Nginx web server

Use cases and architecture of the web server

An Nginx-based web server architecture with virtualization and containerization provides a dependable hosting platform for websites, web applications, and internal services. This design suits organizations requiring secure on-premises web hosting.

A key advantage is independence from external hosting providers and related constraints. Data remains on-premises, and internal services can operate without Internet access.

Physical server

A physical host running the Xen hypervisor enables full control and reliability and guarantees performance for mission-critical workloads. This approach is important when meeting security requirements for a private infrastructure and for keeping sensitive data in-house.

Domain 0 (Dom0)

The privileged virtual machine Domain 0 (Dom0) is responsible for launching and managing guest VMs and for controlling network interfaces and block devices. Physical disks are combined using software RAID (MD) to create fault-tolerant storage. LVM (Logical Volume Manager) provides flexible storage management — creating, resizing, and deleting logical volumes without rebooting. Block-device replication via DRBD is used to protect data in case of failures and to ensure high availability.

Web / Docker

The web platform and auxiliary services are deployed inside a dedicated virtual machine and Docker containers, providing modularity, isolation, and ease of maintenance.

Web subsystem

At the core sits Nginx — a high-performance, reliable web server that can also function as a reverse proxy and load balancer. In the presented architecture, PHP execution is handled in a container using FPM (FastCGI Process Manager).

Supporting components

Required auxiliary services include a MySQL-compatible database, an LDAP directory for user accounts, an SSH daemon (sshd) for secure administrative access, and Borg for backups.

For secure HTTPS operation, Certbot is integrated for automatic issuance and renewal of Let’s Encrypt certificates.