Install Apache and run Nginx as a reverse proxy

It's not that complex and that is making Nginx faster:

Like Apache: .htaccess | NGINX

 

Hey, just wanted to say thanks to this thread, for servers that have legacy support for .htaccess, or unique cgi-bin interactions with perl and apache modules, going through and converting them to nginx is NOT a good solution, unless you love to deliver programs that don't work quite like they used to and have bugs. Or charge them or a fortune. Or both.

So this solution works really nice for those legacy servers I have to maintain. There's more though, you need to do better with the vhost solutions for nginx. Also domains will need to be setup a certain way with apache and it won't auto create that for you. Since these domains are few, and aren't added a lot to it's not a prob for me.

make a file in /usr/local/nginx/conf/proxy_apache.conf :

Code:

proxy_set_header X-Real-IP  $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;

server_name_in_redirect off;
sendfile off;
proxy_redirect off;

Now for your server block in the nginx file for your domain under /usr/loca/nginx/conf/conf.d/domain.com.ssl.conf note I disabled the non ssl site and uncommented the top part to make it always use ssl which isn't shown here, if you use non ssl you'll need to do this for the non ssl file too.

Code:

    # Proxy anything that isn't a file.
    location / {
       try_files $uri @apache;
    }

    # Proxy directories (This fixes the loop)
    # This will kill any other indexes like index.html if they're not explicitly used in the URL.
    location ~[^?]*/$ {
       if ( $is_args = "?" ){
           rewrite / /index.php$is_args$args;
       }
       try_files $uri @apache;
    }

   #cgi-bin
    location ~ cgi-bin/ {
       include /usr/local/nginx/conf/proxy_apache.conf;
    }
    # Proxy any .php file.
    location ~ \.php$ {
       include /usr/local/nginx/conf/proxy_apache.conf;
    }

    # Proxy to apache, used by location / {...}
    location @apache {
       include /usr/local/nginx/conf/proxy_apache.conf;
    }

   # prevent access to ./directories and files
   location ~ (?:^|/)\. {
       deny all;
   }

The nginx rules took the most work by far and it was a combination of solutions I found online to solve diff problems. So far we have a sophisticated old school user lockout system that uses excessive http rewrites and cgi-bin perl modules running it very well.

Now we get to the httpd configuration part which was fairly easy in no small part because we know the traffic it gets is supposed to be there:

Code:

ServerName domain.com
<VirtualHost *:8080>
    ServerName domain.com
    #ServerAlias *.domain.com

    DocumentRoot /home/nginx/domains/domain.com/public/

    <Directory /home/nginx/domains/domain.com/public/>
        Options -Indexes +FollowSymLinks +MultiViews
        AllowOverride All
   AcceptPathInfo On
        Require all granted
    </Directory>

     <Directory "/home/nginx/domains/domain.com/public/cgi-bin/">
         Options +ExecCGI
         AddHandler cgi-script .cgi .pl
     </Directory>
    ScriptAlias "/cgi-bin/" "/home/nginx/domains/domain.com/public/cgi-bin/"

    <FilesMatch \.php$>
        # 2.4.10+ can proxy to unix socket
        # SetHandler "proxy:unix:/var/run/php5-fpm.sock|fcgi://localhost/"

        # Else we can just use a tcp socket:
        SetHandler "proxy:fcgi://127.0.0.1:9000"
    </FilesMatch>

    ErrorLog /var/log/httpd/domain.com-error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/httpd/domain.com-access.log combined

</VirtualHost>

You also need to change /etc/httpd/conf/httpd.conf and replace lines for User and Group with:

Code:

User nginx
Group nginx

This makes it work with nginx permissions wise.

The only other thing you'll want to do is any scripts that depend on the actual IP address, change them to use HTTP_CF_CONNECTING_IP header, if you're using cloudflare, or whichever header it's stored in, some possible listed here: https://www.virendrachandak.com/techtalk/getting-real-client-ip-address-in-php-2/ otherwise.

When I tried this with the default centos httpd server it was a mess, cloudflare had these super rare errors and ppl would get error messages, but those messages didn't show up if you bypassed cloudflare. Since cloudflare works with most sites, it had to be something with the apache setup. It only happened under larger loads too. This one, not a single problem so thanks again.