{"id":536,"date":"2021-07-23T12:32:21","date_gmt":"2021-07-23T12:32:21","guid":{"rendered":"https:\/\/ssdsunucum.com\/blog\/nginx-standalone\/"},"modified":"2021-07-23T12:32:21","modified_gmt":"2021-07-23T12:32:21","slug":"nginx-standalone","status":"publish","type":"post","link":"https:\/\/ssdsunucum.com\/blog\/nginx-standalone\/","title":{"rendered":"NGINX\u00ae Standalone"},"content":{"rendered":"<\/p>\n
\n
<\/div>\n
\n

Overview<\/h2>\n
\n
Note:<\/div>\n
\n

This document refers to NGINX\u00ae functionality when you install the ea-nginx-standalone<\/code> package. This was our original version of NGINX and we renamed that package. For information about the newer, updated ea-nginx<\/code> package, read our NGINX with Reverse Proxy documentation.<\/p>\n<\/p><\/div>\n<\/div>\n

This document explains how to install NGINX Standalone on a server that runs cPanel & WHM and EasyApache 4. NGINX is an open source web server that also provides a reverse proxy, load balancing, and caching. It functions very differently from Apache\u00ae. NGINX does not<\/strong> serve dynamic content unless you pass it through a proxy.<\/p>\n

\n
Warning:<\/div>\n
\n NGINX Standalone is experimental<\/strong>. You must<\/strong> install the Experimental Repository to use it.\n <\/div>\n<\/div>\n

Requirements<\/h2>\n

To install NGINX on your server, you must meet the following requirements:<\/p>\n

    \n
  • \n

    Run EasyApache 4.<\/p>\n<\/li>\n

  • \n

    Install the Experimental Repository. Use the following command to install this repository: <\/p>\n

    \n
    yum install ea4-experimental<\/code><\/pre>\n<\/div>\n<\/li>\n
  • \n
    Possess root<\/code> user access to the server.<\/p>\n<\/li>\n
  • \n
    Use PHP-FPM as the server\u2019s PHP handler.<\/p>\n<\/li>\n
  • \n
    Install the ea-ruby27-mod_passenger<\/code> Apache module. When you install the ea-nginx-standalone<\/code> module, the system will install this module and other necessary Ruby modules if they don\u2019t already exist.<\/p>\n
    \n
    Note:<\/div>\n
    \n
      \n
    • If your system runs CentO6, install the ea-ruby24-mod_passenger<\/code> Apache module.<\/li>\n
    • Phusion Passenger\u00ae functions the same in both NGINX and Apache.<\/li>\n<\/ul><\/div>\n<\/div>\n<\/li>\n<\/ul>\n
      Compatibility<\/h3>\n
      NGINX takes the place of Apache as the primary web server. The installation will move Apache away from its default ports in favor of NGINX.<\/p>\n
      For more information, read the NGINX configuration changes section below.<\/p>\n
      \n
      Note:<\/div>\n
      \n        You can still use Apache to serve dynamic content, but must<\/strong> proxy your requests to the server.\n    <\/div>\n<\/div>\n
      Install or uninstall NGINX<\/h2>\n
      Install<\/h3>\n
      \n
      Note:<\/div>\n
      \n
      If the Experimental Repository does not<\/strong> already exist on your server, install it with the following command: <\/p>\n
      \n
      yum install ea4-experimental<\/code><\/pre>\n<\/div><\/div>\n<\/div>\n
      To install NGINX, run the following command on the command line:<\/p>\n
      \n
      yum --enablerepo=<\/span>EA4-experimental install ea-nginx-standalone<\/code><\/pre>\n<\/div>\n
      Uninstall<\/h3>\n
      To uninstall NGINX, run the following command on the command line:<\/p>\n
      \n
      yum erase ea-nginx-standalone<\/code><\/pre>\n<\/div>\n
      The NGINX installation<\/h2>\n
      When you install cPanel & WHM\u2019s version of NGINX, the installation process will change your server\u2019s Apache installation to use different ports.<\/p>\n
      \n
      Note:<\/div>\n
      \n        The process will only change your Apache ports if your Apache configuration uses the default ports of 80<\/code> and 443<\/code>.\n    <\/div>\n<\/div>\n
      When you install NGINX, the installation process installs the ea-ruby27-mod_passenger<\/code> Apache module. This module is required<\/strong>.<\/p>\n
      The following features will work with NGINX without any further action by the user:<\/p>\n
        \n
      • \n
        Static content. <\/p>\n
        \n
        Note:<\/div>\n
        \n        You must<\/strong> proxy any dynamic content to Apache.\n    <\/div>\n<\/div>\n<\/li>\n
      • \n
        The MultiPHP system.<\/p>\n<\/li>\n
      • \n
        WordPress\u00ae installed via WordPress Manager. <\/p>\n
        \n
        Warning:<\/div>\n
        \n
          \n
        • \n
          Installations of WordPress outside of WordPress Manager will not support Pretty Permalinks. For more information, read WordPress\u2019 Pretty Permalinks documentation.<\/p>\n<\/li>\n
        • \n
          If you do not<\/strong> wish to manage your WordPress site through WordPress Manager, read the WordPress does not support Pretty Permalinks section below.<\/p>\n<\/li>\n<\/ul><\/div>\n<\/div>\n<\/li>\n
        • \n
          Mailman.<\/p>\n<\/li>\n
        • \n
          AutoSSL.<\/p>\n<\/li>\n
        • \n
          Proxy subdomains and redirects. <\/p>\n
          \n
          Important:<\/div>\n
          \n        The MultiPHP system and Wordpress will only<\/strong> work if you use PHP-FPM.\n    <\/div>\n<\/div>\n<\/li>\n<\/ul>\n
          NGINX configuration changes<\/h3>\n
          When you install NGINX on your server, the installation process makes several changes to your system.<\/p>\n
          Most notably, the installation configures Apache to no longer act as the primary web server. Because of this, the NGINX installation will create proxies for MailMan and AutoSSL.<\/p>\n
          Configuration files<\/h3>\n
          The system creates the \/etc\/nginx\/conf.d\/ea-nginx.conf<\/code> configuration file.<\/p>\n
          Custom configurations<\/h4>\n
          \n
          Warning:<\/div>\n
          \n
            \n
          • \n
            Do not<\/strong> edit any of the files that NGINX owns. Changing these files may result in unexpected behavior.<\/p>\n<\/li>\n
          • \n
            If you create custom configuration files, you may change NGINX behavior in undesired ways. For example, if your custom block matches the PHP block, the server may serve the source code instead of PHP.<\/p>\n<\/li>\n<\/ul><\/div>\n<\/div>\n
            If you want to customize the server blocks for NGINX, create an include file that ends in .conf<\/code> in the appropriate location. A server block is the same thing as a virtual host in Apache.<\/p>\n
            For more information about server blocks, including examples, read NGINX\u2019s Server Block Examples documentation.<\/p>\n
            \n
            Note:<\/div>\n
            \n        Do not<\/strong> use cpanel-<\/code> as the prefix for any custom files you create.\n    <\/div>\n<\/div>\n
            Global configuration<\/h4>\n
            Place any global .conf<\/code> files that you create in the \/etc\/nginx\/conf.d\/<\/code> directory.<\/p>\n
            If you want to adjust every server block on your server, create your .conf<\/code> file in the \/etc\/nginx\/conf.d\/server-includes\/<\/code> directory.<\/p>\n
            \n
            Note:<\/div>\n
            \n        Make certain that you also reference your .conf<\/code> file with an include<\/code> directive in the file that you want to use it in.\n    <\/div>\n<\/div>\n
            User configuration<\/h4>\n
            \n
            Note:<\/div>\n
            \n
            In the following examples, username<\/code> represents the username, and domainname<\/code> represents the fully-qualified domain name.<\/p>\n
            This fully-qualified domain name must be one of the following:<\/p>\n
              \n
            • \n
              The server block\u2019s main domain.<\/p>\n<\/li>\n
            • \n
              The server block\u2019s subdomain for addon domains and their subdomains.<\/p>\n<\/li>\n
            • \n
              The server block\u2019s subdomain for subdomains that are not addon domains.<\/p>\n<\/li>\n<\/ul><\/div>\n<\/div>\n
              To customize every server block that a user owns, create your .conf<\/code> file in following directory:\n<\/p>\n
              \n
              \/etc\/nginx\/conf.d\/users\/username<\/code><\/pre>\n<\/div>\n
              To customize a specific server block for a specific domain, create your .conf<\/code> file in the  following directory:\n<\/p>\n
              \n
              \/etc\/nginx\/conf.d\/users\/username\/domainname\/<\/code><\/pre>\n<\/div>\n
              Apache configuration<\/h4>\n
              The NGINX installation makes the following changes to your Apache configuration:<\/p>\n
                \n
              • \n
                Changes the Apache port to the first available port under 1024<\/code>. This will usually be port 81<\/code>. You must proxy any applications that are not static to Apache.<\/p>\n<\/li>\n
              • \n
                Changes the Apache SSL port to the first available port under 1024<\/code>. This will usually be port 444<\/code>. <\/p>\n
                \n
                Note:<\/div>\n
                \n        Your Apache ports will only<\/strong> change if your configuration uses the default ports 80<\/code> and 443<\/code>. The installation ignores custom port numbers.\n    <\/div>\n<\/div>\n<\/li>\n
              • \n
                Adds the following to the \/etc\/nginx\/conf.d\/ea-nginx.conf<\/code> file: <\/p>\n
                \n
                \n\n\n
                \n
                1\n<\/span>2\n<\/span>3\n<\/span>4\n<\/span>5\n<\/span>6\n<\/span><\/code><\/pre>\n<\/td>\n
                		\n
                map<\/span> $<\/span>host<\/span> $<\/span>CPANEL_APACHE_PROXY_IP<\/span> {\n        default<\/span> 127.0.0.1<\/span>;\n    }  \nmap<\/span> $<\/span>host<\/span> $<\/span>CPANEL_APACHE_PROXY_PORT<\/span> {\n        default<\/span> 81<\/span>;\n    }<\/code><\/pre>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n<\/li>\n<\/ul>\n
                File access<\/h4>\n
                NGINX does not<\/strong> serve files that start with .ht<\/code> by default.  There may be other files that you want to restrict access to.<\/p>\n
                The easiest solution is to not<\/strong> include restricted-access files in the document root. However, if this is not possible, you can also explicitly restrict access to files.<\/p>\n
                For example, if you serve your website from a git repository, you may want to prevent access to the site\u2019s .git<\/code> directory.  To do this, create a .conf<\/code> file in the appropriate location and add the following commands to your file:<\/p>\n
                \n
                \n\n\n
                \n
                1\n<\/span>2\n<\/span>3\n<\/span>4\n<\/span>5\n<\/span>6\n<\/span><\/code><\/pre>\n<\/td>\n
                		\n
                location ~ \/.<\/span>git {<\/span>\n\t   deny all;\n\t   log_not_found off;\n\t   access_log off;\n\t   return<\/span> 404<\/span>;\n   }<\/span>  <\/code><\/pre>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
                After you save the file, reload your server to activate the configuration change.<\/p>\n
                For more information, read the NGINX Location Priority documentation.<\/p>\n
                CloudFlare\u00ae<\/h4>\n
                The NGINX installation will detect if a domain uses CloudFlare and configure the system to work properly.<\/p>\n
                The system saves the CloudFlare configuration to the following location:\n<\/p>\n
                \n
                \/etc\/nginx\/conf.d\/includes-optional\/cloudflare.conf<\/code><\/pre>\n<\/div>\n
                If your secure connections don\u2019t appear in the SSL log, you can change the SSL settings in CloudFlare.<\/p>\n
                Log Files<\/h3>\n
                NGINX rotates logs with the logrotate<\/code> utility. This means that WHM\u2019s cPanel Log Rotation Configuration<\/em> interface (WHM >> Home  >> Service Configuration >> cPanel Log Rotation Configuration<\/em>) will not<\/strong> affect the NGINX log rotation. This activity will register in your user stats and bandwidth programs.<\/p>\n
                NGINX uses the cPanel & WHM default Apache log formats. It will not<\/strong> recognize any custom Apache log formats. You cannot<\/strong> manage NGINX logs in any interfaces that specifically displays Apache logs, such as WHM\u2019s Log Rotation<\/em> interface (WHM >> Home >> Service Configuration >> Log Rotation_). Apache does not<\/strong> log any requests that NGINX proxies to it.<\/p>\n
                NGINX logs traffic for the www<\/code> subdomain to the same location as non-www<\/code> subdomains, which duplicates the Apache behavior. For example, it will log requests for www.example.com<\/code>  and  example.com<\/code>  to the \/var\/log\/nginx\/domains\/example.com<\/code> file.<\/p>\n
                NGINX uses the same server block for both SSL and non-SSL requests. However, it handles requests differently depending on if you use piped logging or not.<\/p>\n
                Piped logging<\/h4>\n
                NGINX saves its log files to the following locations, where domainname<\/code> represents the domain name:<\/p>\n
                  \n
                • SSL \u2014  \/var\/log\/nginx\/domains\/domainname-ssl_log<\/code><\/li>\n
                • Non-SSL \u2014 \/var\/log\/nginx\/domains\/domainname<\/code><\/li>\n
                • Bandwidth  \u2014 \/var\/log\/nginx\/domains\/domainname-bytes_log<\/code><\/li>\n<\/ul>\n
                  NGINX also logs requests to the following location:\n<\/p>\n
                  \n
                  \/var\/log\/nginx\/access.log<\/code><\/pre>\n<\/div>\n
                  Regular logging<\/h4>\n
                  Without piped logging, both SSL and non-SSL requests save to the same location. NGINX saves its log files to the following locations, where domainname<\/code> represents the domain name:<\/p>\n
                    \n
                  • SSL and non-SSL \u2014 \/var\/log\/nginx\/domains\/domainname<\/code>\n
                    \n
                    Note:<\/div>\n
                    \n        These files will also contain an extra column at the beginning,  in  domainname:port<\/code> format.\n    <\/div>\n<\/div>\n<\/li>\n
                  • Bandwidth \u2014 \/var\/log\/nginx\/domains\/domainname-bytes_log<\/code><\/li>\n<\/ul>\n
                    Redirects<\/h3>\n
                    NGINX supports proxy subdomains and redirects.
                    \nTo create a redirect, use cPanel\u2019s Redirects<\/em>  (Home >> cPanel >> Domains >> Redirects<\/em>) interface. These redirects differ from the Apache redirect behavior in the following ways:<\/p>\n
                      \n
                    • Redirects apply to the whole server block, not the exact fully qualified domain  name (FQDN). If you set a redirect for one domain, it will also effect any other FQDN in the block.<\/li>\n
                    • Redirects apply to both the www<\/code> and any non-www<\/code> subdomains, regardless of the behavior in Apache. You can change this behavior with include files.<\/li>\n
                    • Redirects do not<\/strong> change HTTP<\/code> requests to HTTPS<\/code> requests. To enable this behavior, use the Force HTTPS Redirect<\/em>  option in cPanel\u2019s  Domains<\/em> (Home >> cPanel >> Domains >> Domains<\/em>) interface.<\/li>\n
                    • Redirects that point to an index.html<\/code> file will also redirect the domain name both with and without a trailing slash. For example, NGINX will redirect both example.com<\/code> and example.com\/<\/code>.\n
                      \n
                      Note:<\/div>\n
                      \n        If the redirect matches another index<\/code> file first, then it will serve that index<\/code> file.\n    <\/div>\n<\/div>\n<\/li>\n
                    • NGINX only<\/strong> returns the 301<\/code> and 302<\/code> HTTP status codes.<\/li>\n<\/ul>\n
                      \n
                      Note:<\/div>\n
                      \n        You cannot<\/strong> use the Safari\u00ae web browser to log in to a service subdomain. Use another browser, or log in with the service\u2019s port URL.\n    <\/div>\n<\/div>\n
                      Use include files to change redirect behavior<\/h4>\n
                      You can use include files to force NGINX to redirect www<\/code> domains to non-www<\/code> domains, and vice versa. You cannot<\/strong> use these include files for parked domains or to redirect HTTP<\/code> to HTTPS<\/code>.<\/p>\n
                      To do this, we created the following include files. You can create a symlink that points to one of the following files to alter the redirect behavior:<\/p>\n
                        \n
                      • \/etc\/nginx\/conf.d\/includes-optional\/force-non-www.conf<\/code><\/li>\n
                      • \/etc\/nginx\/conf.d\/includes-optional\/force-www.conf<\/code>\n
                        \n
                        Warning:<\/div>\n
                        \n
                          \n
                        • Do not<\/strong> use both of these files in your symlinks. This will create an infinite loop.<\/li>\n
                        • You must run the \/usr\/local\/cpanel\/scripts\/ea-nginx script  command after you create your .conf<\/code> file.<\/li>\n<\/ul><\/div>\n<\/div>\n<\/li>\n<\/ul>\n
                          To set redirect behavior for all of a user\u2019s domains, add the following symlink, where redirect-file<\/code> represents one of the files above and username<\/code> represents the user:\n<\/p>\n
                          \n
                          ln -s redirect-file \/etc\/nginx\/conf.d\/users\/username\/www-behavior.conf<\/code><\/pre>\n<\/div>\n
                          To set redirect behavior for only specific domains, add the following symlink, where redirect-file<\/code> represents one of the files above, username<\/code> represents the user, and domainname<\/code> represents the domain or subdomain:\n<\/p>\n
                          \n
                          ln -s redirect-file \/etc\/nginx\/conf.d\/users\/username\/domainname\/www-behavior.conf<\/code><\/pre>\n<\/div>\n
                          For example, to redirect www.sub.example.com<\/code> to sub.example.com<\/code> you might run the following commands:\n<\/p>\n
                          \n
                          \n\n\n
                          \n
                          1\n<\/span>2\n<\/span><\/code><\/pre>\n<\/td>\n
                          		\n
                          mkdir -p \/etc\/nginx\/conf.d\/users\/myuser\/sub.example.com\nln -s \/etc\/nginx\/conf.d\/includes-optional\/force-non-www.conf \/etc\/nginx\/conf.d\/users\/myuser\/sub.example.com\/non-www-behavior.conf<\/code><\/pre>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
                          Run NGINX<\/h3>\n
                          To stop or restart NGINX, use the \/usr\/local\/cpanel\/scripts\/restartsrv_nginx<\/code> script.<\/p>\n
                          We strongly<\/strong> recommend that you only<\/strong> use the cPanel script or WHM\u2019s Service Manager<\/em> interface (WHM >> Home >> Service Configuration >> Service Manager<\/em>) to restart NGINX.<\/p>\n
                          To use the restart commands in CentOS 7 to restart NGINX, you must<\/strong> use the reload<\/code> option. This option ensures a graceful restart:<\/p>\n
                          \n
                          systemctl reload nginx.service<\/code><\/pre>\n<\/div>\n
                          For more information, read our How to Restart Services documentation.<\/p>\n
                          Configure a user<\/h3>\n
                          In cPanel & WHM version 80 through 84, the system integrates NGINX into your user and domain changes, with the following exceptions:<\/p>\n
                            \n
                          • PHP-FPM Hostname Changes<\/li>\n
                          • Piped Log Configuration<\/li>\n
                          • Apache log style<\/li>\n<\/ul>\n
                            In cPanel & WHM version 86 and later, the system integrates these changes.<\/p>\n
                            \n
                            Note:<\/div>\n
                            \n        It may take your NGINX configuration several minutes to update if you make changes to your PHP version or PHP-FPM configuration, enable or disable PHP-FPM, or add WordPress.\n    <\/div>\n<\/div>\n
                            The system uses the \/usr\/local\/cpanel\/scripts\/ea-nginx script to make these changes. You do not<\/strong> need to run this script.<\/p>\n
                            The system creates the .conf<\/code> file in the following location, where username<\/code> represents the username:\n<\/p>\n
                            \n
                            \/etc\/nginx\/conf.d\/users\/username.conf<\/code><\/pre>\n<\/div>\n
                            Configure an application<\/h3>\n
                            In cPanel & WHM version 90 and later, you can use cPanel\u2019s Application Manager<\/em> interface (Home >> cPanel >> Software >> Application Manager<\/em>) to configure applications.<\/p>\n
                            In previous version of cPanel & WHM, you must run the \/usr\/local\/cpanel\/scripts\/ea-nginx script to update your configuration and restart the server.<\/p>\n
                            Limitations<\/h2>\n
                            If one of your domains matches a proxy domain, the system will warn you that it will ignore conflicting duplicate entries. This conflict may result in unexpected behavior.<\/p>\n
                            \n
                            Warning:<\/div>\n
                            \n
                              \n
                            • \n
                              If you use NGINX and ModSecurity\u00ae 2, your ModSecurity rules only<\/strong> apply when NGINX proxies the request to Apache.<\/p>\n<\/li>\n
                            • \n
                              Any restrictions set in an .htaccess<\/code> file will not apply. For example, if you password-protected a directory, the protection will not work.<\/p>\n<\/li>\n
                            • \n
                              If you create an alias, make certain<\/strong> that your path\u2019s location ends with a trailing slash (\/<\/code>). If your path does not<\/strong> end with a \/<\/code>, then your path is vulnerable to a path traversal exploit.<\/p>\n<\/li>\n
                            • \n
                              For more information, read the NGINX Security Advisories documentation.<\/p>\n<\/li>\n<\/ul><\/div>\n<\/div>\n
                              Troubleshooting<\/h2>\n
                              Could not build the server_names_hash<\/h3>\n
                              You may receive an error that resembles the following message:<\/p>\n
                              \n
                              \n\n\n
                              \n
                              1\n<\/span>2\n<\/span>3\n<\/span><\/code><\/pre>\n<\/td>\n
                              		\n
                              could<\/span> not<\/span> build<\/span> the<\/span> server_names_hash<\/span>,\nyou<\/span> should<\/span> increase<\/span> either<\/span> server_names_hash_max_size<\/span>: 512<\/span>\nor<\/span> server_names_hash_bucket_size<\/span>: 32<\/span><\/code><\/pre>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
                              If you receive this error message, increase the value of the following directives in the \/etc\/nginx\/conf.d\/ea-nginx.conf<\/code> and the \/etc\/nginx\/ea-nginx\/settings.json<\/code> files:<\/p>\n
                                \n
                              • \n
                                server_names_hash_max_size<\/code><\/p>\n<\/li>\n
                              • \n
                                server_names_hash_bucket_size<\/code><\/p>\n<\/li>\n<\/ul>\n
                                For more information, read the NGINX Server Names documentation.<\/p>\n
                                NGINX will not restart<\/h3>\n
                                If you used the nginx<\/code> command to start NGINX, then the \/usr\/local\/cpanel\/scripts\/restartsrv_nginx<\/code> and systemctl restart nginx.service<\/code> commands will not work. To correct this, perform the following steps:<\/p>\n
                                  \n
                                1. \n
                                  Stop the service with the \/usr\/sbin\/nginx -s stop command.<\/p>\n<\/li>\n
                                2. \n
                                  Restart NGINX with one of the following commands:<\/p>\n
                                    \n
                                  • \n
                                    \/usr\/local\/cpanel\/scripts\/restartsrv_nginx start<\/code><\/p>\n<\/li>\n
                                  • \n
                                    systemctl start nginx.service<\/code><\/p>\n<\/li>\n
                                  • \n
                                    \/etc\/init.d\/nginx start<\/code><\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n
                                    WordPress Multisite<\/h3>\n
                                    WordPress Multisite does not<\/strong> work with cPanel & WHM servers that use nginx.<\/p>\n