Web Hosting – Installing Nginx as a Reverse Proxy

Overview

In the last screencast we configured a server to host the popular CMS software, WordPress. In this tutorial we’ll be creating a reverse-proxy that can be used to sit in front of our web server, in order to increase performance, security and eventually to load balance between multiple back-end web servers – though the configuration for this won’t be covered until later tutorials.

So why Nginx and what it Nginx? Well, Nginx is a reasonably new web server for Linux which has gained a lot of traction in recent years, mainly because it runs a lot leaner in terms of hardware requirements and is much faster when compared to other web hosting software. For these reasons, it’s now being used by some of the largest websites on the internet including HowToForge, WordPress and, the biggest player of them all, Facebook.

“Apache is like Microsoft Word, it has a million options but you only need six. Nginx does those six things, and it does five of them 50 times faster than Apache.” – Linux Journal.

The Test Network

Before installing and configuring Nginx as an RPS (reverse-proxy server) it’ll help just to have a look a where the RPS is going to sit in our network and how it will work. The diagram below shows how a client connecting from the internet will actually have their connection terminated at the RPS which will then establish a connection to the back-end server in order to request the content before finally sending it back to the requesting client.

Installing the Software

Nginx isn’t included in the RHEL 6 mirrors so, in order to get Nginx installed we’re going to add the EPEL repository first. To do this, fire up a webbrowser and head over to http://fedoraproject.org/wiki/EPEL. Here you’ll find a link to the latest EPEL rpm under the section titled “How can I use these extra packages”. Select the “newest version of ‘epel-release’ for EL6″ and then copy the link address of the link to the EPEL package.

SSH on to your newly installed Linux server and install the EPEL package using RPM by typing “rpm -Uvh” and pasting the URL that you copied for the package:

rpm -Uvh http://mirror.optus.net/epel/6/i386/epel-release-6-7.noarch.rpm

Once the EPEL repository is available we can install Nginx using the following:

yum install nginx

Configuring Nginx

With the software installed we now need to create our configuration file which will tell Nginx to proxy all requests through to the server hosting our wordpress website. To do this, start by changing to the Nginx configuration directory under /etc/nginx/conf.d. Move the file containing the default Nginx website config to default.conf.disabled and then edit a new file called wordpress-proxy.conf.

cd /etc/nginx/conf.d
mv default.conf default.conf.disabled
emacs wordpress-proxy.conf

In to this file we’ll paste the following configuration which tells Nginx to proxy all HTTP requests for wordpress.castix.local to the server at the IP address 1921.68.122.10. Other configuration directives such as the proxy_connection_timeout setting, should be configured to match the timeouts defined on the back-end server. Take a look at these settings if you encounter intermittent errors.

server {
   listen 80;
   server_name wordpress.castix.local;
   access_log off;
   error_log off;
   location / {
      proxy_pass http://192.168.122.10/;
      proxy_redirect off;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_max_temp_file_size 0;
      client_max_body_size 10m;
      client_body_buffer_size 128k;
      proxy_connect_timeout 90;
      proxy_send_timeout 90;
      proxy_read_timeout 90;
      proxy_buffer_size 4k;
      proxy_buffers 4 32k;
      proxy_busy_buffers_size 64k;
      proxy_temp_file_write_size 64k;
   }
}

With Nginx configured, we have only two remaining things left to do. Firstly we need to ensure that clients can access our server by adding an allow rule to the local firewall using the following:

iptables -I INPUT 5 -m state --state NEW -p tcp --dport 80 -j ACCEPT
service iptables save

Don’t forget to save the firewall rules otherwise these will be lost when the server is next rebooted. Finally we need to start the Nginx service and to run chkconfig to set it to start when the server boots:

service nginx start
chkconfig nginx on

Once you’ve updated the DNS records for your server to point to the reverse-proxy, you’ll be able to view the wordpress website. You may even notice a slight performance increase due to the fact that Nginx is caching a lot of the content and generally loads the site faster than Apache.

References

• http://tumblr.intranation.com/post/766288369/using-nginx-reverse-proxy