy Architecture (NGINX + Docker)

Centralized routing layer for internal services using NGINX as a reverse proxy.

---

## 🚀 What This Demonstrates

- HTTP routing and request handling

- Reverse proxy architecture

- Service exposure and access control

- Container-based networking

---

## 🧠 Architecture

User Request (browser)

        ↓

     NGINX (reverse proxy)

   ↙        ↓        ↘

Pi-hole   Home Assistant   Other Services

---

## 🎯 Objective

- Route traffic to multiple internal services

- Expose services through clean URLs

- Centralize access point

- Simplify service management

---

## ⚙️ Technology Stack

| Component | Role |

|----------------|------|

| NGINX | Reverse proxy |

| Docker | Container runtime |

| Cloudflare | External DNS + security |

| Internal Apps | Services behind proxy |

---

## 🛠 Implementation

### 1. Deploy NGINX Container

NGINX runs as a central entry point for all internal services.

- Exposes port 80/443

- Routes traffic based on domain or path

---

### 2. Configure Reverse Proxy Rules

Example routing:

- ha.smartwall.cc → Home Assistant

- pihole.smartwall.cc → Pi-hole

- homelab.smartwall.cc → Docs site

---

### 3. Docker Networking

- All services share the same Docker network

- NGINX communicates with containers via internal names

- No need to expose individual ports externally

---

## 🔄 Traffic Flow

1. User sends request to domain

2. Cloudflare resolves DNS

3. Request reaches NGINX

4. NGINX routes to correct container

5. Service responds

---

## ⚠️ Problems Encountered

### Port Conflicts

**Issue:** Multiple services attempting to use same ports

**Fix:** Only NGINX exposes ports externally

---

### Service Not Reachable

**Issue:** NGINX could not reach containers

**Cause:** Containers not on same network

**Fix:** Attached all services to shared Docker network

---

### Incorrect Routing

**Issue:** Requests routed to wrong service

**Cause:** Misconfigured server blocks

**Fix:** Corrected domain-to-service mapping

---

## 🧠 Design Decisions

### Why Reverse Proxy

- Centralized control

- Cleaner architecture

- Easier scaling

---

### Why NGINX

- Lightweight

- High performance

- Industry standard

---

### Why Not Direct Exposure

- Reduces attack surface

- Simplifies networking

- Improves control

---

## 🔐 Security Benefits

- Single entry point for all services

- Easier to apply authentication and policies

- Integrates with Cloudflare Zero Trust

---

## 📈 Performance Benefits

- Efficient request handling

- Reduced overhead

- Ability to cache responses

---

## ✅ Final Outcome

- Centralized routing system

- Clean domain-based access

- Scalable architecture

- Improved security posture

---

## 💼 What This Proves

- Understanding of web traffic flow

- Ability to design service architecture

- Real-world deployment knowledge

- Networking and debugging skills

---

## 🔮 Future Improvements

- Add HTTPS (SSL termination)

- Integrate authentication layer

- Add rate limiting

- Implement load balancing

---