I set up Nginx and Apache2 on the same machine with Nginx functioning as a reverse proxy. Nginx uses SSL (at least for 1 of 2 domains: example.com), Apache is used for handling PHP using FPM/FastCGI. I basically followed this tutorial: https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-18-04-server
In step 8, mod_rpaf is used to rewrite Apache's values of REMOTE_ADDR, HTTPS and HTTP_PORT to match the values by the reverse proxy. However, mod_rpaf seems a little dated so I'd like to use mod_remoteip instead. This works fine so far, except for changing the value of $_SERVER['SERVER_PORT']. Here is what phpinfo() on example.com says:
- $_SERVER['HTTPS'] on [as it should be]
- $_SERVER['HTTP_X_FORWARDED_PORT'] 443
- $_SERVER['SERVER_PORT'] 80 [but this is supposed to show 443 as well, according to the tutorial]
My configs:
/etc/apache2/ports.conf (let Apache listen on port 8080):
Listen 8080 <IfModule ssl_module> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule> /etc/apache2/sites-available/000-default.conf:
<VirtualHost *:8080> ServerName example.net ServerAdmin webmaster@localhost DocumentRoot /var/www/examplenet/html ErrorLog /var/www/examplenet/error.log CustomLog /var/www/examplenet/access.log combined RemoteIPHeader X-Real-IP RemoteIPInternalProxy 127.0.0.1 SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on </VirtualHost> <VirtualHost *:8080> ServerName example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/examplecom/html ErrorLog /var/www/examplecom/error.log CustomLog /var/www/examplecom/access.log combined RemoteIPHeader X-Real-IP RemoteIPInternalProxy 127.0.0.1 SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on </VirtualHost> /etc/nginx/sites-available/default (block requests coming via IP address only and not via domains):
server { listen 80 default_server; listen [::]:80 default_server; return 444; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { try_files $uri $uri/ =404; } } /etc/nginx/conf.d/proxy.conf:
server { server_name example.com; listen 80; listen [::]:80; return 301 https://$host$request_uri; } server { listen 80; server_name example.net; access_log /var/log/nginx/examplenet.access.log; gzip on; gzip_comp_level 2; gzip_proxied any; gzip_types text/plain text/html text/css text/xml application/xml application/xml+rss application/xml+atom text/javascript application/x-java> location ~* ^.+\.(jpg|jpeg|gif|png|ico)$ { root /var/www/examplenet/html; #access_log off; gzip off; expires 1d; } location ~* ^.+\.(css|js)$ { root /var/www/examplenet/html; #access_log off; expires 1d; } location ~* ^.+\.(pdf|gz|bz2|exe|rar|zip|7z)$ { root /var/www/examplenet/html; gzip off; } location / { proxy_pass http://127.0.0.1:8080; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_max_temp_file_size 0; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } } server { server_name example.com; access_log /var/log/nginx/examplecom.access.log; gzip on; gzip_comp_level 2; gzip_proxied any; gzip_types text/plain text/html text/css text/xml application/xml application/xml+rss application/xml+atom text/javascript application/x-java> location ~* ^.+\.(jpg|jpeg|gif|png|ico)$ { root /var/www/examplecom/html; #access_log off; gzip off; expires 1d; } location ~* ^.+\.(css|js)$ { root /var/www/examplecom/html; #access_log off; expires 1d; } location ~* ^.+\.(pdf|gz|bz2|exe|rar|zip|7z)$ { root /var/www/examplecom/html; gzip off; } location / { proxy_pass http://127.0.0.1:8080; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; proxy_max_temp_file_size 0; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } listen 443 ssl; # managed by Certbot listen [::]:443 ssl ipv6only=on; # managed by Certbot ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } How can I make PHP set to $_SERVER['SERVER_PORT'] as in the tutorial, making it show 443 instead of 80?
$_SERVER['SERVER_PORT']is not tuneable and simply reports the real port and the question is more about why you'd wanted to override that. Simply don't use a port for generating self referential URL's if that's what's causing issues...mod_rpafoutdated, but the whole tutorial you're referring to is as well. As already pointed out, unless the PHP software you're using on the backend heavily relies on customized.htaccesscontent, there's no point in adding Apache as a second proxying layer. If it does, making the use of Apache unavoidable, consider switching tomod_proxy_fcgi, which provides theProxyFCGISetEnvIfdirective for this purpose.mod_proxy_fcgiand port 443 is displayed after I have addedProxyFCGISetEnvIf "true" SERVER_PORT 443to the Apache conf file. As this was basically your suggestion you could post this as an answer and I would accept it.