madrzejewski/00-remoteip.conf

## 00-remoteip.conf
# Conf for this article :  https://blog.madrzejewski.com/offloader-ssl-nginx-reverse-proxy-apache
LoadModule remoteip_module modules/mod_remoteip.so
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 127.0.0.1

## nginx_website.test.conf
# Conf for this article :  https://blog.madrzejewski.com/offloader-ssl-nginx-reverse-proxy-apache
# HTTP
server {
        listen       80;
        server_name  website.test www.website.test;

        location / {
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://127.0.0.1:8080;
        }
}
# HTTPS
server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        server_name  website.test www.website.test;

        ssl_certificate "/etc/pki/nginx/server.crt";
        ssl_certificate_key "/etc/pki/nginx/private/server.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        location / {
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Port 443;
            proxy_pass http://127.0.0.1:8080;
       }
}

## website.test.conf
# Conf for this article :  https://blog.madrzejewski.com/offloader-ssl-nginx-reverse-proxy-apache
<VirtualHost *:8080>
        ServerName website.test
        ServerAlias www.website.test
        DocumentRoot /home/website/www
        SetEnvIf X-Forwarded-Proto "https" HTTPS=on
        ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/home/website/www/$1

        <Directory /home/website/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Require all granted
        </Directory>
        ErrorLog /var/log/httpd/website.dev.error
        CustomLog /var/log/httpd/website.dev.log combined
</VirtualHost>

## www.conf
# Conf for this article :  https://blog.madrzejewski.com/offloader-ssl-nginx-reverse-proxy-apache
[website]
user = website
group = website
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path]    = /var/lib/php/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache
	# Conf for this article : https://blog.madrzejewski.com/offloader-ssl-nginx-reverse-proxy-apache
	LoadModule remoteip_module modules/mod_remoteip.so
	RemoteIPHeader X-Forwarded-For
	RemoteIPTrustedProxy 127.0.0.1
	# Conf for this article : https://blog.madrzejewski.com/offloader-ssl-nginx-reverse-proxy-apache
	# HTTP
	server {
	listen 80;
	server_name website.test www.website.test;

	location / {
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_pass http://127.0.0.1:8080;
	}
	}
	# HTTPS
	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name website.test www.website.test;

	ssl_certificate "/etc/pki/nginx/server.crt";
	ssl_certificate_key "/etc/pki/nginx/private/server.key";
	ssl_session_cache shared:SSL:1m;
	ssl_session_timeout 10m;
	ssl_ciphers HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers on;

	location / {
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto https;
	proxy_set_header X-Forwarded-Port 443;
	proxy_pass http://127.0.0.1:8080;
	}
	}
	# Conf for this article : https://blog.madrzejewski.com/offloader-ssl-nginx-reverse-proxy-apache
	<VirtualHost *:8080>
	ServerName website.test
	ServerAlias www.website.test
	DocumentRoot /home/website/www
	SetEnvIf X-Forwarded-Proto "https" HTTPS=on
	ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/home/website/www/$1

	<Directory /home/website/www/>
	Options Indexes FollowSymLinks MultiViews
	AllowOverride All
	Require all granted
	</Directory>
	ErrorLog /var/log/httpd/website.dev.error
	CustomLog /var/log/httpd/website.dev.log combined
	</VirtualHost>
	# Conf for this article : https://blog.madrzejewski.com/offloader-ssl-nginx-reverse-proxy-apache
	[website]
	user = website
	group = website
	listen = 127.0.0.1:9000
	listen.allowed_clients = 127.0.0.1
	pm = dynamic
	pm.max_children = 50
	pm.start_servers = 5
	pm.min_spare_servers = 5
	pm.max_spare_servers = 35
	slowlog = /var/log/php-fpm/www-slow.log
	php_admin_value[error_log] = /var/log/php-fpm/www-error.log
	php_admin_flag[log_errors] = on
	php_value[session.save_handler] = files
	php_value[session.save_path] = /var/lib/php/session
	php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache