BPS and Nginx

[planner]

I’m thinking about migrating from Apache to Nginx, and would like to know what, if any, changes I need to make to .htaccess for the site to work under Nginx.

The site is currently using BPS Free and is located at http://linuxbsdos.com

[AITpro Admin]

http://wordpress.org/plugins/bulletproof-security/faq/

This is the full extent of my knowledge regarding Nginx and BPS.   Or of course you could convert the .htaccess code to an Nginx Server config code format.  And nope I have never messed around with that so I would not be able to provide that code for you.

Does BulletProof Security Work on ALL Nginx Servers / Server Configurations?

If you are using both Apache and Nginx together and Nginx is the frontend webserver and Apache is the backend Server used to process PHP then BulletProof Security will work on this type of combined Server Configuration. If you are only using Nginx then an .htaccess file will not work. Nginx has its own rewrite module – HttpRewriteModule and the mod_rewrite equivalent of an .htaccess file has similar, but different coding and is added to an Nginx Server config file. Note: If you are not familiar with Nginx, then it should be noted that Nginx does not have a PHP module like Apache’s mod_php, instead you either need to build PHP with FPM (ie: php-fpm/fastcgi), or you need to pass the request to something that can handle PHP.

[planner]

Thank you. I’ll stick with Apache for now.

A slightly-related question:

From your experience, what would you rather use as a frontend cache for Apache, Nginx, Varnish or Memcache?

[AITpro Admin]

I have only spent time looking at caching options/methods from the perspective of how they relate to BPS, BPS Pro or for System Info display and have not spent much time comparing the different types of caching options so my experience is limited in this area.  There are lots of sites that have done side by side cache benchmarking so you should not have any problems finding and cross referencing this info to get a clear picture.

[planner]

I recently migrated from Apache to Nginx, and still using BPS Free, essentially, reusing the same .htaccess on Nginx. I’ve read somewhere that this is not supposed to work, but it seems to be working for me. Is there something I should be on the lookout for, regarding rewrite rules?

[AITpro Admin]

@ planner – your Topic post is a duplicate post and has been merged into your existing post.

If your Nginx Server has added additional config files or is using other methods of reading .htaccess files then they will work.

[Zsolt Edelényi]

Is it possible to work BPS PRO on Nginx server?

I understand, that htaccess won’t work. But other modules like Plugin Firewall, DB monitor, and ARQ work?

[AITpro Admin]

Zsolt Edelényi – The only issue with Nginx servers is .htaccess code since .htaccess code is specific to Apache servers.  All other BPS features work on all types of servers.

Does BulletProof Security Work on ALL Nginx Servers/Server Configurations?

If you are using both Apache and Nginx together and Nginx is the frontend webserver and Apache is the backend Server used to process PHP then BulletProof Security will work on this type of combined Server Configuration. If you are only using Nginx then an .htaccess file will not work. Nginx has its own rewrite module – HttpRewriteModule and the mod_rewrite equivalent of an .htaccess file has similar, but different coding and is added to an Nginx Server config file. Note: If you are not familiar with Nginx, then it should be noted that Nginx does not have a PHP module like Apache’s mod_php, instead you either need to build PHP with FPM (ie: php-fpm/fastcgi), or you need to pass the request to something that can handle PHP.

[bbmedia]

Has anyone got a solution for this? …such as a conversion into the HttpRewriteModule format?

[AITpro Admin]

@ bbmedia – These days the newest versions of NGINX on web hosts works out of the box with BPS/htaccess files.  Do you have your own dedicated or VPS server?  Are you running into problems?  If so, what problems are you experiencing?

[bbmedia]

Nginx may now include a conversion module in their latest version (though I have yet to uncover it), but they don’t support the htaccess procedural approach. htaccess is a performance drain, and precisely why they don’t use it…and because nginx operates differently it handles various security aspects differently.

as per… https://www.nginx.com/resources/wiki/start/topics/examples/likeapache-htaccess/

So far I have found some helpful sites which provide insight into rewriting htaccess in nginx conf and others that assist in the conversion process.

For speed reasons we now run our sites off a AWS setup which uses nginx as the sole webserver (as opposed to a hybrid setup like Cloudways which uses nginx for frontend caching and apache as the primary webserver), we are moving away from any plugins which require support for htaccess such as certain caching plugins, especially since the point of server page caching is to create essentially static files which are served out of cache the vast majority of the time. And nginx operates differently and some (possibly, much) of what is covered in the htaccess file is already embedded in our nginx setup. So it’s identifying what isn’t covered and whether it is necessary.

BPS Pro still provides ARQ which is a useful defence tool, and if there are gaps then I will find someone to rewrite any additional security code not yet covered in our nginx setup, or I learn it and do it myself.

[bbmedia]

and here’s the nginx page discussing conversion

https://www.nginx.com/blog/converting-apache-to-nginx-rewrite-rules/

[AITpro Admin]

“htaccess is a performance drain” – that belief/information is something that has been spread around the internet for years. I believe the origin of that somewhat false statement comes from the Apache website itself.  See the statement on the apache.org website below. So probably the apache.org statement was taken out of context and spread all over the place. First off, most people do not have access to the httpd main server config file. What apache.org means by “slows down your Apache http server” is using htaccess files could cause your Apache server to slow down by milliseconds. The benefits of using .htaccess files: I am using htaccess Browser caching code on this forum site in my htaccess file and that htaccess file/code speeds up this forum site’s load speed by 1-2 seconds. So the htaccess file speeds up my website performance overall.  .htaccess files are distributed server configuration files that allow people to quickly and easily add directives to instruct their server to do things. .htaccess files are widely used and supported by the majority of web hosts worldwide and are a standard.  Another statement that originated from the apache.org website is that “apache checks every directory for htaccess files and that slows down the apache server”.  Yes, once again that performance hit is going to be in milliseconds. It would take a human hours to check 1000’s of directories. A server can do that in milliseconds.  Anyway this forum site was loading at 1.562 seconds until I updated a particular plugin and is now loading in 2.2 seconds, which is still very respectable. Without that htaccess Browser caching code this forum site would load in 3.2 seconds, which is unacceptable.

https://httpd.apache.org/docs/2.4/howto/htaccess.html
You should avoid using .htaccess files completely if you have access to httpd main server config file. Using .htaccess files slows down your Apache http server. Any directive that you can include in a .htaccess file is better set in a Directory block, as it will have the same effect with better performance.

In summary, I did read the NGINX article and I agreed with some of it, but the NGINX conclusion statement gives everything away – “Stop using .htaccess. It’s horrible for performance. NGINX is designed to be efficient. Adding something like this destroys that.” Why? Because this an emotional statement and of course it is self-promoting. ie “use our product it is much better”.

[AITpro Admin]

Oh and the other NGINX link you posted goes to an article that was written in 2015 (5 years ago). I’m pretty sure it is outdated/defunct now. I am pretty sure that all new versions of NGINX automatically include rewriting conversions for .htaccess files. I have 100’s (or maybe 1,000’s) of people using NGINX and the BPS htaccess files/code works perfectly fine on their NGINX servers.

[bbmedia]

Well I’m no server export, but we have tried using the fastest WordPress htaccess caching tools (tested in parallel setups) – however I’ve found that the claims that a Ubuntu 18.06 AWS installation with nginx, php-fpm, redis & mariaDB running php 7.4 was going to give me the fastest pagespeed have been true – and it makes sense given that it is optimised to serve the site as static pages directly out of memory – and given the performance increase we have seen, this is what we’ll be staying with.

Thanks, but I think I’ll take both Apache and nginx’s word for it – when there’s millions of hits even small things can start becoming an issue. As we go to great lengths with a whole range of tricks to shave milliseconds off of our sites pagespeed, given we are serving sites for media-rich high load sites and very demanding clients, so we prefer to be reducing potential performance impediments than adding them, as every little reduction on these high traffic sites makes a big difference overall.

So, on the new setup, anything which works internally in BPS Pro with the php files continues to work (ARQ etc.), but the only security log entries that were being generated were for attempts on wp-login.php – as such, the myriad of other attempts that we see in the logs of our sites for all the other security exploit types disappeared.

Yes, there are a range of hosting companies that cater to WordPress consumers / agencies that provide nginx as the front end page caching server and actually have Apache running as the primary server (we used to use one of them). That enables them to have a page cache and compatibility with all WordPress plugins – but there is still an undeniable performance hit that comes with that.

And the people who created the service that we now use to install and manage our Ubuntu 18.06 AWS installations have directly stated that htaccess is not supported by this setup.

I’m not here to argue about the benefits or not of htaccess vs nginx conf or whether it does work somewhere else – what I can guarantee you is that it doesn’t work on this purpose-built lightning fast setup we have running on AWS servers.

So, thanks anyway, but I guess this means I will need to continue my search elsewhere.
cheers
Garth

[Author]

Posts