xTom - How to Set Up NGINX as a Reverse Proxy for Apache on AlmaLinux and Rocky Linux

Using NGINX as a reverse proxy in front of Apache can significantly improve the performance and scalability of your web server. You can combine the strengths of both web servers.

That said, in this comprehensive guide, we'll walk you through the process of setting up NGINX as a reverse proxy for Apache on AlmaLinux and Rocky Linux, two popular free and open-source alternatives to Red Hat Enterprise Linux (RHEL). We'll also cover various configuration examples for different use cases.

But first:

Why use NGINX as a reverse proxy?

Setting up NGINX as a reverse proxy for Apache offers multiple benefits, here's a few key ones:

Performance: NGINX is well-known for its efficiency in serving static content like images, CSS, and JavaScript. By handling static content with NGINX, Apache can focus on dynamic content, leading to better overall performance and reduced load on Apache.
Load balancing: NGINX excels as a load balancer. It can distribute incoming traffic across multiple Apache servers (or other backend servers), allowing for greater scalability and ensuring that no single server gets overwhelmed by traffic.
Enhanced security: Using NGINX as a reverse proxy adds a layer of security. Since NGINX handles incoming requests and passes them to Apache, it prevents Apache from being directly exposed to the internet, which reduces the risk of attacks.

Step 1: Install NGINX and Apache

First, ensure that your system is up to date and then install both NGINX and Apache.

Update the system:

sudo yum update

Install NGINX:

sudo dnf install nginx -y

Start NGINX and enable it to start at boot:

sudo systemctl start nginx
sudo systemctl enable nginx

Install Apache:

sudo dnf install httpd -y

Step 2: Configure Apache to use a different port

Before starting Apache, we need to configure it to listen on a different port, as both NGINX and Apache use port 80 by default.

Edit the Apache configuration file:

sudo vim /etc/httpd/conf/httpd.conf

Find the line:

Listen 80

Change it to:

Listen 8080

Save the file and exit vim (press Esc, then type :wq and press Enter).

Next, update the virtual host configuration:

sudo vim /etc/httpd/conf.d/vhost.conf

Ensure the <VirtualHost> block reflects the new port:

<VirtualHost *:8080>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
</VirtualHost>

Save and exit the file.

Now restart Apache for the changes to take effect:

sudo systemctl restart httpd

Apache will now run on port 8080.

Step 3: Configure NGINX as a reverse proxy

Now we'll configure NGINX to act as a reverse proxy, forwarding requests to Apache running on port 8080.

Edit the NGINX configuration file:

sudo vim /etc/nginx/nginx.conf

Within the server block, configure NGINX to forward requests to Apache and serve static files:

server {
    listen 80;
    server_name your_domain_or_ip;

    # Serve static files directly with NGINX
    location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
        root /var/www/html;
    }

    # Forward other requests to Apache 
    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }
}

This setup:

Serves static files (images, CSS, JS) directly with NGINX
Forwards other requests to Apache
Ensures proper forwarding of headers

Save and exit the file.

Step 4: Test the configuration and restart NGINX

Before restarting NGINX, check the configuration for syntax errors:

sudo nginx -t

If there are no errors, restart NGINX:

sudo systemctl restart nginx

Step 5: Adjust firewall settings

If firewalld is active on your server, you need to allow HTTP (port 80) and HTTPS (port 443) traffic for NGINX.

Since Apache is running behind NGINX, you don't need to expose port 8080 to external traffic.

Allow HTTP and HTTPS traffic:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Step 6: Verify the setup

To verify the setup, we'll test both dynamic content (PHP) and static content (an image).

Testing with a PHP file

First, make sure PHP is installed and enabled for Apache:

sudo dnf install php php-fpm -y
sudo systemctl restart httpd

Create a test PHP file in Apache's document root:
```
sudo vim /var/www/html/test.php
```
Add the following content to the file:
```
<?php
phpinfo();
?>
```
Save and exit the file.
Now, access this file through your web browser by navigating to:

http://your_server_ip/test.php

If everything is set up correctly, you should see the PHP info page.

Testing with an image file

Let's add a sample image to test NGINX's static file serving:

sudo wget https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/1280px-Nginx_logo.svg.png -O /var/www/html/nginx-logo.png

Now, access this image through your web browser:

http://your_server_ip/nginx-logo.png

You should see the NGINX logo. To confirm that NGINX (not Apache) served this file, check NGINX's access log:

sudo tail -f /var/log/nginx/access.log

You should see a log entry for the image request.

To confirm that Apache is receiving the forwarded requests for PHP, check Apache's access logs:

sudo tail -f /var/log/httpd/access_log

You should see the requests being forwarded from NGINX to Apache for PHP files, but not for the image file.

Remember to remove or secure the test PHP file after confirming the setup:

sudo rm /var/www/html/test.php

Advanced NGINX configuration examples

Here are some advanced configuration examples for different scenarios:

Load balancing configuration

For distributing traffic among multiple backend servers:

upstream myapp1 {
    server backend1.example.com;
    server backend2.example.com;
}

server {
    listen 80;
    server_name example.com;

    location / {
        proxy_pass http://myapp1;
        proxy_next_upstream error timeout;
        # Additional settings...
    }
}

Caching responses

To enable caching of responses from the proxied server:

http {
    proxy_cache_path /path/to/cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off;

    server {
        location / {
            proxy_pass http://backend.example.com;
            proxy_cache my_cache;
        }
    }
}

SSL configuration

For secure connections to the proxied server:

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/certificate.key;

    location / {
        proxy_pass https://backend.example.com;
        proxy_set_header X-Forwarded-Proto https;
    }
}

Fine-tuning proxy settings

For advanced configurations and performance tuning:

location / {
    proxy_pass http://backend.example.com;
    proxy_buffering off;
    proxy_buffer_size 4k;
    proxy_connect_timeout 60s; 
    proxy_read_timeout 60s;
    proxy_send_timeout 60s;
}

Conclusion

Setting up NGINX as a reverse proxy in front of Apache can significantly improve your server's performance by offloading static content to NGINX, allowing Apache to focus on dynamic content.

This setup also adds an extra layer of security and scalability to your web server infrastructure, making it an ideal choice for handling growing traffic and demanding web applications.

Thanks for reading!

If you're looking for reliable infrastructure to support your web server setup, xTom provides a range of solutions, including dedicated servers, colocation, IP transit services, and more.

Additionally, for flexible and scalable virtual private servers, V.PS offers NVMe VPS hosting.