• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • Our UX team believes in the in the power of direct feedback and would like to invite you to participate in interviews, tests, and surveys.
    To stay in the loop and never miss an opportunity to share your thoughts, please subscribe to our UX research program. If you were previously part of the Plesk UX research program, please re-subscribe to continue receiving our invitations.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved nginx as reverse proxy, just to clarify

Giorgio1

Giorgio1

New Pleskian
In the past I used only Apache so this is the first time I use nginx (as reverse proxy). Of course I started to study nginx and Apache + nginx but i would like to have some clarification / confirm. For example:

1) What to do about jails of fail2ban in general? I have for instance a jail for Wordpress login monitoring the apache log. If I use nginx as reverse proxy should I have to look into the nginx log files too?

2) If I understood correctly, all the .htaccess rules have to be translated for nginx and inserted in the page Apache & nginx Settings. Is it right? Or the .htaccess rules are still processed?

3) For a Wordpress websites, is better to use FPM or FastCGI served by Apache?

Thanks a lot for any help to understand the general situation! :)
 
Hi,

I'm not 100% sure about my responses, but I'm sure someone will comment if I'm wrong. However, my understanding is as follows:

1. PHP is still processed by Apache (by default, Nginx only handles static files), so a WordPress Fail2Ban rule only needs to monitor Apache logs. For example, the 'plesk-wordpress' jail monitors logs: /var/www/vhosts/system/*/logs/*access*log. All the "plesk-" prefixed Jails should be set up by default to monitor the appropriate logs.

2. .htaccess files are still used, even when Nginx is reverse proxy.

3. My understanding is that FPM performs better than FAST-CGI

I hope that helps!
 
gbotica said:
but I'm sure someone will comment if I'm wrong.
Click to expand...

Only to add that the answers are true if "PHP Apache FPM" is used. When you set it to "PHP Nginx FPM", PHP will run through Nginx, and in that case indeed the fail2ban rules won't work correctly, neither will .htaccess. But for most applications, it is best to just keep PHP Apache FPM.
 
Peter Debik said:
Only to add that the answers are true if "PHP Apache FPM" is used. When you set it to "PHP Nginx FPM", PHP will run through Nginx, and in that case indeed the fail2ban rules won't work correctly, neither will .htaccess. But for most applications, it is best to just keep PHP Apache FPM.
Click to expand...
There is anyway a possible configuration that defies my logic:
  • Proxy Mode
  • Smart static files processing
  • Serve static files directly by nginx
  • PHP FPM served by nginx
  • ... and maybe "Enable caching" too!!
What is Apache doing in above setup?
 
As far as I remember it simply does not work correctly with a contradictive configuration.
 
You must log in or register to reply here.

Similar threads

brother4
Question Best way to block direct PHP file access and ensure .htaccess rules are always applied with Nginx as a reverse proxy?
Replies
1
Views
930
brother4
brother4
U
Question Text/event streaming: Outputs chat answers streamed.
Replies
0
Views
409
Ultaschall4D
U
Oldiesmann
Question URL rewriting not working with nginx
Replies
3
Views
318
scsa20
scsa20
M
File not found (wp-login.php)
Replies
1
Views
406
Sebahat.hadzhi
Sebahat.hadzhi
Heinrich
Issue node.js configuration in PLESK Obsidian 18.0.67 Update Nr. 3
Replies
0
Views
183
Heinrich
Heinrich
Back
Top