Centos 6 & Cpanel: Setup Nginx as Reverse Proxy with Apache

cPanel comes with Apache web server by default. It does not mean that we cannot integrate Nginx inside. With some minor changes, we can install Nginx to listen to port 80 and forward any PHP process to Apache on another port 8080****. Apache is not really good in handling static files, so we will pass this task to Nginx. You will noticed that your memory and CPU will decrease once you have done this setup.

Warning: This setting is not suitable for shared hosting environment. VPS and Dedicated server only.

1. Install mod_rpaf:

– Since Nginx will be reverse proxy for Apache, we don’t want our log file to record the proxy IP. We want the real IP as usual. This will make sure our stats page like Webalizer and AWstats will record the correct information. So we need to install mod_rpaf which is “Reverse Proxy Add Forward” module for Apache. You can download that at http://stderr.net/apache/rpaf/download:

cd /usr/local/src wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz tar -xzf mod_rpaf-0.6.tar.gz cd mod_rpaf-* apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

– Once installed, we need to load the module into Apache configuration. Since cPanel already has Include Editor for Apache, we will use that functions. Login to WHM > Service Configuration > Apache Configuration > Include Editor > Pre Main Include > All Versions and paste following text:

LoadModule rpaf_module modules/mod_rpaf-2.0.so RPAFenable On RPAFproxy_ips # replace the value with your server IP RPAFsethostname On RPAFheader X-Real-IP

– Click Update > Restart Apache. The module should be loaded after restart.

Note: You can do this manually. Just open /etc/httpd/conf/httpd.conf with your editor then add lines above.

nano /etc/httpd/conf/httpd.conf

Restart Apache:

service httpd restart

  1. Change Apache listen port:

– Before we install Nginx, we need to change Apache port to 8080. Login to WHM > Server Configuration > Tweak Settings > Apache non-SSL IP/port: 8080
**Note:** You can use another Port (I used port 8080) but you should make sure that your firewall allows that port.

My case, I installed CSF (ConfigServer Security & Firewall – csf v5.49) on my XEN VPS (Centos 6 32bit + Cpanel)

So to open that port (8080) , i must go to **Plugins > ConfigServer Security & Firewall > ConfigServer Firewall > # Allow incoming TCP ports > TCP_IN > add port 8080 **


– We need to run following command so cPanel will remember that Apache configuration template has changed:

/usr/local/cpanel/bin/apache_conf_distiller --update --main /scripts/rebuildhttpdconf

3. Install Nginx and all requirements using yum:

You can download Nginx source at http://nginx.org/en/download.html

yum install pcre* -y cd /usr/local/src wget http://nginx.org/download/nginx-1.1.9.tar.gz tar -xvzf nginx-1.1.9.tar.gz cd nginx-* ./configure make make install

4. Configure Nginx to run with Reverse Proxy mode:

– Edit file /usr/local/nginx/conf/nginx.conf

– Replace original content of nginx.conf with this:

user  nobody; worker_processes  1; error_log  logs/error.log  info; events {     worker_connections  1024; } http {     server_names_hash_max_size 2048;     include       mime.types;     default_type  application/octet-stream; log_format   main '$remote_addr - $remote_user [$time_local]  $status '     '"$request" $body_bytes_sent "$http_referer" '     '"$http_user_agent" "$http_x_forwarded_for"';     sendfile        on;     tcp_nopush     on;     keepalive_timeout  10;     gzip  on;     gzip_min_length  1100;     gzip_buffers  4 32k;     gzip_types    text/plain application/x-javascript text/xml text/css;     ignore_invalid_headers on;     client_header_timeout  3m;     client_body_timeout 3m;     send_timeout     3m;     connection_pool_size  256;     client_header_buffer_size 4k;     large_client_header_buffers 4 32k;     request_pool_size  4k;     output_buffers   4 32k;     postpone_output  1460;  server { # this is your access logs location   access_log /usr/local/apache/domlogs/mywebs/mywebs.net;   error_log  logs/vhost-error_log warn;   listen    80;   # change to your domain   server_name  mywebs.net www.mywebs.net;   location ~* .(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css)$ {    # this is your public_html directory    root   /home/mywebs/public_html;   }   location / {    client_max_body_size    10m;    client_body_buffer_size 128k;    proxy_send_timeout   90;    proxy_read_timeout   90;    proxy_buffer_size    4k;    proxy_buffers     16 32k;    proxy_busy_buffers_size 64k;    proxy_temp_file_write_size 64k;    proxy_connect_timeout 30s;    # change to your domain name    proxy_redirect  http://www.mywebs.net:8080   http://www.mywebs.net;    proxy_redirect  http://mywebs.net:8080   http://mywebs.net;    proxy_pass;    proxy_set_header   Host   $host;    proxy_set_header   X-Real-IP  $remote_addr;    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;   }  } }

– Change lines:

/usr/local/apache/domlogs/mywebs/mywebs.net; to your directory.

proxy_redirect  http://www.mywebs.net:8080   http://www.mywebs.net;    proxy_redirect  http://mywebs.net:8080   http://mywebs.net;

to your domain.

– Save nginx.conf file and test Nginx configuration:

/usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

If you see those lines, that means your configuration is ok.

– Start Nginx:


– Check whether Nginx and Apache are listening to the correct port:

root@my [~]# netstat -tulpn | grep -e nginx -e httpd tcp 0 0* LISTEN 12128/nginx tcp 0 0* LISTEN 12425/httpd tcp 0 0* LISTEN 1155/httpd

– Edit /etc/rc.local using text editor and add following line so Nginx will start automatically after reboot


Nginx no need to be restarted to load the latest configuration file. You can run following command and it will reload the configuration on-the-fly without downtime:

kill -HUP ps -ef | grep nginx | grep master | awk {'print $2'}


/usr/local/nginx/sbin/nginx -s reload

– Check your web page header with Firebug (Firefox Addon), you can see it responses with nginx status.

Thanks to orginal article at Secaserver

Written on 09 April 2012

Share your thoughts