zeldor.biz

Linux, programming and more

Copyright © 2023
Log in

Nginx and Apache2

January 18, 2011 by Igor Drobot Leave a Comment

I decided to put a nginX (pronounced as ‘Engine X’) as my primary webserver to reduce the server load and improve performance.

Nginx can only handle static content (CSS, simple HTML, and static files) l have to proxy incoming dynamic requests to another server, in my case Apache2 with PHP5 as suExec/ Fcgid.

Do not panic if you see the nginx configs the first time, they are really harmless and simple to understand:)

Bring Nginx to listen for IPv6:

1
2
3
4
5
server {
    [...]
    listen   [::]:80 default ipv6only=on; # listen for ipv6
    [...]
    }

server { [...] listen [::]:80 default ipv6only=on; # listen for ipv6 [...] }

After I tested my setup with nikto I found that Nginx shows its real version:

1
2
3
4
5
6
- Nikto 2.02/2.03
+ Target Hostname: zeldor.biz
+ Target Port:     80
+ Start Time:      2011-01-18 11:07:11
----------------------------------
+ Server: nginx/0.7.67

- Nikto 2.02/2.03 + Target Hostname: zeldor.biz + Target Port: 80 + Start Time: 2011-01-18 11:07:11 ---------------------------------- + Server: nginx/0.7.67

Disable it:

1
2
3
4
5
server {
    [...]
    server_tokens off; # Hide Server version
    [...]
    }

server { [...] server_tokens off; # Hide Server version [...] }

My basic “/etc/nginx/sites-enabled/default” config:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
server {
 
	listen   80; # listen for ipv4
	listen   [::]:80 default ipv6only=on; # listen for ipv6
        server_tokens off; # hide server version
 
	server_name  _; # underdash means for all hosts
 
	access_log  /var/log/nginx/localhost.access.log;
 
        location / {
            proxy_pass         http://127.0.0.1:8080;
            proxy_redirect     off;
 
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            client_max_body_size       10m;
            client_body_buffer_size    128k;
            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;
            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }
}

server { listen 80; # listen for ipv4 listen [::]:80 default ipv6only=on; # listen for ipv6 server_tokens off; # hide server version server_name _; # underdash means for all hosts access_log /var/log/nginx/localhost.access.log; location / { proxy_pass http://127.0.0.1:8080; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } }

Before reload or restart nginx check the syntax of your configs:

1
2
3
4
5
web-server ~ # nginx -t
# or
web-server ~ # nginx -t -c /etc/nginx/nginx.conf
the configuration file /etc/nginx/nginx.conf syntax is ok
configuration file /etc/nginx/nginx.conf test is successful

web-server ~ # nginx -t # or web-server ~ # nginx -t -c /etc/nginx/nginx.conf the configuration file /etc/nginx/nginx.conf syntax is ok configuration file /etc/nginx/nginx.conf test is successful

Some of you will hear some benefits, here they are:
– NginX handles static content very well.
– Quick and easy migration of your backend services to another server.
– The memory footprint of Nginx is very small (Perfect solution for VPS-Servers)

Update:

1
2
3
4
5
6
7
8
9
10
11
vim /etc/nginx/sites-enabled/default
 
          # Block download agents
          if ($http_user_agent ~* LWP::Simple|BBBike|wget) {
              return 403;
          }  
 
          # Block some nasty robots
          if ($http_user_agent ~* msnbot|scrapbot) {
              return 403;
          }

vim /etc/nginx/sites-enabled/default # Block download agents if ($http_user_agent ~* LWP::Simple|BBBike|wget) { return 403; } # Block some nasty robots if ($http_user_agent ~* msnbot|scrapbot) { return 403; }

Filed Under: Debian, Linux Tagged With: apache2, load, Nginx, Performance, Proxy

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Leave a Reply

Your email address will not be published. Required fields are marked *