in FOSS

How to Configure Nginx + SSL As a Reverse Proxy for Apache on Ubuntu 18.04

How to Set Nginx + SSL As a Reverse Proxy for Apache on Ubuntu 18.04

Nginx and Apache can be used simultaneously where Nginx acts as a reverse proxy that accepts requests from clients and forwards them to other web servers such as Apache, then Apache sends back the response requested by Nginx to be sent to the client. This is done so that the two web servers can cover each other’s shortcomings.

Nginx sebagai Reverse Proxy untuk Apache

Nginx as a Reverse Proxy for Apache

0.Install Apache

Install Apache web server

Install FastCGI module

1.Setting Apache

Rename the Apache port.conf configuration file

Create a new port.conf file with port number 8080

Disable the 000-default Apache virtual host

Create a virtual host configuration file

Enter the 001-default.conf configuration

Activate virtual host 001-default.conf

Restart Apache

Verify that Apache is already running on port 8080

The results show that apache2 runs on port 8080

2.Configure Apache to use FastCGI

Activate the actions module

Rename the FastCGI configuration file

Create a new configuration file for FastCGI

Memasukkan konfigurasi FastCGI

Apache configuration test

The result is Syntax OK, restart Apache

3.PHP Verification

Verify that the PHP script can be run by Apache web server

Create info.php file to call the phpinfo function

Browse http://IP_SERVER:8080/info.php, check Server API, SERVER_PORT, and SERVER_SOFTWARE.

PHP Information - Server API

PHP Information – Server API

PHP Information - SERVER PORT dan SERVER SOFTWARE

PHP Information – SERVER PORT and SERVER SOFTWARE

4.Create Apache Virtual Host

Create an Apache virtual host configuration for the web.defnex.com subdomain

Create a document root folder

Create index.html file

Create info.php file

Create a virtual host file for web.defnex.com

Enter the virtual host configuration

Activating virtual host

Apache configuration test

Restart Apache

Verify that the virtual host configuration is functioning properly, browse http: //web.defnex.com: 8080

Browse subdomain

Browse subdomain

5.Install and Configure Nginx

Install Nginx

Create a Nginx server block configuration for web.defnex.com

Enter the server block configuration

Nginx configuration test

The result

Restart Nginx

Verify the Nginx reverse proxy by accessing http://web.defnex.com/info.php

PHP Information - Nginx Reverse Proxy

PHP Information – Nginx Reverse Proxy

6.Install and Configure mod_rpaf

Apache module mod_rpaf rewrites values from REMOTE_ADDR, HTTPS and HTTP_PORT. If without this module, what is read in the Apache log is IP from Nginx, not from visitors.

Install the packages needed to build the module

Download the mod_rpaf source code from GitHub

Extract the mod_rpaf.zip file

Compile mod_rpaf

Create the rpaf.load file

Memasukkan konfigurasi load module

Create a rpaf.conf configuration file

Entering the module configuration, RPAF_ProxyIPs is filled with SERVER_IP

Activate the rpaf module

Apache configuration test

Restart Apache

Browse http://web.defnex.com/info.php, check REMOTE_ADDR, must contain the Public IP address of the visitor’s computer

PHP Information - REMOTE ADDR

PHP Information – REMOTE ADDR

7.Configure HTTPS

Install SSL Let’s Encrypt to enable HTTPS

Generate an SSL certificate for the web.defnex.com subdomain located in Nginx

Enter email address

Agree ToS

Consent to be sent information about Let’s Encrypt, you can answer Y or N.

An SSL certificate was created, changed and added a virtual host configuration for SSL.

Then select 2 to redirect HTTP to HTTPS.

The SSL certificate installation for web.defnex.com is complete

The SSL certificate is only valid for 90 days, run the renew command to renew the SSL certificate

Browse https://web.defnex.com/info.php, check $_SERVER['SERVER_PORT'] and $_SERVER['HTTPS']

PHP Information - HTTPS

PHP Information – HTTPS

8.Block Direct Access to Apache

Block direct access to Apache on port 8080 using iptables.

Format the firewall rule, change SERVER_IP

SERVER_IP uses 178.128.212.251

iptables rule test by accessing http: //web.defnex.com: 8080, the result is ERR_CONNECTION_RESET

Browse port 8080

Browse port 8080

Good luck 🙂

Write a Comment

Comment

  1. error

    /usr/local/src# dpkg -i libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb
    Selecting previously unselected package libapache2-mod-fastcgi.
    (Reading database … 225237 files and directories currently installed.)
    Preparing to unpack libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb …
    Unpacking libapache2-mod-fastcgi (2.4.7~0910052141-1.2) …
    Setting up libapache2-mod-fastcgi (2.4.7~0910052141-1.2) …
    dpkg: error processing package libapache2-mod-fastcgi (–install):
    installed libapache2-mod-fastcgi package post-installation script subprocess returned error exit status 1
    Errors were encountered while processing:
    libapache2-mod-fastcgi

    mohon petunjuk nya