SoFunction
Updated on 2025-03-03

Detailed explanation of how to set up Nginx to implement internal and external network port mapping

Implementing internal and external network port mapping in Nginx is a common practice and is often used to reverse proxy services in the internal network to external networks through Nginx, allowing external users to access these services. The following will introduce in detail how to set up Nginx to implement internal and external network port mapping.

Environmental preparation

Suppose you have the following environment:

  • The intranet service runs on192.168.1.10of8080port
  • The IP address of the Nginx server on the external network is203.0.113.1
  • Need to access the external network203.0.113.1of80Port requests are mapped to the intranet8080port

1. Install Nginx

If Nginx is not installed yet, you can use the following command to install it (taking Ubuntu as an example):

sudo apt update
sudo apt install nginx

2. Configure Nginx port mapping

Edit Nginx configuration files, usually/etc/nginx/sites-available/defaultor/etc/nginx/Configure in.

Sample configuration

Add the following to the Nginx configuration file:

server {
    listen 80;  # Listen to port 80 for external network requests    server_name 203.0.113.1;  # external network server IP or domain name
    location / {  # All requests will match this location        proxy_pass http://192.168.1.10:8080;  # Forward the request to the intranet service        proxy_set_header Host $host;  # Keep the original host header        proxy_set_header X-Real-IP $remote_addr;  # Pass the real client IP        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  # Pass all IPs in the proxy chain        proxy_set_header X-Forwarded-Proto $scheme;  # Pass the request protocol    }
}

3. Explain the configuration items

  • listen 80;: Port 80 that listens to external network requests.
  • server_name 203.0.113.1;: Specify the external network IP address or domain name to process.
  • location /: This configuration handles all incoming requests.
  • proxy_pass http://192.168.1.10:8080;: Forward the request to the intranet service.
  • proxy_set_header: These instructions are used to retain and forward necessary request headers to ensure that the backend service gets the original requested information.

4. Test and restart Nginx

After modifying the configuration file, use the following command to test the correctness of the Nginx configuration:

sudo nginx -t

If there is no error, restart Nginx to make the configuration take effect:

sudo systemctl restart nginx

5. Allow external access to Nginx

Ensure that the firewall or security group allows external access to port 80 of the Nginx server. Taking UFW as an example, you can use the following command:

sudo ufw allow 'Nginx Full'

6. Verify port mapping

After the configuration is complete, you can usecurlOr the browser tests whether the interface can be accessed normally. For example:

curl http://203.0.113.1/

If everything is configured correctly, you should be able to access the intranet interface through the external network address.

7. Other configuration options

HTTPS Support

If you want to provide services over HTTPS, you can use the Let's Encrypt free certificate. Install Certbot and get the certificate:

sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d   # Replace with your domain name

Example of configuring HTTPS

server {
    listen 80;
    server_name ;

    # Force redirect to HTTPS    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;  # Listen to HTTPS    server_name ;

    ssl_certificate /etc/letsencrypt/live//;  # SSL certificate path    ssl_certificate_key /etc/letsencrypt/live//;  # SSL key path
    location / {
        proxy_pass http://192.168.1.10:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

8. Summary

Through the above steps, you can use Nginx to implement port mapping for internal and external networks. This configuration can effectively protect intranet services while allowing external users to access these services securely. You can further adjust the configuration to meet specific business needs as needed.

This is the article about how to set up Nginx to implement internal and external network port mapping. For more information about Nginx internal and external network port mapping, please search for my previous articles or continue browsing the following related articles. I hope everyone will support me in the future!