Nginx Catch-All Host As Front End To Apache For ISPConfig 3 On Debian Lenny
By Nedim Hadzimahmutovic <h.nedim@gmail.com>
Version: v1.1
Last Change: May 19, 2010
Introduction
Apache has always been the web server of choice for me. It is a real beast when it comes to resources usage specially in a resource limited environment such as a VPS. I started playing with Nginx a lightweight, high performance web server. My area of interest was running Nginx as a reverse proxy and making it work in a Apache/ISPConfig 3 environment.
The Problem
I am an OpenVZ, apache2-mpm-itk, mod_php user. Apache mpm-itk does not support FastCGI. This problem dramatically increases if you use a 64-bit OS since Apache will now use much more memory (32-bit systems have 4-byte pointers whereas 64-bit systems have 8-byte pointers). I started getting KMEMSIZE limit errors and Apache was the reason why. Apache made my VPS unusable so I had to look for an alternative.
The Solution
Nginx was the answer but I am a ISPConfig user which only supports Apache and if I found a way around this there was no way I would manually manage each virtual host. The solution was to setup Nginx catch all host as front-end and proxy to Apache which will be running in the back-end on a different port. This way Nginx will serve the static files and PHP would be left to Apache. You can also leave a whole domain to Nginx if you like, just put a that domain's virtual host before the default vhost. One step further would be to run a 32-bit chroot environment on top of the 64-bit OS and install 32-bit Apache but this will not be covered in this tutorial.
Configure Apache
Configure Apache to run on port 82 in /etc/apache2/ports.conf and in all of your virtual hosts. To make it easier use sed command:
# sed -ie 's/YOUR-IP:80/YOUR-IP:82/g' /etc/apache2/sites-available/*.vhost
I assume your virtual host is IP based - your vhost could have *:80 instead of IP:80.
The sed command will make backup files of your .vhost files which will have .vhoste extension. You can move the backup vhost files:
mkdir /root/apache2_vhost_backup/
mv /etc/apache2/sites-available/*.vhoste /root/apache2_vhost_backup/
Restart apache and use netstat check if it is running on port 82:
# /etc/init.d/apache2 restart
# netstat -tunap | grep apache2
tcp 0 0 0.0.0.0:82 0.0.0.0:* LISTEN 7630/apache2
Now you have to change the ISPConfig Apache templates. Copy them to your conf-custom directory:
# cd /usr/local/ispconfig/server/
# cp conf/apache_ispconfig.conf.master conf-custom/
# cp conf/vhost.conf.master conf-custom/
Open the two files and change :80 to :82. Just to be sure run grep command and check if the output matches:
# grep :82 -i /usr/local/ispconfig/server/conf-custom/*
/usr/local/ispconfig/server/conf-custom/apache_ispconfig.conf.master:NameVirtualHost {tmpl_var name="ip_address"}:82
/usr/local/ispconfig/server/conf-custom/vhost.conf.master:
:82>
You will see all requests as originating from localhost (127.0.0.1). To see users real IP address you will have to install libapache2-mod-rpaf:
# apt-get install libapache2-mod-rpaf
Add the following to /etc/apache2/apache2.conf:
# nano /etc/apache2/apache2.conf
RPAFsethostname On RPAFproxy_ips 127.0.0.1 YOU_IP_ADDRESS
Installing And Configure Nginx
Enable the lenny-backports repository, you will find the instructions on http://backports.org/.
apt-get install nginx
Remove the default vhost:
# rm /etc/nginx/sites-available/default
Open the file:
# nano /etc/nginx/sites-available/default
Add the following content to the file:
server { listen 80 default; server_name _; server_name_in_redirect off; resolver 127.0.0.1; #### www. redirect - all domains starting with www will be redirected to http://domain. #### if ($host ~* ^(www\.)(.+)) { set $rawdomain $2; rewrite ^/(.*)$ http://$rawdomain/$1 permanent; } access_log /var/log/ispconfig/httpd/$host/access.log; location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf|flv|html|htm|mp3)$ { root /var/www/$host/web; access_log off; expires 30d; } location / { root /var/www/$host/web; index index.html index.htm index.php; access_log off; proxy_pass http://$host:82; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
That's it. Nginx will serve all your static files like images even html files and php stuff will be forwarded to Apache.