i-MSCP + nginx proxy

i-MSCP + nginx proxy

I’ve written a small howto for adding nginx as proxy in-front i-MSCP’s default Apache configuration, to spare you servers memory. As everyone know, Apache is and always have been memory hungry especially when working in a multi site environment. Therefore adding nginx as a proxy in-front of Apache to lower the memory usage and give clients faster response-time makes perfect sense. I hope this little write up will help you as much as it has helped me lower the resource usage on my home server.

= Win

Add nginx as proxy infront of you apache installation to lower memory usage.

First we create some backup dirs:
mkdir /root/backup
mkdir /root/backup/apache_conf
mkdir /root/backup/apache_tpl

Then we need to change the default listing port on our virtual hosts, this is easiest done by using sed, while doing this we create a backup of the old files.
sed -ib 's/:80/:82/g' /etc/apache2/sites-available/*.conf

The backup files will get the extension confb. We don’t want these files lying in the same folder as the working once, so we moved them to the backup directory:
mv /etc/apache2/sites-available/*.confb /root/backup/apache_conf

Now we need to edit the listing port for apache itself, this is done by changing the port, like this:
nano /etc/apache2/ports.conf
Listen 80
Listen 82

Restart Apache:
service apache2 restart

Check that apache listens on the correct port “82”:
netstat -tunap | grep apache2

Now the basic’s are done.

Modify iMSCP master apache template.
Edit both:
VirtualHost {BASE_SERVER_IP}:80
VirtualHost {BASE_SERVER_IP}:82

And then the apache default templates for new domains and subdomains and do a backup:
sed -ib 's/:80/:82/g' /etc/imscp/apache/parts/*.tpl

Again we don’t want the backup files lying around with the working once, so we move them to the appropriate backup folder:
mv /etc/imscp/apache/parts/*.tplb /root/backup/apache_tpl

To avoid all visits looking like they arrive from localhost install libapache2-mod-rpaf:
apt-get install libapache2-mod-rpaf

Edit Apache’s configuration:
nano /etc/apache2/apache2.conf

RPAFsethostname On

And restart apache again.
service apache2 restart

Now we need to install nginx and that is pretty straight forward on Debian.

apt-get install nginx

Remove the default configuration file:
rm /etc/nginx/sites-available/default

Create a new one and add the following:
nano /etc/nginx/sites-available/default

#### default

# Default by nginx guideline
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;

client_header_buffer_size 1k;
large_client_header_buffers 4 4k;

client_max_body_size 100m;
client_body_buffer_size 128k;

# Hash Table
server_names_hash_bucket_size 64;

# Proxy
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;

proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

server {
listen [::]:80;

# Dynamic Content forward to Apache
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

#### virtualhost

server {
server_name www.default.TLD default.TLD;
root /var/www/virtual/DOMAIN.TLD/htdocs;

# Static Contents
location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
access_log /var/log/apache2/users/DOMAIN.TLD-access.log;
error_log /var/log/apache2/users/DOMAIN.TLD-error.log;
expires 30d;

# Dynamic Content forward to Apache
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Do the follow to make nginx log correctly:
sysctl -w net.ipv6.bindv6only=1
This makes nginx show the difference between IPv4 and IPv6 addresses without adding extra info to the IPv4 addresses :ffff:.

Make it permanent by adding the following to /etc/sysctl.conf:

Restart Apache and nginx to see if everything is working.

service apache2 restart && service nginx restart


1. Removed listning port from virtual configuration (listen [::]:80;).
2. Changed listning parameter in default configuration to: listen [::]:80;
3. Added: sysctl -w net.ipv6.bindv6only=1 – To make the nginx show the difference between IPv4 and IPv6 addresses correctly. Needed when using listen [::]:80; as default.
4: Added: net.ipv6.bindv6only=1 to /etc/sysctl.conf to make the change permanent.

1. IPv6 fix for the configuration, both can be used (if using the first one, do not add “listen;” command to vhost configurations, it will break nginx):
Use this one if trouble with bad formatted IPv4 addresses like: ::ffff:xxx.xxx.xxx.xxx:
listen 80;
listen [::]:80 default ipv6only=on;
Else use:
listen [::]:80 default;
server_name _;
Thanks to: Laurent Declercq for the fix.
2. To revert the names of the tpl/conf files use: rename 's/confb$/conf/' * You of course need to be standing in the same folder as the files.

1. Make nginx listen for IPv6 traffic: Change listen 80 default; to listen [::]:80 default ipv6only=on;
2. Added IPv6 address to server IP for the Apache mod-rpaf module.