Nginx Catch-All Host As Front End To Apache For ISPConfig 3 On Debian Lenny

Want to support HowtoForge? Become a subscriber!
 
Submitted by grungy (Contact Author) (Forums) on Mon, 2010-05-17 16:24. :: Debian | Apache | nginx

Nginx Catch-All Host As Front End To Apache For ISPConfig 3 On Debian Lenny

By Nedim Hadzimahmutovic <h.nedim@gmail.com>
Version: v1.1
Last Change: May 19, 2010

Introduction

Apache has always been the web server of choice for me. It is a real beast when it comes to resources usage specially in a resource limited environment such as a VPS. I started playing with Nginx a lightweight, high performance web server. My area of interest was running Nginx as a reverse proxy and making it work in a Apache/ISPConfig 3 environment.

 

The Problem

I am an OpenVZ, apache2-mpm-itk, mod_php user. Apache mpm-itk does not support FastCGI. This problem dramatically increases if you use a 64-bit OS since Apache will now use much more memory (32-bit systems have 4-byte pointers whereas 64-bit systems have 8-byte pointers). I started getting KMEMSIZE limit errors and Apache was the reason why. Apache made my VPS unusable so I had to look for an alternative.

 

The Solution

Nginx was the answer but I am a ISPConfig user which only supports Apache and if I found a way around this there was no way I would manually manage each virtual host. The solution was to setup Nginx catch all host as front-end and proxy to Apache which will be running in the back-end on a different port. This way Nginx will serve the static files and PHP would be left to Apache. You can also leave a whole domain to Nginx if you like, just put a that domain's virtual host before the default vhost. One step further would be to run a 32-bit chroot environment on top of the 64-bit OS and install 32-bit Apache but this will not be covered in this tutorial.

 

Configure Apache

Configure Apache to run on port 82 in /etc/apache2/ports.conf and in all of your virtual hosts. To make it easier use sed command:

# sed -ie 's/YOUR-IP:80/YOUR-IP:82/g' /etc/apache2/sites-available/*.vhost

I assume your virtual host is IP based - your vhost could have *:80 instead of IP:80.

The sed command will make backup files of your .vhost files which will have .vhoste extension. You can move the backup vhost files:

mkdir /root/apache2_vhost_backup/

mv /etc/apache2/sites-available/*.vhoste /root/apache2_vhost_backup/

Restart apache and use netstat check if it is running on port 82:

# /etc/init.d/apache2 restart
# netstat -tunap | grep apache2

tcp 0 0 0.0.0.0:82 0.0.0.0:* LISTEN 7630/apache2

Now you have to change the ISPConfig Apache templates. Copy them to your conf-custom directory:

# cd /usr/local/ispconfig/server/

# cp conf/apache_ispconfig.conf.master conf-custom/

# cp conf/vhost.conf.master conf-custom/

Open the two files and change :80 to :82. Just to be sure run grep command and check if the output matches:

# grep :82 -i /usr/local/ispconfig/server/conf-custom/*

/usr/local/ispconfig/server/conf-custom/apache_ispconfig.conf.master:NameVirtualHost {tmpl_var name="ip_address"}:82
/usr/local/ispconfig/server/conf-custom/vhost.conf.master: :82>

You will see all requests as originating from localhost (127.0.0.1). To see users real IP address you will have to install libapache2-mod-rpaf:

# apt-get install libapache2-mod-rpaf

Add the following to /etc/apache2/apache2.conf:

# nano /etc/apache2/apache2.conf

RPAFsethostname On
RPAFproxy_ips 127.0.0.1 YOU_IP_ADDRESS

 

Installing And Configure Nginx

Enable the lenny-backports repository, you will find the instructions on http://backports.org/.

apt-get install nginx

Remove the default vhost:

# rm /etc/nginx/sites-available/default

Open the file:

# nano /etc/nginx/sites-available/default

Add the following content to the file:

server {
	listen   80 default; 
        server_name  _;
        server_name_in_redirect  off;
	resolver  127.0.0.1;
#### www. redirect	- all domains starting with www will be redirected to http://domain. ####
    if ($host ~* ^(www\.)(.+)) {
        set $rawdomain $2;
        rewrite ^/(.*)$  http://$rawdomain/$1 permanent;
    }
	access_log  /var/log/ispconfig/httpd/$host/access.log;
location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf|flv|html|htm|mp3)$ {
	root   /var/www/$host/web; 
	access_log off;
	expires 30d;
    }
location / {
	root   /var/www/$host/web;
	index  index.html index.htm index.php;
        access_log      off;
        proxy_pass http://$host:82;
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

That's it. Nginx will serve all your static files like images even html files and php stuff will be forwarded to Apache.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by iain (not registered) on Sun, 2012-12-09 23:28.

There is one flaw in this whole idea, and that is when things like roundcube squirrelmail or even phpmyadmin are hosted outside of /var/www/*  things like css etc that are managed by Nginx result in a 404 error.

 Thus resulting improper function of these services, please complete this tutorial by helping me find a fix for this problem.

  

Submitted by ircf (registered user) on Tue, 2014-01-07 08:52.

I think creating a symlink in /var/www/ does the trick, for example :

ln -s /usr/share/phpmyadmin /var/www/phpmyadmin.example.tld

The real problem is, this would have to be done manually also for any ServerAlias in any Apache vhost.

That makes this configuration hardly usable if you have lots of Apache vhosts having lots of ServerAliases...

Submitted by Phgrey (not registered) on Sat, 2011-10-29 22:38.

To make it realy works I've got to change the row  proxy_pass http://$host:82;

with this one

 proxy_pass http://127.0.0.1:82/;

Submitted by grungy (registered user) on Mon, 2011-03-21 09:48.

For those who can use IP based vhosts use following setup

listen YOU-IP-ADDRESS:80 default;
This was you will not have to use a resolver - I had problems with nginx not serving sites if DNS server goes down.

Submitted by donaviamoris (registered user) on Sun, 2011-02-27 10:31.

 when I try to download files such as zip
,rar,avi, location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf|flv|html|htm|mp3)$ {

Server completely crashes (freezes) Only hard restart helps
I can not understand the reason????????????????? HELP

Submitted by Anonymous (not registered) on Wed, 2014-10-29 15:44.
server {
listen 80 default;
server_name _;
server_name_in_redirect off;
resolver 127.0.0.1;
error_page 404 = @fallback;
#--------------Все 404 отдаем на обработку апача-------------------------------
location @fallback {
proxy_pass http://$host:82;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
#--------------Статический контент отдаем на прямую-----------------------------
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf|flv|mp3)$ {
root /var/www/$host/web;
access_log off;
expires 30d;
}
#--------------HTML Вывел отдельно посколку файлы могут быть динамические-------
location ~* ^.+\.(htm|html)$ {
root /var/www/$host/web;
# try_files $uri /index.php ;
access_log off;
expires 30d;
}
# -------------Основнйо локейшен -----------------------------------------------
location / {
root /var/www/$host/web;
index index.php index.html index.htm;
access_log off;
proxy_pass http://$host:82;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#-------------- Настройки для phpmyadmin----------------------------------------
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
proxy_pass http://$host:82;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
#------------- WEBMAIL----------------------------------------------------------
location /webmail {
root /var/www/apps;
index index.php index.html index.htm;
proxy_pass http://$host:82;   
https://open-source.rackster.ch/project/ispconfig3-nginx-reverse-proxy-plugin
Submitted by renders (registered user) on Sun, 2010-11-07 04:34.

With a few minor changes found in the forums, (http://www.howtoforge.org/forums/showthread.php?t=49443&highlight=nginx) I have nginx running in front of my ispconfig3 control panel and a couple virtual hosts.

ab -c 100 -n 10000 http://hostname/index.php results are amazing.

I am able to compare the original sites to the same sites behind the nginx proxy. The old sites were barely able to run 100 requests per second, the new is in excess of 4-5,000 requests per second.

Nice work, Nedim.

Regards,

Rob

Submitted by Iain (not registered) on Sun, 2012-12-09 17:43.

Sorry, but where do you place: ab -c 100 -n 10000?? 

I have it working aswell now, but would love it if you would share where you would place that line of code. 

 Didn't find it on the forum you linked it in your reply

 Thanks

Submitted by icmono (not registered) on Fri, 2010-05-21 16:22.
Submitted by Conor Duffy (not registered) on Mon, 2010-05-17 20:31.
Any chance of a similar guide for Lighttpd?
Submitted by Aurelian (not registered) on Thu, 2010-10-21 10:53.

Can it be simillar for ISPCONFIG 2?

 

Thanx