Install Nginx as Reverse Proxy for Apache in CentOS Web Panel

Nginx is the fastest webserver in the world. Nginx is known for its high performance and low resource. Many enterprises, such as WordPress and Comodo, already switched to Nginx as it proves to be the most powerful web-server on the planet. Nginx will work as a front end reverse proxy of your centos web panel server along with apache. Which will increase the performance.

Main Features:

DDOS Protection: Nginx will only pass true http requests so it can protect against some common attacks like DDOS attacks.

GZIP compression: Nginx Admin is compatible with GZIP compression.

High output: Nginx provides maximum performace as a load balancer.

1) upgrade your server.


yum update -y

2) Install required files.

yum install pcre pcre-devel zlib-devel openssl-devel -y

3) Enable Nginx repository.

nano /etc/yum.repos.d/nginx.repo

Paste in the code below:

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=0
enabled=1

 

4) Install NGINX

yum -y install nginx

5) Make proxy.inc file.

rm -rf /etc/nginx/proxy.inc
nano -w /etc/nginx/proxy.inc

Paste in the code below:

#Proxy file starts here
# More info here: http://wiki.nginx.org/HttpProxyModule

proxy_buffering off;
proxy_connect_timeout 59s;
proxy_send_timeout 600;
proxy_read_timeout 600;
proxy_buffer_size 64k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_pass_header Set-Cookie;
proxy_redirect off;
proxy_hide_header Vary;
proxy_hide_header X-Powered-By;
proxy_set_header Accept-Encoding '';
#If you want to get the cache-control and expire headers from apache, comment out 'proxy_ignore_headers' and uncomment 'proxy_pass_header Expires;' and 'proxy_pass_header Cache-Control
#proxy_pass_header Expires;
#proxy_pass_header Cache-Control;
proxy_ignore_headers Cache-Control Expires;
proxy_set_header Referer $http_referer;
proxy_set_header Host $host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

#Proxy file ends here

 

6) make nginx config file.

rm -rf /etc/nginx/nginx.conf
nano -w /etc/nginx/nginx.conf

Paste in the code below:

# Nginx config starts here

user nobody;
worker_processes auto;
#worker_rlimit_nofile 20480;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024; # increase for busier servers
use epoll; # you should use epoll for Linux kernels 2.6.x
}
http {
open_file_cache max=5000 inactive=30s;
open_file_cache_valid 120s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
open_log_file_cache max=1024 inactive=30s min_uses=2;
server_names_hash_max_size 10240;
server_names_hash_bucket_size 1024;
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 5;
gzip on;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
gzip_proxied any;
gzip_http_version 1.1;
gzip_min_length 1000;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_types text/plain text/xml text/css application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg application/xml+rss text/javascript application/atom+xml application/javascript application/json;
ignore_invalid_headers on;
client_header_timeout 3m;
client_body_timeout 3m;
client_max_body_size 200m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
proxy_temp_path /tmp/nginx_temp;
log_format bytes_log "$msec $bytes_sent .";
# Include site configurations
include /etc/nginx/conf.d/*.conf;
}

# Nginx config ends here

 

7) Make virtual host for your domain. In below code replace YOURDOMAIN with the domain name (eg: bullten.com) , YOURSERVERIP with your actual server ip address (eg: 194.123.12.33) and USERNAME with your user account name.

nano -w /etc/nginx/conf.d/YOURDOMAIN.conf

Paste in the code below:

# Virtual host file starts here

server {
listen YOURSERVERIP:80;
access_log /var/log/nginx/access.YOURDOMAIN.log;
error_log /var/log/nginx/error.YOURDOMAIN.log;
server_name YOURDOMAIN www.YOURDOMAIN;
root /home/USERNAME/public_html;
location / {
location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot)\$ {
expires 7d; #Comment this out if you're using the apache backend cache-control/expires headers.
try_files \$uri \@backend;
}
error_page 405 = \@backend;
error_page 500 = \@custom;
add_header X-Cache "HIT from Backend";
proxy_pass http://YOURSERVERIP:8181;
include proxy.inc;
}
location \@backend {
internal;
proxy_pass http://YOURSERVERIP:8181;
include proxy.inc;
}
location \@custom {
internal;
proxy_pass http://YOURSERVERIP:8181;
include proxy.inc;
}
location ~ .*\.(php|jsp|cgi|pl|py)?\$ {
proxy_pass http://YOURSERVERIP:8181;
include proxy.inc;
}
location ~ /\.ht {
deny all;
}
}

# Virtual host file ends here

 

INSTALL AND CONFIGURE MOD_RAF

1) Download and install mod_raf.

cd /usr/local/src
rm -rf mod_rpaf-0.8.4
rm -rf v0.8.4.tar.gz
wget https://github.com/gnif/mod_rpaf/archive/v0.8.4.tar.gz --no-check-certificate
tar xzf v0.8.4.tar.gz
cd mod_rpaf-0.8.4
chmod +x apxs.sh
/usr/local/apache/bin/apxs -i -c -n mod_rpaf.so mod_rpaf.c

2) Create config file for mod_raf. Replace YOURSERVERIP with your actual server ip.

rm -rf /usr/local/apache/conf.d/rpaf.conf
nano -w /usr/local/apache/conf.d/rpaf.conf

Paste in the code below:

# Mod_raf config file starts here

LoadModule rpaf_module modules/mod_rpaf.so
RPAF_Enable On
RPAF_ProxyIPs 127.0.0.1 YOURSERVERIP
RPAF_SetHostName On
RPAF_SetHTTPS On
RPAF_SetPort On
RPAF_ForbidIfNotProxy Off
RPAF_Header X-Forwarded-For

# Mod_raf config file ends here

 

3) Goto CWP Settings –>> Edit Settings and change shared ip and apache port to yourserverip , 8181 respectively.
4) Restart Apache and Nginx and set nginx to restart automatically on next server reboot.

service httpd restart
service nginx restart
chkconfig nginx on

 

To completely remove Nginx and Mod_raf.
1) Change apache port to 80 in CWP Settings –>> Edit Settings.

 

2) Run below commands.

yum remove nginx -y
rm -rf /etc/nginx/
rm -rf /etc/yum.repos.d/nginx.repo
rm -rf /usr/lib64/httpd/modules/mod_rpaf.so
rm -rf /usr/local/apache/modules/mod_rpaf.so
rm -rf /usr/local/apache/conf.d/rpaf.conf

3) Restart Apache.

service httpd restart

Bullten

A company providing web hosting solutions around globe...