Setup Nginx as web server and as reverse proxy for Apache with Virtualmin support

Sorry, this entry is only available in PT. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.

We know that Nginx is more faster than Apache and most of us prefer to replace Apache with Nginx as their web server. Nginx is known to serve faster static content and run with less RAM. As of this writing, Virtualmin supports Apache as its web server. To take advantage of Nginx, we will install it as reverse proxy for Apache and continue using Virtualmin to manage your domains. This guide also applies to¬†Nginx+PHP FPM setup¬†just skip the “Configure Apache” section and skip the “Configure Virtualmin” section if you are not using Virtualmin. Nginx configurations for virtual host are tailored for Drupal site and the following are the features:

The following procedures are tested on Linode server running Centos 7 64-bit Linux distribution.

Install Nginx

If you need to install Nginx with PageSpeed module please follow the steps here instead then jump to configure Nginx section.

  1. In able to install the latest Nginx server we will need to register Nginx repository:
    Have the following codes as its content:
    Note: if just in case the nginx does not install try to hard code the $releasever with value of 7
  2. Install Nginx using yum:
  3. Make Nginx auto-start upon reboot:

Configure Nginx

  1. We will not need the native Nginx configurations provided because we will create new configurations. Lets backup the original Nginx configurations first:
  2. Create the folders following the directory structure shown below:Nginx folder structure

    In the next steps, we will populate these folders with Nginx configurations. We will start populating each folder from bottom folder (utils) to top folder (apps).

  3. Create the main Nginx file /etc/nginx/nginx.conf and copy the following scripts to this file:

    Note: To generate the following SSL certificate files:

    … follow steps in this article:¬†Using Let’s Encrypt free SSL/TLS certificates with Nginx.

  4. Lets populate /etc/nginx/utils:Create the file /etc/nginx/utils/undefined_server_name_handler.conf and copy the following scripts to this file:

    Note: Replace all the occurrence of¬†XXX.XXX.XXX.XXX¬†with your server’s IPv4 address and¬†XXXX:XXXX::XXXX:XXXX:XXXX:XXXX¬†with your server’s IPv6 address.

    Create the file /etc/nginx/utils/mod_header.conf and copy the following scripts to this file:

    Create the file /etc/nginx/utils/nginx_status_vhost.conf and copy the following scripts to this file:

    Create the file /etc/nginx/utils/apache/microcache.conf and copy the following scripts to this file:

    Create the file /etc/nginx/utils/apache/microcache_auth.conf and copy the following scripts to this file:

    Create the file /etc/nginx/utils/apache/microcache_zone.conf and copy the following scripts to this file:

    Create the file /etc/nginx/utils/apache/php_fpm_status_vhost.conf and copy the following scripts to this file:

    Create the file /etc/nginx/utils/apache/php_pass.conf and copy the following scripts to this file:

    Create the file /etc/nginx/utils/apache/upstream.conf and copy the following scripts to this file:

    Populate the /etc/nginx/utils/fastcgi folder under this guide: Setup PHP FPM for Nginx.

  5. The /etc/nginx/sites-enabled folder is used as container for enabled websites which are soft link to physical file Nginx configuration of each of your website virtual host stored at /etc/nginx/sites-available/prod.
  6. Lets populate /etc/nginx/sites-available:Create the file /etc/nginx/sites-available/template.conf and copy the following scripts to this file:

    Note: Replace all the occurrence of¬†XXX.XXX.XXX.XXX¬†with your server’s IPv4 address and¬†XXXX:XXXX::XXXX:XXXX:XXXX:XXXX¬†with your server’s IPv6 address.

    Create the file /etc/nginx/sites-available/template_ssl.conf and copy the following scripts to this file:

    Note: Replace all the occurrence of¬†XXX.XXX.XXX.XXX¬†with your server’s IPv4 address and¬†XXXX:XXXX::XXXX:XXXX:XXXX:XXXX¬†with your server’s IPv6 address.

    The two scripts above /etc/nginx/sites-available/template.conf and /etc/nginx/sites-available/template_ssl.conf will be used by the Virtualmin to generate Nginx configuration for your website virtual host when created using Virtualmin. By default, these configurations utilizes the use of Drush for site maintenance. If you wanted the original Drupal behavior in installing new site, uncomment the line:

    For original Drupal cron and update behavior, uncomment the line:

    Note: This uses Basic Authentication so it will challenge you for password.

    If you are not using Virtualmin, you can use the following bash script to create Nginx configuration for your website virtual host. Create the file /etc/nginx/sites-available/buildsitesconf.sh and add the following to it:

    Note: Replace the¬†'yourwebsite.com' 'yourotherwebsite.com'¬†with your own website domains and¬†'/home/drupal/public_html'¬†with your websites’ root path (eg. if your websites’ root path is¬†/var/www¬†then change it to¬†'/var/www').

    Make it executable:

    When you executed this script, it will generate non-SSL and SSL versions of Nginx configuration for your website virtual hosts that you defined at /etc/nginx/sites-available/buildsitesconf.sh. The generated Nginx configuration will be saved at /etc/nginx/sites-available/prod.

    To enable a non-SSL version virtual host Nginx configuration, just create a soft link of this configuration file from /etc/nginx/sites-available/prod to /etc/nginx/sites-enabled example:

    … or if SSL version is desired:

    This is easy and good approach to disable and enable a virtual host.

    The /etc/nginx/sites-available/prod folder will be used by the /etc/nginx/sites-available/template.conf and /etc/nginx/sites-available/template_ssl.conf scripts as container for the generated Nginx configuration of your website virtual host.

    The /etc/nginx/sites-available/admin folder will be used for Admin UI Nginx configurations like:

    The¬†/etc/nginx/sites-available/targeted_server_config¬†folder will be used by the¬†/etc/nginx/sites-available/template.conf¬†and¬†/etc/nginx/sites-available/template_ssl.conf¬†scripts to look for the filename that will match the domain under process. e.g. if the template script processing the domain “webfoobar.com”, it will look for a filename “webfoobar.com.conf” and this should only contain your custom Nginx configuration for “webfoobar.com” domain in¬†server¬†context. Domains that don’t have custom Nginx configuration need not to create file under this folder.

  7. Lets populate /etc/nginx/map:Create the file /etc/nginx/map/php_fpm_status_allowed_hosts.conf and add the following to it:

    Create the file /etc/nginx/map/nginx_status_allowed_hosts.conf and add the following to it:

    Create the file /etc/nginx/map/hotlinking_protection_allowed_hosts.conf and add the following to it:

    Create the file /etc/nginx/map/drupal_external_cache.conf and add the following to it:

    Note: You can also use the Method 1 mentioned here: Methods to disable Nginx cache when user is authenticated in Drupal as I find it more reliable indicator for user status: anonymous or authenticated.

    Create the file /etc/nginx/map/cron_allowed_hosts.conf and add the following to it:

    Create the file /etc/nginx/map/block_http_methods.conf and add the following to it:

    Create the file /etc/nginx/map/x_forwarded_proto.conf and add the following to it:

    Create the file /etc/nginx/map/blacklist.conf and add the following to it:

  8. Lets populate /etc/nginx/lib:Create the file /etc/nginx/lib/win-utf and add the following to it:

    Create the file /etc/nginx/lib/mime.types and add the following to it:

    Create the file /etc/nginx/lib/koi-win and add the following to it:

    Create the file /etc/nginx/lib/koi-utf and add the following to it:

  9. Lets populate /etc/nginx/key:Generate DH parameters file with 2048 bit long safe prime:

    Generate HTTP Authentication:

    This command will prompt password for the new user with the name admin.

  10. Lets populate /etc/nginx/apps:Create the file /etc/nginx/drupal/static_files_handler.conf and add the following to it:

    Create the file /etc/nginx/drupal/php_handler.conf and add the following to it:

    We have two options here: microcache_auth.conf which uses the Nginx cache for anonymous users only and microcache.conf which uses the Nginx cache for both anonymous and authenticated users. The microcache_auth.conf is enabled by default. Select between the two according to your requirements.

    Create the file /etc/nginx/drupal/named_location.conf and add the following to it:

    Create the file /etc/nginx/drupal/drupal_upload_progress.conf and add the following to it:

    Create the file /etc/nginx/drupal/drupal_install.conf and add the following to it:

    Create the file /etc/nginx/drupal/drupal_cron_update.conf and add the following to it:

    Create the file /etc/nginx/drupal/core.conf and add the following to it:

    Create the file /etc/nginx/drupal/common_server_context.conf and add the following to it:

    Create the file /etc/nginx/drupal/boost.conf and add the following to it:

    Populate the /etc/nginx/apps/pagespeed folder under this guide.

    To enable Google PageSpeed in your Nginx configuration (make sure first that your Nginx is compiled with PageSpeed module), uncomment the line seen below at /etc/nginx/nginx.conf:

    … also uncomment the line seen below at¬†/etc/nginx/apps/drupal/common_server_context.conf:
    … and uncomment the line seen below at¬†/etc/nginx/site-available/template.conf:
  11. To enable this Nginx reverse proxy for Apache setup, execute the following: