proxy_pass for upstream server in NGINX

Consider NGINX configured as a reversed proxy. Is it a good practice to set the upstream server with proxy_pass;? Here, NGINX will connect to the upstream server on the same machine using any available network interface. I wonder if this is a security leak and one should instead use another IP address. What would be the most secure option here?

1 Reply

As I understand, although Reverse Proxies introduce a degree of security to your server, you wouldn't necessarily want to configure your proxy to act as a firewall/limit IPs like that:

It will ultimately depend on your use-case, but I typically configure my proxy_pass as follows:

location / {
    proxy_pass http://localhost:$PORT/;

Then for security, you could setup IP Allow/Block rules using either Cloud Firewall or UFW. For more information about Reverse Proxy configuration in general, be sure to review our Docs Guide linked below:


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct