HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   nginx Reverse Proxy on Separate Server from Apache (http://www.howtoforge.com/forums/showthread.php?t=58577)

atjensen11 7th September 2012 05:17

nginx Reverse Proxy on Separate Server from Apache
 
Hello,

I am in the middle of a fairly large migration between production servers. In the process, I went from a single server hosting ISPConfig and all the necessary services (web, db, mail, dns, etc.) to the multiserver setup described on this site.

I am beginning the process of moving websites from the old server, currently in production, to the new web server. It will be hard for me to move all sites at once or over a small time period, such as a weekend. Therefore, I am looking at the use of a reverse proxy.

I believe I can use a reverse proxy to send requests for sites that have already been moved to the new server. Similarly, requests for sites on the old server would be proxied to the old server.

Once all sites have been moved, I think I may leave the reverse proxy in place and allow it to begin caching static content to improve speed.

After much research, it appears that nginx is the preferred approach for both reverse proxy and static caching.

I have been following the HowtoForge tutorial at:
http://www.howtoforge.com/nginx-catc...n-debian-lenny

Users of the tutorial have noted some of the short comings and referred users to the follow up in the forum. Specifically, this forum post is the most useful in my opinion:
http://www.howtoforge.com/forums/sho...3&postcount=19

I am having some issues. I believe it is because all of the tutorials I have seen regarding the installation of nginx as a reverse proxy assume nginx is installed on the same machine as the original Apache installation.

I have three servers in my installation:
  • web1.domain.tld at 192.168.20.101 which is the new web server
  • mx1.domain.tld at 192.168.20.100 which is the old web server
  • proxy1.domain.tld at 192.168.20.110 which is the nginx reverse proxy server

My nginx configuration files are below.

/etc/nginx/nginx.conf
Code:

user www-data;
worker_processes  2;

error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
    use epoll;
}

http {

    root  /var/www/;
    error_page  502 503 504  /50x.html;

    server_names_hash_max_size 512;
    server_names_hash_bucket_size 128;

    include      /etc/nginx/mime.types;
    default_type  application/octet-stream;

    client_header_timeout  10m;
    client_body_timeout    10m;
    send_timeout            10m;
    connection_pool_size          512;
    client_header_buffer_size      1k;
    large_client_header_buffers    4 2k;
    request_pool_size              4k;
    client_body_temp_path /var/lib/nginx/body 1 2;

    gzip  on;
    gzip_http_version 1.0;
    gzip_min_length  5000;
    gzip_types text/plain text/css image/x-icon application/x-javascript application/javascript text/javascript application/atom+xml application/xml;
    gzip_buffers 4 8k;
    gzip_vary        on;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
    gzip_proxied  any;
    gzip_comp_level 2;

 output_buffers  1 32k;
    postpone_output 1460;
    sendfile        on;
    #tcp_nopush    on;
    keepalive_timeout      75 20;
    tcp_nodelay        on;
    ignore_invalid_headers  on;
    index index.html Index index.php index.html index.htm;

    server_tokens off;

    access_log    /var/log/nginx/access.log;
    error_log    /var/log/nginx/error_log;

    #default nginx virtual host server
    #it's used if there is no other matching nginx virtual host found
    server {
        listen 80;
        #you can access nginx internal stats using lynx or alike console based web browser or munin-node
        #at http://127.0.0.1/nginx_status address
        location /nginx_status {
            stub_status on;
            access_log  off;
            allow 127.0.0.1;
            deny all;
        }

        #default proxy settings for each virtual host
        include /etc/nginx/proxy.conf;
    }
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

/etc/nginx/proxy.conf
Code:

location / {
  proxy_pass        http://192.168.20.100:80/;
  proxy_redirect    default;
  proxy_set_header  Host            $host;
  proxy_set_header  X-Real-IP        $remote_addr;
  proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
  client_max_body_size      64m;
  client_body_buffer_size    128k;
  proxy_connect_timeout      90;
  proxy_send_timeout        90;
  proxy_read_timeout        90;
  proxy_buffer_size          4k;
  proxy_buffers              4 32k;
  proxy_busy_buffers_size    64k;
  proxy_temp_file_write_size 64k;
}

/etc/nginx/proxy_fallback.conf
Code:

#proxy options can't be set inside if directive
proxy_set_header  Host            $host;
proxy_set_header  X-Real-IP        $remote_addr;
proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
 if (!-f $request_filename) {
 break;
 proxy_pass http://192.168.20.100:80;
}

The configuration through this point passes the configuration check and nginx will start. I have issues when I insert the first virtualhost configuration file.

/etc/nginx/sites-enabled/domain.tld
Code:

server {
  listen 80;
  server_name domain.tld www.domain.tld;
  #default proxy settings shared are among all virtual hosts
  include /etc/nginx/proxy.conf;
      location ~* ^.+.(jpe?g|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|html?|txt|tar|mid|midi|wav|bmp|rtf|js|swf|avi|mp3)$ {
          #forcing browser to cache locally static content for 1 day, set this longer as needed.
          expires 1d;
          root /var/www/domain.tld/web/;
          access_log  /var/log/ispconfig/httpd/domain.tld/access.log;

          #graceful fallback in case if static content doesn't exist
          include /etc/nginx/proxy_fallback.conf;
      }
}

The error I receive states that the access_log path cannot be found. Please note that "domain.tld" in the above file is simply a sanitized input. I have the valid domain name for the virtualhost in the actual file. However, I believe the issue is due due to the fact that the ISPConfig access log is on a different server.

Any assistance is appreciated. Thanks.

falko 8th September 2012 11:17

If you need an access log on the nginx server, you must create that access log. Otherwise, the Apache backends write their own access logs which should be sufficient in most cases.

atjensen11 8th September 2012 22:26

Thanks Falko.

I changed my configuration files slightly to make things a little easier (on me) to understand and configure.

I created a default vhost file for nginx as follows:
Code:

server {
    listen 80 default;
    server_name  _;
    access_log /var/log/nginx/default.access.log;
    error_log /var/log/nginx/default.error.log;

    location / {
        proxy_pass http://192.168.20.100:80;
        include /etc/nginx/proxy.conf;
  }
}

I then created a symlink so that this vhost is loaded under /etc/nginx/sites-enabled.

My intent is to only define vhost files within nginx for the sites that have been moved to the new production server. The default vhost directives above should catch everything else and send the requests to the current (soon to be old) production server.

Does this sound like a logical approach to others?

With the nginx default vhost, I am now receiving a "No Input File Specified" error when browsing to the website. The website I am trying to browse to is running a PHP based content management system. I thought nginx would simply proxy through the dynamic content and let Apache serve up the dynamic content as it always has in the past.

I searched on this error and most who have encountered it have encountered it by running nginx as their webserver instead of a reverse proxy.

Any suggestions?


All times are GMT +2. The time now is 17:20.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.