In this tutorial I want to demonstrate how to use nginx webserver as a proxy for apache2.

The article is complete, and the example is based on a bare ubuntu installation.

In the first section I will setup a basic apache and configure nginx to act as a proxy for apache.

  1. Setup Apache

    root@testkraxn /home/tester # apt-get install apache2
    When you browse to http://localhost , you should see apaches default page.
  2. Configure Apache

    We need to change the ports of apache, because nginx will act as a proxy for it, and therefore needs to listen to port 80 later. Change /etc/apache2/ports.conf
    NameVirtualHost 127.0.0.1:8080
    Listen 127.0.0.1:8080
    
    Create a copy of the default site, and replace it with the copy:
    root@testkraxn ~ # cd /etc/apache2/sites-available
    root@testkraxn /etc/apache2/sites-available # cp default tutorial-example
    
    root@testkraxn /etc/apache2/sites-available # a2dissite 000-default
    root@testkraxn /etc/apache2/sites-available # a2ensite tutorial-example
    
    Also set port 8080 to the tutorial-example page:
    root@testkraxn /etc/apache2/sites-available # vim tutorial-example
    <VirtualHost 127.0.0.1:8080>
    ...
    
    root@testkraxn /etc/apache2/sites-available # service apache2 restart
        
    When you browse to http://localhost :8080, you should see apaches default page.
  3. Setup nginx

    root@testkraxn ~ # apt-get install nginx
    Replace the nginx config file with a copy and edit this copy:
    root@testkraxn ~ # cp /etc/nginx/sites-available/default /etc/nginx/sites-available/tutorial-example
    root@testkraxn ~ # rm /etc/nginx/sites-enabled/default
    root@testkraxn ~ # ln -s /etc/nginx/sites-available/tutorial-example /etc/nginx/sites-enabled/tutorial-example
    
    root@testkraxn ~ # vim /etc/nginx/sites-available/tutorial-example
    
    root@testkraxn ~ # grep -vE '^\s*(#.*|)$' /etc/nginx/sites-available/tutorial-example
    server {
            listen 80;
            server_name localhost;
            location / {
                   proxy_set_header X-Real-IP  $remote_addr;
                   proxy_set_header X-Forwarded-For $remote_addr;
                   proxy_set_header Host $host;
                   proxy_pass  http://127.0.0.1 :8080;
            }
            location ~ /\.ht {
                    deny all;
            }
    }
    
    
    
    root@testkraxn ~ # ln -s /etc/nginx/sites-available/tutorial-example /etc/nginx/sites-enabled/
    root@testkraxn ~ # service nginx restart
    
    When you browse to http://localhost , you should see apaches default page.
  4. Prepare SSL setup

    Create a selfsigned ssl certificate:
    root@testkraxn ~ # mkdir my-ssl-cert
    root@testkraxn ~ # cd my-ssl-cert
    root@testkraxn ~/my-ssl-cert # openssl req -new > selfsigned-cert.csr
    Enter PEM pass phrase:
    Verifying - Enter PEM pass phrase:
    (you may leave everything to defaults)
    
    root@testkraxn ~/my-ssl-cert # openssl rsa -in privkey.pem -out selfsigned.key
    Enter pass phrase for privkey.pem:
    writing RSA key
    
    root@testkraxn ~/my-ssl-cert # openssl x509 -in selfsigned.csr -out selfsigned.cert -req -signkey selfsigned.key -days 999
    Signature ok
    subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
    Getting Private key
    
    root@testkraxn ~/my-ssl-cert # ls -l
    total 16
    -rw-r--r-- 1 root root 1041 Jan 31 00:21 privkey.pem
    -rw-r--r-- 1 root root  757 Jan 31 00:22 selfsigned.cert (SSLCertificateFile)
    -rw-r--r-- 1 root root  603 Jan 31 00:21 selfsigned.csr
    -rw-r--r-- 1 root root  887 Jan 31 00:21 selfsigned.key  (SSLCertificateKeyFile)
    
    Copy the certificate to the proper location:
    root@testkraxn ~/my-ssl-cert # cp selfsigned.cert /etc/ssl/certs/
    root@testkraxn ~/my-ssl-cert # cp selfsigned.key /etc/ssl/private/
  5. Enable SSL in nginx configuration

    Add the lines listed in green to your example site:
    root@testkraxn /home/tester # grep -vE '^\s*(#.*|)$' /etc/nginx/sites-available/tutorial-example
    server {
            listen 80;
            server_name localhost;
            location / {
                   proxy_set_header X-Real-IP  $remote_addr;
                   proxy_set_header X-Forwarded-For $remote_addr;
                   proxy_set_header Host $host;
                   proxy_pass  http://127.0.0.1 :8080;
            }
            location ~ /\.ht {
                    deny all;
            }
    }
    server {
            listen 443;
            server_name localhost;
            ssl on;
            ssl_certificate     /etc/ssl/certs/selfsigned.cert;
            ssl_certificate_key /etc/ssl/private/selfsigned.key;
            ssl_session_timeout 15m;
            ssl_protocols SSLv3 TLSv1;
            ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
            ssl_prefer_server_ciphers on;
            location / {
                   proxy_set_header X-Real-IP  $remote_addr;
                   proxy_set_header X-Forwarded-For $remote_addr;
                   proxy_set_header Host $host;
                   proxy_pass  http://127.0.0.1 :8080;
            }
            location ~ /\.ht {
                    deny all;
            }
    }
        
  6. Final step

    Now restart nginx and browse to https://localhost.
    Congratulations, we have set up nginx as a proxy for apache!