[atomic] Nginx 0.7.64

[scott]

I'll throw out a "that depends"... by default its not configured to "just work" like apache for example. Additional configuration is required, and it would likely cause an outage with another daemon (apache in this case). So right now, yes that is the correct behaviour for that kind of package

[dayo]

I see what you mean.

However, isn't it the case that since the default virtual.conf & ssl.conf are commented out, it would not be trying to listen on the same port as apache until someone changes things anyway?

[scott]

Correct, but it also wont do anything... meaning it doesnt meet the "Just works" requirement.

[dayo]

Yeah you're right.

I just meant that having gone in and set up the servers and stuff, I'll have expected it to be reloaded if the server is rebooted.

Anyway, just a non-critical feedback.

[scott]

what I'm thinking of doing is a "psa-nginx" or like meta package, that would handle bridging the configs, adding in the events to plesk, and reconfiguring everything automatically. That way the nginx package stays neutral and all the magic can be customized for each platform. Thats definitely where youd stick the chkconfig stuff in. Another thing Im curious about are what kind of changes you're needing to make so it works with plesk. Like do you have to make per-domain vhost settings? Or did you just have to modify the global nginx config?

[dayo]

The Plesk advanced guide configs are those that worked as I found after messing about quite a bit.

I merged these with the yum installed settings to make it work … minor stuff.

mod_praf was a problem until I found out how to get it working on my Centos 5 as the makefile needed to be patched and httpd-devel and stuff needed before I could compile it.

I haven't yet put in the events but that seems straightforward looking at the guide.

I went for per domain settings to give flexibility and to allow the events to pick up domain files.

I'll type out the process I went through in a bit.

[dayo]

OK Here it is.

Activating Nginx to proxy to Apache on Centos 5.4 with Plesk 9.3.0

1. yum install nginx (it can sit there until we are ready to switch it on)

2. Installed mod_praf (had to mess about a bit to get it to compile on centos5)

Code: Select all

# Get tools needed by Apache and restart Apache to load new settings
$ yum install httpd-devel
$ yum --exclude=subversion --exclude=cvs groupinstall 'Development Tools'
$ service httpd restart
# Get mod_praf and install
$ wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
$ tar zxvf mod_rpaf-0.6.tar.gz
$ cd mod_rpaf-0.6
# Patch Makefile as required for CentOS 5
$ sed -ie 's/apxs2/apxs/' Makefile
$ make rpaf-2.0
$ make install-2.0

3. Created /etc/httpd/conf.d/rpaf.conf

Code: Select all

LoadModule rpaf_module modules/mod_rpaf-2.0.so

# Enable reverse proxy
RPAFenable On

# Set same hostname as Apache
RPAFsethostname On

# IP addresses proxying to Apache
RPAFproxy_ips 127.0.0.1 A-SPACE-SEPARATED-LIST-OF-SERVER-IP-ADDRESSES

# Header storing client IP address
RPAFheader X-Forwarded-For

4. Created /etc/nginx/vhost.template combining the three examples provided by Plesk as follows:

Code: Select all

server {
        listen 80;
        server_name <domain.name> www.<domain.name>;
        access_log /var/log/nginx/<domain.name>.access.log main;
        # Main location
        location / {
                index  index.php index.html index.htm;
                proxy_pass http://<domain.name>:8080/;
                include /etc/nginx/proxy.default;
        }
        # Static files location
        # Uncomment to serve static files with Nginx
        # This will result in these files not being accounted for by account bandwidth usage calcs
        #location ~* ^.+\.(jpg|jpeg|gif|png|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|wav|bmp|rtf|js|ico|swf)$ {
        #        root /var/www/vhosts/<domain.name>/httpdocs;
        #        expires 30d;
        #}
}

server {
        listen 80;
        server_name webmail.<domain.name>;
        access_log /var/log/nginx/webmail.log main;
        # Main webmail location
        location / {
                proxy_pass http://<domain.ip>:8080/;
                include /etc/nginx/proxy.default;
        }
}

server {
        listen 80;
        server_name lists.<domain.name>;
        access_log /var/log/nginx/lists.log main;
        # Main mailing list location
        location / {
                proxy_pass http://<domain.ip>:8080/;
                include /etc/nginx/proxy.default;
        }
}

5. Created /etc/nginx/proxy.default to enable global changes or domain specific overrides

Code: Select all

# proxy.default
# Default Nginx proxy settings
proxy_redirect default;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
open_file_cache max=1024 inactive=86400s;
open_file_cache_valid 21600s;
open_file_cache_min_uses 1;
open_file_cache_errors on;

6. Renamed /etc/nginx/nginx.conf as /etc/nginx/nginx.conf.old

7. Created new /etc/nginx/nginx.conf based on the Plesk Guide as follows (main difference is that the "include /etc/nginx/conf.d/*.conf;" line is maintained from the yum version and user/group is changed to apache.

Code: Select all

# Nginx Conf File
user apache apache;
worker_processes 1;
timer_resolution 100ms;
worker_rlimit_nofile 8192;
worker_priority -5;
error_log /var/log/nginx/nginx.error.log;
events {
        worker_connections 1024;
        use epoll;
}
http {
      	include /etc/nginx/mime.types;
        default_type application/octet-stream;
        log_format main '$remote_addr - $remote_user [$time_local] '
                '"$request" $status $bytes_sent '
                '"$http_referer" "$http_user_agent" '
                '"$gzip_ratio"';
        log_format download '$remote_addr - $remote_user [$time_local] '
                '"$request" $status $bytes_sent '
                '"$http_referer" "$http_user_agent" '
                '"$http_range" "$sent_http_content_range"';
        client_header_timeout 10m;
        client_body_timeout 10m;
        send_timeout 10m;
        proxy_read_timeout 10m;
        proxy_connect_timeout 30;
        proxy_send_timeout 10m;
        connection_pool_size 256;
        client_header_buffer_size 1k;
        large_client_header_buffers 4 2k;
        request_pool_size 4k;
        gzip on;
        gzip_disable "MSIE [1-6]\.";
        gzip_comp_level 3;
        gzip_min_length 1100;
        gzip_buffers 4 8k;
        gzip_http_version 1.1;
        gzip_proxied any;
        gzip_types text/plain application/xml application/x-javascript text/css;
        output_buffers 1 32k;
        postpone_output 1460;
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 5 20;
        ignore_invalid_headers on;
        resolver 127.0.0.1;
        include /etc/nginx/conf.d/*.conf;
}

8. Replaced <domain.name> and <domain.ip> with real values in copies of vhost.template and saved as /etc/nginx/conf.d/domain.tld.conf for each existing domain.

9. Moved Apache port to 8080

Code: Select all

$ /usr/local/psa/admin/sbin/websrvmng --set-http-port --port=8080
$ /usr/local/psa/admin/sbin/websrvmng --reconfigure-all
$ /usr/local/psa/admin/sbin/webmailmng --disable --name=horde
$ /usr/local/psa/admin/sbin/webmailmng --enable --name=horde
$ /usr/local/psa/admin/sbin/webmailmng --disable --name=atmail
$ /usr/local/psa/admin/sbin/webmailmng --enable --name=atmail
$ /usr/local/psa/admin/sbin/webmailmng --disable --name=atmailcom
$ /usr/local/psa/admin/sbin/webmailmng --enable --name=atmailcom

10. Restarted Apache (service httpd restart)

11. Started Nginx (service nginx start)

12. Ran "/sbin/chkconfig nginx on" so Nginx is loaded on reboot

We're good to go and examples of triggering the events to replace <domain.name> have already been given by Plesk. Should be trivial to query the db for domain ip to replace <domian.ip> or just hard code a default one in there instead.

Very straightforward now compared to when I first wanted to try it with Plesk 8.x. The main problem I had was with mod_praf as it took me a long time and frustration before finding out what was need for CentOS 5.

[scott]

awesome follow up

[dayo]

Hi Scott

Is it possible to patch Nginx so that when the proxy_pass flag is on, it will pass any request not found to Apache instead of returning a "404 Not Found"?

This will make it tolerant of rewrite issues.

Kind of thing you might be interested in looking at? Some guy on another forum who offers installation services claims he has done this. Is it even possible?


******************************

Answer to my query from the Nginx Docs

Code: Select all

location / (
    error_page 404 = @fallback;
)
 
location @fallback (
    proxy_pass http://backend;
)

[scott]

Sure, what file did that go in? Or if you're not sure just paste the URL for the relevant post/documentation and I'll see what I can do

[dayo]

It goes into the vhost.template so that my example from above becomes:

Code: Select all

server {
        listen 80;
        server_name <domain.name> www.<domain.name>;
        access_log /var/log/nginx/<domain.name>.access.log main;
        # Main location
        location / {
                index  index.php index.html index.htm;
                error_page 404 = @fallback;
                proxy_pass http://<domain.name>:8080/;
                include /etc/nginx/proxy.default;
        }
        # Static files location
        # Uncomment to serve static files with Nginx
        # This will result in these files not being accounted for by account bandwidth usage calcs
        #location ~* ^.+\.(jpg|jpeg|gif|png|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|wav|bmp|rtf|js|ico|swf)$ {
        #        root /var/www/vhosts/<domain.name>/httpdocs;
        #        expires 30d;
        #}
        location @fallback {
                  proxy_pass http://<domain.name>:8080/;
        }
}

server {
        listen 80;
        server_name webmail.<domain.name>;
        access_log /var/log/nginx/webmail.log main;
        # Main webmail location
        location / {
                proxy_pass http://<domain.ip>:8080/;
                include /etc/nginx/proxy.default;
        }
}

server {
        listen 80;
        server_name lists.<domain.name>;
        access_log /var/log/nginx/lists.log main;
        # Main mailing list location
        location / {
                proxy_pass http://<domain.ip>:8080/;
                include /etc/nginx/proxy.default;
        }
}

Got it setup on my server and it works like a dream. If Nginx cannot find something, it passes it on to Apache. So I am able to sort out my rewrites knowing the files would still be served in the interim anyway. To find out which webserver is serving them, I need to comment out the "error_page 404 = @fallback;" line, reload Nginx and force refresh the page.

[scott]

That being said...
Building atomic-accelerator-0.1-1 for el5-i386: OK

Prototype is done!

[scott]

ok so another issue, nginx doesnt support PROPFIND which is used by subversion.

[dayo]

So I gather. You'll have to proxy to Apache apparently.

[scott]

Got an example? Is this something you think can be generic?