Wednesday, June 17, 2009

* Nginx * ReverseProxy

Nginx & Apache

Working with virtual servers (like OpenVZ containers or XEN dom's) you might need a load balancing or a proxy solution to be able to run services from inside those machines through your host's single public IP address.

Here you will find how to solve such a situation using Nginx and Apache. (Apache already has mod_proxy module which can be used instead of Nginx, but the second one is much lighter and scalable, so I recommend you using it.)

Note: This tutorial assumes you already have a working environment like the one described above.

Nginx Installation

Just use your favorite package manager and install nginx package: 

sudo apt-get install nginx

Nginx configuration for proxy behavior

Nginx uses the following directives (as an example) in it's configuration files to behave like a proxy: 

proxy_redirect          off;
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size    10m;
client_body_buffer_size 128k;
proxy_connect_timeout   90;
proxy_send_timeout      90;
proxy_read_timeout      90;
proxy_buffers           32 4k;

Create the file /etc/nginx/proxy.conf containing all the informations above. We will include this file in every nginx vhost we need to be a proxy.

Nginx vhost proxy example

Create an nginx vhost by creating a file inside /etc/nginx/sites-available/ like this: 

server {
       listen   80;
       server_name  foo.bar.no foo.bar.yes foo.bar.ok;

       access_log  /var/log/nginx/access.log;


       location / {
               proxy_pass      http://172.27.0.2/;
               include         /etc/nginx/proxy.conf;
       }
}

The example above will be a proxy for every domain listed with server_name, and the server which will be used for proxy is under proxy_pass directive.

Done with nginx. Reload it: 

invoke-rc.d nginx reload

Apache configuration

This assumes you are working on a machine behind the host that uses nginx as a proxy ( an OpenVZ container, XEN dom or a machine inside your network which is connected to the host we installed Nginx before)

Apache to use proxy

Apache will doesn't know who connects to it except the host ip address we set up nginx. To repair this, we need to install Apache's mod_rpaf. Use your favorite package manager to install libapache2-mod-rpaf: 

sudo apt-get install libapache2-mod-rpaf

mod_rpaf requires the following directives inside a vhost to work: 

RPAFenable On
RPAFsethostname On
RPAFproxy_ips 172.27.7.1

Where RPAFproxy_ips can be multiple IP addresses, one of which is our Nginx proxy private IP address.

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)