Nginx en reverse proxy d'apache2

Objectif :

Soulager apache pendant les heures d’affluences, soulager ma machine virtuelle en consommation mémoire, permettre au contenu statique d’être téléchargé plus rapidement. Héberger plusieurs serveurs web avec une seule connexion internet et donc un seul port 80 ouvert sur le pare-feu.

image

Installation :

service apache2 stop 
apt-get install nginx 
service nginx stop

Mise en place :

1.Apache :

Modifier le fichier ports.conf et les fichiers de configurations du ou des hôtes virtuels.

nano /etc/apache2/ports.conf

Listen 80 
Listen 81 
Listen 82 
Listen 85 
Listen 86 # port d'écoute pour les requêtes SSL 
<IfModule mod_ssl.c> 
# If you add NameVirtualHost *:443 here, you will also have to change 
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl 
# to <VirtualHost *:443> 
# Server Name Indication for SSL named virtual hosts is currently not 
# supported by MSIE on Windows XP. 
Listen 8083 
Listen 8084 
</IfModule> 
<IfModule mod_gnutls.c> 
Listen 8083 Listen 8084 
</IfModule>

 Sur les hôtes virtuels voici la modification à apporter (exemple) :

<VirtualHost *:85> 
ServerName domain.tld 
DocumentRoot /var/www/blog/ 
	<Directory /> 
	Options FollowSymLinks 
	AllowOverride None 
	</Directory> 
	<Directory /var/www/blog> 
	Options Indexes FollowSymLinks MultiViews 
	AllowOverride None 
	Order allow,deny allow from all 
	</Directory> 
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ 
	<Directory "/usr/lib/cgi-bin"> 
	AllowOverride None 
	Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch 
	Order allow,deny Allow from all 
	</Directory> 
ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. 
LogLevel warn CustomLog /var/log/apache2/access.log combined Alias /doc/ "/usr/share/doc/" 
	<Directory "/usr/share/doc/"> 
	Options Indexes MultiViews FollowSymLinks 
	AllowOverride None 
	Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 
	</Directory> 
ServerSignature Off 
</VirtualHost>

Pour que les ip soient correctement journalisées sur le serveur apache, installer :

apt-get install libapache2-mod-rpaf 

2.NGINX

Configuration de nginx en mode reverse proxy :

nano /etc/nginx/proxy_params

proxy_redirect off; 
proxy_set_header Host $host; 
proxy_set_header X-Real-IP $remote_addr; 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
client_max_body_size 10m; 
client_body_buffer_size 128k; 
client_header_buffer_size 64k; 
proxy_connect_timeout 90; 
proxy_send_timeout 90; 
proxy_read_timeout 90; 
proxy_buffer_size 16k; 
proxy_buffers 32 16k; 
proxy_busy_buffers_size 64k;

Configuration globale de nginx :

user www-data; 
worker_processes 2; 
pid /var/run/nginx.pid; 
events { 
	worker_connections 1024; 
	# multi_accept on; 
    } 
	
http { 

## # Basic Settings ## 
sendfile on; 
tcp_nopush on; 
tcp_nodelay on; 
keepalive_timeout 65; 
types_hash_max_size 2048; 
server_tokens off; 
server_names_hash_bucket_size 64; 
# server_name_in_redirect off; 

include /etc/nginx/mime.types; 
default_type application/octet-stream; 

## # Logging Settings ## 
access_log /var/log/nginx/access.log; 
error_log /var/log/nginx/error.log; 

## # Gzip Settings ## 
gzip on; 
gzip_disable "msie6"; 
gzip_min_length 0; 
gzip_vary on; 
gzip_proxied any; 
gzip_comp_level 5; 
gzip_buffers 16 8k; 
gzip_http_version 1.1; 
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; 

## # nginx-naxsi config ## 

# Uncomment it if you installed nginx-naxsi 
## #include /etc/nginx/naxsi_core.rules; 
## # nginx-passenger config 
## # Uncomment it if you installed nginx-passenger 
## #passenger_root /usr; 
#passenger_ruby /usr/bin/ruby; 
## # Virtual Host Configs 
## 
include /etc/nginx/conf.d/*.conf; 
include /etc/nginx/sites-enabled/*; 
}

Création d’un hôte virtuel pour les différentes redirections

nano /etc/nginx/sites-enabled/reverse

#exemple de redirection depuis le port 80 vers le port 85 d'apache 
server { 
listen 80; 
server_name domain.tld; 
access_log /var/log/olivier.access.log; 
error_log /var/log/olivier.nginx_error.log debug; 
	location / { 
	proxy_pass http://127.0.0.1:85/; 
	} 
} 
#Ici les images du blog sont chargé directement par nginx qui est plus performant qu'apache sur ce genre de contenu 
server { 
listen 80; 
server_name sub.domain.tld; 
location = /50x.html { 
	root /var/www/nginx-default; 
	} 
access_log /var/log/pictures.nginx.access.log; 
error_log /var/log/pictures.nginx.error.log; 
index index.html; 
	location / { 
	expires max; 
	root /var/www/blog/content/images/; 
	}
}

Pour finir on démarre les services :

service apache2 start service nginx start