Difference between revisions of "Nginx Installation and Configuration"

From Biowikifarm Metawiki
Jump to: navigation, search
Line 22: Line 22:
  
 
Change php-fpm configuration with:
 
Change php-fpm configuration with:
  sudo nano /etc/php5/fpm/php5-fpm.conf
+
  sudo nano /etc/php5/fpm/php-fpm.conf
 +
and mostly
 +
sudo nano /etc/php5/fpm/pool.d/www.conf
 
setting:
 
setting:
 
  pm.max_children = 25
 
  pm.max_children = 25
Line 40: Line 42:
 
  cd /etc/nginx/sites-enabled; nano /etc/nginx/sites-available/default
 
  cd /etc/nginx/sites-enabled; nano /etc/nginx/sites-available/default
  
server {
+
(so far it never worked, but here a copy of our tests:)
                listen 80;
+
                server_name website.com www.website.com;
+
  
                access_log /var/log/nginx/website.access_log;
+
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
                error_log /var/log/nginx/website.error_log;
+
location ~ \.php$ {
 +
# NOTE 1: You should have "cgi.fix_pathinfo = 0;" in php.ini to
 +
# prevent break-ins, else if non-existing file 123.txt/x.php is
 +
# passed, php may execute 123.txt! (or even ".jpg", which may contain embedded php...)
 +
# NOTE 2: the following also may prevent this, serving ONLY the file itself:
 +
try_files $uri =404;
 +
include fastcgi_params;
 +
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 +
# TEST FILE: /var/www/phpinfo_1417869461139.php;
 +
fastcgi_index index.php;
  
                root /var/www/www.website.com;
+
### NOT SURE WHETHER NECESSARY:
                index index.php index.htm index.html;
+
fastcgi_split_path_info ^(.+\.php)(/.+)$;
  
                location ~ .php$ {
+
# With php5-cgi on 9001:
                  fastcgi_pass  127.0.0.1:9000;
+
# fastcgi_pass 127.0.0.1:9001;
                  fastcgi_index index.php;
+
# With php5-fpm on 9000:
                  fastcgi_param  SCRIPT_FILENAME /var/www/www.website.com$fastcgi_script_name;
+
# fastcgi_pass  127.0.0.1:9000;
                  include fastcgi_params;
+
# With php5-fpm on sock (note that the listen directive
                }
+
# /etc/php5/fpm/pool.d/www.conf has to reflect this:
      }
+
fastcgi_pass unix:/var/run/php5-fpm.sock;
 +
}
  
 
+
NOTE: The security change "cgi.fix_pathinfo = 0;" in php.ini was applied on biowikifarm.
 
+
The original default file contains a note:
+
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini - we did change that.
+
  
  
Line 77: Line 84:
  
 
Restart php5-fpm and nginx:
 
Restart php5-fpm and nginx:
  sudo /etc/init.d/php5-fpm restart; sudo /etc/init.d/nginx restart
+
  ''' sudo /etc/init.d/php5-fpm restart && sudo /etc/init.d/nginx restart'''
 +
STOP:
 +
sudo /etc/init.d/php5-fpm stop; sudo /etc/init.d/nginx stop
  
  
----
 
 
change from sock to 9000 port:
 
 
        location ~ \.php$ {
 
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
 
                # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
 
 
                # With php5-cgi alone:
 
                fastcgi_pass 127.0.0.1:9000;
 
                # With php5-fpm:
 
                #fastcgi_pass unix:/var/run/php5-fpm.sock;
 
                fastcgi_index index.php;
 
                include fastcgi_params;
 
        }
 
  
 
----
 
----
  
Neu:
+
TRYING php5-cgi:
sudo apt-get install php5-cgi
+
see http://wiki.nginx.org/PHPFcgiExample
 
+
sudo apt-get install php5-cgi
http://wiki.nginx.org/PHPFcgiExample
+
 
+
/etc/php5/fpm/php-fpm.conf
+
 
+
  
 +
Same situation, php does not execute.
  
 
----
 
----
  
(TEMP: TO TEST on port 8183 first disable fedora:
+
(TEMP: TESTING NOW ON port 8880, TEST URLs:
sudo /etc/init.d/fedora stop
+
http://biowikifarm.net:8880/phpinfo_1417869461139.php
sudo /etc/init.d/php5-fpm restart; sudo /etc/init.d/nginx restart
+
http://biowikifarm.net:8880/metawiki/index.php?title=Upgrades_and_Changes&diff=0&oldid=3936
TESTING
+
http://biowikifarm.net:8183/metawiki/index.php?title=Upgrades_and_Changes&diff=0&oldid=3936
+
results in: "502 Bad Gateway - nginx/1.2.1"
+
REVERT WITH:
+
sudo /etc/init.d/php5-fpm stop; sudo /etc/init.d/nginx stop
+
sudo /etc/init.d/fedora start
+
 
)
 
)
 
 
 
 
Test port: next time try 8880!
 

Revision as of 00:35, 29 June 2012

Based on

Protocol of preliminary work done so far: 

sudo nano /etc/apt/sources.list

add lines: 

# necessary only for php-fpm, the php version for nginx:
deb http://packages.dotdeb.org stable all

Add the GnuPG key to your distribution: 

wget http://www.dotdeb.org/dotdeb.gpg
cat dotdeb.gpg | sudo apt-key add -
rm dotdeb.gpg

Install: 

sudo apt-get update
sudo apt-get install php5 php5-fpm php-pear php5-common php5-mcrypt php5-mysql php5-cli php5-gd
sudo apt-get install nginx

Change php-fpm configuration with: 

sudo nano /etc/php5/fpm/php-fpm.conf

and mostly 

sudo nano /etc/php5/fpm/pool.d/www.conf

setting: 

pm.max_children = 25
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pm.max_requests = 1500
request_terminate_timeout = 450s

Change nginx configuration with: 

sudo nano /etc/nginx/nginx.conf

adding the settings for 

client_max_body_size 20M;
client_body_buffer_size 128k;

edit the default vhost config: 

cd /etc/nginx/sites-enabled; nano /etc/nginx/sites-available/default

(so far it never worked, but here a copy of our tests:)

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 location ~ \.php$ { # NOTE 1: You should have "cgi.fix_pathinfo = 0;" in php.ini to # prevent break-ins, else if non-existing file 123.txt/x.php is # passed, php may execute 123.txt! (or even ".jpg", which may contain embedded php...) # NOTE 2: the following also may prevent this, serving ONLY the file itself: try_files $uri =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # TEST FILE: /var/www/phpinfo_1417869461139.php; fastcgi_index index.php;

### NOT SURE WHETHER NECESSARY: fastcgi_split_path_info ^(.+\.php)(/.+)$;

# With php5-cgi on 9001: # fastcgi_pass 127.0.0.1:9001; # With php5-fpm on 9000: # fastcgi_pass 127.0.0.1:9000; # With php5-fpm on sock (note that the listen directive # /etc/php5/fpm/pool.d/www.conf has to reflect this: fastcgi_pass unix:/var/run/php5-fpm.sock; }

NOTE: The security change "cgi.fix_pathinfo = 0;" in php.ini was applied on biowikifarm.


(To create symlinks for further vhost files like "www.example.com" under sites-enabled: 

ln -s /etc/nginx/sites-available/www.example.com /etc/nginx/sites-enabled/www.example.com

)


NOT YET DONE OR CHECKED, our keys are elsewhere: For ssl on port 443, copy and paste the entire vhost code into the bottom of the vhost file, change 'listen' to 443 and point to the ssl certs: 

ssl on;
ssl_certificate /path/to/certificate/www.website.com.crt;
ssl_certificate_key /path/to/certificate_key/www.website.com.key;


Restart php5-fpm and nginx: 

 sudo /etc/init.d/php5-fpm restart && sudo /etc/init.d/nginx restart

STOP: 

sudo /etc/init.d/php5-fpm stop; sudo /etc/init.d/nginx stop


TRYING php5-cgi: see http://wiki.nginx.org/PHPFcgiExample 

sudo apt-get install php5-cgi

Same situation, php does not execute.

(TEMP: TESTING NOW ON port 8880, TEST URLs: http://biowikifarm.net:8880/phpinfo_1417869461139.php http://biowikifarm.net:8880/metawiki/index.php?title=Upgrades_and_Changes&diff=0&oldid=3936 )

Retrieved from "https://biowikifarm.net/metawiki/index.php?title=Nginx_Installation_and_Configuration&oldid=4010"