0

I have the plan to manage multiple websites on the same server and I'm currently handling the http request from nginx then handling it to apache.

This is what the configuration I currently have for my first website:

  # Force HTTP requests to HTTPS
server {
listen 80;
server_name myfirstwebsite.net;
return 301 https://myfirstwebsite.ne$request_uri;
}

  server {
  listen  443 ssl;
  root  /var/opt/httpd/ifdocs;

server_name myfirstwebsite.ne ;

  # add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000" always;
ssl on;
ssl_certificate     /etc/pki/tls/certs/cert.pem;
ssl_certificate_key /etc/pki/tls/certs/cert.key;
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers         HIGH:!aNULL:!MD5;

access_log /var/log/nginx/iflogs/http/access.log;
error_log  /var/log/nginx/iflogs/http/error.log;


###include rewrites/default.conf;
index  index.php index.html index.htm;

# Make nginx serve static files instead of Apache
# NOTE this will cause issues with bandwidth accounting as files wont be logged
location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css)$ {
    expires max;
}

location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;
       proxy_pass https://127.0.0.1:4433;
}

# proxy the PHP scripts to Apache listening on <serverIP>:8080
location ~ \.php$ {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;
      proxy_pass https://127.0.0.1:4433;
}

location ~ /\. {
    deny  all;
}

error_page  500 502 503 504  /50x.html;
location = /50x.html {
    root  /usr/share/nginx/html;
}
}

Now, My question is, for the second, third website and so on, I'm thinking in modifying the line:

proxy_pass https://127.0.0.1:4433;

for 

proxy_pass https://secondwebsite.net:4433;

but what I don't want to do is that the goes out of the internet and looks up for that dns and then comes back to the same server, but serve in the same server (which is why I had localhost:4433 in the first website), so I don't get latency issues. Is there any solution for this?

Also, I want to know if there will be issues if I serve multiple servers using the same port (in this case 4433) or do I have to use a different port for each website.

Thank you in advance.

VaTo
  • 2,936
  • 7
  • 38
  • 77

1 Answers1

1

Multiple server confs

One way to do this would be to have multiple server blocks, ideally over different conf files. Something like this would do for your second server in a new file (e.g. /etc/nginx/sites-available/mysecondwebsite): 

 # Force HTTP requests to HTTPS
server {
listen 80;
server_name mysecondwebsite.net;
access_log off; # No need for logging on this
error_log off;
return 301 https://mysecondwebsite.net$request_uri;
}

  server {
  listen  443 ssl;
  root  /var/opt/httpd/ifdocs;

server_name mysecondwebsite.net ;

  # add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000" always;
ssl on;
ssl_certificate     /etc/pki/tls/certs/cert.pem;
ssl_certificate_key /etc/pki/tls/certs/cert.key;
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers         HIGH:!aNULL:!MD5;

access_log /var/log/nginx/iflogs/http/access.log;
error_log  /var/log/nginx/iflogs/http/error.log;


###include rewrites/default.conf;
index  index.php index.html index.htm;

# Make nginx serve static files instead of Apache
# NOTE this will cause issues with bandwidth accounting as files wont be logged
location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css)$ {
    expires max;
}

location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;
       proxy_pass https://127.0.0.1:4434;
}

# proxy the PHP scripts to Apache listening on <serverIP>:8080
location ~ \.php$ {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;
      proxy_pass https://127.0.0.1:4434;
}

location ~ /\. {
    deny  all;
}

error_page  500 502 503 504  /50x.html;
location = /50x.html {
    root  /usr/share/nginx/html;
}
}

You would then create a symlink using ln -s /etc/nginx/sites-available/mysecondwebsite /etc/nginx/sites-available/ and restart nginx. To answer your question about ports, you can only have one TCP application listening on any single port. This post provides a few more details about that.

You could also define an upstream in your server block like so: 

 upstream mysecondwebsite {
     server 127.0.0.1:4434; # Or whatever port you use
 }

And then reference this upstream using proxy pass like so: 

proxy_pass http://mysecondwebsite;

This way if you change the port, you will only have to change it in one place in your server conf. Also, this is how you would scale your application with multiple Apache servers and implement load balancing.

Antonyjim
  • 98
  • 1
  • 7