NginxCP: Install Nginx as reverse proxy on cPanel server

We know that both Apache and Nginx are powerful and effective web-servers. Apache is the topmost webserver since it was released in 2006 and Nginx is now using top websites. The reason for using Apache and Nginx are clear, Apache’s power and Nginx’s speed.

By setting Nginx as reverse proxi, we can increase the websites speed and performance in the server. This is because, Nginx will take care of att static contents in the website such as CSS, images, SWF files, MP4 and more and Apache will manage the rest of requests (dynamic requests – php page). This is known as Nginx reverse proxy setup. Nginx stand as front end servers with a powerful backend Apache server.

nginxCP is a cpanel plugin that is used to manage nginx service in cpanel server. As we know that nginx can handle static contents better than apache, we will configure nginx to run on port 80 and will forward dynamic requests to apache on port 8081.

Installation

—————

To configure nginx as revcrse proxy, we need to install an apache module mod_rpaf.

Mod_rpaf installation:

First of all we need to login as root to do the full installation process. After login, you can proceed with following commands.

 

# cd /usr/local/src

                  # wget https://nginxda.googlecode.com/files/mod_rpaf-0.6.tar.gz

                 # tar xvzf mod_rpaf-0.6.tar.gz

                 # cd mod_rpaf-0.6

                 # /usr/local/apache/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

For Apache 2.4 : You need to apply a patch for mod rpaf. For that run the following commands.

    

                 # git clone git://gist.github.com/2716030.git

                 #patch mod_rpaf-2.0.c 2716030/mod_rpaf-2.0.c.patch

Now we are going to install nginxCP plugin. Since we need to run both Apache and nginx on the same server, we have to assign both of them in different ports. You can change apache port to 8081 from your whm tweak settings and nginx will listen to 80 as default.

For changing the Apache port, please login to WHM and go to Tweak settings.

—————————————

WHM > Server Configuration > Tweak Settings > Apache non-SSL IP/port. 

—————————————

change he port to 8081 on “Apache non-SSL IP/port” option.

Now we can proceed with nginxCP installation using the following commands.

# cd /usr/local/src

                # wget http://nginxcp.com/latest/nginxadmin.tar

                # tar xf nginxadmin.tar

                # cd publicnginx

                # ./nginxinstaller install

                # /usr/local/cpanel/whostmgr/bin/whostmgr ./setrhash

To server static files using nginx, you have to  convert apache virtualhost to nignx virtualhost. You can download the script at http://blog.supportmonk.com/nginx.txt ,  rename it as nginx.sh , provide 755 permission and execute it. You have to create an empty file /usr/local/nginx/conf/vhost.conf

  # touch /usr/local/nginx/conf/vhost.conf

              # wget  http://blog.supportmonk.com/nginx.txt

              #  cp nginx.txt nginx.sh

              # chmod 755 nginx.sh

              # ./nginx.sh

Configuration is complete. You can test nginx configuration and can start it.

 

# /usr/local/sbin/nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

# /etc/init.d/nginx start

While testing, there is a chance to get the following error.

——————————-

nginx: [emerg] unknown “no_cache” variable
nginx: configuration file /etc/nginx/nginx.conf test failed

——————————-

This error would be occured when you don’t have any accounts. Try to create an account using WHM and run the test command again.

That’s all..!!

Internal error: Error retrieving pid file logs/httpd.pid

Issue:

I got the above error while restarting Apache.

———————-

# /etc/init.d/httpd start

(20014)Internal error: Error retrieving pid file logs/httpd.pid
Remove it before continuing if it is corrupted.

————————-

Solution:

1. Use the following command

mv /usr/local/apache/logs/httpd.pid /usr/local/apache/logs/httpd.pid.bk

2. Now try to start the Apache.

/etc/init.d/httpd restart

3.You can check the status using the following command.

/etc/init.d/httpd status

That’s all…!!!

Apache restarting every 2 hours

Issue: In my server, I could see that the apache is restarting gracefully every 2 hour.

#grep Graceful /usr/local/apache/logs/error_log
[Mon Jan 05 18:16:08 2014] [notice] Graceful restart requested, doing restart
[Mon Jan 05 20:12:53 2014] [notice] Graceful restart requested, doing restart
[Mon Jan 05 22:09:39 2014] [notice] Graceful restart requested, doing restart
[Tue Jan 06 00:06:24 2014] [notice] Graceful restart requested, doing restart

Solution:

Make a backup of the Apache configuration file

# cp -rp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf_back

*Login to WHM
*Click Service Configuration
*Click Apache Configuration
*Click Piped Log Configuration
*Check the box labeled Enable piped Apache logs
*Click the Save button

Piped logging is extremely powerful when used correctly, and has far more flexibility than what we are using here. The way it is described here, we will be attempting to negate the memory hungry apache processes that creep up when a server is hosting very low traffic websites (less than 1 request per second) with traditional Apache log configurations.

That’s all…….!!!

Configure: error: mcrypt.h not found. Please reinstall libmcrypt

Issue : Configure: error: mcrypt.h not found. Please reinstall libmcrypt

I got the above error while compiling PHP

Solution:

You can install  libmcrypt using the following commands.

# cd /usr/src
# wget ftp://mcrypt.hellug.gr/pub/mcrypt/libmcrypt/libmcrypt-2.5.7.tar.gz
# tar xvfz libmcrypt-2.5.7.tar.gz
# cd libmcrypt-2.5.7
# ./configure
# make
# make install

That’s all…….!!!!

Fatal error: Invalid opcode 153/1/8

Issue : I got the above error while accessing a Joomla website.

Solution:

The issue is raised due to the incompatibility of eaccelerator with current php version.

So we need to disable eaccelerator for the particular user.

1. Copy the php.ini file to the document root of the user.

2. Then change the following values to “0” instead of “1”

php_flag eaccelerator.enable 0
php_flag eaccelerator.optimizer 0

That’s all……..!!!

error while loading shared libraries: libfreebl3.so

Issue : When I try to access any php file on the main account gives a ‘500 Internal Server Error’ and generates the following error log entry:

/usr/bin/php: error while loading shared libraries: libfreebl3.so: failed to map segment from shared object: Cannot allocate memory

Solution:

Please open the Apache configuration file.

vi /usr/local/apache/conf/httpd.conf

Then find the following lines.

RLimitMEM 67108864
RLimitCPU  240

Comment both of the lines.

#RLimitMEM 67108864
#RLimitCPU 240

Now try to access the web page.

That’s all…….!!!!!

service httpd status showing Not Acceptable Error

Issue: I got the “Not Acceptable” error while checking the status of apache.

root[~]# service httpd status
Not Acceptable

An appropriate representation of the requested resource
/whm-server-status could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use
an ErrorDocument to handle the request.

Solution : 

Please check the Apache error log using the following command.

# grep "/whm-server-status" error_log

You will get an outpute like pasted below

--------------------
root@server10001 [/usr/local/apache/logs]# grep "/whm-server-status" error_log
[Wed Jan 29 17:42:57 2014] [error] [client ::1] ModSecurity: Access denied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "58"] [id "1234123429"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [hostname "localhost"] [uri "/whm-server-status"] [unique_id "UujwSVOqdYoAAAs9DEAAAAAB"]
---------------------

The output clearly shows, whm-server-status was blocked by modesec rule at line “58″ and id “1234123429″ on /usr/local/apache/conf/modsec2.user.conf file.

Now, Please open the modsec file using the command pasted below.

# vi /usr/local/apache/conf/modsec2.user.conf

Then comment the lines using the "#" symbol as pasted below.

------------------
#SecRule REQUEST_HEADERS:User-Agent "(?:\b(?:(?:indy librar|snoop)y|microsoft url control|lynx)\b|d(?:ownload demon|isco)|w(?:3mirror|get)|l(?:ibwww|wp)|p(?:avuk|erl)$
#        "chain,log,auditlog,msg:'Request Indicates an automated program explored the site',id:'1234123429',severity:'5'"

#SecRule REQUEST_HEADERS:User-Agent "!^apache.*perl"
--------------------

Please check the status of Apache now.

That's all..........!!!

 

Failed to install CPAN Perl module(s) Crypt::PasswdMD5

Issue:

I got the error “Failed to install CPAN Perl module(s) Crypt::PasswdMD5” while running easyapache on the server.

Solution:

Please use the following commands after logi to the server as root.

1.  /usr/local/cpanel/scripts/perlinstaller Digest::SHA1

2. /usr/local/cpanel/bin/cpanm -n Digest::SHA1 Crypt::PasswdMD5

If you are still having the error, your Scalar::Util was broken on the server and you need to repair

3. /scripts/autorepair scalarutil

Now manually install Crypt::PasswdMD5

4./scripts/perlinstaller Crypt::PasswdMD5

If the issue still persist, please run the following command

5. /usr/bin/perl -MCPAN -e ‘install Crypt::PasswdMD5’

That’s all……!!!

Load due to a particular user in the server

Whenever the load in the server increases due to a particular user in the server, we can solve it using the following steps.

Find the domain owned by the user:

grep username /etc/userdomains

use the following command after you get the domain name:

less /usr/local/apache/domlogs/domain.com | awk ‘{print $1}’ | sort | uniq -c | sort -n

Note: use the domain name in the field of  “domain.com” in the above command

This will give the ip and number of connections in the descending order.

Example:

12000  75.52.110.145

29172  66.249.68.183

458262  208.55.16.55

You can block the above Ip’s since there is too many connection from the above Ip’s.

 

You can use either csf or iptables.

csf -d >IP>

OR

iptables -A INPUT -s <ip> -j DROP

That’s all…..!!!

 

webmail.domain.com and cpanel.doamin.com is not loading

Issue: when I call webmail.domain.com it’s not loading but at the same time domain.com/webmail is not loading

Solution:

In order to get this issue resolved, it needs to enable Proxy subdomains as below :

Go to WHM
WHM >> Main >> Server Configuration >> Tweak Settings >>Proxy subdomains

Enable the option “Proxy subdomains”

That’s all…..!!!