• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved nginx as reverse proxy, just to clarify

Giorgio1

Giorgio1

New Pleskian
In the past I used only Apache so this is the first time I use nginx (as reverse proxy). Of course I started to study nginx and Apache + nginx but i would like to have some clarification / confirm. For example:

1) What to do about jails of fail2ban in general? I have for instance a jail for Wordpress login monitoring the apache log. If I use nginx as reverse proxy should I have to look into the nginx log files too?

2) If I understood correctly, all the .htaccess rules have to be translated for nginx and inserted in the page Apache & nginx Settings. Is it right? Or the .htaccess rules are still processed?

3) For a Wordpress websites, is better to use FPM or FastCGI served by Apache?

Thanks a lot for any help to understand the general situation! :)
 
Hi,

I'm not 100% sure about my responses, but I'm sure someone will comment if I'm wrong. However, my understanding is as follows:

1. PHP is still processed by Apache (by default, Nginx only handles static files), so a WordPress Fail2Ban rule only needs to monitor Apache logs. For example, the 'plesk-wordpress' jail monitors logs: /var/www/vhosts/system/*/logs/*access*log. All the "plesk-" prefixed Jails should be set up by default to monitor the appropriate logs.

2. .htaccess files are still used, even when Nginx is reverse proxy.

3. My understanding is that FPM performs better than FAST-CGI

I hope that helps!
 
gbotica said:
but I'm sure someone will comment if I'm wrong.
Click to expand...

Only to add that the answers are true if "PHP Apache FPM" is used. When you set it to "PHP Nginx FPM", PHP will run through Nginx, and in that case indeed the fail2ban rules won't work correctly, neither will .htaccess. But for most applications, it is best to just keep PHP Apache FPM.
 
Peter Debik said:
Only to add that the answers are true if "PHP Apache FPM" is used. When you set it to "PHP Nginx FPM", PHP will run through Nginx, and in that case indeed the fail2ban rules won't work correctly, neither will .htaccess. But for most applications, it is best to just keep PHP Apache FPM.
Click to expand...
There is anyway a possible configuration that defies my logic:
  • Proxy Mode
  • Smart static files processing
  • Serve static files directly by nginx
  • PHP FPM served by nginx
  • ... and maybe "Enable caching" too!!
What is Apache doing in above setup?
 
As far as I remember it simply does not work correctly with a contradictive configuration.
 
You must log in or register to reply here.

Similar threads

brother4
Question Best way to block direct PHP file access and ensure .htaccess rules are always applied with Nginx as a reverse proxy?
Replies
1
Views
449
brother4
brother4
B
Question Reverse Proxy Setup: VPS + Mikrotik DDNS – Feeling Lost
Replies
0
Views
529
BTTech
B
X-HTTG
Question Apache With Nginx Reverse Proxy Question
Replies
0
Views
1K
X-HTTG
X-HTTG
X-HTTG
Resolved Apache + Nginx As Reverse Proxy Imunify360 Question
Replies
5
Views
2K
Peter Debik
P
B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
1
Views
242
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top