store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Thu Aug 22, 2019 1:38 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Revisiting nginx and CloudFlare with Plesk.
Unread postPosted: Mon Jul 25, 2016 12:29 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
Recently I've been testing Plesk 12.5 and Centos 7 to destruction.

One of the things I've been playing with has been enabling nginx as a reverse proxy in front of Apache.

Previous discussions, and logic, has said that doing this is mostly pointless when you are using Apache 2.4 and php-fpm.

However, looking at things in more detail, it seems that using nginx can, in theory, reduce the number of Apache processes necessary to serve X-number of clients. And since each Apache process takes up a lot of memory, this seems like a good thing.

What I don't know is whether this really does any good under real-world conditions with mostly dynamic WordPress-type sites.
Does anyone have any real-world experience they are willing to share?

As an alternative, I've also been experimenting with using CloudFlare. In my tests this seems to do quite a bit of good AND works a treat with ASL.

With Plesk 12.5, mod_cloudflare is installed automatically when you enable the CloudFlare extension, and so the real IP gets reported to Apache. In turn, ASL knows the real IPs to shun, and adds these to CloudFlare's IP Firewall automatically (as long as you enter the correct API key, which I wasn't doing at first).

What's more, if you have a Pro account or your host has opted for Plesk's ServerShield Plus Advanced, CloudFlare's WAF can weed out all the trivial nonsense before ASL's more comprehensive rulsets come into play. This is going to reduce load on your machine.

There are disadvantages, of course. You'll have to log into CloudFlare to see if someone has been blocked by CF rather than ASL, and you have a maximum of 200 IPs (1000 for Pro) in the CF IP firewall (per domain). But I've never had 200 IPs shunned at the same time on any of my systems, so I'm not too bothered about that.

Again I'd be interested to hear from people who have been using CloudFlare in front of ASL and what the real-world experience has been like.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Google [Bot] and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group