• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Resolved nginx as reverse proxy, just to clarify

Giorgio1

Giorgio1

New Pleskian
In the past I used only Apache so this is the first time I use nginx (as reverse proxy). Of course I started to study nginx and Apache + nginx but i would like to have some clarification / confirm. For example:

1) What to do about jails of fail2ban in general? I have for instance a jail for Wordpress login monitoring the apache log. If I use nginx as reverse proxy should I have to look into the nginx log files too?

2) If I understood correctly, all the .htaccess rules have to be translated for nginx and inserted in the page Apache & nginx Settings. Is it right? Or the .htaccess rules are still processed?

3) For a Wordpress websites, is better to use FPM or FastCGI served by Apache?

Thanks a lot for any help to understand the general situation! :)
 
Hi,

I'm not 100% sure about my responses, but I'm sure someone will comment if I'm wrong. However, my understanding is as follows:

1. PHP is still processed by Apache (by default, Nginx only handles static files), so a WordPress Fail2Ban rule only needs to monitor Apache logs. For example, the 'plesk-wordpress' jail monitors logs: /var/www/vhosts/system/*/logs/*access*log. All the "plesk-" prefixed Jails should be set up by default to monitor the appropriate logs.

2. .htaccess files are still used, even when Nginx is reverse proxy.

3. My understanding is that FPM performs better than FAST-CGI

I hope that helps!
 
gbotica said:
but I'm sure someone will comment if I'm wrong.
Click to expand...

Only to add that the answers are true if "PHP Apache FPM" is used. When you set it to "PHP Nginx FPM", PHP will run through Nginx, and in that case indeed the fail2ban rules won't work correctly, neither will .htaccess. But for most applications, it is best to just keep PHP Apache FPM.
 
Peter Debik said:
Only to add that the answers are true if "PHP Apache FPM" is used. When you set it to "PHP Nginx FPM", PHP will run through Nginx, and in that case indeed the fail2ban rules won't work correctly, neither will .htaccess. But for most applications, it is best to just keep PHP Apache FPM.
Click to expand...
There is anyway a possible configuration that defies my logic:
  • Proxy Mode
  • Smart static files processing
  • Serve static files directly by nginx
  • PHP FPM served by nginx
  • ... and maybe "Enable caching" too!!
What is Apache doing in above setup?
 
As far as I remember it simply does not work correctly with a contradictive configuration.
 
You must log in or register to reply here.

Similar threads

X-HTTG
Question Apache With Nginx Reverse Proxy Question
Replies
0
Views
839
X-HTTG
X-HTTG
X-HTTG
Resolved Apache + Nginx As Reverse Proxy Imunify360 Question
Replies
5
Views
998
Peter Debik
P
WhiteTiger
Question "Your server is neither Nginx nor Apache"
Replies
2
Views
999
WhiteTiger
WhiteTiger
D
Question NGINX Unit on server under plesk
Replies
4
Views
421
trialotto
T
T
Question Plesk Odoo Nginx Reverse Proxy
Replies
4
Views
5K
Edinson
E
Back
Top