zeldor.biz

Linux, programming and more

Nginx and Apache2

by Leave a Comment

I decided to put a nginX (pronounced as ‘Engine X’) as my primary webserver to reduce the server load and improve performance.

Nginx can only handle static content (CSS, simple HTML, and static files) l have to proxy incoming dynamic requests to another server, in my case Apache2 with PHP5 as suExec/ Fcgid.

Do not panic if you see the nginx configs the first time, they are really harmless and simple to understand:)

Bring Nginx to listen for IPv6:

1
2
3
4
5

server {
    [...]
    listen   [::]:80 default ipv6only=on; # listen for ipv6
    [...]
    }

After I tested my setup with nikto I found that Nginx shows its real version:

1
2
3
4
5
6

- Nikto 2.02/2.03
+ Target Hostname: zeldor.biz
+ Target Port:     80
+ Start Time:      2011-01-18 11:07:11
----------------------------------
+ Server: nginx/0.7.67

Disable it:

1
2
3
4
5

server {
    [...]
    server_tokens off; # Hide Server version
    [...]
    }

My basic “/etc/nginx/sites-enabled/default” config:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

server {
 
	listen   80; # listen for ipv4
	listen   [::]:80 default ipv6only=on; # listen for ipv6
        server_tokens off; # hide server version
 
	server_name  _; # underdash means for all hosts
 
	access_log  /var/log/nginx/localhost.access.log;
 
        location / {
            proxy_pass         http://127.0.0.1:8080;
            proxy_redirect     off;
 
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            client_max_body_size       10m;
            client_body_buffer_size    128k;
            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;
            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }
}

Before reload or restart nginx check the syntax of your configs:

1
2
3
4
5

web-server ~ # nginx -t
# or
web-server ~ # nginx -t -c /etc/nginx/nginx.conf
the configuration file /etc/nginx/nginx.conf syntax is ok
configuration file /etc/nginx/nginx.conf test is successful

Some of you will hear some benefits, here they are:
– NginX handles static content very well.
– Quick and easy migration of your backend services to another server.
– The memory footprint of Nginx is very small (Perfect solution for VPS-Servers)

Update:

1
2
3
4
5
6
7
8
9
10
11

vim /etc/nginx/sites-enabled/default
 
          # Block download agents
          if ($http_user_agent ~* LWP::Simple|BBBike|wget) {
              return 403;
          }  
 
          # Block some nasty robots
          if ($http_user_agent ~* msnbot|scrapbot) {
              return 403;
          }

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Leave a Reply

Your email address will not be published. Required fields are marked *