How To Install NGINX AS A Reverse Proxy For Apache On Ubuntu 16.04

https://www.howtoforge.com/tutorial/how-to-install-nginx-as-reverse-proxy-for-apache-on-ubuntu-16-04/

https://devops.profitbricks.com/tutorials/configure-nginx-as-a-reverse-proxy-for-apache-on-ubuntu-1604/

1. Configuring Apache

$ sudo nano /etc/apache2/ports.conf

modify the VirtualHost and Listen lines for port 80 to use port 8000 (or any other port number you would like to use):

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

Listen 8000

<IfModule ssl_module>
 Listen 443
</IfModule>

<IfModule mod_gnutls.c>
 Listen 443
</IfModule>

Ctrl-x, then ‘Y' to save and exit.

Next open the vhost configuration file:

$ sudo nano /etc/apache2/sites-available/000-default.conf

… and change the VirtualHost line at the top to use the IP address 127.0.0.1 and the port 8000:

<VirtualHost 127.0.0.1:8000>
[...]

Ctrl+x, then ‘Y' to save and exit.

Install the Apache module libapache2-mod-rpaf which takes care of logging the correct IP address:

$ sudo apt-get -y install libapache2-mod-rpaf

Did not test this codeNext you will need to edit the module configuration file:

$ sudo nano /etc/apache2/mods-available/rpaf.conf

Add the server IP address, in this example we use 192.168.1.100 as the server IP.

RPAFproxy_ips 127.0.0.1 192.168.1.100 ::1

Ctrl+x, then ‘Y' to save and close the file and restart Apache server.

$ sudo /etc/init.d/apache2 restart

You can test rpaf by viewing the Apache access log:

$ sudo tail -f /var/log/apache2/access.log

You should see the following output:

#Before:
127.0.0.1 - - [31/Jun/2016:08:34:07 +0000] "GET /index.html HTTP/1.1"
127.0.0.1 - - [31/Jun/2016:08:34:10 +0000] "GET /index.html HTTP/1.1"

#After
192.168.1.100 - - [31/Jun/2016:08:34:30 +0000] "GET /index.html HTTP/1.1"
192.168.1.100 - - [31/Jun/2016:08:34:34 +0000] "GET /index.html HTTP/1.1"

Restart Apache:

$ sudo /etc/init.d/apache2 restart

configure the Apache service to start at boot time by running:

$ sudo update-rc.d apache2 defaults

2. Configure nginx

$ sudo apt-get -y install nginx

Create its system startup links and make sure it is started:

$ sudo systemctl enable nginx.service
$ sudo service nginx restart

It should now be listening on port 80.

To setup Nginx as reverse proxy, create new virtual host file:

$ sudo nano /etc/nginx/sites-available/webproxy

Add the following content:

server {
    listen   80;

    root /var/www/html;
    index index.php index.html index.htm;

    server_name localhost;

    location / {
    try_files $uri $uri/ /index.php;
    }

    location ~ \.php$ {

    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $host;
    proxy_pass http://127.0.0.1:8000;

     }

     location ~ /\.ht {
            deny all;
    }
}

Ctrl+x, then ‘Y' to save and exit.

Verify your Nginx configuration syntax by running the following command:

$ sudo nginx -t

If everything is ok, you should see the following output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Activate the virtual host by running the following command:

$ sudo ln -s /etc/nginx/sites-available/webproxy /etc/nginx/sites-enabled/webproxy

Delete the default nginx server block:

$ sudo rm /etc/nginx/sites-enabled/default

Start the Nginx service by running the following command:

$ sudo /etc/init.d/nginx start

Then configure the Nginx service to start at boot time by running the following command:

$ sudo update-rc.d nginx defaults

3. Test Nginx Reverse Proxy

Running the following curl command:

$ curl -I localhost

Example output:

HTTP/1.1 200 OK
Server: nginx/1.10.0 (Ubuntu)
Date: Sun, 26 Mar 2017 17:42:23 GMT
Content-Type: text/html
Content-Length: 11321
Last-Modified: Sun, 19 Mar 2017 23:39:30 GMT
Connection: keep-alive
ETag: "58cf16b2-2c39"
Accept-Ranges: bytes

Need a working solution to add nginx server block

The code at this link works with a fresh install (no migration): How To Install Nextcloud on Ubuntu 16.04 Using NGINX & MariaDB

https://docs.nextcloud.com/server/11/admin_manual/installation/nginx_nextcloud_9x.html

https://www.rosehosting.com/blog/install-nextcloud-on-ubuntu-16-04/

the code below works below and is referenced from:
https://docs.nextcloud.com/server/11/admin_manual/installation/nginx_nextcloud_9x.html

The full code to MIGRATE from apache to nginx is here Migrating Nextcloud from Apache to Nginx on Ubuntu 16.04

Create a new Nginx server block:

$ sudo nano /etc/nginx/sites-available/nextcloud

copy/paste:

server {
    listen 80;
    listen [::]:80;
    server_name 192.168.1.70;
    root /var/www/html;
    return 301 https://$server_name$request_uri;
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name 192.168.1.70;
    root /var/www/html;
    index index.php index.html index.htm;

    ssl on;
    ssl_certificate     /etc/ssl/certs/apache-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/apache-selfsigned.key;
    ssl_session_timeout 5m;
    ssl_ciphers               'AES128+EECDH:AES128+EDH:!aNULL';
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    access_log  /var/log/nginx/nextcloud.access.log;
    error_log   /var/log/nginx/nextcloud.error.log;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav { 
        return 301 $scheme://$host/remote.php/dav; 
    }
    location = /.well-known/caldav { 
        return 301 $scheme://$host/remote.php/dav; 
    }

    location ^~ /nextcloud {

    #set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;
    gzip off;

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location /nextcloud {
        rewrite ^ /nextcloud/index.php$uri;
    }

    location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }

    location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    location ~* \.(?:css|js)$ {
        try_files $uri /nextcloud/index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
    }

    location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /nextcloud/index.php$uri$is_args$args;
        access_log off;
    }

    location ~ /\.ht {
        deny all;
    }
    }
}

Activate the server block by creating a symbolic link:

$ sudo ln -s /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/nextcloud

NOTE:
make sure the ‘default' and ‘webproxy' server blocks are not enabled in ‘/etc/nginx/sites-enabled'.

Test the Nginx configuration and restart nginx:

$ sudo nginx -t
$ sudo service nginx restart

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.