Nginx Catch-All Host As Front End To Apache For ISPConfig 3 On Debian Lenny

By Nedim Hadzimahmutovic <[email protected]>
Version: v1.1
Last Change: May 19, 2010

Introduction

Apache has always been the web server of choice for me. It is a real beast when it comes to resources usage specially in a resource limited environment such as a VPS. I started playing with Nginx a lightweight, high performance web server. My area of interest was running Nginx as a reverse proxy and making it work in a Apache/ISPConfig 3 environment.

 

The Problem

I am an OpenVZ, apache2-mpm-itk, mod_php user. Apache mpm-itk does not support FastCGI. This problem dramatically increases if you use a 64-bit OS since Apache will now use much more memory (32-bit systems have 4-byte pointers whereas 64-bit systems have 8-byte pointers). I started getting KMEMSIZE limit errors and Apache was the reason why. Apache made my VPS unusable so I had to look for an alternative.

 

The Solution

Nginx was the answer but I am a ISPConfig user which only supports Apache and if I found a way around this there was no way I would manually manage each virtual host. The solution was to setup Nginx catch all host as front-end and proxy to Apache which will be running in the back-end on a different port. This way Nginx will serve the static files and PHP would be left to Apache. You can also leave a whole domain to Nginx if you like, just put a that domain's virtual host before the default vhost. One step further would be to run a 32-bit chroot environment on top of the 64-bit OS and install 32-bit Apache but this will not be covered in this tutorial.

 

Configure Apache

Configure Apache to run on port 82 in /etc/apache2/ports.conf and in all of your virtual hosts. To make it easier use sed command:

 # sed -ie 's/YOUR-IP:80/YOUR-IP:82/g' /etc/apache2/sites-available/*.vhost

I assume your virtual host is IP based - your vhost could have *:80 instead of IP:80.

The sed command will make backup files of your .vhost files which will have .vhoste extension. You can move the backup vhost files:

mkdir /root/apache2_vhost_backup/
mv /etc/apache2/sites-available/*.vhoste /root/apache2_vhost_backup/

Restart apache and use netstat check if it is running on port 82:

# /etc/init.d/apache2 restart
# netstat -tunap | grep apache2

  tcp        0      0 0.0.0.0:82              0.0.0.0:*               LISTEN      7630/apache2

Now you have to change the ISPConfig Apache templates. Copy them to your conf-custom directory:

 # cd /usr/local/ispconfig/server/ 
 # cp conf/apache_ispconfig.conf.master conf-custom/ 
 # cp conf/vhost.conf.master conf-custom/

Open the two files and change :80 to :82. Just to be sure run grep command and check if the output matches:

 # grep :82 -i /usr/local/ispconfig/server/conf-custom/*

/usr/local/ispconfig/server/conf-custom/apache_ispconfig.conf.master:NameVirtualHost {tmpl_var name="ip_address"}:82
/usr/local/ispconfig/server/conf-custom/vhost.conf.master: :82>

You will see all requests as originating from localhost (127.0.0.1). To see users real IP address you will have to install libapache2-mod-rpaf:

 # apt-get install libapache2-mod-rpaf

Add the following to /etc/apache2/apache2.conf:

# nano /etc/apache2/apache2.conf
RPAFsethostname On
RPAFproxy_ips 127.0.0.1 YOU_IP_ADDRESS

 

Installing And Configure Nginx

Enable the lenny-backports repository, you will find the instructions on http://backports.org/.

 apt-get install nginx

Remove the default vhost:

 # rm /etc/nginx/sites-available/default

Open the file:

 # nano /etc/nginx/sites-available/default

Add the following content to the file:

server {
	listen   80 default; 
        server_name  _;
        server_name_in_redirect  off;
	resolver  127.0.0.1;
#### www. redirect	- all domains starting with www will be redirected to http://domain. ####
    if ($host ~* ^(www\.)(.+)) {
        set $rawdomain $2;
        rewrite ^/(.*)$  http://$rawdomain/$1 permanent;
    }
	access_log  /var/log/ispconfig/httpd/$host/access.log;
location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf|flv|html|htm|mp3)$ {
	root   /var/www/$host/web; 
	access_log off;
	expires 30d;
    }
location / {
	root   /var/www/$host/web;
	index  index.html index.htm index.php;
        access_log      off;
        proxy_pass http://$host:82;
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

That's it. Nginx will serve all your static files like images even html files and php stuff will be forwarded to Apache.

Share this page:

13 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Conor Duffy
Reply  

Any chance of a similar guide for Lighttpd?

By: Aurelian
Reply  

Can it be simillar for ISPCONFIG 2?

 

Thanx

By: icmono
Reply  
By:
Reply  

With a few minor changes found in the forums, (http://www.howtoforge.org/forums/showthread.php?t=49443&highlight=nginx) I have nginx running in front of my ispconfig3 control panel and a couple virtual hosts.

ab -c 100 -n 10000 http://hostname/index.php results are amazing.

I am able to compare the original sites to the same sites behind the nginx proxy. The old sites were barely able to run 100 requests per second, the new is in excess of 4-5,000 requests per second.

Nice work, Nedim.

Regards,

Rob

By: Iain
Reply  

Sorry, but where do you place: ab -c 100 -n 10000?? 

I have it working aswell now, but would love it if you would share where you would place that line of code. 

 Didn't find it on the forum you linked it in your reply

 Thanks

By:
Reply  

 when I try to download files such as zip
,rar,avi, location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf|flv|html|htm|mp3)$ {

Server completely crashes (freezes) Only hard restart helps
I can not understand the reason????????????????? HELP

By: Anonymous
Reply  

server {
listen 80 default;
server_name _;
server_name_in_redirect off;
resolver 127.0.0.1;
error_page 404 = @fallback;
#--------------??? 404 ?????? ?? ????????? ?????-------------------------------
location @fallback {
proxy_pass http://$host:82;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
#--------------??????????? ??????? ?????? ?? ??????-----------------------------
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf|flv|mp3)$ {
root /var/www/$host/web;
access_log off;
expires 30d;
}
#--------------HTML ????? ???????? ???????? ????? ????? ???? ????????????-------
location ~* ^.+\.(htm|html)$ {
root /var/www/$host/web;
# try_files $uri /index.php ;
access_log off;
expires 30d;
}
# -------------???????? ???????? -----------------------------------------------
location / {
root /var/www/$host/web;
index index.php index.html index.htm;
access_log off;
proxy_pass http://$host:82;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#-------------- ????????? ??? phpmyadmin----------------------------------------
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
proxy_pass http://$host:82;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
#------------- WEBMAIL----------------------------------------------------------
location /webmail {
root /var/www/apps;
index index.php index.html index.htm;
proxy_pass http://$host:82;   
https://open-source.rackster.ch/project/ispconfig3-nginx-reverse-proxy-plugin

By:
Reply  

For those who can use IP based vhosts use following setup

listen   YOU-IP-ADDRESS:80 default;

This was you will not have to use a resolver - I had problems with nginx not serving sites if DNS server goes down.

By: Phgrey
Reply  

To make it realy works I've got to change the row  proxy_pass http://$host:82;

with this one

 proxy_pass http://127.0.0.1:82/;

By: iain
Reply  

There is one flaw in this whole idea, and that is when things like roundcube squirrelmail or even phpmyadmin are hosted outside of /var/www/*  things like css etc that are managed by Nginx result in a 404 error.

 Thus resulting improper function of these services, please complete this tutorial by helping me find a fix for this problem.

  

By:
Reply  

I think creating a symlink in /var/www/ does the trick, for example :

ln -s /usr/share/phpmyadmin /var/www/phpmyadmin.example.tld

The real problem is, this would have to be done manually also for any ServerAlias in any Apache vhost.

That makes this configuration hardly usable if you have lots of Apache vhosts having lots of ServerAliases...

By: RATEFIARISON Aina Manoa
Reply  

Need to remove this line from /etc/nginx/conf.d/default.conf :

rewrite ^/(.*)$ http://$rawdomain/$1 permanent;

By: realware
Reply  

I followed the guide, but beside one main site, all vhosts stopped working: phpmyadmin, roundcube and all apps too.

Every site was refusing connections

Anyone able to point out more recent  guide ?