http://www.tail-f.com.ar/servicios/httpd/nginx/nginx-como-proxy-reverso-en-servidor-directadmin.html adresinde orjinali
ispanyolca . Anlamiyorum. Translate ettirip ingilizcesinden bir anlam cikarmaya calistim. Basarili oldum.

This time I will explain how to install Nginx as a reverse proxy server with DirectAdmin hosting.

What is a reverse proxy?

A reverse proxy in this case is basically a web server that stands as a layer between the client and a backend, so as to optimize the connection. Typically, the proxy server is a lightweight frontend that works, handles requests from HTTP clients and derives a backend processing could be an Apache server. Depending on the configuration that we apply, a proxy allows us to introduce more security in our network, making load balancing, to cache, etc.

It also optimizes the memory management. We think that Apache launches a thread or process for each new customer, which is closed only when data transfer ends. If the client has a slow connection, even though Apache running fast, the process is running until the completion of sending data. A light as Nginx frontend allows the process to wait for the customer is much lighter than an Apache.

Finally, as indicated in sysadmin.es , a proxy Nginx serves to prevent denial of service attacks using slowloris .

A reverse proxy on a server hosting

Proxies are commonly used in architectures to serve high-demand sites. In such cases is common, for example, make Apache serve dynamic content and a lighter server (lighttpd or nginx) serve static content. But in a hosting server that is not so simple, because by staying several sites on the same computer our setup should be as generic as possible in order to serve most of our customers. As we shall see, we can define some kind of cache, but also must be generic enough to not cause problems. We also have to think about integration with control panel we use. I use DirectAdmin, and this panel does not (yet) a native integration with other web server than Apache.

Nginx + Apache + DirectAdmin

The option that I present is to use Nginx as reverse proxy, managing client connections and doing a very basic static content caching. The guide is intended for CentOS, but in other operating systems should not be too different.

First install Nginx. The process is simple.


# cd /usr/src
# wget http://nginx.org/download/nginx-0.8.54.tar.gz
# tar zxvf nginx-0.8.54.tar.gz
# cd nginx-0.8.54
# ./configure --prefix=/usr \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/run/nginx/nginx.lock \
--with-http_stub_status_module \
--with-openssl=/usr/lib/openssl
# make && make install

Create the directory to save the cache static content:


# mkdir -p /var/tmp/nginx
# chown apache:apache /var/tmp/nginx


The most important thing is to configure Nginx. To do this modify / etc / nginx / nginx.conf to make it something like this:

Important: __SERVER_IP__ replace the __SERVER_HOSTNAME__ server IP and the name of the server.


user apache;
worker_processes 5;

events {
worker_connections 8192;
}

http {
server_tokens off;

include mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

#access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;

keepalive_timeout 75 20;

gzip on;

server_names_hash_bucket_size 64;
reset_timedout_connection on;

client_max_body_size 100m;

# Main cache data
proxy_cache_path /var/tmp/nginx/cache levels=1:2 keys_zone=staticfilecache:180m max_size=500m;
proxy_temp_path /var/tmp/nginx/proxy;
proxy_connect_timeout 30;
proxy_read_timeout 120;
proxy_send_timeout 120;
proxy_cache_key "$scheme$host$request_uri";

server {
listen __SERVER_IP__:81;
server_name __SERVER_HOSTNAME__ _;

#charset koi8-r;
charset off;

access_log off;
#access_log /var/log/nginx/access.log main;

# Main reverse proxy for most requests
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://__SERVER_IP__; # apache here

client_max_body_size 16m;
client_body_buffer_size 128k;

#proxy_buffering off;
proxy_buffering on;

proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 120;
proxy_buffer_size 8k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

error_page 502 503 /50x.html;
}

# Proxy cache for static files
location ~* \.(jpg|png|gif|jpeg|css|js|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://__SERVER_IP__; # apache here

client_max_body_size 16m;
client_body_buffer_size 128k;

#proxy_buffering off;
proxy_buffering on;

proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 120;
proxy_buffer_size 8k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

# Proxy cache data
proxy_cache_valid 200 120m;
expires 864000;
proxy_cache staticfilecache;

error_page 502 503 /50x.html;
}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/html;
}

}

}


Of course this is a basic configuration that should be adapted to the specific case. It is important to note the following:

Nginx listens on port 81 and Apache in 80. This is important to avoid having to make changes in the configuration of DirectAdmin.
3 Locations are defined. The first two are proxies that happen are thinking of Requests to Apache on port 80. The second applies only to the Requests for static files and do a cache in / var / tmp / nginx. This cache is managed by following the appropriate HTTP headers.
Now we need to install an Apache module, mod_rpaf, to use the header X-Real-IP.

# cd /usr/src
# wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
# tar zxvf mod_rpaf-0.6.tar.gz
# cd mod_rpaf-0.6
# apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

And then add this to httpd.conf


LoadModule rpaf_module /usr/lib/apache/mod_rpaf-2.0.so
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1 __SERVER_IP__
RPAFheader X-Forwarded-For


__SERVER_IP__ Replacing the server’s IP.

We will also need an init script for nginx. As I found a fact, I did this:

nano /etc/init.d/nginx


#!/bin/bash
#
# Name: NginX, tsj5j
#
# Function: Start up NginX
#
# chkconfig: - 85 15
# description: NginX starter

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

prog="nginx"
nginx=/usr/sbin/nginx

start () {
echo -n $"Starting $prog: "
$nginx
RETVAL=$?
return $RETVAL
}

stop () {
echo -n $"Stopping $prog: "
killproc $nginx
RETVAL=$?
return $RETVAL
}

reload () {
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
return $RETVAL
}

case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
sleep 1
start
;;
reload)
reload
;;
graceful)
reload
;;
esac

exit $RETVAL;

Once you locate that content in a file / etc / init.d / nginx enabled him

# chmod +x /etc/init.d/nginx
# chkconfig --add nginx
# chkconfig nginx on
# service nginx start


And we lack one thing. We have Apache running on port 80, and nginx in 81. How do we make Nginx serving the requests of our customers? Create a route on iptables to redirect port 81 traffic to 80:


# iptables -t nat -A PREROUTING -p tcp -s ! __SERVER_IP__ --dport 80 -j REDIRECT --to-ports 81
# service iptables save


__SERVER_IP__ Replacing the server’s IP.

And presto, now our Nginx will receive all HTTP traffic and negotiate with the Apache to return to customers.

Verify that meets Nginx

Check that Nginx is handling the requests on port 80 is very easy to do with curl. For example, testing it against the URL of this blog.


curl -I blablabla.com
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 15 Dec 2010 04:54:35 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=20
Last-Modified: Sun, 21 Nov 2010 00:20:20 GMT
ETag: "1de7a9-1c2-495851ad1f900"
Accept-Ranges: bytes
Content-Length: 450
Vary: Accept-Encoding,User-Agent

As we see the Nginx server is serving.

Iste bu kadar
gule gule kullaniniz 🙂

First open fstab using nano, or your chosen editor:
nano -w /etc/fstab

Next append the following like to the fstab file you just opened:
none /tmp tmpfs nodev,nosuid,noexec 0 0

If you opened using nano you can now close using ctrl+x and then answering “y” to save.
To apply the changes we now need to simply remount:
mount -o remount /tmp

Its always a good idea to test it worked so run the following command:
df -h

Within the output you should see something like:
none 4.1G 0 4.1MG 3% /tmp

There is also a /var/tmp dir that needs to be secured.
So firstly make a backup (don’t skip this step, you need the files in a bit)
mv /var/tmp /var/tmpfiles

We can now make a link to map /tmp to /var/tmp
ln -s /tmp /var/tmp

Restore the files from the backup you made before
cp /var/tmpfiles/* /tmp/

Restore the files from the backup you made before, and make sure that the files in tmpfiles are now in tmp.
ls /var/tmpfiles
ls /var/tmp

If it looks ok, you can remove the tmpfiles directory.
Rm -rf /var/tmpfiles

1 sitemiz var, uzerinde calisan basit php mysql script ile randevu kaydi aliyoruz.
Ama cogu zaman alamiyoruz cunku yogun oldugu zamanlarda anlik 1000 – 1200 request geliyor.
apache dayanmiyor, mysql sapitiyor. sonucta site erisilmez oluyor. apacheyi, phpyi tweak etmek , mysqli tweak etmek sorunu cozmuyor. Sorunun cozumu kuvvetli bir vps ve dogru duzgun hafif ve hizli bir php,mysql altyapisi.
Ubuntu 10.10 ustunde nginx ve php-fpm olabilir — Olamaz — cunku php kodumuz php 5.3 uyumlu degil. O zaman debian lenny? Default olarak php5.2 var? Olabilir ancak Php-FPM default repo larda yok? Derleriz. Bosver standart disina cikma. Ok.
Sonuc: Debian lenny, nginx, php 5.2 (spawn-cgi(lighthttpd)) mysql. Monitor etmek icin nginx destekli Munin. Ok kuruluma basla…

1-debian lenny vpsimizi hazir edelim, guncel edelim.
2-mysql kuralim
aptitude install mysql-server mysql-client
3-nginx kuralim,calistiralim
aptitude install nginx
/etc/init.d/nginx start
4-php 5 kuralim
aptitude install php5-cgi php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl

cgi.fix_pathinfo = 1

Debian Lenny icin FastCGI daemon paketi yok o yuzden lighttpd icindeki spawn-fcgi programini kullanicaz.

aptitude install lighttpd

nano /etc/rc.local ve ekle yukaridaki satiri

php isimiz bitti

5- nginx i konfigure edelim

nano /etc/nginx/nginx.conf

onemli 3 ayarimiz var

worker_processes 5;
worker_connections 4096;
keepalive_timeout 2;


defaut nginx sitemizi konfigure edelim

server {
listen 80;
server_name _;

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
location /nginx_status {
stub_status on;
access_log off;
allow x.x.x.x;
allow 127.0.0.1;
allow x.x.x.x;
deny all;
}
}

NOT: burada munin ile daha sonra monitor edecegimizden nginixi uygun status kayitlarinida simdiden ekledik. Hazir olsun.
Nginx ayari bitti yeniden baslatim bir tanede info.php atip durumuna bakalim.

nano /var/www/nginx-default/info.php ve ekle


/etc/init.d/nginx restart

son olarak duruma bakalim , hersey hazir
http://ip.ad.re.si/info.php
http://ip.ad.re.si/nginx_status

6- phpmyadmin kuralim lazim olur
apt-get install phpmyadmin

repodan gelen phpmyadmin sorunsuz sekilde calissin nginximizde
cd /var/www/nginx-default/
ln -s /usr/share/phpmyadmin phpmyadmin

7- MySQL imizi azicik tweak edelim
asagidaki my.cnf gayet guzel is goruyor.

# The MySQL server
[mysqld]
wait_timeout=60
connect_timeout=10
interactive_timeout=120

port = 3306
socket = /var/run/mysqld/mysqld.sock
skip-locking
key_buffer = 384M
key_buffer_size=64M
max_allowed_packet = 1M
table_cache = 1024
sort_buffer_size = 8M
read_buffer_size = 8M
read_rnd_buffer_size = 8M
myisam_sort_buffer_size = 64M
thread_cache_size = 8
query_cache_size = 128M
query_cache_limit = 2M
# Try number of CPU's*2 for thread_concurrency
thread_concurrency = 8


8- munin kuralim

apt-get install munin munin-node
/etc/init.d/munin-node restart
cd /var/www/nginx-default/
ln -s /var/www/munin monitoring

http://ip.ad.re.si/monitoring
altinda munin hazir calisiyor. 15 20 dakka beklemek gerek dogru duzgun grafikler icin sadece 🙂

9- munin nginx monitoring ayarlarini yapalim
https://github.com/perusio/nginx-munin adresine gidilir download diyip munin nginx plugin paketi indirilir. kurulumun istedigi nginx status isini halletmistik o zaman:
paketin icindekileri /etc/munin/plugins altina atalim
sonra

nano /etc/munin/plugin-conf.d/munin-node

/etc/init.d/munin-node restart

diyip bastan calistir munini oldu bitti
http://ip.ad.re.si/monitoring altinda nginx lerimizde geldi.

Gule gule kullanalim olsun da bitsin masallah.

sudo chmod -R 644 * ; sudo chmod -R ugo+X *

veya


find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;


!!! EK EK EK !!! 30/12/2010

toptan /home altindaki tum kullanicilar icin uygula:

cd /home
for E in `/bin/ls`; do chmod -R 644 $E/public_html/* ; chmod -R ugo+X $E/public_html/* ; done

!!! EK EK EK !!! 21 – 01 – 2022

find /home/mgo/imap/megaotomarket.com/akdem/Maildir -type f -exec chmod 660 {} ; -exec chown mgo:mail {} ;

Type the following command to install ntp
# yum install ntp

Turn on service
# chkconfig ntpd on

Synchronize the system clock with 0.pool.ntp.org server:
# ntpdate pool.ntp.org

Start the NTP:
# /etc/init.d/ntpd start


nano /etc/network/interfaces


# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp
auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1


/etc/init.d/networking restart


nano /etc/hosts


127.0.0.1 localhost.localdomain localhost
192.168.0.100 server1.example.com server1

# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts


echo server1.example.com > /etc/hostname
/etc/init.d/hostname.sh start

hostname
hostname -f

Both should show server1.example.com.

bu mevzu biraz karisik, sonrasi icin fikir olmasi acisindan yaziyorum buraya. Unutmayayim , Metin’e de cok tesekkur edeyim her gordugumde.
sirket icinde windows 2003 ustunde exchange kosmakta.Domain ise exim4 ustunde directadmin linux da.
yapmak istedigimiz exim 2003 sirket icinden disari gonderilen mailleri exim 587 submission port ile auth ederek relay etsin.
daha onceki kurulum port 25 ustunde pop before smtp ile auth ediyorduk. Port 25 kullanmak istemiyoruz.

cozum: smarthost ile olmuyor 🙂

exchange de degisiklik yapip smtp connector kurup calistirip sistemi geciriyoruz buna

sonra

[15:40:06] ­smtp virtual connector yeterli değil bu iş için
[15:41:00] ­sonrasında routing groups / connectors kısmında yeni smtp connector oluşturmak gerekli
[15:41:32] ­local bridgehead olarak da smtp virtual connectoru seciyosun
[15:41:47] ­bu 1.
[15:41:53] ­2. nokta ise
[15:42:00] ­virtual smtp connectorde
[15:42:28] ­587 portunu sadece delivey\outbound connections
[15:42:35] ­kısmındaki tcp port bölümüne yazıyosun
[15:43:02] ­general\advanced menüsü default kalacak
[15:43:05] ­yani 25..

yazdigim gibi fikir olsun…

soru:

how to find which ips are in use ?

apt-get install weechat

pek cok bilgisayar var bunlarin hepsi bilgileri sayiyor linux rdesktop remote desktop mstsc windows uzaktan erisim 🙂 tag bunlar.. ok.
Konu su

bilgisayarlarimin bazilarinda masa ustu olarak linux kullaniyorum.
ubuntu, fedora , centos aklima ne gelirse
en son zenwalk kullaniyorum. Cok guzel cok hizli ancak RDP baglantilarimin performansindan hic memnun olamadim
bugun biraz arastirma yaparken rdesktop ile bir kac switch kullanarak performansimi yukseltebildim.

daha sonra icin referans olmasi icin yaziyim burayada:

dagitim zenwalk
desktop: xfce
rdp client: rdesktop (xfce icinden cikan)
switchleri: shukko[~]$ rdesktop -z -x m win.dows.mak.ina -g 1280×800

aciklamasi: -z : compression aciyor
-x baglanti cinsini belirliyor: -x l = lan , -x m = modem , -x b = broadband
-g masaustu cozunurluk.

su an performansimdan memnunum 🙂

ek: birde screen colour depth varmis
-a colour depth
son olarak komutum bu olsun:

shukko[~]$ rdesktop -z -x m win.pc -g 1280×800 -a 16