Skip to content
Bots!
Bots!
  • About
    • Myself
    • আমার দোয়া
  • Bookmarks
    • Bookmarks
    • My OCI Bookmarks
    • Useful Proxmox Commands & Links
    • Learning Nano
    • Useful Sites
    • Useful Virtualbox Command
    • Useful MySQL Command
    • Useful Linux Command
    • BTT-CAS
  • Resources
    • Webinar on Cloud Adoption for Project Managers
  • Photos
  • Videos
  • Downloads
Bots!

Using NGinx to serve static files and Apache for dynamic

Rumi, September 6, 2019

Apache is a great web-server, but it has a pretty heavy memory footprint. It can get quite restrictive quite quickly, especially if you’re on a system will limited resources (given how many people now run on a VPS, and the poor disk IO of these systems it’s all the more important – swapping is slow).

The way around it, is to configure your system to use NGinx as a reverse-proxy. Depending how many virtualhosts you have, you can make the changes almost completely transparently within about 10 minutes.

Pre-Requisites

First, we need to be able to install NGinx, which means setting up the EPEL repo (if you already have it enabled, skip this step)

CentOS 6.x

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Now that the repo is installed, we need to install NGinx

yum install nginx

Configuring NGinx

Now that NGinx is installed we need to create a VirtualHost (actually NGinx calls them Server Blocks) for each site we are hosting.

nano /etc/nginx/conf.d/virtual.conf
#Insert one of these for each of the virtualhosts you have configured in Apache
server {
listen 80;
root /path/to/site/root; 
index index.php index.html index.htm;
server_name www.yourdomain.com yourdomain.com;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}

location ~ /\.ht {
deny all;
}
}

This configuration tells NGinx to try and serve the requested file, but to pass the request onto Apache if it’s unable to do so. Requests for PHP files should be forwarded automatically. Apache will be told who requested the file in the ‘X-Forwarded-For’ header.

The final section tells NGinx not to honour requests for .htaccess files as we don’t want anyone to see the contents of these.

So, assuming you had the following VirtualHost directive in your Apache configuration

<VirtualHost *:80>
ServerAdmin webmaster@example.com
DocumentRoot /home/example/public_html
ServerName www.exaple.com
ErrorLog logs/example.com-error_log
CustomLog logs/example.com-access_log common
<Directory />
AllowOverride All
</Directory>
</VirtualHost>

You’d want to enter

server {
listen 80;
root /path/to/site/root; 
index index.php index.html index.htm;
server_name www.example.com example.com;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;

}

location ~ /\.ht {
deny all;
}
}

Note: the second entry on server_name is essentially the equivalent of Apache’s ServerAlias – we’re telling NGinx to use that server block for both www.example.com and example.com.

Configuring Apache

The next step represents the point where we risk interruption to service if something goes wrong. We’re going to edit Apache’s config ready for the switch round. You really shouldn’t start this bit unless you plan to finish the rest of the steps in this documentation without interruption – if you edit the config and then leave it, the next time Apache is restarted your sites will appear to be down!

Change the port Apache runs on

 We want users to hit our NGinx installation (otherwise this effort is wasted) but Apache is currently sat on port 80. So we’re going to move it to 8080 (given that’s the port we specified in the NGinx configuration we created).

nano /etc/httpd/conf/httpd.conf
# Find the following
Listen (someIP) 80
# Change the port to
Listen 127.0.0.1 8080
# Now at the bottom of the file, you'll find your virtualhost directives, 
# Change all port definitions of 80 to 8080
# Don't forget the Default virtualhost definition
# <virtualhost *:80> becomes <virtualhost *:8080>

We change the Listen address as we don’t want external hosts to access Apache directly, everything should go through NGinx. Ideally, we also want to forbid outside access to port 8080 at the firewall to ensure that the point of entry to our system is restricted to the authorised route – through NGinx.

Start the Services

We’ve now configured Apache to listen on a different port, so all we need to do know is restart Apache (so that it moves to port 8080) and start NGinx so that it can start handling requests.

service httpd restart
service nginx start

Now if you browse to your site, nothing should have changed visibly. However, if you check the HTTP headers you should see NGinx instead of Apache, checking a phpinfo file should still show Apache as having called the PHP parser though.

Additional Considerations

Security

By adding NGinx into the mix, we’re increasing our potential attack surface a little – we’ve now got an extra application to keep patched and up to date (which is why we installed from the repo’s and didn’t go out-of-band). Although we’ve hidden Apache away behind NGinx, don’t assume it’s automatically shielded – if a vulnerability is exploited using a valid request, NGinx will pass the request through verbatim (assuming it couldn’t handle itself). What you are protected from, though, is exploits that involve an invalid request.

SSL Connections

Nothing we’ve done will affect SSL connections, if Apache was configured to listen on port 443, it will continue to do so. However, this also means that all SSL requests will be handled by Apache and so the memory benefits of using NGinx as a proxy won’t be present on these connections. It’s more than possible (and not particularly hard) to set NGinx up as a reverse SSL proxy, but that’s outside the scope of this documentation (although the steps involved are almost identical).

Administrations Configurations (Linux) Apachenginx

Post navigation

Previous post
Next post

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Myself…

Hi, I am Hasan T. Emdad Rumi, an IT Project Manager & Consultant, Virtualization & Cloud Savvyfrom Dhaka, Bangladesh. I have prior experience in managing numerous local and international projects in the area of Telco VAS & NMC, National Data Center & PKI Naitonal Root and CA Infrastructure. Also engaged with several Offshore Software Development Team.

Worked with Orascom Telecom-Banglalink, Network Elites as VAS partner, BTRC, BTT (Turkey) , Mango Teleservices Limited and Access to Informaiton (A2I-UNDP)

Currently working at Oracle Corporation as Principal Technology Solution and Cloud Architect.

You can reach me [h.t.emdad at gmail.com] and I will be delighted to exchange my views.

Tags

Apache Bind Cacti CentOS CentOS 6 CentOS 7 Debain Debian Debian 10 Debian 11 Debian 12 DKIM Docker endian icinga iptables Jitsi LAMP Letsencrypt Linux Munin MySQL Nagios Nextcloud NFS nginx pfsense php Postfix powerdns Proxmox RDP squid SSH SSL Ubuntu Ubuntu 16 Ubuntu 18 Ubuntu 20 Varnish virtualbox vpn Webmin XCP-NG zimbra

Topics

Recent Posts

  • Install Jitsi on Ubuntu 22.04 / 22.10 April 30, 2025
  • Key Lessons in life April 26, 2025
  • Create Proxmox Backup Server (PBS) on Debian 12 April 19, 2025
  • Add Physical Drive in Proxmox VM Guest April 19, 2025
  • Mount a drive permanently with fstab in Linux April 16, 2025
  • Proxmox 1:1 NAT routing March 30, 2025
  • Installation steps of WSL – Windows Subsystem for Linux March 8, 2025
  • Enabling Nested Virtualization In Proxmox March 8, 2025
  • How to Modify/Change console/SSH login banner for Proxmox Virtual Environment (Proxmox VE / PVE) March 3, 2025
  • Install Proxmox Backup Server on Debian 12 February 12, 2025

Archives

Top Posts & Pages

  • Install Jitsi on Ubuntu 22.04 / 22.10
©2025 Bots! | WordPress Theme by SuperbThemes