(dv):Configure nginx as reverse proxy web server
- This page was last modified on July 25, 2011, at 08:58.
From (mt) Community Wiki
Contents |
This is an INCOMPLETE article. Please excuse our dust as we improve and organize the CommunityWiki. Help us keep this article up-to-date by joining our wiki!
This article will explain how to setup nginx as a reverse proxy for your server. This can improve the speed of your web pages. By setting up nginx as a reverse proxy, this allows nginx to run as your primary webserver to serve your static content, with Apache serving the dynamic content.
nginx [engine x] is a HTTP and reverse proxy server, as well as a mail proxy server written by Igor Sysoev. According to Netcraft nginx served or proxied 4.70% busiest sites in April 2010. Here are some of success stories: FastMail.FM, Wordpress.com. nginx.org
Results
Your server will use nginx to serve static content, with Apache serving the dynamic content.
Please note that (mt) Media Temple does not support changing your default Apache configuration. This server modification is not guaranteed to work with other configurations you might have. Please consider making a backup copy of your (dv) Dedicated-Virtual Server before proceeding, as (mt) Media Temple does not support the procedures covered in this walkthrough.
Requirements
This article has the following dependencies:
root access enabled: How do I enable root access to my (dv)?
Instructions
1. Connect to your server via SSH as root.
2. Download and install nginx by source. The version of nginx installed through yum uses methods not supported by CentOS 5.5.
To support url rewrite, pcre must first be installed
sudo yum install pcre pcre-devel
Via Source:
wget http://nginx.org/download/nginx-x.x.x.tar.gz # The x's indicate the version number from the main site http://nginx.org/en/download.html # Unzip the files with the following command tar zxvf ./nginx-x.x.x.tar.gz # Change directory to the nginx folder cd nginx-x.x.x # Run the following commands: ./configure # If you get no errors, you're all set, go on with the next couple of commands. If you get an error, try to make sure all the libraries are installed. make make install
3. Download the following nginx.conf and proxy.conf files and copy it to your install folder /usr/local/nginx/conf/. You may edit these files, but they should work as is. The difference between the original one and solution here, is the path of the virtual host files. In the YUM version of the nginx install, they suggest having it in /usr/local/nginx/sites/, we have modified the config file and we use it like PLESK style, /var/www/vhosts/*/conf/nginx.conf . Why is this? Because then it is easier to edit from PLESK admin interface in the future.
4. After this is done, download this zip file. Inside of this file you will have generate_nginx_conf.sh file, the bash file and there are several templates files. Copy this to your server, unzip it to a directory (ex. /root/nginx_setup/) and execute the bash file:
sh generate_nginx_conf.sh
5. You will see where will the new files be added, and if any errors popup, you will see them. After this step, you will need to validate the config files:
/usr/local/nginx/sbin/nginx -t
If you receive any errors, you may need to add the webmail.conf file to /etc/nginx/. You can do so with the following command:
touch /etc/nginx/webmail.conf
6. In order to use the service command to start and stop nginx, and to have nginx start on system boot, create the nginx file in the /etc/init.d directory, and insert the following script:
vim /etc/init.d/nginx
Remember to hit the "a" key before pasting the code, or your script will only partially paste.
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemin
# Taken from http://www.hikaro.com
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /usr/local/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
lockfile=/var/lock/subsys/nginx
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
Make the script executable and add it to the services list
chmod +x /etc/init.d/nginx /sbin/chkconfig nginx on
7. If you are returned all OK, then proceed to the next step (on large server may take a while). If you are returned some kind of error, then evaluate the errors and see what you can do. There is an issue, for example if you have a domain moved from your server by the client to an another server, but they did not tell you, you will get back a proxy error, meaning that nginx tries to push a message to port :8080 and of course will get back an error result. Also can be other settings errors, like needing to increase some settings, but all these are easy to handle.
After all is OK and you do not get back errors, you will need to execute the following commands individually: For Plesk 9.x:
/usr/local/psa/admin/sbin/websrvmng --set-http-port --port=8080 /usr/local/psa/admin/sbin/websrvmng --reconfigure-all /usr/local/psa/admin/sbin/webmailmng --disable --name=horde /usr/local/psa/admin/sbin/webmailmng --enable --name=horde service httpd restart service nginx restart
For Plesk 8.x, you will need to edit your /etc/httpd/conf.d/zz010_psa_httpd.conf to use port 8080 for Apache.
NameVirtualHost xxx.xxx.xxx.xxx:8080
Once completed, save this file, then use the following command to stop Plesk from resetting this file back to default.
chattr +i zz010_psa_httpd.conf
You will also need to make similar changes to vhost.conf files if you use them.
8. Everything should work now, but there is a final step you might have to do. You may need to open port 8080 in the firewall. This is a COMPULSORY step, but as the proxy tries to connect to http://www.domain.com:8080, this will go through the firewall.
su # add port 8080 to the allow list iptables -A INPUT -p tcp --dport 8080 -j ACCEPT # save to config file /etc/init.d/iptables save # restart firewall service /etc/init.d/iptables restart
When you create a new domain or subdomain, you will need to create the nginx.conf file in it's own VHOST folder, and do not forget this or you will get errors. Also in this case, if you create a domain before the DNS is propagated, you will receive errors.
Contributions
Thanks to Grafx for providing the nginx configuration files and content.