1

Topic: Apache replace with Nginx on production server

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hello,

as your announce
http://www.iredmail.org/forum/topic1294 … venia.html

"Planned changes in next release

    Completely drop Apache support. Nginx will be the only one web server shipped by iRedMail."

I have always selected apache, my instalation is using apache.

http://www.iredmail.org/forum/topic1182 … nginx.html

"3. Copy Nginx config files (/etc/nginx/*) to your mail server. To avoid file permission issue, it's better run Nginx as Apache daemon user. and listen on different ports (e.g. 81 for http, 444 for https). so that you can run Apache and Nginx at the same time for testing."

Is there any guide for remove apache, install nginx and correct all permission for?

I'm specially   interested on this guide for Centos 7

thanks for your time

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Apache replace with Nginx on production server

I think backup your data
reinstall and restore data is the best way
thanks

3

Re: Apache replace with Nginx on production server

You can continue running Apache, it's not required to switch to Nginx.
But for new iRedMail installation, only Nginx is available.

4

Re: Apache replace with Nginx on production server

Find below a guide. I am just in the process of doing the same replacement.
This guide is given without any guaranties, use it on your own risk.
Lets say it is version 0.9  (valid for Centos 7)
NOTE: In order to prepare for a revert of the change, not carefully the file owners before/after changing in the /var/www branch. (of course, the simplest way is to make a copy before changing)


1) take a full backup / snapshot of Your iredmail server ( or create a clone, and test the procedure there first)
2) Install a new temp server  from scratch, using the same OS and settings as the production server, but select Nginx instead of Apache
3) Prepare the prod server with Nginx and some more required packages (php-fpm, uwsgi-plugin-common, uwsgi-plugin-python)
4) copy /etc/nginx and some more files/dirs from the temp server (described below)
5) change ownership of a number of files from apache to nginx
6) Stop and disable the apache httpd service
7) Enable service for nginx, uwsgi and php-fpm
8) start the services and check with systemctl status xxxxx that they run.
9) verify   /mail /iredadmin /SOGo and /awstat
10) reboot the server, and check that all is ok.

Detailed description:
(starting from item "3")

3) Install
yum install php-fpm
yum install uwsgi-plugin-common
yum install uwsgi-plugin-python

4) copy config files from temp server using tar and scp
/etc/uwsgi.d/uwsgi.ini
/etc/php-fpm.d/www.conf
/etc/nginx
/var/www/awstats-statistics

5)Change ownership of some roundcube   files owned by apache
# cd /var/www
# find . -group apache -ls
After changing ownership to nginx, it should read  as below: (note, a lot of files are owned by root)
Should read:
100903878    8 -rw-------   1 nginx    nginx        4770 Nov  2 12:26 ./roundcubemail-1.3.0/config/config.inc.php
34618621    0 drwxr-xr-x   2 nginx    nginx          22 Nov  2 12:26 ./roundcubemail-1.3.0/logs
35345188    4 -rw-r--r--   1 nginx    nginx         164 Jun 26 20:56 ./roundcubemail-1.3.0/logs/.htaccess
35345062    0 drwxr-xr-x   2 nginx    nginx          22 Nov  2 12:26 ./roundcubemail-1.3.0/plugins/enigma/home
100903880   20 -r--------   1 nginx    nginx       18513 Nov  2 12:26 ./roundcubemail-1.3.0/plugins/password/config.inc.php
100902411    0 drwxr-xr-x   2 nginx    nginx          22 Nov  2 12:26 ./roundcubemail-1.3.0/temp
100902831    4 -rw-r--r--   1 nginx    nginx         164 Jun 26 20:56 ./roundcubemail-1.3.0/temp/.htaccess

Change the ownership using  #chown nginx:nginx <filename> like:
# chown nginx:nginx /var/www/roundcubemail-1.3.0/config/config.inc.php
# chown -R nginx:nginx /var/www/roundcubemail-1.3.0/logs/
# chown -R nginx:nginx /var/www/roundcubemail-1.3.0/temp/

NOTE: ( note /var/www/roundcubemail-1.3.0/plugins/enigma/home/.htaccess is owned by root, all other dir/files  under ./enigma/home/ are owned by nginx )
so do:
# chown -R nginx:nginx /var/www/roundcubemail-1.3.0/plugins/enigma/home/
# chown -R root:root /var/www/roundcubemail-1.3.0/plugins/enigma/home/.htaccess

6) systemctl stop httpd && systemctl disable httpd

7) systemctl enable nginx uwsgi php-fpm

8) systemctl start    nginx uwsgi php-fpm
systemctl status nginx uwsgi php-fpm

9)...
10) ...

/ Regards

5

Re: Apache replace with Nginx on production server

A small typo in the description above, in section 3 and 4.
They should read:
3) Install
yum install nginx
yum install php-fpm
yum install uwsgi-plugin-common
yum install uwsgi-plugin-python

4) copy config files from temp server using tar and scp
/etc/uwsgi.d/uwsgi.ini # wrong file!
/etc/uwsgi.ini
/etc/uwsgi.d/iredadmin.ini
/etc/php-fpm.d/www.conf
/etc/nginx
/var/www/awstats-statistics

6

Re: Apache replace with Nginx on production server

Hi again. This guide is almost reaching version 1.0...
I found one more thing that needs a change:
- Fail2Ban configuration sits in /etc/fail2ban/jail.d
- Disable the check for apache and enable nginx by changing the "enable = false"   and  "enable = true" respectively
in the files  apache-auth.local and  nginx-http-auth.local