Setting up an Nginx Reverse Proxy on Debian

nginx_logo

What is Nginx?

Nginx (pronounced “Engine-X”) is an open source Web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. In this example we are going to use Nginx as a Reverse Proxy.

What are the benefits of a reverse proxy like Nginx?

  • Distribute the load to several servers
  • Reduce load with caching, or by compressing the content
  • It can hide the existence and characteristics of the origin server(s)
  • Protection against common web-based attacks
  • A/B testing
  • Single public IP address to access to multiple web servers

How to install Nginx?

First edit the file /etc/apt/sources.list and add the following lines:

deb http://nginx.org/packages/debian/ squeeze nginx
deb-src http://nginx.org/packages/debian/ squeeze nginx

Now you can install it:

apt-get update
apt-get install nginx

Edit you nginx config file /etc/nginx/nginx.conf:

user www-data;
worker_processes 6;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    keepalive_timeout  10;

    #Compression Settings
    gzip on;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_proxied any;
    gzip_min_length  1100;
    gzip_buffers 16 8k;
    gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    gzip_vary on;

    include /etc/nginx/conf.d/*.conf;
}

A worker process is a single-threaded process.

If Nginx is doing CPU-intensive work such as SSL or gzipping and you have 2 or more CPUs/cores, then you may set worker_processes to be equal to the number of CPUs or cores.

If you are serving a lot of static files and the total size of the files is bigger than the available memory, then you may increase worker_processes to fully utilize disk bandwidth.

The worker_connections and worker_processes from the main section allows you to calculate max clients you can handle:

max clients = worker_processes * worker_connections

Then you must edit your /etc/nginx/conf.d/proxy.conf, in this file we define our server.

server {

listen 80;

    access_log off;
    error_log off;

location / {
    proxy_pass http://127.0.0.1:8080;
    proxy_redirect off;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_max_temp_file_size 0;
    proxy_connect_timeout 90;
    proxy_send_timeout 90;
    proxy_read_timeout 90;
    proxy_buffer_size 4k;
    proxy_buffers 4 32k;
    proxy_busy_buffers_size 64k;
    proxy_temp_file_write_size 64k;
 }
# This block will catch static file requests, such as images, css, js
# The ?: prefix is a 'non-capturing' mark, meaning we do not require
# the pattern to be captured into $1 which should help improve performance
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
    # Some basic cache-control for static files to be sent to the browser
    expires max;
    add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
  }

# this prevents hidden files (beginning with a period) from being served
location ~ /\.          { access_log off; log_not_found off; deny all; }

}

As you can see Nginx will listen on port 80.

The directive proxy_pass sets the address of the proxied server and the URI to which location will be mapped. Here it’s our local Apache server and it must be listening on port 8080. Edit your /etc/apache2/ports.conf and other vhosts to listen on the right port.

NameVirtualHost *:8080
Listen 8080

Now check your configuration with:

service nginx configtest
service apache configtest

Finally restart Apache and start Nginx:

service apache2 restart
service nginx start

Leave a Reply

Your email address will not be published. Required fields are marked *