Setting up an Nginx Reverse Proxy on Debian

nginx_logo

What is Nginx?

Nginx (pronounced “Engine-X”) is an open source Web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. In this example we are going to use Nginx as a Reverse Proxy.

What are the benefits of a reverse proxy like Nginx?

  • Distribute the load to several servers
  • Reduce load with caching, or by compressing the content
  • It can hide the existence and characteristics of the origin server(s)
  • Protection against common web-based attacks
  • A/B testing
  • Single public IP address to access to multiple web servers

How to install Nginx?

First edit the file /etc/apt/sources.list and add the following lines:

deb http://nginx.org/packages/debian/ squeeze nginx
deb-src http://nginx.org/packages/debian/ squeeze nginx

Now you can install it:

apt-get update
apt-get install nginx

Edit you nginx config file /etc/nginx/nginx.conf:

user www-data;
worker_processes 6;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    keepalive_timeout  10;

    #Compression Settings
    gzip on;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_proxied any;
    gzip_min_length  1100;
    gzip_buffers 16 8k;
    gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    gzip_vary on;

    include /etc/nginx/conf.d/*.conf;
}

A worker process is a single-threaded process.

If Nginx is doing CPU-intensive work such as SSL or gzipping and you have 2 or more CPUs/cores, then you may set worker_processes to be equal to the number of CPUs or cores.

If you are serving a lot of static files and the total size of the files is bigger than the available memory, then you may increase worker_processes to fully utilize disk bandwidth.

The worker_connections and worker_processes from the main section allows you to calculate max clients you can handle:

max clients = worker_processes * worker_connections

Then you must edit your /etc/nginx/conf.d/proxy.conf, in this file we define our server.

server {

listen 80;

    access_log off;
    error_log off;

location / {
    proxy_pass http://127.0.0.1:8080;
    proxy_redirect off;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_max_temp_file_size 0;
    proxy_connect_timeout 90;
    proxy_send_timeout 90;
    proxy_read_timeout 90;
    proxy_buffer_size 4k;
    proxy_buffers 4 32k;
    proxy_busy_buffers_size 64k;
    proxy_temp_file_write_size 64k;
 }
# This block will catch static file requests, such as images, css, js
# The ?: prefix is a 'non-capturing' mark, meaning we do not require
# the pattern to be captured into $1 which should help improve performance
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
    # Some basic cache-control for static files to be sent to the browser
    expires max;
    add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
  }

# this prevents hidden files (beginning with a period) from being served
location ~ /\.          { access_log off; log_not_found off; deny all; }

}

As you can see Nginx will listen on port 80.

The directive proxy_pass sets the address of the proxied server and the URI to which location will be mapped. Here it’s our local Apache server and it must be listening on port 8080. Edit your /etc/apache2/ports.conf and other vhosts to listen on the right port.

NameVirtualHost *:8080
Listen 8080

Now check your configuration with:

service nginx configtest
service apache configtest

Finally restart Apache and start Nginx:

service apache2 restart
service nginx start
Install Varnish HTTP accelerator with WordPress

Varnish cache

Do you know Varnish?

Varnish is a web application accelerator. You can install it in front of your web application and it will speed it up significantly. For example Varnish can receive HTTP requests for various production web servers, then caches those requests with a specific TTL to reduce load on the production servers.

Let’s try it!

Install a WordPress.

When your WordPress is installed, just to see what’s inside Varnish, do a test with Apache Bench on your server to get some information about the number of requests per second before and after Varnish.

With our test on the first blog post of our WordPress we got:

Before Varnish : Requests per second: 2.49 [#/sec]

After Varnish : Requests per second:    500.42 [#/sec]

You can try with this simple command from your workstation or any other server:

apt-get install apache2-utils
ab -c 5 -t 30 http://YourServerIP/

Let’s install Varnish…

1-Last version of Varnish

curl http://repo.varnish-cache.org/debian/GPG-key.txt | apt-key add -
echo "deb http://repo.varnish-cache.org/ubuntu/ lucid varnish-3.0" >> /etc/apt/sources.list
apt-get update
apt-get install varnish

2-Edit Varnish configuration

Edit /etc/varnish/default.vcl

backend default {  
            .host = "localhost";  
            .port = "8080";  
            .max_connections = 30;  
            .connect_timeout = 4.0s;  
            .first_byte_timeout = 600s;  
            .between_bytes_timeout = 600s;
}
# Drop any cookies sent to WordPress.
sub vcl_recv {
            if (!(req.url ~ "wp-(login|admin)")) {
                       unset req.http.cookie;
            }
}

# Drop any cookies WordPress tries to send back to the client.
sub vcl_fetch {
            if (!(req.url ~ "wp-(login|admin)")) {
                       unset beresp.http.set-cookie;
            }
}

Edit /etc/default/varnish

DAEMON_OPTS="-a :80
             -T localhost:6082
             -b localhost:8080
             -u varnish -g varnish
             -S /etc/varnish/secret
             -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"

Then you need to kill off varnishd:

pkill varnishd

3-Edit Apache configuration

Edit /etc/apache2/ports.conf to change the listening port of Apache.

NameVirtualHost *:8080
Listen 8080

Edit all your vhosts to match the port 8080

By default in /etc/apache2/sites-available/default

4-Launch Varnish

Execute the following commands:

/etc/init.d/apache2 restart
varnishd -f /etc/varnish/default.vcl -s malloc,1G -T 127.0.0.1:2000

Now everyone accessing your site will be accessing through Varnish.

Note that a very nice plugin has been released for WordPress and Varnish to help Varnish to update his cache when you edit your blog. More information here: http://wordpress.org/extend/plugins/wordpress-varnish/