How to install NGINX in CentOS 7 or FreeBSD and configure it to act as a Reverse Caching Proxy for Apache

How to cache your website using NGINX and FastCGI in CentOS 7 with PHP FastCGI Process Manager PHP-FPM

Nginx is a high-performance, low-overhead optimized web server that can handle HTTP and HTTPS connections, which can also work as a reverse proxy and load balancer: it also has a lot of useful features, such as request buffering and HTTP caching, that can be customized in various ways to increase our web site performance, reliability and speed just like a dedicated HTTP accelerator such as Varnish. Nginx is free and open source software, released under the terms of a BSD-like license, and is probably the most used piece of software in web-based architectured nowadays.

In this post, we’ll briefly explain how to install it on a CentOS 7.x or FreeBSD machine and configure it to make it act as a Reverse Proxy for a web site installed either on the same machine or on a different machine within the same LAN. For further info regarding Nginx we strongly suggest to read the following articles: How to configure Nginx as a Reverse Proxy with Proxy-Cache and How to configure Nginx as a Reverse Proxy with FastCGI-Cache. If you don’t want to install a Reverse-Proxy and handle everything with Apache using native modules such as mod_cache and mod_cache_disk, you could be interested in this article instead.

Installing Nginx

Installing Nginx on Linux is rather easy, since all package managers have it available on their catalogue.

CentOS 7

Let’s start with typing the following commands from a terminal:

Answer “Y” to all the questions until the terminal says that the installation is complete.

Once done, we could start the Nginx service and also have it start automatically on each startup with the following lines:

Answer “Y” to all the questions until the terminal says that the installation is complete. Once done, we could start the Nginx service and also have it start automatically on each startup with the following lines:

FreeBSD

These are the required steps to install Nginx on a FreeBSD server:

Right after that, we need to add it to the   file to ensure that it will automatically start upon each boot. We can do that automatically in the following way:

Or by installing a text-editor such as Nano and perform the changes manually:

We just need to add nginx_enable=”YES” to the end of the file, save and we’re done.

Opening the Firewall Port(s)

The default CentOS firewall rules does not allow inbound HTTP / HTTPS traffic, hence its necessary to open up some TCP ports for a webserver such as Nginx to accept connections from the outside. How it can be done depends of the firewall that our CentOS machine is actually using: firewalld or iptables.

Firewalld

These are the shell commands to open up Firewalld (assuming that the public zone has been assigned to the WAN network interface):

Iptables

These are the rules to set for Iptables (assuming  that we want to accept traffic coming from the eth0 network interface):

Basic Scheme for Reverse-Proxy

Now that we installed Nginx, we can configure it to act as a Reverse Proxy with HTTP caching features for our Apache web-server. This basically means that it will sit in front of our Apache Web Server, intercept all the incoming HTTP/HTTPS calls and conditionally pass them to the aforementioned server or directly serve them using its disk and/or memory cache.

Here’s how it actually works:

How to install NGINX in CentOS 7 or FreeBSD and configure it to act as a Reverse Caching Proxy for Apache

This is called Edge-Origin (or Origin-Edge) pattern, because we got an edge server – Nginx – exposed to the WAN acting as a reverse proxy, load-balancer and/or caching service on top of one (or more) origin web server(s) – Apache – which lies within the LAN.

As we can see, if we want to pull-off this configuration on a single machine, it means that we need to make Nginx listen to the actual HTTP/HTTPS ports (80 and 443), while the Apache Web Server will be configured to listen to a different port (usually 81, 82 and so on). It’s also worth nothing that, given that scenario, the SSL channel only needs to be configured within the edge server, as it’s the only one publicly accessible through the WAN: since the origin server(s) will only communicate with it, they can do that via a standard HTTP channel (or a Linux socket) without the  risk of raising security issues.

Basic Configuration

Here’s a sample   configuration file that could be used implement an easy, straight-forward proxy with disk-cache capabilities:

As we can see, we’re using the origin-edge pattern: Nginx will work as an edge server that will (reverse) proxy the upstream Apache Web Server, which – in this example – is installed on the same machine and listening to port 82. It goes without saying that, if the origin server is installed on a different machine, we just need to write the proper hostname (or IP address) – assuming that we can reach it via LAN, VPN or anything else.

Advanced Configuration

For further configuration settings – including load-balancing and buffering features – and a full explanation of the directives we used in the above example, we strongly suggest to take a look at this article, which is dedicated to web-site caching using NGINX.

To implement rate limiting / connection limiting in Nginx, check out this article instead.

This post is part of a series of articles, tutorials and guides on the NGINX web server & reverse proxy. To read the other posts, click here!

 

About Ryan

IT Project Manager, Web Interface Architect and Lead Developer for many high-traffic web sites & services hosted in Italy and Europe. Since 2010 it's also a lead designer for many App and games for Android, iOS and Windows Phone mobile devices for a number of italian companies. Microsoft MVP for Development Technologies since 2018.

View all posts by Ryan

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.