Panduan cara konfigurasi Nginx selaku reverse proxy bagi Apache di Linux, tested!. Di panduan ini menggunakan Linux Ubuntu 18.04, tetapi dapat digunakan di distro Linux lainnya, misal Debian dan CentOS. Karena ada dasarnya konfigurasinya sama, hanya berbeda di letak direktori konfigurasi virtual host dan dokumen webroot saja.
Selaku contoh, jikalau tradisi Nginx di Ubuntu virtual hostnya di /etc/nginx/sites-available dan /etc/sites-enabled, karenanya di CentOS berada di /etc/nginx/conf.d. Jadi gampang saja, tinggal disesuaikan.
Install Apache, MariaDB dan PHP
Di langkah awal kita akan menginstall Apache, MariaDB, dan PHP serta modul-modulnya, salah satunya yaitu mod_rpaf
apt install -y apache2 mariadb-server php libapache2-mod-php libapache2-mod-rpaf php-fpm php-mysql php-cli php-gd php-ldap php-odbc php-pdo php-pear php-mbstring php-xml php-xmlrpc php-snmp php-soapTingkatkan sekuriti MariaDB dengan cara setup akun root bagi MySQL dan menghapus database yang tak perlu
mysql_secure_installationLangkah berikutnya, mengubah port Apache ke 8080 (HTTP) dan 8443 (HTTPS) yang akan digunakan selaku backend dari Nginx. Jadi Nginx yang akan menghandle trafik HTTP dan HTTPS di port standar 80 dan 443.
nano /etc/apache2/ports.confSesuaikan portnya seperti berikut port 8080 bagi HTTP dan 8443 akan digunakan bagi koneksi HTTPS
Listen 8080
<IfModule ssl_module>
Listen 8443
</IfModule>
<IfModule mod_gnutls.c>
Listen 8443
</IfModule>Hapus contoh konfigurasi virtual host bawaan Apache
rm -f /etc/apache2/sites-available/*.confHapus pun link simbolisnya
unlink /etc/apache2/sites-enabled/*Bikin konfigurasi virtual host baru, perhatikan portnya 8080
nano /etc/apache2/sites-available/idnetter.com.confIsi dengan tema berikut
<VirtualHost *:8080>
ServerName idnetter.com
ServerAlias www.idnetter.com
ServerAdmin man@idnetter.com
DocumentRoot /var/www/html
<Directory /var/www/html>
Options FollowSymLinks
AllowOverride All
</Directory>
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>Ini contoh konfigurasi SSL, jikalau kelak mau gunakan HTTPS (kini tak, karena SSLnya belum disetup)
<VirtualHost GANTI-IP-SERVER:8443>
ServerName idnetter.com
ServerAlias www.idnetter.com
ServerAdmin man@idnetter.com
DocumentRoot /var/www/html
CustomLog /var/log/apache2/idnetter.com.bytes bytes
CustomLog /var/log/apache2/idnetter.com.log combined
ErrorLog /var/log/apache2/idnetter.com.error.log
<Directory /var/www/html>
AllowOverride All
SSLRequireSSL
Options +Includes -Indexes +ExecCGI
</Directory>
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /etc/letsencrypt/live/idnetter.com/certificate.crt
SSLCertificateKeyFile /etc/letsencrypt/live/idnetter.com/certificate.key
SSLCertificateChainFile /etc/letsencrypt/live/idnetter.com/certificate.ca
</VirtualHost>Simpan kemudian aktifkan virtual host yang baru dengan petunjuk a2ensite (singkatan bagi: apache2 enable site)
a2ensite idnetter.comSatu lagi, tambahkan IP server ke pada konfigurasi modul Apache rpaf, agar kita dapat mengetahui real IP klien yang mengakses server.
nano /etc/apache2/mods-available/rpaf.confDi baris berikut, tambahkan IP server (ganti, 1.2.3.4)
RPAFproxy_ips 127.0.0.1 1.2.3.4 ::1Seandainya Sahabat ingin mengaktifkan modul mod_rewrite Apache, yang biasanya bagi mempercantik URL supaya permalinknya lebih search engine friendly (SEF), eksekusi petunjuk a2enmod kepanjangannya apache2 enable module.
a2enmod rewriteOk, hingga disini Apache telah kita setup selaku web server yang bekerja di “balik layar”. Kemudian restart service Apache agar konfigurasi yang baru saja kita modifikasi dapat digunakan kini.
systemctl restart apache2Izinkan layanan Apache dan MariaDB otomatis berjalan dikala aplikasi di-restart.
systemctl enable apache2
systemctl enable mariadbBikin file informasi.php di pada folder webroot /var/www/html bagi menjalankan uji coba
echo <?php phpinfo(); ?> | sudo tee /var/www/html/informasi.phpSekarang ini coba, buka browser bagi memastikan Apache kini telah berjalan di port 8080, akses http://ip-server:8080/informasi.php.
Uji coba ini bertujuan, jikalau server tak dapat diakses, kita dapat dengan gampang mencari kesalahan di konfigurasi Apache sebelum melanjutkan ke langkah berikutnya.
Install Nginx
Install Nginx seperti biasanya
apt install -y nginxKonfigurasi Nginx selaku reverse proxy
Ubah konfigurasi global Nginx, kita akan mengaktifkan module gzip dan menambahkan beberapa baris bagi pengaturan proxy cache jikalau dibutuhkan.
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf_bak nano /etc/nginx/nginx.conf
Paste kode berikut
user www-data;
worker_processes auto;
worker_rlimit_nofile 65535;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
# Basic Settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_header_timeout 60s;
client_body_timeout 60s;
client_header_buffer_size 2k;
client_body_buffer_size 256k;
client_max_body_size 256m;
large_client_header_buffers 4 8k;
send_timeout 60s;
keepalive_timeout 30s;
reset_timedout_connection on;
server_tokens off;
server_name_in_redirect off;
server_names_hash_max_size 512;
server_names_hash_bucket_size 512;
# Mime type
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logging Settings
log_format main '$remote_addr - $remote_user [$time_local] $request'
'$status $body_bytes_sent $http_referer'
'$http_user_agent $http_x_forwarded_for';
log_format bytes '$body_bytes_sent';
error_log /var/log/nginx/error.log;
access_log off;
# access_log /var/log/nginx/access.log;
# Compression
gzip on;
gzip_static on;
gzip_vary on;
gzip_comp_level 6;
gzip_min_length 1024;
gzip_buffers 16 8k;
gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
gzip_proxied any;
gzip_disable MSIE [1-6].;
# Proxy settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
proxy_buffers 32 4k;
proxy_connect_timeout 30s;
proxy_send_timeout 90s;
proxy_read_timeout 90s;
# Cache settings
proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
proxy_cache_key $host$request_uri $cookie_user;
proxy_temp_path /var/cache/nginx/temp;
proxy_ignore_headers Expires Cache-Control;
proxy_cache_use_stale error timeout invalid_header http_502;
proxy_cache_valid any 1d;
# Cache bypass
map $http_cookie $no_cache {
default 0;
SESS 1;
wordpress_logged_in 1;
}
# File cache settings
open_file_cache max=10000 inactive=30s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
# SSL PCI Compliance
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
# Virtual Host Configs
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Oke, kini kita punya konfigurasi Nginx yang sempurna, Gzip aktif, SSL chippers, proxy cache jikalau hendak diaktifkan via vhost. Berikutnya merancang konfigurasi server block.
Bagus Apache dan Ngix mesti disetup virtual hostnya dengan path web root yang sama pula.
nano /etc/nginx/sites-available/idnetter.com.confisi dengan konfigurasi berikut
server {
listen 80;
server_name idnetter.com www.idnetter.com;
error_log /var/log/apache2/error.log error;
location / {
proxy_pass http://GANTI_IP_SERVER:8080;
proxy_cache cache;
proxy_cache_valid 15m;
proxy_cache_valid 404 1m;
proxy_no_cache $no_cache;
proxy_cache_bypass $no_cache;
proxy_cache_bypass $cookie_session $http_x_update;
location * ^.+.(jpg|jpeg|gif|png|ico|svg|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|odt|ods|odp|odf|tar|wav|bmp|rtf|js|mp3|avi|mpeg|flv|html|htm)$ {
proxy_cache off;
root /var/www/html;
access_log /var/log/apache2/idnetter.com.log combined;
access_log /var/log/apache2/idnetter.com.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location @fallback {
proxy_pass http://GANTI_IP_SERVER:8080;
}
location /.ht {return 404;}
location /.svn/ {return 404;}
location /.git/ {return 404;}
location /.hg/ {return 404;}
location /.bzr/ {return 404;}
}
Bikin link simbolis idnetter.com.conf ke /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/idnetter.com.conf /etc/nginx/sites-enabled/Ini saya sertakan contoh, konfigurasi SSL Nginx reverse proxy, selain port, perbedaannya hanya di 3 baris yang semuanya diawali dengan ssl*
server {
listen GANTI-IP-SERVER:443;
server_name idnetter.com www.idnetter.com;
error_log /var/log/apache2/error.log error;
ssl on;
ssl_certificate /etc/letsencrypt/live/idnetter.com/certificate.pem;
ssl_certificate_key /etc/letsencrypt/live/idnetter.com/certificate.key;
location / {
proxy_pass http://GANTI_IP_SERVER:8433;
proxy_cache cache;
proxy_cache_valid 15m;
proxy_cache_valid 404 1m;
proxy_no_cache $no_cache;
proxy_cache_bypass $no_cache;
proxy_cache_bypass $cookie_session $http_x_update;
location * ^.+.(jpg|jpeg|gif|png|ico|svg|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|odt|ods|odp|odf|tar|wav|bmp|rtf|js|mp3|avi|mpeg|flv|html|htm)$ {
proxy_cache off;
root /var/www/html;
access_log /var/log/apache2/idnetter.com.log combined;
access_log /var/log/apache2/idnetter.com.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location @fallback {
proxy_pass http://GANTI_IP_SERVER:8433;
}
location /.ht {return 404;}
location /.svn/ {return 404;}
location /.git/ {return 404;}
location /.hg/ {return 404;}
location /.bzr/ {return 404;}
}
Oke berikutnya kita uji coba coba akses menggunakan curl
curl -I idnetter.comhasilnya nanti ada informasi Server: nginx, seperti dibawah ini
Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 28 Aug 2018 15:35:44 GMT
Content-Type: text/html
Content-Length: 194
Connection: keep-aliveOk, selesai.
Panduan lain bagi mengoptimalkan dan menyempurnakan web server Sahabat
Selamat mencoba kawan.
Sumber https://idnetter.com