04-14-2023, 10:14 PM
On Ubuntu, Im currently wanting Apache behind an Nginx Proxy which really would work fine with one exception:
Apache waits on Port 8888 and only accepts connections from 127.0.0.1 Nginx listens on Port 80 to the real world - servers static content, does load balancing and handles proxy requests to Apache listening on 8888.
The Problem is:
PHP Scripts executed by Apache experience that the server Port is 8888. Scripts like phpmyadmin or nusoap provide redirecting and use this port as part of the redirect url. The Problem is Port 8888 is not visible from the outside thus no connection can be established.
Do you know where the configuration went wrong or how i can force php to think it is working on a port 80 Apache server?
As I cannot pin down the problem I have no clue whether posting my configuration files would help. Maybe its just an option I forgot or stuff.
But i have found some helpful info, and i think it's best i share it as i move along,
There are basically two main parts involved in the configuration, one relating to Apache and one relating to Nginx.
Note that while we have chosen to describe the process for Apache in particular, this method can be applied to any other HTTP server. The only point that differs is the exact configuration sections and directives that you will have to edit. Otherwise, the principle of reverse-proxy can be applied, regardless of the server software you are using.
Reconfiguring Apache
There are two main aspects of your Apache configuration that will need to be edited in order to allow both Apache and Nginx to work together at the same time. But let us first clarify where we are coming from, and what we are going towards.
Configuration overview
At this point, you probably have the following architecture set up on your server:
•A web server application running on port 80, such as Apache
•A dynamic server-side script processing application such as PHP, communicating with your web server via CGI, FastCGI, or as a server module
The new configuration that we are going towards will resemble the following:
•Nginx running on port 80
•Apache or another web server running on a different port, accepting requests coming from local sockets only
•The script processing application configuration will remain unchanged
As you can tell, only two main configuration changes will be applied to Apache as well as the other web server that you are running. Firstly, change the port number in order to avoid conflicts with Nginx, which will then be running as the frontend server. Secondly, (although this is optional) you may want to disallow requests coming from the outside and only allow requests forwarded by Nginx. Both configuration steps are detailed in the next sections.
Resetting the port number
Depending on how your web server was set up (manual build, automatic configuration from server panel managers such as cPanel, Plesk, and so on) you may find yourself with a lot of configuration files to edit. The main configuration file is often found in /etc/httpd/conf/ or /etc/apache2/, and there might be more depending on how your configuration is structured. Some server panel managers create extra configuration files for each virtual host.
There are three main elements you need to replace in your Apache configuration:
•The Listen directive is set to listen on port 80 by default. You will have to replace that port by another such as 8080. This directive is usually found in the main configuration file.
•You must make sure that the following configuration directive is present in the main configuration file: NameVirtualHost A.B.C.D:8080, where A.B.C.D is the IP address of the main network interface on which server communications go through.
•The port you just selected needs to be reported in all your virtual host configuration sections, as described below.
The virtual host sections must be transformed from the following template
ServerName example.com ServerAlias www.example.com [...]
to the following:
ServerName example.com:8080 ServerAlias www.example.com [...]
In this example, A.B.C.D is the IP address of the virtual host and example.com is the virtual host's name. The port must be edited on the first two lines.
Accepting local requests only
There are many ways you can restrict Apache to accept only local requests, denying access to the outside world. But first, why would you want to do that? As an extra layer positioned between the client and Apache, Nginx provides a certain comfort in terms of security. Visitors no longer have direct access to Apache, which decreases the potential risk regarding all security issues the web server may have. Globally, it's not necessarily a bad idea to only allow access to your frontend server.
The first method consists of changing the listening network interface in the main configuration file. The Listen directive of Apache lets you specify a port, but also an IP
Apache waits on Port 8888 and only accepts connections from 127.0.0.1 Nginx listens on Port 80 to the real world - servers static content, does load balancing and handles proxy requests to Apache listening on 8888.
The Problem is:
PHP Scripts executed by Apache experience that the server Port is 8888. Scripts like phpmyadmin or nusoap provide redirecting and use this port as part of the redirect url. The Problem is Port 8888 is not visible from the outside thus no connection can be established.
Do you know where the configuration went wrong or how i can force php to think it is working on a port 80 Apache server?
As I cannot pin down the problem I have no clue whether posting my configuration files would help. Maybe its just an option I forgot or stuff.
But i have found some helpful info, and i think it's best i share it as i move along,
There are basically two main parts involved in the configuration, one relating to Apache and one relating to Nginx.
Note that while we have chosen to describe the process for Apache in particular, this method can be applied to any other HTTP server. The only point that differs is the exact configuration sections and directives that you will have to edit. Otherwise, the principle of reverse-proxy can be applied, regardless of the server software you are using.
Reconfiguring Apache
There are two main aspects of your Apache configuration that will need to be edited in order to allow both Apache and Nginx to work together at the same time. But let us first clarify where we are coming from, and what we are going towards.
Configuration overview
At this point, you probably have the following architecture set up on your server:
•A web server application running on port 80, such as Apache
•A dynamic server-side script processing application such as PHP, communicating with your web server via CGI, FastCGI, or as a server module
The new configuration that we are going towards will resemble the following:
•Nginx running on port 80
•Apache or another web server running on a different port, accepting requests coming from local sockets only
•The script processing application configuration will remain unchanged
As you can tell, only two main configuration changes will be applied to Apache as well as the other web server that you are running. Firstly, change the port number in order to avoid conflicts with Nginx, which will then be running as the frontend server. Secondly, (although this is optional) you may want to disallow requests coming from the outside and only allow requests forwarded by Nginx. Both configuration steps are detailed in the next sections.
Resetting the port number
Depending on how your web server was set up (manual build, automatic configuration from server panel managers such as cPanel, Plesk, and so on) you may find yourself with a lot of configuration files to edit. The main configuration file is often found in /etc/httpd/conf/ or /etc/apache2/, and there might be more depending on how your configuration is structured. Some server panel managers create extra configuration files for each virtual host.
There are three main elements you need to replace in your Apache configuration:
•The Listen directive is set to listen on port 80 by default. You will have to replace that port by another such as 8080. This directive is usually found in the main configuration file.
•You must make sure that the following configuration directive is present in the main configuration file: NameVirtualHost A.B.C.D:8080, where A.B.C.D is the IP address of the main network interface on which server communications go through.
•The port you just selected needs to be reported in all your virtual host configuration sections, as described below.
The virtual host sections must be transformed from the following template
ServerName example.com ServerAlias www.example.com [...]
to the following:
ServerName example.com:8080 ServerAlias www.example.com [...]
In this example, A.B.C.D is the IP address of the virtual host and example.com is the virtual host's name. The port must be edited on the first two lines.
Accepting local requests only
There are many ways you can restrict Apache to accept only local requests, denying access to the outside world. But first, why would you want to do that? As an extra layer positioned between the client and Apache, Nginx provides a certain comfort in terms of security. Visitors no longer have direct access to Apache, which decreases the potential risk regarding all security issues the web server may have. Globally, it's not necessarily a bad idea to only allow access to your frontend server.
The first method consists of changing the listening network interface in the main configuration file. The Listen directive of Apache lets you specify a port, but also an IP