Install Nginx Proxy Manager on CentOS 7

Nginx Proxy Manager is built on docker container. So, we need to deploy Docker first.

Update Docker Package Database. In a terminal window, type:

sudo yum check-update

Allow the operation to complete.

Remove if any docker is preinstalled with your OS-

sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine

Install the Dependencies

Type in the following command:

sudo yum install -y yum-utils device-mapper-persistent-data lvm2

The –y switch indicates to the yum installer to answer “yes” to any prompts that may come up. The yum-utils switch adds the yum-config-manager. Docker uses a device mapper storage driver, and the device-mapper-persistent-data and lvm2 packages are required for it to run correctly.

Read more

Share

Nginx Reverse Proxy with Sub Directory Mapping

Setup Note:

My web application has a sub-directory, 192.168.1.8:8088/messages, that I want to expose to the outside world as messages.mysite.com. I’ve gotten half way there but I seem to be stuck. My requirements are as follows

  • Redirect the site from HTTP to HTTPS.
  • As I cannot edit the links the web application generates, I need to be able to accept requests from the client such as messages.mysite.com/messages?id=23023.
  • Do not allow reverse proxy access to the root web application, 192.168.1.8:8088 or to any sub-directory other than 192.168.1.8:8088/messages and its children.

Read more

Share

Build WAF with Reverse Proxy Load Balancer using Nginx

Getting Started

First, it is recommended to update and upgrade all your software packages to the latest version. You can update all of them by running the following command:

apt update -y
apt upgrade -y

Once all the packages are updated, install other required packages with the following command:

apt install g++ flex bison curl apache2-dev doxygen libyajl-dev ssdeep liblua5.2-dev libgeoip-dev libtool dh-autoreconf libcurl4-gnutls-dev libxml2 libpcre++-dev libxml2-dev git liblmdb-dev libpkgconf3 lmdb-doc pkgconf zlib1g-dev libssl-dev -y

Once you are done, you can proceed to the next step.

Install ModSecurity on Ubuntu 22.04

By default, the ModSecurity package is not included in the Ubuntu default repository. So you will need to compile it from the source.

First, download the latest version of ModSecurity with the following command:

wget https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.8/modsecurity-v3.0.8.tar.gz

Once the download is completed, extract the downloaded file with the following command:

tar -xvzf modsecurity-v3.0.8.tar.gz

Next, navigate to the extracted directory and configure it with the following command:

Read more

Share

Using NGinx to serve static files and Apache for dynamic

Apache is a great web-server, but it has a pretty heavy memory footprint. It can get quite restrictive quite quickly, especially if you’re on a system will limited resources (given how many people now run on a VPS, and the poor disk IO of these systems it’s all the more important – swapping is slow).

The way around it, is to configure your system to use NGinx as a reverse-proxy. Depending how many virtualhosts you have, you can make the changes almost completely transparently within about 10 minutes.

Pre-Requisites

First, we need to be able to install NGinx, which means setting up the EPEL repo (if you already have it enabled, skip this step)

CentOS 6.x

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Now that the repo is installed, we need to install NGinx

yum install nginx

Configuring NGinx

Now that NGinx is installed we need to create a VirtualHost (actually NGinx calls them Server Blocks) for each site we are hosting.

nano /etc/nginx/conf.d/virtual.conf
#Insert one of these for each of the virtualhosts you have configured in Apache
server {
listen 80;
root /path/to/site/root; 
index index.php index.html index.htm;
server_name www.yourdomain.com yourdomain.com;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}

location ~ /\.ht {
deny all;
}
}

This configuration tells NGinx to try and serve the requested file, but to pass the request onto Apache if it’s unable to do so. Requests for PHP files should be forwarded automatically. Apache will be told who requested the file in the ‘X-Forwarded-For’ header.

Read more

Share

NGINX as a Reverse Proxy

Configure NGINXPermalink

At this point, you could configure Node.js to serve the example app on your Linode’s public IP address, which would expose the app to the internet. Instead, this section configures NGINX to forward all requests from the public IP address to the server already listening on localhost.

Basic Configuration for an NGINX Reverse ProxyPermalink

Create a configuration file for the app in /etc/nginx/conf.d/. Replace example.com in this example with your app’s domain or public IP address:

server {
listen 80;
listen [::]:80;

server_name example.com;

location / {
proxy_pass http://localhost:3000/;
}
}

The proxy_pass directive is what makes this configuration a reverse proxy. It specifies that all requests which match the location block (in this case the root / path) should be forwarded to port 3000 on localhost, where the Node.js app is running.

Read more

Share

Nginx Reverse Proxying Multiple Domains Using map Module

map_hash_bucket_size 128;
map $http_host $backend_servers {
hostnames;
    default                         www.example.com;
    frontend.example2.com           backend.example2.com
    frontend.example3.com           backend.example3.com
    www.example.org                 backend.example.org
}
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
server {
    location / {
        proxy_pass  http://$backend_servers
    }
}
Share

DNS UDP Load Balancer using Nginx

The plan is to build a DNS- UDP load balancer DNS recursive server (actually forwarding service). The design logic is simple-

On client side a public recursive+forwarding DNS IP –> hits the Nginx Load Balancers  –> sends traffic to Google Public DNS/IBM Public DNS/Own recursive DNS/OpenDNS.

The configuration is quite simple on Nginx Load Balancer, the core configuration content is pretty straight forward:

# Load balance UDP-based DNS traffic across two servers
stream {
upstream dns_upstreams {
server 192.168.136.130:53;
server 192.168.136.131:53;
}

server {
listen 53 udp;
proxy_pass dns_upstreams;
proxy_timeout 1s;
proxy_responses 1;
error_log logs/dns.log;
}
}

Read more

Share

Nginx upstream timed out

There are two main directives responsible for Nginx upstream timed out (110: Connection timed out) error:

proxy_read_timeout – Defines a timeout for reading a response from the proxied server. Default is 60 seconds.

location ~ ^/slow-proxy {
proxy_read_timeout 180; # <---
proxy_pass ...;
}

* you can use proxy_read_timeout inside http, server and location blocks.

Read more

Share

Set Up Nginx Load Balancing with SSL Termination

Nginx can be configured as a load balancer to distribute incoming traffic around several backend servers. SSL termination is the process that occurs on the load balancer which handles the SSL encryption/decryption so that traffic between the load balancer and backend servers is in HTTP. The backends must be secured by restricting access to the load balancer’s IP, which is explained later in this article.

Prerequisites
In this tutorial the commands must be run as the root user or as a user with sudo privileges. You can see how to set that up in the Users Tutorial.

Read more

Share

Creating Nginx Virtual Hosts

Step One— Create a New Directory

The first step in creating a virtual host is to a create a directory where we will keep the new website’s information. This location will be your Document Root in the nginx virtual configuration file later on. By adding a -p to the line of code, the command automatically generates all the parents for the new directory.

sudo mkdir -p /var/www/example.com/public_html

You will need to designate an actual DNS approved domain, or an IP address, to test that a virtual host is working. In this tutorial we will use example.com as a placeholder for a correct domain name.

However, should you want to use an unapproved domain name to test the process you will find information on how to make it work on your local computer in Step Six.

Step Two—Grant Permissions

We need to grant ownership of the directory to the right user, instead of just keeping it on the root system. You can replace the “www-data” below with the appropriate username.

sudo chown -R www-data:www-data /var/www/example.com/public_html

Additionally, it is important to make sure that everyone is able to read our new files.

sudo chmod 755 /var/www

Now you are all done with permissions.

Read more

Share