Skip to content
Browse files

* Removed images from gzip_types. Added reverse proxy setup. PHP uses

  upstream now.
  • Loading branch information...
1 parent 1703616 commit f8f7e79a8fc29953a903f8ca979aa91285bfd370 @perusio committed Mar 1, 2011
Showing with 77 additions and 5 deletions.
  1. +29 −1 README.md
  2. +20 −2 nginx.conf
  3. +10 −0 reverse_proxy.conf
  4. +2 −2 sites-available/example.com
  5. +8 −0 upstream_phpapache.conf
  6. +8 −0 upstream_phpcgi.conf
View
30 README.md
@@ -40,6 +40,9 @@
6. [Upload Progress](http://wiki.nginx.org/NginxHttpUploadProgressModule
"Upload progress Nginx module") support.
+ 7. Possibility of using **Apache** as a backend for dealing with
+ PHP. Meaning using Nginx as
+ [reverse proxy](http://wiki.nginx.org/HttpProxyModule "Nginx Proxy Module").
## Basic Auth for access to restricted files like install.php
@@ -75,6 +78,15 @@
Of course you can rename the password file to whatever you want,
then accordingly change its name in the virtual host config
file, `example.com`.
+
+## Nginx as a Reverse Proxy: Proxying to Apache for PHP
+
+ If you **absolutely need** to use the rather _bad habit_ of
+ deploying web apps relying on `.htaccess`, or you just want to use
+ Nginx as a reverse proxy. The config allows you to do so. Note that
+ this provides some benefits over using only Apache, since Nginx is
+ much faster than Apache. Furthermore you can use the proxy cache
+ and/or use Nginx as a load balancer.
## Installation
@@ -90,7 +102,23 @@
4. Setup the PHP handling method. It can be:
- + Upstream HTTP server like Apache with mod_php
+ + Upstream HTTP server like Apache with mod_php. To use this
+ method comment out the `include upstream_phpcgi.conf;`
+ line in `nginx.conf` and uncomment the lines:
+
+ include reverse_proxy.conf;
+ include upstream_phpapache.conf;
+
+ Now you must set the proper address and port for your
+ backend(s) in the `upstream_phpapache.conf`. By default it
+ assumes the loopback `127.0.0.1` interface on port
+ `8080`. Adjust accordingly to reflect your setup.
+
+ Comment out **all** `fastcgi_pass` directives in either
+ `drupal_boost.conf` or `drupal_boost_drush.conf`, depending
+ which config layout you're using. Uncomment out all the
+ `proxy_pass` directives. They have a comment around them,
+ stating these instructions.
+ FastCGI process using php-cgi. In this case an
[init script](https://github.com/perusio/php-fastcgi-debian-script
View
22 nginx.conf
@@ -1,4 +1,4 @@
-# -*- mode: conf; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
+# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
user www-data;
worker_processes 4;
@@ -49,6 +49,9 @@ http {
## Reset lingering timed out connections. Deflect DDoS.
reset_timedout_connection on;
+
+ ## Body size.
+ client_max_body_size 10m;
## TCP options.
tcp_nodelay on;
@@ -60,7 +63,7 @@ http {
gzip_comp_level 1;
gzip_http_version 1.1;
gzip_min_length 10;
- gzip_types text/plain text/css image/png image/gif image/jpeg application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttf;
+ gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttf;
gzip_vary on;
gzip_proxied any; # Compression for all requests.
## No need for regexps. See
@@ -74,6 +77,13 @@ http {
## Hide the Nginx version number.
server_tokens off;
+ ## Use a SSL/TLS cache for SSL session resume. This needs to be
+ ## here (in this context, for session resumption to work. See this
+ ## thread on the Nginx mailing list:
+ ## http://nginx.org/pipermail/nginx/2010-November/023736.html.
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_timeout 10m;
+
## For the filefield_nginx_progress module to work. From the
## README. Reserve 1MB under the name 'uploads' to track uploads.
upload_progress uploads 1m;
@@ -83,6 +93,14 @@ http {
## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
add_header X-Frame-Options sameorigin;
+ ## Include the upstream servers for PHP FastCGI handling config.
+ include upstream_phpcgi.conf;
+
+ ## Include the upstream servers for Apache handling the PHP
+ ## processes. In this case Nginx functions as a reverse proxy.
+ #include reverse_proxy.conf;
+ #include upstream_phpapache.conf;
+
## Include all vhosts.
include /etc/nginx/sites-enabled/*;
}
View
10 reverse_proxy.conf
@@ -0,0 +1,10 @@
+# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
+
+### Configuration for reverse proxy. Passing the necessary headers to
+### the backend. Nginx doesn't tunnel the connection, it opens a new
+### one. Hence whe need to send these headers to the backend so that
+### the client(s) IP is available to them. The host is also sent.
+
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header Host $http_host;
View
4 sites-available/example.com
@@ -104,7 +104,7 @@ server {
fastcgi_param PATH_INFO $path_info;
## Passing the request upstream to the FastCGI
## listener.
- fastcgi_pass unix:/tmp/php-cgi/php-cgi.socket;
+ fastcgi_pass phpcgi;
}
## Regular PHP processing.
@@ -118,7 +118,7 @@ server {
fastcgi_param PATH_INFO $path_info;
## Passing the request upstream to the FastCGI
## listener.
- fastcgi_pass unix:/tmp/php-cgi/php-cgi.socket;
+ fastcgi_pass phpcgi;
## Upload progress support.
track_uploads uploads 60s;
}
View
8 upstream_phpapache.conf
@@ -0,0 +1,8 @@
+# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
+
+### Upstream configuration for Apache functioning has a PHP handler.
+
+## Add as many servers as needed. Cf. http://wiki.nginx.org/HttpUpstreamModule.
+upstream phpapache {
+ server 127.0.0.1:8080;
+}
View
8 upstream_phpcgi.conf
@@ -0,0 +1,8 @@
+# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
+
+### Upstream configuration for PHP FastCGI.
+
+## Add as many servers as needed. Cf. http://wiki.nginx.org/HttpUpstreamModule.
+upstream phpcgi {
+ server unix:/tmp/php-cgi/php-cgi.socket;
+}

0 comments on commit f8f7e79

Please sign in to comment.
Something went wrong with that request. Please try again.