# Update package list and install nginx
```shell
sudo apt update
sudo apt-get install nginx-full
```

# Backup the default config
```shell
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
```

# (Optional) Obtain SSL certificates using Let's Encrypt (replace <your_domain> with your actual domain)
# If you want to use self-signed certificates, generate them instead.
# Example for Let's Encrypt:
# sudo apt install -y certbot python3-certbot-nginx
# sudo certbot --nginx -d <your_domain>

# Edit the default config (replace the server block with the following)
```shell
sudo tee /etc/nginx/sites-available/default > /dev/null <<'EOF'
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name _;

    root /var/www/html;

    index index.html index.htm index.nginx-debian.html;

    location / {
        # This will just serve the static page /var/www/html/index.html
        try_files $uri $uri/ =404;
    }
}
EOF
```

# Edit Nginx.conf
## do not put the stream[{} block inside http
```shell
sudo nano /etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
events { worker_connections 768; }

# Add the stream section here, outside http {}
stream {
    upstream managers_http {
        server lead.swarm.mngoma.lab:80;
        server follow.swarm.mngoma.lab:80;
    }
    server {
        listen 80;
        proxy_pass managers_http;
    }

    upstream managers_https {
        server lead.swarm.mngoma.lab:443;
        server follow.swarm.mngoma.lab:443;
    }
    server {
        listen 443;
        proxy_pass managers_https;
    }
}

http {
    ## ... your existing http config here ...
}
```

# Edit nginx conf
```shell
nano /etc/nginx/nginx.conf

# ONLY necessary if not handled by /etc/nginx/modules-enabled/
# load_module /usr/lib/nginx/modules/ngx_stream_module.so;

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
    worker_connections 768;
}

# ========== STREAM PROXY (Layer 4 TCP) ==========
stream {
    upstream managers_http {
        server lead.swarm.mngoma.lab:80;
        server follow.swarm.mngoma.lab:80;
    }
    server {
        listen 80;
        proxy_pass managers_http;
    }

    upstream managers_https {
        server lead.swarm.mngoma.lab:443;
        server follow.swarm.mngoma.lab:443;
    }
    server {
        listen 443;
        proxy_pass managers_https;
    }
}

# ========== HTTP CONFIG ==========

http {
    ##
    # Basic Settings
    ##
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # Logging Settings
    ##
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##
    gzip on;
    gzip_disable "msie6";

    ##
    # Include virtual host configurations
    ##
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}
```

# Test and reload nginx
```shell
sudo nginx -t
sudo systemctl reload nginx
```

# Log trace
```shell
tail -f /var/log/nginx/error.log /var/log/nginx/access.log
```