Setup Nginx as web server and as reverse proxy for Apache with Virtualmin support

Sorry, this entry is only available in Brazilian Portuguese. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.

We know that Nginx is more faster than Apache and most of us prefer to replace Apache with Nginx as their web server. Nginx is known to serve faster static content and run with less RAM. As of this writing, Virtualmin supports Apache as its web server. To take advantage of Nginx, we will install it as reverse proxy for Apache and continue using Virtualmin to manage your domains. This guide also applies to聽Nginx+PHP FPM setup聽just skip the “Configure Apache” section and skip the “Configure Virtualmin” section if you are not using Virtualmin. Nginx configurations for virtual host are tailored for Drupal site and the following are the features:

The following procedures are tested on聽Linode server聽running Centos 7 64-bit Linux distribution.

Install Nginx

If you need to install Nginx with PageSpeed module please follow the steps聽here聽instead then jump to聽configure Nginx聽section.

  1. In able to install the latest Nginx server we will need to register Nginx repository:
    Have the following codes as its content:
    Note: if just in case the nginx does not install try to hard code the $releasever with value of 7
  2. Install Nginx using yum:
  3. Make Nginx auto-start upon reboot:

Configure Nginx

  1. We will not need the native Nginx configurations provided because we will create new configurations. Lets backup the original Nginx configurations first:
  2. Create the folders following the directory structure shown below:Nginx folder structure

    In the next steps, we will populate these folders with Nginx configurations. We will start populating each folder from bottom folder (utils) to top folder (apps).

  3. Create the main Nginx file聽/etc/nginx/nginx.conf聽and copy the following scripts to this file:

    Note: To generate the following SSL certificate files:

    … follow steps in this article:聽Using Let’s Encrypt free SSL/TLS certificates with Nginx.

  4. Lets populate聽/etc/nginx/utils:Create the file聽/etc/nginx/utils/undefined_server_name_handler.conf聽and copy the following scripts to this file:

    Note: Replace all the occurrence of聽XXX.XXX.XXX.XXX聽with your server’s IPv4 address and聽XXXX:XXXX::XXXX:XXXX:XXXX:XXXX聽with your server’s IPv6 address.

    Create the file聽/etc/nginx/utils/mod_header.conf聽and copy the following scripts to this file:

    Create the file聽/etc/nginx/utils/nginx_status_vhost.conf聽and copy the following scripts to this file:

    Create the file聽/etc/nginx/utils/apache/microcache.conf聽and copy the following scripts to this file:

    Create the file聽/etc/nginx/utils/apache/microcache_auth.conf聽and copy the following scripts to this file:

    Create the file聽/etc/nginx/utils/apache/microcache_zone.conf聽and copy the following scripts to this file:

    Create the file聽/etc/nginx/utils/apache/php_fpm_status_vhost.conf聽and copy the following scripts to this file:

    Create the file聽/etc/nginx/utils/apache/php_pass.conf聽and copy the following scripts to this file:

    Create the file聽/etc/nginx/utils/apache/upstream.conf聽and copy the following scripts to this file:

    Populate the聽/etc/nginx/utils/fastcgi聽folder under this guide:聽Setup PHP FPM for Nginx.

  5. The聽/etc/nginx/sites-enabled聽folder is used as container for enabled websites which are soft link to physical file Nginx configuration of each of your website virtual host stored at聽/etc/nginx/sites-available/prod.
  6. Lets populate聽/etc/nginx/sites-available:Create the file聽/etc/nginx/sites-available/template.conf聽and copy the following scripts to this file:

    Note: Replace all the occurrence of聽XXX.XXX.XXX.XXX聽with your server’s IPv4 address and聽XXXX:XXXX::XXXX:XXXX:XXXX:XXXX聽with your server’s IPv6 address.

    Create the file聽/etc/nginx/sites-available/template_ssl.conf聽and copy the following scripts to this file:

    Note: Replace all the occurrence of聽XXX.XXX.XXX.XXX聽with your server’s IPv4 address and聽XXXX:XXXX::XXXX:XXXX:XXXX:XXXX聽with your server’s IPv6 address.

    The two scripts above聽/etc/nginx/sites-available/template.conf聽and聽/etc/nginx/sites-available/template_ssl.conf聽will be used by the Virtualmin to generate Nginx configuration for your website virtual host when created using Virtualmin. By default, these configurations utilizes the use of聽Drush聽for site maintenance. If you wanted the original Drupal behavior in installing new site, uncomment the line:

    For original Drupal cron and update behavior, uncomment the line:

    Note: This uses Basic Authentication so it will challenge you for password.

    If you are not using Virtualmin, you can use the following bash script to create Nginx configuration for your website virtual host. Create the file聽/etc/nginx/sites-available/buildsitesconf.sh聽and add the following to it:

    Note: Replace the聽'yourwebsite.com' 'yourotherwebsite.com'聽with your own website domains and聽'/home/drupal/public_html'聽with your websites’ root path (eg. if your websites’ root path is聽/var/www聽then change it to聽'/var/www').

    Make it executable:

    When you executed this script, it will generate non-SSL and SSL versions of Nginx configuration for your website virtual hosts that you defined at聽/etc/nginx/sites-available/buildsitesconf.sh. The generated Nginx configuration will be saved at聽/etc/nginx/sites-available/prod.

    To enable a non-SSL version virtual host Nginx configuration, just create a soft link of this configuration file from /etc/nginx/sites-available/prod to /etc/nginx/sites-enabled example:

    … or if SSL version is desired:

    This is easy and good approach to disable and enable a virtual host.

    The聽/etc/nginx/sites-available/prod聽folder will be used by the聽/etc/nginx/sites-available/template.conf聽and聽/etc/nginx/sites-available/template_ssl.conf聽scripts as container for the generated Nginx configuration of your website virtual host.

    The聽/etc/nginx/sites-available/admin聽folder will be used for Admin UI Nginx configurations like:

    The聽/etc/nginx/sites-available/targeted_server_config聽folder will be used by the聽/etc/nginx/sites-available/template.conf聽and聽/etc/nginx/sites-available/template_ssl.conf聽scripts to look for the filename that will match the domain under process. e.g. if the template script processing the domain “webfoobar.com”, it will look for a filename “webfoobar.com.conf” and this should only contain your custom Nginx configuration for “webfoobar.com” domain in聽server聽context. Domains that don’t have custom Nginx configuration need not to create file under this folder.

  7. Lets populate聽/etc/nginx/map:Create the file聽/etc/nginx/map/php_fpm_status_allowed_hosts.conf聽and add the following to it:

    Create the file聽/etc/nginx/map/nginx_status_allowed_hosts.conf聽and add the following to it:

    Create the file聽/etc/nginx/map/hotlinking_protection_allowed_hosts.conf聽and add the following to it:

    Create the file聽/etc/nginx/map/drupal_external_cache.conf聽and add the following to it:

    Note: You can also use the Method 1 mentioned here:聽Methods to disable Nginx cache when user is authenticated in Drupal聽as I find it more reliable indicator for user status: anonymous or authenticated.

    Create the file聽/etc/nginx/map/cron_allowed_hosts.conf聽and add the following to it:

    Create the file聽/etc/nginx/map/block_http_methods.conf聽and add the following to it:

    Create the file聽/etc/nginx/map/x_forwarded_proto.conf聽and add the following to it:

    Create the file聽/etc/nginx/map/blacklist.conf聽and add the following to it:

  8. Lets populate聽/etc/nginx/lib:Create the file聽/etc/nginx/lib/win-utf聽and add the following to it:

    Create the file聽/etc/nginx/lib/mime.types聽and add the following to it:

    Create the file聽/etc/nginx/lib/koi-win聽and add the following to it:

    Create the file聽/etc/nginx/lib/koi-utf聽and add the following to it:

  9. Lets populate聽/etc/nginx/key:Generate DH parameters file with 2048 bit long safe prime:

    Generate HTTP Authentication:

    This command will prompt password for the new user with the name聽admin.

  10. Lets populate聽/etc/nginx/apps:Create the file聽/etc/nginx/drupal/static_files_handler.conf聽and add the following to it:

    Create the file聽/etc/nginx/drupal/php_handler.conf聽and add the following to it:

    We have two options here:聽microcache_auth.conf聽which uses the Nginx cache for anonymous users only and聽microcache.conf聽which uses the Nginx cache for both anonymous and authenticated users. The聽microcache_auth.conf聽is enabled by default. Select between the two according to your requirements.

    Create the file聽/etc/nginx/drupal/named_location.conf聽and add the following to it:

    Create the file聽/etc/nginx/drupal/drupal_upload_progress.conf聽and add the following to it:

    Create the file聽/etc/nginx/drupal/drupal_install.conf聽and add the following to it:

    Create the file聽/etc/nginx/drupal/drupal_cron_update.conf聽and add the following to it:

    Create the file聽/etc/nginx/drupal/core.conf聽and add the following to it:

    Create the file聽/etc/nginx/drupal/common_server_context.conf聽and add the following to it:

    Create the file聽/etc/nginx/drupal/boost.conf聽and add the following to it:

    Populate the聽/etc/nginx/apps/pagespeed聽folder under this聽guide.

    To enable Google PageSpeed in your Nginx configuration (make sure first that your聽Nginx is compiled with PageSpeed module), uncomment the line seen below at聽/etc/nginx/nginx.conf:

    … also uncomment the line seen below at聽/etc/nginx/apps/drupal/common_server_context.conf:
    … and uncomment the line seen below at聽/etc/nginx/site-available/template.conf:
  11. To enable this Nginx reverse proxy for Apache setup, execute the following:
    On the other hand, if PHP FPM backend is your setup, execute the following: