1. Answers
  2. How to set up NGINX as a reverse proxy for an SSH server?

How do I set up NGINX as a reverse proxy for an SSH server?

To set up NGINX as a reverse proxy for an SSH server, you can use Pulumi to provision the necessary infrastructure. Here’s a step-by-step guide to achieve this:

  1. Provision a Virtual Machine: We’ll create a virtual machine (VM) where both NGINX and the SSH server will run.
  2. Install NGINX: We’ll install NGINX on the VM.
  3. Configure NGINX as a Reverse Proxy: We’ll configure NGINX to forward traffic to the SSH server.
  4. Open Necessary Ports: Ensure the necessary ports (e.g., port 80 for HTTP and port 22 for SSH) are open.

For this example, we’ll use AWS to provision the infrastructure. We’ll create an EC2 instance, install NGINX, and configure it as a reverse proxy.

Detailed Explanation

  1. Provisioning the EC2 Instance:

    • We’ll use Pulumi to create an EC2 instance with the necessary security group rules to allow HTTP and SSH traffic.
  2. Installing NGINX:

    • We’ll use a user data script to install NGINX on the EC2 instance upon creation.
  3. Configuring NGINX:

    • We’ll create a configuration file for NGINX to set it up as a reverse proxy for the SSH server.

Pulumi Program

Here’s the complete Pulumi program written in TypeScript:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create a security group to allow HTTP and SSH traffic
const securityGroup = new aws.ec2.SecurityGroup("web-secgrp", {
    ingress: [
        { protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] },  // HTTP
        { protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] },  // SSH
    ],
    egress: [
        { protocol: "tcp", fromPort: 0, toPort: 0, cidrBlocks: ["0.0.0.0/0"] },
    ],
});

// Create an EC2 instance
const server = new aws.ec2.Instance("web-server", {
    instanceType: "t2.micro",
    ami: "ami-0c55b159cbfafe1f0",  // Amazon Linux 2 AMI
    securityGroups: [securityGroup.name],
    userData: `#!/bin/bash
        yum update -y
        yum install -y nginx
        systemctl start nginx
        systemctl enable nginx

        # Configure NGINX as a reverse proxy for SSH
        echo 'stream {
            server {
                listen 80;
                proxy_pass 127.0.0.1:22;
                proxy_protocol on;
            }
        }' > /etc/nginx/nginx.conf

        systemctl restart nginx
    `,
    tags: {
        Name: "web-server",
    },
});

// Export the public IP of the instance
export const publicIp = server.publicIp;
export const publicDns = server.publicDns;

Explanation

  • Security Group: We create a security group that allows inbound traffic on port 80 (HTTP) and port 22 (SSH). This ensures that our server can receive HTTP and SSH connections.
  • EC2 Instance: We create an EC2 instance using the Amazon Linux 2 AMI. The instance type is t2.micro, which is suitable for small workloads.
  • User Data Script: This script runs when the instance is created. It updates the package list, installs NGINX, and configures it to start on boot. The script also configures NGINX to forward traffic from port 80 to port 22 (SSH).
  • Exports: We export the public IP and DNS of the instance, which can be used to access the server.

This setup ensures that any HTTP requests to the EC2 instance are forwarded to the SSH server running on the same instance. You can access the SSH server by connecting to the public IP or DNS of the EC2 instance on port 80.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up