Difference between revisions of "Nginx Installation and Configuration"
Line 3: | Line 3: | ||
* http://www.howtoforge.com/installing-nginx-with-php5-and-mysql-support-on-debian-lenny | * http://www.howtoforge.com/installing-nginx-with-php5-and-mysql-support-on-debian-lenny | ||
* http://www.howtoforge.com/installing-php-5.3-nginx-and-php-fpm-on-ubuntu-debian | * http://www.howtoforge.com/installing-php-5.3-nginx-and-php-fpm-on-ubuntu-debian | ||
+ | * http://blog.bigdinosaur.org/mediawiki-on-nginx/ | ||
− | '''Protocol of | + | '''Protocol of work done so far:''' |
sudo nano /etc/apt/sources.list | sudo nano /etc/apt/sources.list | ||
Line 41: | Line 42: | ||
edit the default vhost config: | edit the default vhost config: | ||
cd /etc/nginx/sites-enabled; nano /etc/nginx/sites-available/default | cd /etc/nginx/sites-enabled; nano /etc/nginx/sites-available/default | ||
− | |||
− | |||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 | # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 | ||
Line 69: | Line 68: | ||
NOTE: The security change "cgi.fix_pathinfo = 0;" in php.ini was applied on biowikifarm. | NOTE: The security change "cgi.fix_pathinfo = 0;" in php.ini was applied on biowikifarm. | ||
+ | |||
+ | NOTE: One failure we experienced was that we tested php with the phpinfo.php file, which, however, uses short php open tags. The default FPM-based php.ini in /etc/php5/fpm has short_open_tag = Off however. This initially and wrongly lead us to the conclusion that php was not working. | ||
Line 89: | Line 90: | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
---- | ---- |
Revision as of 04:46, 30 June 2012
Based on
- http://www.webhostingtalk.com/showthread.php?t=1025286 = for debian 6
- http://www.howtoforge.com/installing-nginx-with-php5-and-mysql-support-on-debian-lenny
- http://www.howtoforge.com/installing-php-5.3-nginx-and-php-fpm-on-ubuntu-debian
- http://blog.bigdinosaur.org/mediawiki-on-nginx/
Protocol of work done so far:
sudo nano /etc/apt/sources.list
add lines:
# necessary only for php-fpm, the php version for nginx: deb http://packages.dotdeb.org stable all
Add the GnuPG key to your distribution:
wget http://www.dotdeb.org/dotdeb.gpg cat dotdeb.gpg | sudo apt-key add - rm dotdeb.gpg
Install:
sudo apt-get update sudo apt-get install php5 php5-fpm php-pear php5-common php5-mcrypt php5-mysql php5-cli php5-gd sudo apt-get install nginx
Change php-fpm configuration with:
sudo nano /etc/php5/fpm/php-fpm.conf
and mostly
sudo nano /etc/php5/fpm/pool.d/www.conf
setting:
pm.max_children = 25 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 10 pm.max_requests = 1500 request_terminate_timeout = 450s
Change nginx configuration with:
sudo nano /etc/nginx/nginx.conf
adding the settings for
client_max_body_size 20M; client_body_buffer_size 128k;
edit the default vhost config:
cd /etc/nginx/sites-enabled; nano /etc/nginx/sites-available/default
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 location ~ \.php$ { # NOTE 1: You should have "cgi.fix_pathinfo = 0;" in php.ini to # prevent break-ins, else if non-existing file 123.txt/x.php is # passed, php may execute 123.txt! (or even ".jpg", which may contain embedded php...) # NOTE 2: the following also may prevent this, serving ONLY the file itself: try_files $uri =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # TEST FILE: /var/www/phpinfo_1417869461139.php; fastcgi_index index.php;
### NOT SURE WHETHER NECESSARY: fastcgi_split_path_info ^(.+\.php)(/.+)$;
# With php5-cgi on 9001: # fastcgi_pass 127.0.0.1:9001; # With php5-fpm on 9000: # fastcgi_pass 127.0.0.1:9000; # With php5-fpm on sock (note that the listen directive # /etc/php5/fpm/pool.d/www.conf has to reflect this: fastcgi_pass unix:/var/run/php5-fpm.sock; }
NOTE: The security change "cgi.fix_pathinfo = 0;" in php.ini was applied on biowikifarm.
NOTE: One failure we experienced was that we tested php with the phpinfo.php file, which, however, uses short php open tags. The default FPM-based php.ini in /etc/php5/fpm has short_open_tag = Off however. This initially and wrongly lead us to the conclusion that php was not working.
(To create symlinks for further vhost files like "www.example.com" under sites-enabled:
ln -s /etc/nginx/sites-available/www.example.com /etc/nginx/sites-enabled/www.example.com
)
NOT YET DONE OR CHECKED, our keys are elsewhere:
For ssl on port 443, copy and paste the entire vhost code into the bottom of the vhost file, change 'listen' to 443 and point to the ssl certs:
ssl on; ssl_certificate /path/to/certificate/www.website.com.crt; ssl_certificate_key /path/to/certificate_key/www.website.com.key;
Restart php5-fpm and nginx:
sudo /etc/init.d/php5-fpm restart && sudo /etc/init.d/nginx restart
STOP:
sudo /etc/init.d/php5-fpm stop; sudo /etc/init.d/nginx stop
(TEMP: TESTING NOW ON port 8880, TEST URLs: http://biowikifarm.net:8880/phpinfo_1417869461139.php http://biowikifarm.net:8880/metawiki/index.php?title=Upgrades_and_Changes&diff=0&oldid=3936 )