Setup Nginx as web server and as reverse proxy for Apache with Virtualmin support

We know that Nginx is more faster than Apache and most of us prefer to replace Apache with Nginx as their web server. Nginx is known to serve faster static content and run with less RAM. As of this writing, Virtualmin supports Apache as its web server. To take advantage of Nginx, we will install it as reverse proxy for Apache and continue using Virtualmin to manage your domains. This guide also applies to Nginx+PHP FPM setup just skip the “Configure Apache” section and skip the “Configure Virtualmin” section if you are not using Virtualmin. Nginx configurations for virtual host are tailored for Drupal site and the following are the features:

The following procedures are tested on Linode server running Centos 7 64-bit Linux distribution.

Install Nginx

If you need to install Nginx with PageSpeed module please follow the steps here instead then jump to configure Nginx section.

  1. In able to install the latest Nginx server we will need to register Nginx repository:
    Have the following codes as its content:
    Note: if just in case the nginx does not install try to hard code the $releasever with value of 7
  2. Install Nginx using yum:
  3. Make Nginx auto-start upon reboot:

Configure Nginx

  1. We will not need the native Nginx configurations provided because we will create new configurations. Lets backup the original Nginx configurations first:
  2. Create the folders following the directory structure shown below:Nginx folder structure

    In the next steps, we will populate these folders with Nginx configurations. We will start populating each folder from bottom folder (utils) to top folder (apps).

  3. Create the main Nginx file /etc/nginx/nginx.conf and copy the following scripts to this file:

    Note: To generate the following SSL certificate files:

    … follow steps in this article: Using Let’s Encrypt free SSL/TLS certificates with Nginx.

  4. Lets populate /etc/nginx/utils:Create the file /etc/nginx/utils/undefined_server_name_handler.conf and copy the following scripts to this file:

    Note: Replace all the occurrence of XXX.XXX.XXX.XXX with your server’s IPv4 address and XXXX:XXXX::XXXX:XXXX:XXXX:XXXX with your server’s IPv6 address.

    Create the file /etc/nginx/utils/mod_header.conf and copy the following scripts to this file:

    Create the file /etc/nginx/utils/nginx_status_vhost.conf and copy the following scripts to this file:

    Create the file /etc/nginx/utils/apache/microcache.conf and copy the following scripts to this file:

    Create the file /etc/nginx/utils/apache/microcache_auth.conf and copy the following scripts to this file:

    Create the file /etc/nginx/utils/apache/microcache_zone.conf and copy the following scripts to this file:

    Create the file /etc/nginx/utils/apache/php_fpm_status_vhost.conf and copy the following scripts to this file:

    Create the file /etc/nginx/utils/apache/php_pass.conf and copy the following scripts to this file:

    Create the file /etc/nginx/utils/apache/upstream.conf and copy the following scripts to this file:

    Populate the /etc/nginx/utils/fastcgi folder under this guide: Setup PHP FPM for Nginx.

  5. The /etc/nginx/sites-enabled folder is used as container for enabled websites which are soft link to physical file Nginx configuration of each of your website virtual host stored at /etc/nginx/sites-available/prod.
  6. Lets populate /etc/nginx/sites-available:Create the file /etc/nginx/sites-available/template.conf and copy the following scripts to this file:

    Note: Replace all the occurrence of XXX.XXX.XXX.XXX with your server’s IPv4 address and XXXX:XXXX::XXXX:XXXX:XXXX:XXXX with your server’s IPv6 address.

    Create the file /etc/nginx/sites-available/template_ssl.conf and copy the following scripts to this file:

    Note: Replace all the occurrence of XXX.XXX.XXX.XXX with your server’s IPv4 address and XXXX:XXXX::XXXX:XXXX:XXXX:XXXX with your server’s IPv6 address.

    The two scripts above /etc/nginx/sites-available/template.conf and /etc/nginx/sites-available/template_ssl.conf will be used by the Virtualmin to generate Nginx configuration for your website virtual host when created using Virtualmin. By default, these configurations utilizes the use of Drush for site maintenance. If you wanted the original Drupal behavior in installing new site, uncomment the line:

    For original Drupal cron and update behavior, uncomment the line:

    Note: This uses Basic Authentication so it will challenge you for password.

    If you are not using Virtualmin, you can use the following bash script to create Nginx configuration for your website virtual host. Create the file /etc/nginx/sites-available/buildsitesconf.sh and add the following to it:

    Note: Replace the 'yourwebsite.com' 'yourotherwebsite.com' with your own website domains and '/home/drupal/public_html' with your websites’ root path (eg. if your websites’ root path is /var/www then change it to '/var/www').

    Make it executable:

    When you executed this script, it will generate non-SSL and SSL versions of Nginx configuration for your website virtual hosts that you defined at /etc/nginx/sites-available/buildsitesconf.sh. The generated Nginx configuration will be saved at /etc/nginx/sites-available/prod.

    To enable a non-SSL version virtual host Nginx configuration, just create a soft link of this configuration file from /etc/nginx/sites-available/prod to /etc/nginx/sites-enabled example:

    … or if SSL version is desired:

    This is easy and good approach to disable and enable a virtual host.

    The /etc/nginx/sites-available/prod folder will be used by the /etc/nginx/sites-available/template.conf and /etc/nginx/sites-available/template_ssl.conf scripts as container for the generated Nginx configuration of your website virtual host.

    The /etc/nginx/sites-available/admin folder will be used for Admin UI Nginx configurations like:

    The /etc/nginx/sites-available/targeted_server_config folder will be used by the /etc/nginx/sites-available/template.conf and /etc/nginx/sites-available/template_ssl.conf scripts to look for the filename that will match the domain under process. e.g. if the template script processing the domain “webfoobar.com”, it will look for a filename “webfoobar.com.conf” and this should only contain your custom Nginx configuration for “webfoobar.com” domain in server context. Domains that don’t have custom Nginx configuration need not to create file under this folder.

  7. Lets populate /etc/nginx/map:Create the file /etc/nginx/map/php_fpm_status_allowed_hosts.conf and add the following to it:

    Create the file /etc/nginx/map/nginx_status_allowed_hosts.conf and add the following to it:

    Create the file /etc/nginx/map/hotlinking_protection_allowed_hosts.conf and add the following to it:

    Create the file /etc/nginx/map/drupal_external_cache.conf and add the following to it:

    Note: You can also use the Method 1 mentioned here: Methods to disable Nginx cache when user is authenticated in Drupal as I find it more reliable indicator for user status: anonymous or authenticated.

    Create the file /etc/nginx/map/cron_allowed_hosts.conf and add the following to it:

    Create the file /etc/nginx/map/block_http_methods.conf and add the following to it:

    Create the file /etc/nginx/map/x_forwarded_proto.conf and add the following to it:

    Create the file /etc/nginx/map/blacklist.conf and add the following to it:

  8. Lets populate /etc/nginx/lib:Create the file /etc/nginx/lib/win-utf and add the following to it:

    Create the file /etc/nginx/lib/mime.types and add the following to it:

    Create the file /etc/nginx/lib/koi-win and add the following to it:

    Create the file /etc/nginx/lib/koi-utf and add the following to it:

  9. Lets populate /etc/nginx/key:Generate DH parameters file with 2048 bit long safe prime:

    Generate HTTP Authentication:

    This command will prompt password for the new user with the name admin.

  10. Lets populate /etc/nginx/apps:Create the file /etc/nginx/drupal/static_files_handler.conf and add the following to it:

    Create the file /etc/nginx/drupal/php_handler.conf and add the following to it:

    We have two options here: microcache_auth.conf which uses the Nginx cache for anonymous users only and microcache.conf which uses the Nginx cache for both anonymous and authenticated users. The microcache_auth.conf is enabled by default. Select between the two according to your requirements.

    Create the file /etc/nginx/drupal/named_location.conf and add the following to it:

    Create the file /etc/nginx/drupal/drupal_upload_progress.conf and add the following to it:

    Create the file /etc/nginx/drupal/drupal_install.conf and add the following to it:

    Create the file /etc/nginx/drupal/drupal_cron_update.conf and add the following to it:

    Create the file /etc/nginx/drupal/core.conf and add the following to it:

    Create the file /etc/nginx/drupal/common_server_context.conf and add the following to it:

    Create the file /etc/nginx/drupal/boost.conf and add the following to it:

    Populate the /etc/nginx/apps/pagespeed folder under this guide.

    To enable Google PageSpeed in your Nginx configuration (make sure first that your Nginx is compiled with PageSpeed module), uncomment the line seen below at /etc/nginx/nginx.conf:

    … also uncomment the line seen below at /etc/nginx/apps/drupal/common_server_context.conf:
    … and uncomment the line seen below at /etc/nginx/site-available/template.conf:
  11. To enable this Nginx reverse proxy for Apache setup, execute the following:
    On the other hand, if PHP FPM backend is your setup, execute the following:
  12. Set permission:
  13. Restart Nginx:

Setup Nginx requirements

  1. In this tutorial the Apache will use port 8080 and lets open this port to become accessible:
  2. Create the Nginx cache path folder:
  3. Create Nginx logrotate script:
    Content:

Configure Apache

  1. Since Nginx is reverse proxy to Apache, the IP address that Apache will get is the IP of the server and we need to correct that. Apache 2.4 and above do have mod_remoteip and we will use that module. Open mod_remoteip’s configuration file:
    Add the following codes:
    Note: change 188.8.8.8 to your server’s IP address.
  2. Change the port of Apache:
    Look for:
    … and change to:
  3. Restart Apache:

Configure Virtualmin

  1. Set the virtual server template to listen to 8080. Login to Virtualmin, go to “System Settings” -> “Server Templates” -> “Default Settings” and select from the dropdown “Apache Website”. Change the “Port number for virtual hosts” from 80 to 8080. Restart webmin:
  2. Lets build the script that will automate the creation of website virtual host Nginx configuration file each time Virtualmin created a new server.Create the file /usr/local/bin/virtualmin.sh and add the following to it:
    Make the script executable:
  3. Let Virtualmin know about the virtualmin.sh. Login to Virtualmin, go to “System Settings” -> “Virtualmin Configuration” and select from dropdown “Actions upon server and user creation”. Populate the “Command to run after making changes to a server” field with:
Fonte: https://www.webfoobar.com/node/35
Facebook Comments
Rate this post