Question

How to setup Ngnix as reverse proxy for Drupal served using Apache?

Posted November 11, 2020 79 views
NginxApacheDrupal

I am running a Drupal 7 website using Apache. But, now my requirement has changed. I need to run some other Django apps using Nginx. So, I want to use nginx as reverse proxy for apache. I will server Apache under 8080. Now, my site already has a SSL certificate using letsencrypt with apache plugin. So, will this configuration be enough ?

server {
 listen 80;

root /var/www/html/; 
 index index.php index.html index.htm;

server_name bringdomain.com www.bringdomain.com;

location / {
 root /var/www/html;
 index index.html index.htm;
 proxy_pass http://127.0.0.1:8080;
 proxy_redirect off;
 proxy_read_timeout 1200;
 proxy_send_timeout 1200;
 proxy_connect_timeout 75;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header Host $host;
 }
 location ~* ^.+\.(jpg|gif|jpeg|ico|avi|mpeg|mpg|wmv|png|css|js|xml)$ {
 root /var/www/html;
 }
 }

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi,
Your nginx server block configuration seems to be OK but it does not include SSL configuration. So, let’s try to modify it a bit.

server {

  listen 443 ssl;
  root /var/www/html/; 
  index index.php index.html index.htm;
  server_name bringdomain.com www.bringdomain.com;

  location / {
    root /var/www/html;
    index index.html index.htm;
    proxy_pass http://127.0.0.1:8080;
    proxy_redirect off;
    proxy_read_timeout 1200;
    proxy_send_timeout 1200;
    proxy_connect_timeout 75;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
  }

  location ~* ^.+\.(jpg|gif|jpeg|ico|avi|mpeg|mpg|wmv|png|css|js|xml)$ {
    root /var/www/html;
  }

  ssl_certificate /etc/letsencrypt/live/bringdomain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/bringdomain.com/privkey.pem;

}

server {

  listen 80;
  server_name bringdomain.com www.bringdomain.com;
  return 301 https://$host$request_uri;

}

The changes in your original server block are highlighted. It listens on port 443 now, and have SSL turned on:

listen 443 ssl

There is configuration of SSL certificate added as well. Check and correct the paths leading to your certificate files.

 ssl_certificate /etc/letsencrypt/live/bringdomain.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/bringdomain.com/privkey.pem;

There is another server block besides your original one. It listens on port 80 and rewrites HTTP requests to HTTPS.

I recommend creating a snapshot before deploying your new configuration. Just in case :)
After deploying new configuration test if certbot can renew the certificate. Run the following command:

sudo certbot renew --dry-run

Let me know if it helps, pls.

  • I have just tested Let’s Encrypt certificate renewal after swapping Apache web server for Nginx. So, if you try to renew a certificate with command:

    sudo certbot renew --dry-run
    

    You will get an error message because certbot uses apache plugin by default. So, first of all, you need to install certbot nginx plugin. Then, you have two ways to renew a certificate:

    1. You can enforce using nginx plugin for certificate renewal. You could test it with following command:

    sudo certbot renew --nginx --dry-run
    

    2. You can modify Let’s Encrypt config file. Its location and name should be like: /etc/letsencrypt/renewal/bringdomain.com.conf

    /etc/letsencrypt/renewal/bringdomain.com.conf
    ... # Options used in the renewal process [renewalparams] ... authenticator = apache installer = apache ...

    Swap apache for nginx in two lines. The following test should be successfully completed then.

    sudo certbot renew --dry-run 
    

    If you set up automatic certificate renewal in cron, you need to check how certbot is run there, and alter it if it is necessary.

Submit an Answer