• Purchasing a license grants permission to use the software and to get Tech Support. A license purchase doesn't grant customization support.

[Config] CLOUDFLARE + VARNISH + APACHE + NGINX

Gunz

Founder license
License owner
This is a basic guide how to setup you Server, remember there are thons of guides on internet so i advice you to read also them. With this guide we can try to share our knowledge and improve our website:

Server configuration:
CLOUDFLARE -> VARNISH -> APACHE -> NGINX -> SITE WEB

From wikipedia:

CloudFlare is a content delivery network and distributed domain name server service marketed as improving website performance and speed and providing security. CloudFlare has both free and paid services. CloudFlare received media attention, not all of it positive, after providing security to LulzSec's website. The Turkish government has also used CloudFlare.

Varnish is an HTTP accelerator designed for content-heavy dynamic web sites. In contrast to other HTTP accelerators, such as Squid, which began life as a client-side cache, or Apache and nginx, which are primarily origin servers, Varnish was designed as an HTTP accelerator. Varnish is focused exclusively on HTTP, unlike other proxy servers that often support FTP, SMTP and other network protocols.

The Apache HTTP Server, commonly referred to as Apache, is a web server software notable for playing a key role in the initial growth of the World Wide Web. In 2009 it became the first web server software to surpass the 100 million website milestone. Apache was the first viable alternative to the Netscape Communications Corporation web server (currently named Oracle iPlanet Web Server), and since has evolved to dominate other web servers in terms of functionality and performance.[ Typically Apache is run on a Unix-like operating system.

Nginx (pronounced “Engine-X”) is an open source Web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. It is licensed under a BSD-like license and it runs on Unix, Linux, BSD variants, Mac OS X, Solaris, AIX, HP-UX and Microsoft Windows.

So our system will run like this:

Client side: Here will work Cloudflare, easy to setup. It will protect your website and cache all file you want. You can easly configure it. Here a guide by Rodolfo how to setup it. http://chevereto.com/community/threads/cloudflare-chevereto.2351/

Server side: Varnish work on port :80 and cache all files and point to web server Apache on port :8080 that work on dynamic file. All static file will be linked to nginx web server.

That's all, so you will have a fast system to handle thons of requests.


I think that will be a long guide, so i will divide it on part. I hope there isn't a low limit of characters on topic. TO BE COMPLETED.
 

Gunz

Founder license
License owner
How to pass the IP from nginx to Apache

- FIRST if you are using Cloudflare, follow this guide to pass the real IP from Cloudflare to nginx.
https://www.cloudflare.com/wiki/Nginx

In our case nginx work on port :80 and apache on port :8000. All the request on nginx have the right IP, while all the httpd requests have as IP 127.0.0.1.

So now this is a simple guide how to pass the ip from nginx to Apache.

Add on your server nginx config to handle the request to Apache from website / and pass the ip.

With this code all the request will be handle from Apache and the ip is passed from nginx to Apache.

Code:
    location / {
           proxy_pass         http://127.0.0.1:8000/;
           proxy_redirect     off;

            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

            client_max_body_size       10m;
            client_body_buffer_size    128k;

            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;

            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        
    }
Then you must install on apache the mod mod_rpaf.
Here a guide for CentOS: http://www.ctkn.net/2011/10/install-mod_rpaf-on-centos-5-centos-6/

Now nginx and apache log will show the right ip requests.

 

TheLegend

Founder license
License owner
excuse me, the rest of the guide? Im very curious....

p.s. Is varnish necessary? :eek: also how much do you ask for a setup like that on my vps?
thanks
 

Gunz

Founder license
License owner
I changed a lot on my server settings, sorry but i haven't time to setup others VPS.

Now i'm using simply Cloudflare -> Nginx -> Apache this is the best settings to handle milion hits every day.

Edit: About Varnish you can do some test and you can find a little improvment, i removed it cause of hight usage of CPU.

You can found here some usefull links about nginx+varnish.

http://serverfault.com/questions/342550/is-varnish-with-nginx-better-than-just-using-nginx

http://go2linux.garron.me/linux/2011/04/nginx-varnish-compared-nginx-941
 

TheLegend

Founder license
License owner
Isnt best to use:
Cloudflare -> Nginx and stop? :D
Nginx as fas as i know can handle dynamic files aswell as apache2, correct me if im wrong.
I asked about varnish cuz i knew it causes high cpu loads :p
 

Gunz

Founder license
License owner
Isnt best to use:
Cloudflare -> Nginx and stop? :D
Nginx as fas as i know can handle dynamic files aswell as apache2, correct me if im wrong.
I asked about varnish cuz i knew it causes high cpu loads :p
You can use only Cloudflare -> Nginx. The only problem is that you must rewrite all htaccess rules on nginx and if you have a lot of custom rules it became hard.

So for my site i handle all request of template / with apache, while all images with nginx.
 

TheLegend

Founder license
License owner
what are the specs of your dedicated/vps? and How much you pay monthly If may I ask ?
Cuz I cant effort to support both nginx+apache+php+mysql with a lowendbox on 128mb ram (burst 256mb) :D
 

Gunz

Founder license
License owner
what are the specs of your dedicated/vps? and How much you pay monthly If may I ask ?
Cuz I cant effort to support both nginx+apache+php+mysql with a lowendbox on 128mb ram (burst 256mb) :D
I have a little VPS with with 2 GB of RAM i7 processor shared, 1gbit connection shared.

With a VPS with 256 is useless install all these software... you will go out of memory if you have a lot of requests.
 

TheLegend

Founder license
License owner
well, with nginx+php+mysql it consumes 50mb ram, im fine for now :D
how much did you pay for yours? I pay 3 euro monthly, 100mbit, 1TB bandwidth and 5GB HDD :p
enough to start, what you think?
 

Gunz

Founder license
License owner
Obviusly is enought to start, but you must tell me your traffic to see if is ok.

However i advice you to buy VPS that you can upgrade simply, so in case of more traffic you can update your plan without moving every time your backup.
 

TheLegend

Founder license
License owner
as I said above, I got 1tb traffic. I dont think its upgradable, I just simply need to buy an other one :S
can you advice me a cheap one, not overselled, with good connectivity? (europe obviosly).
thanks in advance with your advices :)
 

TheLegend

Founder license
License owner
Well Gunz, I did a test setup on and I've put nginx in front of apache.
nginx port 80, apache port 81
Now, How must be the server { } ?
Thanks!
I will appreciate if you share your config, so others like me could learn much more!
thanks!

This is my fail server config:
Code:
server {
    listen  80;
        root /var/www/;
        index index.php index.html index.htm;
 
        server_name domain.com;
 
        location / {
                try_files $uri $uri/ /index.php;
        }
 
        location /doc/ {
                alias /usr/share/doc/;
                autoindex on;
                allow 127.0.0.1;
                deny all;
        }
 
        location ~ \.php$ {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:81;
 
        }
        location ~ /\.ht {
                deny all;
        }
}
and the http config:
Code:
user www-data;
worker_processes 1;
pid /var/run/nginx.pid;
 
events {
  worker_connections 1024;
  use epoll;
  accept_mutex off;
}
 
http {
 
    server_names_hash_bucket_size 64;
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    access_log /var/log/nginx/access.log;
    sendfile on;
    tcp_nopush on;
    keepalive_timeout 65;
    server_tokens off;
 
    # reverse proxy options
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
    # gzip compression options
    gzip on;
    gzip_http_version 1.0;
    gzip_comp_level 5;
    #gzip_min_length 0;
    #gzip_buffers 16 8k;
    gzip_proxied any;
    gzip_types text/plain text/css text/xml text/javascript application/xml application/xml+rss application/javascript application/json image/bmp image/gif image/jpeg image/png;
    gzip_disable "MSIE [1-6]\.";
    gzip_vary on;
 
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}
 

Gunz

Founder license
License owner
My config are completly custom with a lot of mods to avoid the overload of hotlinking it's useless that i share them, are a lot of complicated.

However to point on apache you must do like that on server config. (put at the end of your file)

Code:
# proxy to Apache 2 and mod_python
    location / {
proxy_pass        http://127.0.0.1:81/;
        proxy_redirect    off;
 
            proxy_set_header  Host            $host;
            proxy_set_header  X-Real-IP        $remote_addr;
            proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
 
            client_max_body_size      10m;
            client_body_buffer_size    128k;
 
            proxy_connect_timeout      90;
            proxy_send_timeout        90;
            proxy_read_timeout        90;
 
            proxy_buffer_size          4k;
            proxy_buffers              8 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
     
    }
So this want mean that all location on www.yousite.com/ will be passed to apache.

So now you must create other partitions that you want handle with nginx.

If you want do something general, for example ALL images on your site handle by nginx add this

Code:
  # Serve static files directly from nginx
    location ~* \.(jpg|jpeg|gif|png|bmp)
{
        add_header        Cache-Control public;
        add_header        Cache-Control must-revalidate;
        expires          7d;
}
Or you can specify more the directory, for example:

Code:
location /images/2012/ {
 
    }
Also leave this without nothing under { } it means that this directory will be handle by nginx.
 

TheLegend

Founder license
License owner
So basically you are using nginx to serve the images/javascript and the php is server by apache, im right?
where is the benefit of all these?
Cant understand it, just to serve static files, i need nginx? I could have done Cloudflare+Apache, isnt it the same ?
Or cloudflare has an other role on all this? If yes, can you please tell me?

I know Im a bit curious, but Im trying to learn!
 

Gunz

Founder license
License owner
So basically you are using nginx to serve the images/javascript and the php is server by apache, im right?
where is the benefit of all these?
Cant understand it, just to serve static files, i need nginx? I could have done Cloudflare+Apache, isnt it the same ?
Or cloudflare has an other role on all this? If yes, can you please tell me?

I know Im a bit curious, but Im trying to learn!
Exactly, nginx must handle ONLY static file.You can search on google the benefits of this.

Yes you can use only Cloudflare -> Apache if you are caching all images with Cloudflare.

But on my site i consume TBs of bandwitdh every day, so i can't cache images with cloudflare cause i can't overcome 1 TB/day or they will disable my account.

I use Cloudflare only to block bot, dangerous thret and cache the template of the website.
 

choksw

Founder license
License owner
Hi everyone,

First, Merry Christmas & Happy New year! Hope everyone has been well.

I just installed varnish on my server (nginx + php5-fpm + apc / EC2 Medium Instance 3.75 gb ram 2 cores) and was wondering if anyone has anything to share regarding the configuration of varnish for chevereto?

Or, does varnish work with chevereto out of the box?

Thanks!
 

Neem

Founder license
License owner
It should work out of the box. I recommend you to install a crontab for restarting varnish every few times (hours/days, depending on your site traffic) so you dont run out your server's memory.
 
Top