Eazy SaaS
AWS Azure GCP Docker K8s Jenkins PostgreSQL
Blog Get in Touch

Nginx Reverse Proxy for Microservices

February 13, 2026 | Nginx Reverse Proxy Microservices

Path-based routing and WebSocket proxying.

Nginx as a Reverse Proxy for Microservices

Nginx excels as a reverse proxy that routes traffic to multiple backend microservices based on URL path, hostname, or headers. It handles SSL termination, compression, caching, and WebSocket proxying — all with minimal latency overhead.

Path-Based Routing

upstream api_service {
    server 10.0.1.10:3000;
    server 10.0.1.11:3000;
}

upstream auth_service {
    server 10.0.2.10:4000;
    server 10.0.2.11:4000;
}

upstream frontend {
    server 10.0.3.10:8080;
}

server {
    listen 443 ssl http2;
    server_name app.example.com;
    
    ssl_certificate /etc/nginx/ssl/app.crt;
    ssl_certificate_key /etc/nginx/ssl/app.key;
    
    # API routes
    location /api/ {
        proxy_pass http://api_service/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
    
    # Auth service
    location /auth/ {
        proxy_pass http://auth_service/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
    
    # WebSocket support
    location /ws/ {
        proxy_pass http://api_service;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400;
    }
    
    # Frontend (default)
    location / {
        proxy_pass http://frontend;
        proxy_set_header Host $host;
    }
}

Health Check Configuration

upstream api_service {
    server 10.0.1.10:3000 max_fails=3 fail_timeout=30s;
    server 10.0.1.11:3000 max_fails=3 fail_timeout=30s;
    server 10.0.1.12:3000 backup;  # Used only when primary servers are down
}

Performance Tuning

# Enable compression
gzip on;
gzip_types text/plain text/css application/json application/javascript;
gzip_min_length 1000;

# Connection keep-alive to backends
upstream api_service {
    server 10.0.1.10:3000;
    keepalive 32;  # Keep 32 connections open to backend
}

location /api/ {
    proxy_pass http://api_service/;
    proxy_http_version 1.1;
    proxy_set_header Connection "";  # Required for keepalive
}

Eazy SaaS Tip: Always set proxy_set_header X-Real-IP and X-Forwarded-For. Without these, your backend services see Nginx's IP instead of the client's real IP — breaking logging, rate limiting, and geo-location.

← Back to Blog