I’ve been under a rock for the last decade, what is NGINX?

First of all, you said it wrong. Think “engine X”. If you said it correctly, just pass the aggression onto the next person that says ‘expresso’. NGINX is a webserver, much like Apache (but not at all), that is heavily specialized at being the best damn reverse proxy you could hope for.

But what is a reverse proxy? It’s essentially an intermediary filter that acts as the crossing guard for all of your web traffic. It will listen on the ports you specify, typically 80 and 443, and figure out where to route the traffic based on rules you specify (domain name, directory, etc…). On a high level, our setup will work something like this:

I tried to make the colors uglier, but this is the best I could do

Connections come in from the great unknown (the fart cloud on the left), and hit the ports opened up for traffic on the host. In our setup, the NGINX docker container has two forwarded ports (80 and 443) that are accepting connections. Using a local address that cannot be reached from outside of the host, NGINX is forwarding traffic to GoPhish which is listening on an internal port of our choice. GoPhish then responds, and that traffic is forwarded back through NGINX and out to the client.

This arrangement gives us a couple of nice things:

1. The ability to handle multiple valid certificates and serve them based on the domain being requested.

2. The security of NGINX, which can act as a WAF if configured properly.