Revisiting nginx and CloudFlare with Plesk.
Posted: Mon Jul 25, 2016 12:29 pm
Recently I've been testing Plesk 12.5 and Centos 7 to destruction.
One of the things I've been playing with has been enabling nginx as a reverse proxy in front of Apache.
Previous discussions, and logic, has said that doing this is mostly pointless when you are using Apache 2.4 and php-fpm.
However, looking at things in more detail, it seems that using nginx can, in theory, reduce the number of Apache processes necessary to serve X-number of clients. And since each Apache process takes up a lot of memory, this seems like a good thing.
What I don't know is whether this really does any good under real-world conditions with mostly dynamic WordPress-type sites.
Does anyone have any real-world experience they are willing to share?
As an alternative, I've also been experimenting with using CloudFlare. In my tests this seems to do quite a bit of good AND works a treat with ASL.
With Plesk 12.5, mod_cloudflare is installed automatically when you enable the CloudFlare extension, and so the real IP gets reported to Apache. In turn, ASL knows the real IPs to shun, and adds these to CloudFlare's IP Firewall automatically (as long as you enter the correct API key, which I wasn't doing at first).
What's more, if you have a Pro account or your host has opted for Plesk's ServerShield Plus Advanced, CloudFlare's WAF can weed out all the trivial nonsense before ASL's more comprehensive rulsets come into play. This is going to reduce load on your machine.
There are disadvantages, of course. You'll have to log into CloudFlare to see if someone has been blocked by CF rather than ASL, and you have a maximum of 200 IPs (1000 for Pro) in the CF IP firewall (per domain). But I've never had 200 IPs shunned at the same time on any of my systems, so I'm not too bothered about that.
Again I'd be interested to hear from people who have been using CloudFlare in front of ASL and what the real-world experience has been like.
One of the things I've been playing with has been enabling nginx as a reverse proxy in front of Apache.
Previous discussions, and logic, has said that doing this is mostly pointless when you are using Apache 2.4 and php-fpm.
However, looking at things in more detail, it seems that using nginx can, in theory, reduce the number of Apache processes necessary to serve X-number of clients. And since each Apache process takes up a lot of memory, this seems like a good thing.
What I don't know is whether this really does any good under real-world conditions with mostly dynamic WordPress-type sites.
Does anyone have any real-world experience they are willing to share?
As an alternative, I've also been experimenting with using CloudFlare. In my tests this seems to do quite a bit of good AND works a treat with ASL.
With Plesk 12.5, mod_cloudflare is installed automatically when you enable the CloudFlare extension, and so the real IP gets reported to Apache. In turn, ASL knows the real IPs to shun, and adds these to CloudFlare's IP Firewall automatically (as long as you enter the correct API key, which I wasn't doing at first).
What's more, if you have a Pro account or your host has opted for Plesk's ServerShield Plus Advanced, CloudFlare's WAF can weed out all the trivial nonsense before ASL's more comprehensive rulsets come into play. This is going to reduce load on your machine.
There are disadvantages, of course. You'll have to log into CloudFlare to see if someone has been blocked by CF rather than ASL, and you have a maximum of 200 IPs (1000 for Pro) in the CF IP firewall (per domain). But I've never had 200 IPs shunned at the same time on any of my systems, so I'm not too bothered about that.
Again I'd be interested to hear from people who have been using CloudFlare in front of ASL and what the real-world experience has been like.