Install Nginx Proxy

Video Lecture

Install Nginx Proxy Install Nginx Proxy Install Nginx Proxy

Description

I also want to point a domain name and an SSL certificate to the game server. We can add settings inside our server.js which is being run by NodeJS to manage this, but it is very common to use a proxy instead for this purpose. We can use Nginx. Nginx will be able to manage proxying for all your domain names and SSL certificates for this server, in case you ever want to have several websites running on it.

Check if Nginx is installed

1
nginx -v

No, then install it with

1
sudo apt install nginx

Now check its version

1
nginx -v

Now check it's status

1
sudo service nginx status

Visit http://[your ip address]

Delete the file /etc/nginx/sites-enabled/default

1
rm /etc/nginx/sites-enabled/default

Create a new file called /etc/nginx/sites-enabled/ballgame.your-domain.tld.conf

Add this script

1
2
3
4
5
6
7
8
server {
    listen 80;
    listen [::]:80;

    location / {
        proxy_pass           http://127.0.0.1:3000/;
    }
}

Test it by visiting again http://[your ip address]

Note that since this project I am setting up, includes Socket.IO, there will be errors in the console about how it is polling, and not creating a proper socket. This addition below is only applicable if you see this error in the developer tools, and are also serving SocketIO from your NodeJS server as I am.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
server {
    listen 80;
    listen [::]:80;

    location /socket.io/ {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass "http://localhost:3000/socket.io/";
    }
    location / {
        proxy_pass           http://127.0.0.1:3000/;
    }
}

Test nginx configuration is ok,

1
nginx -t

restart

1
sudo service nginx restart

And visit again http://[your ip address]

It should be perfect without any errors.

As an extra measure, to ensure that the game can only be played via the Nginx proxy, we can also block access to port 3000 from the internet but not locally on the server.

1
2
3
iptables -A INPUT -p tcp -s localhost --dport 3000 -j ACCEPT
iptables -A INPUT -p tcp --dport 3000 -j DROP
iptables -L