Skip to content

Instantly share code, notes, and snippets.

@Jakiboy

Jakiboy/Nginx.md

Created April 4, 2023 20:45
Show Gist options
  • Save Jakiboy/2eeb0dd468133e4ee62842fe44eea45d to your computer and use it in GitHub Desktop.
Save Jakiboy/2eeb0dd468133e4ee62842fe44eea45d to your computer and use it in GitHub Desktop.
Download ZIP
Nginx (Load balancing / Reverse Proxy)
Raw
Nginx.md

Nginx (Load balancing / Reverse Proxy)

Load balancing / Reverse Proxy for Apache & PHP-FPM.

⚡ Installation

apt-get install apache2
apt-get install php7.4-fpm
apt-get install nginx

⚡ Configuration

Apache

Port : 8080

mv /etc/apache2/ports.conf /etc/apache2/ports.conf.backup # Backup
echo "Listen 8080" | sudo tee /etc/apache2/ports.conf

@ /etc/apache2/sites-available/000-default.conf

<VirtualHost *:8080>
    ServerAdmin webmaster@localhost
    ServerName localhost
    DocumentRoot "/var/www/html"
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

@ /etc/apache2/sites-available/{domain}.{tld}.conf

<VirtualHost *:8080>
  	ServerAdmin webmaster@{domain}.{tld}
  	ServerName {domain}.{tld}
  	ServerAlias {sub}.{domain}.{tld}
  	DocumentRoot "/var/www/html/{domain}.{tld}"
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

a2ensite 000-default
a2ensite {domain}.{tld}
service apache2 restart
netstat -tlpn

Reverse Proxy Rewrites

apt-get install libapache2-mod-rpaf # (outdated)
apt-get install build-essential apache2-dev
wget https://github.com/gnif/mod_rpaf/archive/stable.zip
unzip stable.zip
cd mod_rpaf-stable
make
make install

@ /etc/apache2/mods-available/rpaf.load

LoadModule rpaf_module /usr/lib/apache2/modules/mod_rpaf.so

@ /etc/apache2/mods-available/rpaf.conf

<IfModule mod_rpaf.c>
	RPAF_Enable             On
	RPAF_Header             X-Real-Ip
	RPAF_ProxyIPs           {IP} 
	RPAF_SetHostName        On
	RPAF_SetHTTPS           On
	RPAF_SetPort            On
</IfModule>

a2enmod rpaf
apachectl -t
service apache2 restart

FASTCGI

a2enmod actions
mv /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.backup # Backup

@ /etc/apache2/mods-enabled/fastcgi.conf

<IfModule mod_fastcgi.c>
    AddHandler fastcgi-script .fcgi
    FastCgiIpcDir /var/lib/apache2/fastcgi
    AddType application/x-httpd-fastphp .php
    Action application/x-httpd-fastphp /php-fcgi
    Alias /php-fcgi /usr/lib/cgi-bin/php-fcgi
    FastCgiExternalServer /usr/lib/cgi-bin/php-fcgi -socket /run/php/php7.4-fpm.sock -pass-header Authorization
    <Directory /usr/lib/cgi-bin>
      Require all granted
    </Directory>
</IfModule>

apachectl -t
service apache2 restart

Firewall

ufw allow 8080
ufw allow "Apache Full"
ufw status
sudo iptables -I INPUT -p tcp --dport 8080 ! -s {IP} -j REJECT --reject-with tcp-reset # (Optional)

Nginx

mv /etc/nginx/sites-enabled/default /etc/nginx/sites-enabled/default.backup # Backup

@ /etc/nginx/sites-available/{domain}.{tld}

server {
    root /var/www/html/{domain}.{tld};
    index index.html index.php;

    server_name {domain}.{tld} {sub}.{domain}.{tld};
    location / {
        try_files $uri $uri/ /index.php;
    }

    location ~ \.php$ {
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        include snippets/fastcgi-php.conf;
    }
}

server {
    ...
}

ln -s /etc/nginx/sites-available/{domain}.{tld} /etc/nginx/sites-enabled/{domain}.{tld}
nginx -t
service nginx restart

Reverse Proxy

@ /etc/nginx/sites-available/apache

server {
    listen 80;
    server_name {domain}.{tld} {sub}.{domain}.{tld};

    location / {
        proxy_pass http://{IP}:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location ~ /\.ht {
        deny all;
    }

    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/{domain}.{tld}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{domain}.{tld}/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

server {
    ...
}

ln -s /etc/nginx/sites-available/apache /etc/nginx/sites-enabled/apache
nginx -t
service nginx restart

TLS/SSL

apt-get install certbot python3-certbot-nginx
certbot --nginx

Static Files

@ /etc/nginx/sites-available/apache

server {
    listen 80;
    server_name {domain}.{tld} {sub}.{domain}.{tld};
    root /var/www/html/{domain}.{tld};
    index index.html index.php;

    location / {
        try_files $uri $uri/ /index.php;
    }

    location ~ \.php$ {
        proxy_pass http://{IP}:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location ~ /\.ht {
        deny all;
    }

    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/{domain}.{tld}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{domain}.{tld}/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

server {
    ...
}

nginx -t
service nginx restart

Authors:

  • Jihad Sinnaour - Jakiboy (Initial work)

⭐ Support:

Please give it a Star if you like the project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment