Select Page

The writer decided on the Electronic Frontier Foundation to obtain a donation as a part of the Write for DOnations program.

Advent

Apache and Nginx are two in style open-source internet servers continuously used with PHP. It may be helpful to run either one of them at the similar digital gadget when web hosting more than one web sites that have numerous necessities. The overall answer for operating two internet servers on a unmarried gadget is to both use more than one IP addresses or other port numbers.

Servers that have each IPv4 and IPv6 addresses will also be configured to serve Apache websites on one protocol and Nginx websites at the different, however this is not recently sensible, as IPv6 adoption by way of ISPs continues to be now not common. Having a special port quantity like 81 or 8080 for the second one internet server is some other answer, however sharing URLs with port numbers (akin to http://instance.com:81) is not at all times affordable or superb.

On this instructional you can configure Nginx as each a internet server and as a opposite proxy for Apache – all on a unmarried server.

Relying on the internet utility, code adjustments may well be required to stay Apache reverse-proxy-aware, particularly when SSL websites are configured. To keep away from this, you are going to set up an Apache module known as mod_rpaf which rewrites sure atmosphere variables so apparently that Apache is immediately dealing with requests from internet purchasers.

We can host 4 domains on one server. Two will likely be served by way of Nginx: instance.com (the default digital host) and pattern.org. The remainder two, foobar.internet and check.io, will likely be served by way of Apache. We’re going to additionally configure Apache to serve PHP packages the use of PHP-FPM, which gives higher efficiency over mod_php.

Necessities

To finish this instructional, you can want the next:

  • A brand new Ubuntu 18.04 server configured by way of following the Initial Server Setup with Ubuntu 18.04, with a sudo non-root consumer and a firewall.
  • 4 fully-qualified domains configured to indicate in your server’s IP cope with. See Step Three of How To Set Up a Host Name with DigitalOcean for an instance of ways to do that. For those who host your domain names’ DNS in other places, you will have to create suitable A data there as a substitute.

Step 1 — Putting in Apache and PHP-FPM

Let’s get started by way of putting in Apache and PHP-FPM.

Along with Apache and PHP-FPM, we can additionally set up the PHP FastCGI Apache module, libapache2-mod-fastcgi, to make stronger FastCGI internet packages.

First, replace your bundle record to make sure you have the most recent programs.

Subsequent, set up the Apache and PHP-FPM programs:

  • sudo apt set up apache2 php-fpm

The FastCGI Apache module is not obtainable in Ubuntu’s repository so obtain it from kernel.org and set up it the use of the dpkg command.

  • wget https://mirrors.edge.kernel.org/ubuntu/pool/multiverse/liba/libapache-mod-fastcgi/libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb
  • sudo dpkg -i libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb

Subsequent, let’s alternate Apache’s default configuration to make use of PHP-FPM.

Step 2 — Configuring Apache and PHP-FPM

On this step we can alternate Apache’s port quantity to 8080 and configure it to paintings with PHP-FPM the use of the mod_fastcgi module. Rename Apache’s ports.conf configuration record:

  • sudo mv /and many others/apache2/ports.conf /and many others/apache2/ports.conf.default

Create a brand new ports.conf record with the port set to 8080:

  • echo "Concentrate 8080" | sudo tee /and many others/apache2/ports.conf

Observe: Internet servers are most often set to concentrate on 127.0.0.1:8080 when configuring a opposite proxy however doing so would set the worth of PHP’s atmosphere variable SERVER_ADDR to the loopback IP cope with as a substitute of the server’s public IP. Our purpose is to arrange Apache in this sort of approach that its web sites don’t see a opposite proxy in entrance of it. So, we can configure it to concentrate on 8080 on all IP addresses.

Subsequent we will create a digital host record for Apache. The directive on this record will likely be set to serve websites most effective on port 8080.

Disable the default digital host:

  • sudo a2dissite 000-default

Then create a brand new digital host record, the use of the prevailing default web site:

  • sudo cp /and many others/apache2/sites-available/000-default.conf /and many others/apache2/sites-available/001-default.conf

Now open the brand new configuration record:

  • sudo nano /and many others/apache2/sites-available/001-default.conf

Exchange the listening port to 8080:

/and many others/apache2/sites-available/000-default.conf

8080>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/get right of entry to.log blended

Save the record and turn on the brand new configuration record:

  • sudo a2ensite 001-default

Then reload Apache:

  • sudo systemctl reload apache2

Examine that Apache is now listening on 8080:

The output will have to seem like the next instance, with apache2 listening on 8080:

Output

Energetic Web connections (most effective servers) Proto Recv-Q Ship-Q Native Cope with International Cope with State PID/Program title tcp 0 Zero 0.0.0.0:22 0.0.0.0:* LISTEN 1086/sshd tcp6 0 0 :::8080 :::* LISTEN 4678/apache2 tcp6 0 0 :::22 :::* LISTEN 1086/sshd

Whenever you examine that Apache is listening on the right kind port, you’ll configure make stronger for PHP and FastCGI.

Step 3 — Configuring Apache to Use mod_fastcgi

Apache serves PHP pages the use of mod_php by way of default, however it calls for further configuration to paintings with PHP-FPM.

Observe: If you’re making an attempt this instructional on an current set up of LAMP with mod_php, disable it first with sudo a2dismod php7.2.

We can be including a configuration block for mod_fastcgi which is dependent upon mod_action. mod_action is disabled by way of default, so we first wish to allow it:

Rename the prevailing FastCGI configuration record:

  • sudo mv /and many others/apache2/mods-enabled/fastcgi.conf /and many others/apache2/mods-enabled/fastcgi.conf.default

Create a brand new configuration record:

  • sudo nano /and many others/apache2/mods-enabled/fastcgi.conf

Upload the next directives to the record to go requests for .php information to the PHP-FPM UNIX socket:

/and many others/apache2/mods-enabled/fastcgi.conf


  AddHandler fastcgi-script .fcgi
  FastCgiIpcDir /var/lib/apache2/fastcgi
  AddType utility/x-httpd-fastphp .php
  Motion utility/x-httpd-fastphp /php-fcgi
  Alias /php-fcgi /usr/lib/cgi-bin/php-fcgi
  FastCgiExternalServer /usr/lib/cgi-bin/php-fcgi -socket /run/php/php7.2-fpm.sock -pass-header Authorization
  
    Require all granted
  

Save the adjustments and do a configuration check:

Reload Apache if Syntax OK is displayed:

  • sudo systemctl reload apache2

For those who see the caution May now not reliably decide the server's solely certified area title, the use of 127.0.1.1. Set the 'ServerName' directive globally to suppress this message., you’ll safely forget about it for now. We’re going to configure server names later.

Now let’s be certain that we will be able to serve PHP from Apache.

Step 4 — Verifying PHP Capability

Let’s make certain that PHP works by way of making a phpinfo() record and getting access to it from a internet browser.

Create the record /var/www/html/information.php which accommodates a choice to the phpinfo serve as:

  • echo "" | sudo tee /var/www/html/information.php

To look the record in a browser, move to http://your_server_ip:8080/information.php. This provides you with an inventory of the configuration settings PHP is the use of. You’ll be able to see output very similar to this:

phpinfo Server API

phpinfo PHP Variables

On the most sensible of the web page, test that Server API says FPM/FastCGI. About two-thirds of the way in which down the web page, the PHP Variables segment will let you know the SERVER_SOFTWARE is Apache on Ubuntu. Those ascertain that mod_fastcgi is lively and Apache is the use of PHP-FPM to procedure PHP information.

Step 5 — Developing Digital Hosts for Apache

Let’s create Apache digital host information for the domain names foobar.internet and check.io. To try this, we will first create report root directories for each websites and position some default information in the ones directories so we will be able to simply check our configuration.

First, create the report root directories:

  • sudo mkdir -v /var/www/foobar.internet /var/www/check.io

Then create an index record for each and every web site:

  • echo "

    Foo Bar

    " | sudo tee /var/www/foobar.internet/index.html
  • echo "

    Check IO

    " | sudo tee /var/www/check.io/index.html

Then create a phpinfo() record for each and every web site so we will be able to check that PHP is configured correctly.

  • echo "" | sudo tee /var/www/foobar.internet/information.php
  • echo "" | sudo tee /var/www/check.io/information.php

Now create the digital host record for the foobar.internet area:

  • sudo nano /and many others/apache2/sites-available/foobar.internet.conf

Upload the next code to the record to outline the host:

/and many others/apache2/sites-available/foobar.internet.conf

    
        ServerName foobar.internet
        ServerAlias www.foobar.internet
        DocumentRoot /var/www/foobar.internet
        foobar.internet>
            AllowOverride All
        

The road AllowOverride All allows .htaccess make stronger.

Those are most effective probably the most elementary directives. For an entire information on putting in digital hosts in Apache, see How To Set Up Apache Virtual Hosts on Ubuntu 16.04.

Save and shut the record. Then create a equivalent configuration for check.io. First create the record:

  • sudo nano /and many others/apache2/sites-available/check.io.conf

Then upload the configuration to the record:

/and many others/apache2/sites-available/check.io.conf

    
        ServerName check.io
        ServerAlias www.check.io
        DocumentRoot /var/www/check.io
        check.io>
            AllowOverride All
        

Save the record and go out the editor.

Now that each Apache digital hosts are arrange, allow the websites the use of the a2ensite command. This creates a symbolic hyperlink to the digital host record within the sites-enabled listing:

  • sudo a2ensite foobar.internet
  • sudo a2ensite check.io

Take a look at Apache for configuration mistakes once more:

You’ll be able to see Syntax OK displayed if there aren’t any mistakes. For those who see the rest, evaluation the configuration and take a look at once more.

Reload Apache to use the adjustments as soon as your configuration is error-free:

  • sudo systemctl reload apache2

To verify the websites are running, open http://foobar.internet:8080 and http://check.io:8080 on your browser and examine that each and every web site presentations its index.html record.

You’ll be able to see the next effects:

foobar.net index page

test.io index page

Additionally, make certain that PHP is operating by way of getting access to the information.php information for each and every web site. Talk over with http://foobar.internet:8080/information.php and http://check.io:8080/information.php on your browser.

You’ll be able to see the similar PHP configuration spec record on each and every web site as you noticed in Step 4.

Now we have two web sites hosted on Apache at port 8080. Let’s configure Nginx subsequent.

Step 6 — Putting in and Configuring Nginx

On this step we will set up Nginx and configure the domain names instance.com and pattern.org as Nginx’s digital hosts. For an entire information on putting in digital hosts in Nginx, see How To Set Up Nginx Server Blocks (Virtual Hosts) on Ubuntu 18.04.

Set up Nginx the use of the bundle supervisor:

Then take away the default digital host’s symlink since we would possibly not be the use of it any further:

  • sudo rm /and many others/nginx/sites-enabled/default

We’re going to create our personal default web site later (instance.com).

Now we will create digital hosts for Nginx the use of the similar process we used for Apache. First create report root directories for each the internet sites:

  • sudo mkdir -v /usr/percentage/nginx/instance.com /usr/percentage/nginx/pattern.org

We’re going to stay the Nginx internet websites in /usr/percentage/nginx, which is the place Nginx needs them by way of default. It is advisable to put them beneath /var/www/html with the Apache websites, however this separation would possibly let you affiliate websites with Nginx.

As you probably did with Apache’s digital hosts, create index and phpinfo() information for trying out after setup is whole:

  • echo "

    Instance.com

    " | sudo tee /usr/percentage/nginx/instance.com/index.html
  • echo "

    Pattern.org

    " | sudo tee /usr/percentage/nginx/pattern.org/index.html
  • echo "" | sudo tee /usr/percentage/nginx/instance.com/information.php
  • echo "" | sudo tee /usr/percentage/nginx/pattern.org/information.php

Now create a digital host record for the area instance.com:

  • sudo nano /and many others/nginx/sites-available/instance.com

Nginx calls server {. . .} spaces of a configuration record server blocks. Create a server block for the principle digital host, instance.com. The default_server configuration directive makes this the default digital host which processes HTTP requests which don’t fit another digital host.

/and many others/nginx/sites-available/instance.com

server {
    concentrate 80 default_server;

    root /usr/percentage/nginx/instance.com;
    index index.php index.html index.htm;

    server_name instance.com www.instance.com;
    location / {
        try_files $uri $uri/ /index.php;
    }

    location ~ .php$ {
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        come with snippets/fastcgi-php.conf;
    }
}

Save and shut the record. Now create a digital host record for Nginx’s 2nd area, pattern.org:

  • sudo nano and many others/nginx/sites-available/pattern.org

Upload the next to the record:

/and many others/nginx/sites-available/pattern.org

server {
    root /usr/percentage/nginx/pattern.org;
    index index.php index.html index.htm;

    server_name pattern.org www.pattern.org;
    location / {
        try_files $uri $uri/ /index.php;
    }

    location ~ .php$ {
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        come with snippets/fastcgi-php.conf;
    }
}

Save and shut the record.

Then allow each websites by way of developing symbolic hyperlinks to the sites-enabled listing:

  • sudo ln -s /and many others/nginx/sites-available/instance.com /and many others/nginx/sites-enabled/instance.com
  • sudo ln -s /and many others/nginx/sites-available/pattern.org /and many others/nginx/sites-enabled/pattern.org

Then check the Nginx configuration to make sure there aren’t any configuration problems:

Then reload Nginx if there aren’t any mistakes:

  • sudo systemctl reload nginx

Now get right of entry to the phpinfo() record of your Nginx digital hosts in a internet browser by way of visiting http://example.com/info.php and http://sample.org/info.php. Glance beneath the PHP Variables sections once more.

Nginx PHP Variables

[“SERVER_SOFTWARE”] will have to say nginx, indicating that the information had been immediately served by way of Nginx. [“DOCUMENT_ROOT”] will have to level to the listing you created previous on this step for each and every Nginx web site.

At this level, now we have put in Nginx and created two digital hosts. Subsequent we can configure Nginx to proxy requests supposed for domain names hosted on Apache.

Step 7 — Configuring Nginx for Apache’s Digital Hosts

Let’s create an extra Nginx digital host with more than one domains within the server_name directives. Requests for those domains will likely be proxied to Apache.

Create a brand new Nginx digital host record to ahead requests to Apache:

  • sudo nano /and many others/nginx/sites-available/apache

Upload the next code block which specifies the names of each Apache digital host domain names and proxies their requests to Apache. Take into accout to make use of the general public IP cope with in proxy_pass:

/and many others/nginx/sites-available/apache

server {
    concentrate 80;
    server_name foobar.internet www.foobar.internet check.io www.check.io;

    location / {
        proxy_pass http://your_server_ip:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Actual-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Save the record and allow this new digital host by way of making a symbolic hyperlink:

  • sudo ln -s /and many others/nginx/sites-available/apache /and many others/nginx/sites-enabled/apache

Check the configuration to make sure there aren’t any mistakes:

If there aren’t any mistakes, reload Nginx:

  • sudo systemctl reload nginx

Open the browser and get right of entry to the URL http://foobar.internet/information.php on your browser. Scroll all the way down to the PHP Variables segment and test the values displayed.

phpinfo of Apache via Nginx

The variables SERVER_SOFTWARE and DOCUMENT_ROOT ascertain that this request used to be treated by way of Apache. The variables HTTP_X_REAL_IP and HTTP_X_FORWARDED_FOR had been added by way of Nginx and will have to display the general public IP cope with of the pc you are the use of to get right of entry to the URL.

We’ve got effectively arrange Nginx to proxy requests for particular domain names to Apache. Subsequent, let’s configure Apache to set the REMOTE_ADDR variable as though it had been dealing with those requests immediately.

Step 8 — Putting in and Configuring mod_rpaf

On this step you can set up an Apache module known as mod_rpaf which rewrites the values of REMOTE_ADDR, HTTPS and HTTP_PORT in line with the values supplied by way of a opposite proxy. With out this module, some PHP packages will require code adjustments to paintings seamlessly from in the back of a proxy. This module is found in Ubuntu’s repository as libapache2-mod-rpaf however is old-fashioned and does not make stronger sure configuration directives. As an alternative, we can set up it from supply.

Set up the programs had to construct the module:

  • sudo apt set up unzip build-essential apache2-dev

Obtain the most recent solid unlock from GitHub:

  • wget https://github.com/gnif/mod_rpaf/archive/solid.zip

Extract the downloaded record:

Turn out to be the brand new listing containing the information:

Collect and set up the module:

Subsequent, create a record within the mods-available listing which is able to load the rpaf module:

  • sudo nano /and many others/apache2/mods-available/rpaf.load

Upload the next code to the record to load the module:

/and many others/apache2/mods-available/rpaf.load

LoadModule rpaf_module /usr/lib/apache2/modules/mod_rpaf.so

Save the record and go out the editor.

Create some other record on this listing known as rpaf.conf which is able to include the configuration directives for mod_rpaf:

  • sudo nano /and many others/apache2/mods-available/rpaf.conf

Upload the next code block to configure mod_rpaf, ensuring to specify the IP cope with of your server:

/and many others/apache2/mods-available/rpaf.conf

    
        RPAF_Enable             On
        RPAF_Header             X-Actual-Ip
        RPAF_ProxyIPs           your_server_ip 
        RPAF_SetHostName        On
        RPAF_SetHTTPS           On
        RPAF_SetPort            On
    

Here is a temporary description of each and every directive. See the mod_rpaf README record for more info.

  • RPAF_Header – The header to make use of for the buyer’s actual IP cope with.
  • RPAF_ProxyIPs – The proxy IP to regulate HTTP requests for.
  • RPAF_SetHostName – Updates the vhost title so ServerName and ServerAlias paintings.
  • RPAF_SetHTTPS – Units the HTTPS atmosphere variable in line with the worth contained in X-Forwarded-Proto.
  • RPAF_SetPort – Units the SERVER_PORT atmosphere variable. Helpful for when Apache is in the back of a SSL proxy.

Save rpaf.conf and allow the module:

This creates symbolic hyperlinks of the information rpaf.load and rpaf.conf within the mods-enabled listing. Now do a configuration check:

Reload Apache if there aren’t any mistakes:

  • sudo systemctl reload apache2

Get entry to the phpinfo() pages http://foobar.internet/information.php and http://check.io/information.php on your browser and test the PHP Variables segment. The REMOTE_ADDR variable will now even be that of your native laptop’s public IP cope with.

Now let’s arrange TLS/SSL encryption for each and every web site.

Step 9 — Surroundings Up HTTPS Web sites with Let’s Encrypt (Non-compulsory)

On this step we can configure TLS/SSL certificate for each the domain names hosted on Apache. We’re going to download the certificate via [Let’s Encrypt](https://letsencrypt.org]. Nginx helps SSL termination so we will be able to arrange SSL with out enhancing Apache’s configuration information. The mod_rpaf module guarantees the desired atmosphere variables are set on Apache to make packages paintings seamlessly in the back of a SSL opposite proxy.

First we can separate the server {...} blocks of each the domain names in order that each and every of them may have their very own SSL certificate. Open the record /and many others/nginx/sites-available/apache on your editor:

  • sudo nano /and many others/nginx/sites-available/apache

Regulate the record in order that it looks as if this, with foobar.internet and check.io in their very own server blocks:

/and many others/nginx/sites-available/apache

    server {
        concentrate 80;
        server_name foobar.internet www.foobar.internet;

        location / {
            proxy_pass http://your_server_ip:8080;
            proxy_set_header Host $host;
            proxy_set_header X-Actual-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
    server {
        concentrate 80;
        server_name check.io www.check.io;

        location / {
            proxy_pass http://your_server_ip:8080;
            proxy_set_header Host $host;
            proxy_set_header X-Actual-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }

We’re going to use Certbot to generate our TLS/SSL certificate. Its Nginx plugin will deal with reconfiguring Nginx and reloading the config every time vital.

First, upload the legitimate Certbot repository:

  • sudo add-apt-repository ppa:certbot/certbot

Press ENTER when brought on to verify you need so as to add the brand new repository. Then replace the bundle record to pick out up the brand new repository’s bundle data:

Then set up Certbot’s Nginx bundle with apt:

  • sudo apt set up python-certbot-nginx

As soon as it is put in, use the certbot command to generate the certificate for foobar.internet and www.foobar.internet:

  • sudo certbot --nginx -d foobar.internet -d www.foobar.internet

This command tells Certbot to make use of the nginx plugin, the use of -d to specify the names we would just like the certificates to be legitimate for.

If that is your first time operating certbot, you are going to be brought on to go into an e mail cope with and conform to the phrases of provider. After doing so, certbot will be in contact with the Let’s Encrypt server, then run a problem to ensure that you simply keep an eye on the area you are inquiring for a certificates for.

Subsequent, Certbot will ask how you’ll love to configure your HTTPS settings:

Output

Please make a selection whether or not or to not redirect HTTP visitors to HTTPS, casting off HTTP get right of entry to. ------------------------------------------------------------------------------- 1: No redirect - Make no additional adjustments to the webserver configuration. 2: Redirect - Make all requests redirect to safe HTTPS get right of entry to. Select this for new websites, or if you are assured your web site works on HTTPS. You'll undo this alternate by way of enhancing your internet server's configuration. ------------------------------------------------------------------------------- Choose the proper quantity [1-2] then [enter] (press 'c' to cancel):

Choose your selection, then press ENTER. The configuration will likely be up to date, and Nginx will reload to pick out up the brand new settings.

Now execute the command for the second one area:

  • sudo certbot --nginx -d check.io -d www.check.io

Get entry to one in all Apache’s domain names on your browser the use of the https:// prefix; seek advice from https://foobar.internet/information.php and you can see this:

phpinfo ssl

Glance within the PHP Variables segment. The variable SERVER_PORT has been set to 443 and HTTPS set to on, as regardless that Apache used to be immediately accessed over HTTPS. With those variables set, PHP packages would not have to be specifically configured to paintings in the back of a opposite proxy.

Now let’s disable direct get right of entry to to Apache.

Step 10 — Blocking off Direct Get entry to to Apache (Non-compulsory)

Since Apache is listening on port 8080 at the public IP cope with, it’s out there by way of everybody. It may be blocked by way of running the next IPtables command into your firewall rule set.

  • sudo iptables -I INPUT -p tcp --dport 8080 ! -s your_server_ip -j REJECT --reject-with tcp-reset

You should definitely use your server’s IP cope with instead of the instance in crimson. As soon as port 8080 is blocked on your firewall, check that Apache is unreachable on it. Open your internet browser and take a look at getting access to one in all Apache’s domains on port 8080. For instance: http://instance.com:8080

The browser will have to show an “Unable to connect” or “Webpage is not available” error message. With the IPtables tcp-reset possibility in position, an interloper would see no distinction between port 8080 and a port that does not have any provider on it.

Observe: IPtables laws don’t continue to exist a gadget reboot by way of default. There are more than one techniques to keep IPtables laws, however the very best is to make use of iptables-persistent in Ubuntu’s repository. Discover this article to be informed extra about easy methods to configure IPTables.

Now let’s configure Nginx to serve static information for the Apache websites.

Step 11 — Serving Static Recordsdata The use of Nginx (Non-compulsory)

When Nginx proxies requests for Apache’s domain names, it sends each and every record request for that area to Apache. Nginx is quicker than Apache in serving static information like pictures, JavaScript and elegance sheets. So let’s configure Nginx’s apache digital host record to immediately serve static information however ship PHP requests directly to Apache.

Open the record /and many others/nginx/sites-available/apache on your editor:

  • sudo nano /and many others/nginx/sites-available/apache

You’ll be able to wish to upload two further location blocks to each and every server block, in addition to regulate the prevailing location sections. As well as, you can wish to inform Nginx the place to search out the static information for each and every web site.

For those who’ve made up our minds to not use SSL and TLS certificate, regulate your record so it looks as if this:

/and many others/nginx/sites-available/apache

server {
    concentrate 80;
    server_name check.io www.check.io;
    root /var/www/check.io;
    index index.php index.htm index.html;

    location / {
        try_files $uri $uri/ /index.php;
    }

    location ~ .php$ {
        proxy_pass http://your_server_ip:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Actual-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location ~ /.ht {
        deny all;
    }
}

server {
    concentrate 80;
    server_name foobar.internet www.foobar.internet;
    root /var/www/foobar.internet;
    index index.php index.htm index.html;

    location / {
        try_files $uri $uri/ /index.php;
    }

    location ~ .php$ {
        proxy_pass http://your_ip_address:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Actual-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location ~ /.ht {
        deny all;
    }
}

For those who additionally need HTTPS to be obtainable, use the next configuration as a substitute:

/and many others/nginx/sites-available/apache

server {
    concentrate 80;
    server_name check.io www.check.io;
    root /var/www/check.io;
    index index.php index.htm index.html;

    location / {
        try_files $uri $uri/ /index.php;
    }

    location ~ .php$ {
        proxy_pass http://your_server_ip:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Actual-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location ~ /.ht {
        deny all;
    }

    concentrate 443 ssl;
    ssl_certificate /and many others/letsencrypt/are living/check.io/fullchain.pem;
    ssl_certificate_key /and many others/letsencrypt/are living/check.io/privkey.pem;
    come with /and many others/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /and many others/letsencrypt/ssl-dhparams.pem;
}

server {
    concentrate 80;
    server_name foobar.internet www.foobar.internet;
    root /var/www/foobar.internet;
    index index.php index.htm index.html;

    location / {
        try_files $uri $uri/ /index.php;
    }

    location ~ .php$ {
        proxy_pass http://your_ip_address:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Actual-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location ~ /.ht {
        deny all;
    }

    concentrate 443 ssl;
    ssl_certificate /and many others/letsencrypt/are living/foobar.internet/fullchain.pem;
    ssl_certificate_key /and many others/letsencrypt/are living/foobar.internet/privkey.pem;
    come with /and many others/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /and many others/letsencrypt/ssl-dhparams.pem;
}

The try_files directive makes Nginx search for information within the report root and immediately serve them. If the record has a .php extension, the request is handed to Apache. Despite the fact that the record isn’t discovered within the report root, the request is handed directly to Apache in order that utility options like permalinks paintings with out issues.

Caution: The location ~ /.ht directive is essential; this prevents Nginx from serving the contents of Apache configuration information like .htaccess and .htpasswd which include delicate data.

Save the record and carry out a configuration check:

Reload Nginx if the check succeeds:

  • sudo provider nginx reload

To make sure issues are running, you’ll read about Apache’s log information in /var/log/apache2 and notice the GET requests for the information.php information of check.io and foobar.internet. Use the tail command to look the previous couple of strains of the record, and use the -f transfer to look at the record for adjustments:

  • sudo tail -f /var/log/apache2/other_vhosts_access.log

Now seek advice from http://check.io/information.php on your browser after which take a look at the output from the log. You’ll be able to see that Apache is certainly replying:

Output

check.io:80 your_server_ip - - [01/Jul/2016:18:18:34 -0400] "GET /info.php HTTP/1.0" 200 20414 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36"

Then seek advice from the index.html web page for each and every web site and you will not see any log entries from Apache. Nginx is serving them.

If you end up achieved gazing the log record, press CTRL+C to forestall tailing it.

With this setup, Apache will be unable to limit get right of entry to to static information. Get entry to keep an eye on for static information would wish to be configured in Nginx’s apache digital host record, however that is past the scope of this instructional.

Conclusion

You presently have one Ubuntu server with Nginx serving instance.com and pattern.org, in conjunction with Apache serving foobar.internet and check.io. Even though Nginx is appearing as a reverse-proxy for Apache, Nginx’s proxy provider is clear and connections to Apache’s domain names seem be served immediately from Apache itself. You’ll use this way to serve safe and static websites.