• [email protected]
  • Afghanistan's #1 Web Hosting Company Since 2006
PAMIR WEBHOSTING LLC.

24/7 Support

Technical support 24/7

+93 (0) 705 800 700

Need Help? Call Us Anytime

Sign In

Acces Client Area

DEALS
MENU MENU
  • Domains
    • Domains

      Select, Register and Establish your domain with us.
    • Registration
    • Domain Reseller
  • Hosting
        • Web Hosting

          Get website performance reliable web hosting.
        • Linux Hosting
        • Windows Hosting
        • Reseller Hosting

          Get Business Ready with the premium Linux Reseller Hosting!
        • Linux Reseller
        • Windows Reseller
  • VPS Server
    • VPS Server

      Build your business empire using the VPS power.
    • Linux Server
    • Windows Server
  • Dedicated Server
    • Dedicated Server

      Keep noisy neighbors at bay with a server of your own.
    • Linux Server
    • Windows Server
  • Email & Office
    • Email & Office

      Communicate like a pro with advanced mailing solutions.
    • Microsoft Office 365
    • Business Email
    • G Suite
  • Security & Backup
        • Security

          Let us take on your day-to-day web security challenges
        • SSL Certificate
        • SpamExperts
        • SiteLock
        • Backup

          Backing up your IT infrastructure is made easy
        • CodeGuard
  • Services
    • Managed Services

      Custom cloud to meet your business needs.
    • Amazon Web Services
    • Microsoft Azure
    • Web Development
    • 3CX Phone System
    • VOS3000 Hosting
    • Licensing Distributor
  • About
    • Meet Managed Hosting Expert

      Clean, authentic, and transparent.
    • Who We Are
    • Why Choose Us
    • Announcements
    • Support Center
    • Contact Us
    • Blog
  • DEALS
  • 0 Shopping Cart
  • More
  1. Portal Home
  2. Knowledgebase
  3. Security Issue
  4. HowTo: Use Nginx As Reverse Proxy Server

  Categories

6
Billing
30
cPanel/WHM
2
DirectAdmin
8
eMail/Webmail
5
Features
4
FTP Issues
14
Hosting Issue.
3
Joomla!/WordPress
2
Plesk/Onyx
12
Pre-Sale Questions
3
Resource Limits
16
Security Issue
7
Server Issues
5
Server Modules
8
SQL/Databases
6
Tech Support
3
Tips and Tricks
10
VPS/Dedicated

  Categories

  Tag Cloud

Advance Firewall apache APF BDF clamav cloudlinux cpanel cpanel mail cPanel/WHM duplicate duplicate email email email downloading Firewall free plesk onyx mail problem mod_userdir old email downloads old emails one-time plesk password onyx hosting onyx password reset outlook outlook not sending email password password reset php mail php mailer php selector plesk plesk hosting plesk password reset plesk password retrieve plesk password retrieving windows selection php version server security virus webmail website security whm windows hosting wordpress

  Support

  My Support Tickets   Announcements   Knowledgebase   Downloads   Network Status   Open Ticket

HowTo: Use Nginx As Reverse Proxy Server Print

  • 5

Nginx is an open source Web server and a reverse proxy server. You can use nginx for a load balancing and/or as a proxy solution to run services from inside those machines through your host's single public IP address such as 202.54.1.1. In this post, I will explain how to install nginx as reverse proxy server for Apache+php5 domain called www.example.com and Lighttpd static asset domain called static.example.com. You need to type the following commands on vm00having an IP address 192.168.1.1 only.

DNS Setup

Make sure both www.example.com and static.example.com point to public IP address 202.54.1.1.

Install nginx server

Type the following command to install nginx web server:
$ cd /tmp
$ wget http://nginx.org/packages/rhel/6/noarch/RPMS/nginx-release-rhel-6-0.el6.ngx.noarch.rpm
# rpm -iv nginx-release-rhel-6-0.el6.ngx.noarch.rpm
# yum install nginx

Sample outputs:

Loaded plugins: rhnplugin
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 0:1.2.1-1.el6.ngx will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=========================================================================
 Package      Arch          Version                   Repository    Size
=========================================================================
Installing:
 nginx        x86_64        1.2.1-1.el6.ngx           nginx        331 k
Transaction Summary
=========================================================================
Install       1 Package(s)
Total download size: 331 k
Installed size: 730 k
Is this ok [y/N]: y
Downloading Packages:
nginx-1.2.1-1.el6.ngx.x86_64.rpm                  | 331 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
  Installing : nginx-1.2.1-1.el6.ngx.x86_64                          1/1
----------------------------------------------------------------------
Thanks for using NGINX!
Check out our community web site:
* http://nginx.org/en/support.html
If you have questions about commercial support for NGINX please visit:
* http://www.nginx.com/support.html
----------------------------------------------------------------------
  Verifying  : nginx-1.2.1-1.el6.ngx.x86_64                          1/1
Installed:
  nginx.x86_64 0:1.2.1-1.el6.ngx
Complete!

Configure the nginx web server as reverse proxy

Edit /etc/nginx/conf.d/default.conf, enter:
# vi /etc/nginx/conf.d/default.conf
Add/correct as follows:

 
## Basic reverse proxy server ##
## Apache (vm02) backend for www.example.com ##
upstream apachephp  {
      server 192.168.1.11:80; #Apache1
}
 
## Lighttpd (vm01) backend for static.example.com ##
upstream lighttpd  {
      server 192.168.1.10:80; #Lighttpd1
}
 
## Start www.example.com ##
server {
    listen       202.54.1.1:80;
    server_name  www.example.com;
 
    access_log  /var/log/nginx/log/www.example.access.log  main;
    error_log  /var/log/nginx/log/www.example.error.log;
    root   /usr/share/nginx/html;
    index  index.html index.htm;
 
    ## send request back to apache1 ##
    location / {
     proxy_pass  http://apachephp;
     proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
     proxy_redirect off;
     proxy_buffering off;
     proxy_set_header        Host            $host;
     proxy_set_header        X-Real-IP       $remote_addr;
     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
   }
}
## End www.example.com ##
 
## START static.example.com ##
server {
   listen      202.54.1.1:80;
   server_name static.example.com;
   access_log  /var/log/nginx/log/static.example.com.access.log  main;
   error_log   /var/log/nginx/log/static.example.com.error.log;
   root        /usr/local/nginx/html;
   index       index.html;
 
   location / {
        proxy_pass  http://lighttpd;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;
        proxy_buffering off;
        proxy_set_header        Host            static.example.com;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
## END static.example.com  ##
 

Turn on Nginx

Type the following commands:
# chkconfig nginx on
# service nginx start

Configure firewall

Set firewall as follows:

  • Drop all INPUT/OUTPUT chain traffic by default.
  • Only open tcp port 202.54.1.1:80 and/or 443 on eth0 only.
  • Set eth1 as trusted device so that communication take place between nginx reverse proxy and Apache/Lighttpd backend servers.

Run the following command to set and customize firewall as described above:
# system-config-firewall-tui
You can edit /etc/sysconfig/iptables manually and set the firewall too. See our tutorial for more information.

/etc/sysctl.conf

Edit /etc/sysctl.conf as follows:

 
# Execshild
kernel.exec-shield = 1
kernel.randomize_va_space = 1
 
# IPv4 settings
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
 
# Increase system file descriptor limit to
fs.file-max = 50000
 
# Increase system IP port limits
net.ipv4.ip_local_port_range = 2000 65000
 
# Ipv6
net.ipv6.conf.default.router_solicitations = 0
net.ipv6.conf.default.accept_ra_rtr_pref = 0
net.ipv6.conf.default.accept_ra_pinfo = 0
net.ipv6.conf.default.accept_ra_defrtr = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.default.dad_transmits = 0
net.ipv6.conf.default.max_addresses = 1
 

Load new Linux kernel settings, run:
# sysctl -p
See Linux Kernel /etc/sysctl.conf Security Hardening faq for detailed explanation of above directives.

Securing Nginx web server

See our previous blog post, "Top 20 Nginx WebServer Best Security Practices" for more information. Also, for more information on nginx, reverse proxy and ssl configuration see our previous tutorials: Source: http://www.cyberciti.biz/tips/using-nginx-as-reverse-proxy.html


Was this answer helpful?

Related Articles

How to handle the Google Attack Page? When you see the dreaded Google attack site warning, you should immediately email : admin [@]... How to Protect WHMCS? Move the attachments, downloads & templates_c folders The three folders "attachments",... How to submit a DMCA complaint? Reporting copyright infringement? You must follow these steps before submitting any... My account was hacked! If you are the victim of a hacker, immediately email [email protected] and our experts will... My Joomla has been hacked! A Joomla is usually compromised when it or its components / modules are outdated. Another very...
« Back

  Tag Cloud

Advance Firewall apache APF BDF clamav cloudlinux cpanel cpanel mail cPanel/WHM duplicate duplicate email email email downloading Firewall free plesk onyx mail problem mod_userdir old email downloads old emails one-time plesk password onyx hosting onyx password reset outlook outlook not sending email password password reset php mail php mailer php selector plesk plesk hosting plesk password reset plesk password retrieve plesk password retrieving windows selection php version server security virus webmail website security whm windows hosting wordpress

  Support

  My Support Tickets   Announcements   Knowledgebase   Downloads   Network Status   Open Ticket

About Us

As one of the world’s leading web hosting providers, the team at PAMIR WEBHOST is confident in our ability to meet and exceed your individual hosting requirements. However, if as a customer, you’re unsatisfied with our ability to serve you, PAMIR WEBHOST offers an unconditional 15-day money-back guarantee on our shared hosting plans. You’ll have the option to cancel your account during the first 30 days of service, and receive a full refund of any collected service charges.

Read More

Support Center

  • Customer Portal
  • Support center
  • Knowledgebase
  • Announcements
  • Server Status

Products & Services

  • Shared Hosting
  • Reseller Hosting
  • VPS Server
  • Dedicated Server
  • Microsoft Office 365
  • SSL Certificate

Company

  • About Us
  • FAQ
  • Contact
  • Affiliate
  • Legal
  • We Accept:

Copyright © 2021 PAMIR WEBHOSTING LLC.. All Rights Reserved.


Loading...
Loading...
Choose language
العربية
Azerbaijani
Català
中文
Hrvatski
Čeština
Dansk
Nederlands
English
Estonian
Persian
Français
Deutsch
עברית
Magyar
Italiano
Macedonian
Norwegian
Português
Português
Română
Русский
Español
Svenska
Türkçe
Українська

Choose Currency

$ USD
AFN AFN

Generate Password

Please enter a number between 8 and 64 for the password length