zeldor.biz

Linux, programming and more

Copyright © 2025
Log in

Nginx and Apache2

January 18, 2011 by Igor Drobot Leave a Comment

I decided to put a nginX (pronounced as ‘Engine X’) as my primary webserver to reduce the server load and improve performance.

Nginx can only handle static content (CSS, simple HTML, and static files) l have to proxy incoming dynamic requests to another server, in my case Apache2 with PHP5 as suExec/ Fcgid.

Do not panic if you see the nginx configs the first time, they are really harmless and simple to understand:)

Bring Nginx to listen for IPv6:

1
2
3
4
5
server {
    [...]
    listen   [::]:80 default ipv6only=on; # listen for ipv6
    [...]
    }

server { [...] listen [::]:80 default ipv6only=on; # listen for ipv6 [...] }

After I tested my setup with nikto I found that Nginx shows its real version:

1
2
3
4
5
6
- Nikto 2.02/2.03
+ Target Hostname: zeldor.biz
+ Target Port:     80
+ Start Time:      2011-01-18 11:07:11
----------------------------------
+ Server: nginx/0.7.67

- Nikto 2.02/2.03 + Target Hostname: zeldor.biz + Target Port: 80 + Start Time: 2011-01-18 11:07:11 ---------------------------------- + Server: nginx/0.7.67

Disable it:

1
2
3
4
5
server {
    [...]
    server_tokens off; # Hide Server version
    [...]
    }

server { [...] server_tokens off; # Hide Server version [...] }

My basic “/etc/nginx/sites-enabled/default” config:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
server {
 
	listen   80; # listen for ipv4
	listen   [::]:80 default ipv6only=on; # listen for ipv6
        server_tokens off; # hide server version
 
	server_name  _; # underdash means for all hosts
 
	access_log  /var/log/nginx/localhost.access.log;
 
        location / {
            proxy_pass         http://127.0.0.1:8080;
            proxy_redirect     off;
 
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            client_max_body_size       10m;
            client_body_buffer_size    128k;
            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;
            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }
}

server { listen 80; # listen for ipv4 listen [::]:80 default ipv6only=on; # listen for ipv6 server_tokens off; # hide server version server_name _; # underdash means for all hosts access_log /var/log/nginx/localhost.access.log; location / { proxy_pass http://127.0.0.1:8080; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } }

Before reload or restart nginx check the syntax of your configs:

1
2
3
4
5
web-server ~ # nginx -t
# or
web-server ~ # nginx -t -c /etc/nginx/nginx.conf
the configuration file /etc/nginx/nginx.conf syntax is ok
configuration file /etc/nginx/nginx.conf test is successful

web-server ~ # nginx -t # or web-server ~ # nginx -t -c /etc/nginx/nginx.conf the configuration file /etc/nginx/nginx.conf syntax is ok configuration file /etc/nginx/nginx.conf test is successful

Some of you will hear some benefits, here they are:
– NginX handles static content very well.
– Quick and easy migration of your backend services to another server.
– The memory footprint of Nginx is very small (Perfect solution for VPS-Servers)

Update:

1
2
3
4
5
6
7
8
9
10
11
vim /etc/nginx/sites-enabled/default
 
          # Block download agents
          if ($http_user_agent ~* LWP::Simple|BBBike|wget) {
              return 403;
          }  
 
          # Block some nasty robots
          if ($http_user_agent ~* msnbot|scrapbot) {
              return 403;
          }

vim /etc/nginx/sites-enabled/default # Block download agents if ($http_user_agent ~* LWP::Simple|BBBike|wget) { return 403; } # Block some nasty robots if ($http_user_agent ~* msnbot|scrapbot) { return 403; }

Filed Under: Debian, Linux Tagged With: apache2, load, Nginx, Performance, Proxy

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Leave a Reply

Your email address will not be published. Required fields are marked *

Yeaaah Cookie! We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok