celiac101

Well-Known Member
Dec 19, 2012
101
1
68
cPanel Access Level
Website Owner
In the past I've tried running Engintron NGINX on cPanel, but after much tweaking it did not turn out to be faster than my PHP-FPM configuration.

Now I am considering trying out the NGINX option via the new WHM 96 installation option, and I have a few questions:

1) Will the installation and uninstallation on the NGINX plugin work seamlessly? Will it automatically do everything and the web sites on the server won't experience any disruption?

2) Will I need to make changes to my CSF firewall for it to work?

3) What configuration files would I need to tweak to increase performance of NGINX?
 

SS-Maddy

Well-Known Member
Mar 28, 2009
130
18
68
cPanel Access Level
Root Administrator

celiac101

Well-Known Member
Dec 19, 2012
101
1
68
cPanel Access Level
Website Owner
Thank you, I read through both links but did not see anything regarding my question #2, about use of CSF firewall. Do I need to make any changes to CSF for NGINX to work? Will CSF work?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,439
1,004
313
cPanel Access Level
Root Administrator
Normally you do not need to make any changes to the firewall when nginx is installed in a rever-proxy configuration. The installation will change the Apache ports if they are set to the defaults of 80 and 443, but since the traffic to Apache is only handled internally on the server, nothing else needs to be opened externally - all that communication is just between nginx and Apache.
 
  • Like
Reactions: celiac101

celiac101

Well-Known Member
Dec 19, 2012
101
1
68
cPanel Access Level
Website Owner
So I'm still hoping for one last reassurance before I try this, as I have a busy Web site, and I'd like to avoid any disruptions (like I had when I tried out Engintron NGINX plugin).

If I use the cPanel installation option I will assume that it will install and handle everything, and my sites on the server will seamlessly switch over to NGINX without disruption, and I won't need to make any other changes beyond any performance tweeks I might want to make in the config file.

But, should I find, like I did with the Engintron plugin, that it isn't faster than my current PHP-FPM setup, is there a similar "Uninstall NGINX" that will appear on the same "NGINX Manager" area in cPanel which will allow me to fully uninstall it, and will it put everything back the way it was, running my same PHP-FPM setup and config files, unchanged?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,439
1,004
313
cPanel Access Level
Root Administrator
I can't really speak for Engintron since that isn't something we make, but the nginx tool is seamless. It change the Apache ports on the backend, and immediately starts handling all the traffic. If you don't like it or see issues, uninstalling the package removes the changes and you're back to how you were.
 
  • Like
Reactions: celiac101

celiac101

Well-Known Member
Dec 19, 2012
101
1
68
cPanel Access Level
Website Owner
I think I got it running, but I have a couple more, probably dumb questions:

1) When I formerly installed the Engintron NGINX plugin, the directions included installing lines in my hosts.allow file to include the new ports for NGINX. Do I need to add lines like these to my hosts.allow files in CSF firewall:

# Engintron NGINX Plugin
tcp|in|d=81|s=127.0.0.1 # The loopback address
tcp|in|d=81|s=1.2.3.4 # Replace 1.2.3.4 with your server's shared IP - if you have multiple IPs, clone this line and edit the IP
tcp|in|d=444|s=127.0.0.1 # The loopback address
tcp|in|d=444|s=1.2.3.4 # Replace 1.2.3.4 with your server's shared IP - if you have multiple IPs, clone this line and edit the IP

2) How can I be sure what ports NGINX is using now? Hopefully 81 and 444, but I just want to be sure.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,439
1,004
313
cPanel Access Level
Root Administrator
@celiac101 - you don't need to make any special configurations for our version of the Nginx installer. Our version will listen for traffic on ports 80 and 443 just as Apache would, and then it forwards the traffic internally to Apache, so no ports need to be opened in the firewall. With the plugin you used, it sounds like it actually listened on a different port so it didn't override the default cPanel and Apache settings.
 

celiac101

Well-Known Member
Dec 19, 2012
101
1
68
cPanel Access Level
Website Owner
This is good to know, thank you. I was not able to get NGINX running as fast as my current PHP-FPM configuration, is that possible, or normal? The biggest issue I had was a 1-2 second server delay time which I could not reduce. I tried many configuration settings, and am sharing them below in the hope that someone might be able to suggest a config setting that I've gotten wrong, or ones I need to add (some items are commented out as they did not seem to help, or may have caused issues):


include /etc/nginx/conf.d/modules/*.conf;

user nobody;
worker_processes auto;

error_log /var/log/nginx/error.log crit;
pid /var/run/nginx.pid;


events {
worker_connections 8096;
multi_accept off;
use epoll;
}
worker_rlimit_nofile 100000;

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 5;
#access_log off;
reset_timedout_connection on;
#client_body_timeout 10;
#send_timeout 2;
keepalive_requests 128;
open_file_cache max=200000 inactive=20s;
open_file_cache_valid 90s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
#NEW
ignore_invalid_headers on;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
request_pool_size 4k;
output_buffers 4 32k;
#postpone_output 1460;
#server_names_hash_max_size 2048;

gzip on;
gzip_types text/plain application/xml application/javascript application/atom+xml application/rss+xml text/html text/xml text/javascript text/css image/svg+xml image/png image/webp image/x-icon image/tiff font/woff font/woff2;
gzip_proxied no-cache no-store private expired auth;
#gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 750;
gzip_buffers 4 32k;

include /etc/nginx/conf.d/*.conf;
}