LogoفارسیFA

NGINX with Reverse Proxy in cPanel & WHM: Installation, Configuration, and Default Behavior

This article explains how NGINX with reverse proxy works in cPanel & WHM when installed via the ea-nginx package. It covers installation, service management, user and application integration, optional NGINX packages, compression modules, HTTP/2, NJS, and the default configuration changes applied to Apache, logging behavior, CloudFlare compatibility, and file access rules.

NGINX reverse proxyEasyApache 4cPanel NGINX configuration

~3 min read • Updated Feb 22, 2026

1. Overview


The ea-nginx package provides a production-ready version of NGINX® for cPanel & WHM servers. This implementation acts as a reverse proxy in front of Apache®, improving performance through caching and optimized request handling.


Notes:

  • This documentation applies only to the ea-nginx package installed via WHM’s NGINX Manager or EasyApache 4.
  • It is not compatible with LiteSpeed Web Server.
  • For the older experimental version, see the NGINX Standalone documentation.


2. Stop or Restart NGINX


To stop or restart NGINX, always use the cPanel service script:

/usr/local/cpanel/scripts/restartsrv_nginx

Warning: Do not use the nginx command directly. Doing so may cause service issues that require troubleshooting.


You may also restart NGINX via WHM:

WHM » Home » Service Configuration » Service Manager



3. User Configuration


NGINX integrates automatically with user and domain changes. The system uses:

/usr/local/cpanel/scripts/ea-nginx

It generates user-specific configuration files at:

/etc/nginx/conf.d/users/username.conf


4. Application Configuration


Use the cPanel Application Manager to configure applications:

cPanel » Home » Software » Application Manager



5. NGINX-Specific Optional Packages


Additional packages extend NGINX functionality.


5.1 Compression Modules


Available compression packages:

  • Brotliea-nginx-brotli
  • gzipea-nginx-gzip

Security Note: Compression over SSL/TLS may expose responses to BREACH attacks. To reduce risk:

  • Avoid sending sensitive data in responses.
  • Use secure SameSite cookies.

Important: cPanel’s Optimize Website interface does not affect NGINX compression.


5.2 Brotli Configuration


Install via EasyApache 4 → Additional Packages.

Configuration file:

/etc/nginx/conf.d/brotli.conf

Some clients only support Brotli over HTTPS.


5.3 gzip Configuration


Install via EasyApache 4 → Additional Packages.

Configuration file:

/etc/nginx/conf.d/gzip.conf


5.4 HTTP/2 Support


Install the ea-nginx-http2 package to enable HTTP/2.

Configuration file:

/etc/nginx/conf.d/http2.conf

Notes:

  • NGINX supports HTTP/2 only over SSL.
  • NGINX proxies HTTP/2 requests to Apache using HTTP/1.1.
  • Apache’s mod_http2 is not required.

5.5 NGINX JavaScript Module (NJS)


Install ea-nginx-njs to enable JavaScript-based scripting.

Configuration file:

/etc/nginx/conf.d/njs.conf


6. Default Configuration of NGINX with Reverse Proxy


Installing NGINX with reverse proxy applies several system-level changes.


6.1 Apache Port Changes


If Apache is using default ports (80/443), NGINX installation changes them:

  • Apache HTTP → usually port 81
  • Apache HTTPS → first available port under 1024

NGINX then proxies all traffic to Apache.


6.2 Apache mod_remoteip


The installation ensures mod_remoteip is installed and configured to correctly set REMOTE_ADDR for proxied requests.


If you customized:

/var/cpanel/templates/apache2_4/ea4_main.local

You must update it based on:

/var/cpanel/templates/apache2_4/ea4_main.default

If mod_remoteip already exists, remove:

  • RemoteIPHeader
  • RemoteIPInternalProxy


6.3 NGINX Configuration Files


Installation creates:

/etc/nginx/conf.d/ea-nginx.conf
/etc/nginx/ea-nginx/settings.json
/etc/nginx/ea-nginx/cache.json

Example entries added to ea-nginx.conf:

map $host $CPANEL_APACHE_PROXY_IP {
    default 127.0.0.1;
}
map $host $CPANEL_APACHE_PROXY_PORT {
    default 81;
}


6.4 CloudFlare Compatibility


CloudFlare configuration is stored at:

/etc/nginx/conf.d/includes-optional/cloudflare.conf

If SSL logs do not show secure connections, adjust CloudFlare SSL settings.



6.5 File Access Restrictions


NGINX does not serve files beginning with .ht by default. Avoid placing restricted files in the document root or explicitly block them in configuration.



7. Log Files


NGINX uses logrotate for log rotation. WHM’s Apache log rotation settings do not apply.


NGINX logs all proxied requests; Apache does not log them.


Note: /usr/local/cpanel/scripts/runweblogs does not process NGINX logs.


7.1 Piped Logging


Log locations (domainname = domain):

  • SSL — /var/log/nginx/domains/domainname-ssl_log
  • Non-SSL — /var/log/nginx/domains/domainname
  • Bandwidth — /var/log/nginx/domains/domainname-bytes_log

General access log:

/var/log/nginx/access.log

7.2 Regular Logging (No Piped Logging)


  • SSL & Non-SSL — /var/log/nginx/domains/domainname
  • Bandwidth — /var/log/nginx/domains/domainname-bytes_log

These logs include an extra column in domainname:port format.



Conclusion


NGINX with reverse proxy enhances performance, caching, and request handling on cPanel & WHM servers. With optional modules, CloudFlare compatibility, optimized logging, and automatic Apache integration, administrators gain a powerful and flexible web-serving architecture.


ز

Written & researched by Dr. Shahin Siami

Next Article