Difference between revisions of "Nginx Installation and Configuration"

From Biowikifarm Metawiki
Jump to: navigation, search
Line 6: Line 6:
 
* Interesting and authoritative, but covers only single mediawiki in root, not clear how to modify: http://wiki.nginx.org/MediaWiki
 
* Interesting and authoritative, but covers only single mediawiki in root, not clear how to modify: http://wiki.nginx.org/MediaWiki
 
* Mediawiki, very useful mediawiki-config-generator: http://shorturls.redwerks.org/
 
* Mediawiki, very useful mediawiki-config-generator: http://shorturls.redwerks.org/
 +
* Highly recommended: http://www.nginx-discovery.com/2011/04/day-45-location-regexp-or-no-regexp.html
  
'''Protocol of work done so far:'''
+
'''Installation:'''
  
 
  sudo nano /etc/apt/sources.list
 
  sudo nano /etc/apt/sources.list
Line 19: Line 20:
 
  rm dotdeb.gpg
 
  rm dotdeb.gpg
  
Install:
+
Install nginx, fpm, new php:
 
  sudo apt-get update
 
  sudo apt-get update
  sudo apt-get install php5 php5-fpm php-pear php5-common php5-mcrypt php5-mysql php5-cli php5-gd
+
  sudo apt-get install php5 php5-fpm php-pear php5-common php5-mcrypt php5-mysql php5-cli php5-gd php5-curl php5-dev php5-imagick php5-imap php5-intl php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc
 +
sudo apt-get install libapache2-mod-php5 php5-apc
 
  sudo apt-get install nginx
 
  sudo apt-get install nginx
 +
 +
Apply "cgi.fix_pathinfo = 0;" in php.ini (security, avoid loading undesired php in a subfolder).
  
 
Change php-fpm configuration with:
 
Change php-fpm configuration with:
 
  sudo nano /etc/php5/fpm/php-fpm.conf
 
  sudo nano /etc/php5/fpm/php-fpm.conf
and mostly
+
and
 
  sudo nano /etc/php5/fpm/pool.d/www.conf
 
  sudo nano /etc/php5/fpm/pool.d/www.conf
 
setting:
 
setting:
Line 38: Line 42:
 
Change nginx configuration with:
 
Change nginx configuration with:
 
  sudo nano /etc/nginx/nginx.conf
 
  sudo nano /etc/nginx/nginx.conf
adding the settings for
+
adding various settings.
client_max_body_size 20M;
+
client_body_buffer_size 128k;
+
  
 
edit the default vhost config:
 
edit the default vhost config:
 
  cd /etc/nginx/sites-enabled; nano /etc/nginx/sites-available/default
 
  cd /etc/nginx/sites-enabled; nano /etc/nginx/sites-available/default
 
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
 
location ~ \.php$ {
 
# NOTE 1: You should have "cgi.fix_pathinfo = 0;" in php.ini to
 
# prevent break-ins, else if non-existing file 123.txt/x.php is
 
# passed, php may execute 123.txt! (or even ".jpg", which may contain embedded php...)
 
# NOTE 2: the following also may prevent this, serving ONLY the file itself:
 
try_files $uri =404;
 
include fastcgi_params;
 
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 
# TEST FILE: /var/www/phpinfo_1417869461139.php;
 
fastcgi_index index.php;
 
 
### NOT SURE WHETHER NECESSARY:
 
fastcgi_split_path_info ^(.+\.php)(/.+)$;
 
 
# With php5-cgi on 9001:
 
# fastcgi_pass 127.0.0.1:9001;
 
# With php5-fpm on 9000:
 
# fastcgi_pass  127.0.0.1:9000;
 
# With php5-fpm on sock (note that the listen directive
 
#  /etc/php5/fpm/pool.d/www.conf has to reflect this:
 
fastcgi_pass unix:/var/run/php5-fpm.sock;
 
}
 
 
NOTE: The security change "cgi.fix_pathinfo = 0;" in php.ini was applied on biowikifarm.
 
 
NOTE: One failure we experienced was that we tested php with the phpinfo.php file, which, however, uses short php open tags. The default FPM-based php.ini in /etc/php5/fpm has short_open_tag = Off however. This initially and wrongly lead us to the conclusion that php was not working.
 
 
  
 
(To create symlinks for further vhost files like "www.example.com" under sites-enabled:
 
(To create symlinks for further vhost files like "www.example.com" under sites-enabled:
Line 79: Line 52:
  
  
'''NOT YET DONE OR CHECKED, our keys are elsewhere:'''
+
: NOTE: One failure we experienced was that we tested php with the phpinfo.php file, which, however, uses short php open tags. The default FPM-based php.ini in /etc/php5/fpm has short_open_tag = Off however. This initially and wrongly lead us to the conclusion that php was not working.
For ssl on port 443, copy and paste the entire vhost code into the bottom of the vhost file, change 'listen' to 443 and point to the ssl certs:
+
ssl on;
+
ssl_certificate /path/to/certificate/www.website.com.crt;
+
ssl_certificate_key /path/to/certificate_key/www.website.com.key;
+
  
 +
: NOTE: for testing we used port 8880, which goes through bgbm (but not jki) firewalls.
  
 +
----
 +
 +
 +
Restart apache and nginx (we still use apache for certain uses):
 +
sudo /usr/sbin/apache2ctl -k graceful  && sudo /etc/init.d/nginx restart 
 
Restart php5-fpm and nginx:
 
Restart php5-fpm and nginx:
 
  ''' sudo /etc/init.d/php5-fpm restart && sudo /etc/init.d/nginx restart'''
 
  ''' sudo /etc/init.d/php5-fpm restart && sudo /etc/init.d/nginx restart'''
 
STOP:
 
STOP:
 
  sudo /etc/init.d/php5-fpm stop; sudo /etc/init.d/nginx stop
 
  sudo /etc/init.d/php5-fpm stop; sudo /etc/init.d/nginx stop
 
 
 
----
 
 
(TEMP: TESTING NOW ON port 8880, TEST URLs:
 
http://biowikifarm.net:8880/phpinfo_1417869461139.php
 
http://biowikifarm.net:8880/metawiki/index.php?title=Upgrades_and_Changes&diff=0&oldid=3936
 
)
 

Revision as of 22:55, 15 September 2012

Based on

Installation: 

sudo nano /etc/apt/sources.list

add lines: 

# necessary only for php-fpm, the php version for nginx:
deb http://packages.dotdeb.org stable all

Add the GnuPG key to your distribution: 

wget http://www.dotdeb.org/dotdeb.gpg
cat dotdeb.gpg | sudo apt-key add -
rm dotdeb.gpg

Install nginx, fpm, new php: 

sudo apt-get update
sudo apt-get install php5 php5-fpm php-pear php5-common php5-mcrypt php5-mysql php5-cli php5-gd php5-curl php5-dev php5-imagick php5-imap php5-intl php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc
sudo apt-get install libapache2-mod-php5 php5-apc
sudo apt-get install nginx

Apply "cgi.fix_pathinfo = 0;" in php.ini (security, avoid loading undesired php in a subfolder).

Change php-fpm configuration with: 

sudo nano /etc/php5/fpm/php-fpm.conf

and 

sudo nano /etc/php5/fpm/pool.d/www.conf

setting: 

pm.max_children = 25
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pm.max_requests = 1500
request_terminate_timeout = 450s

Change nginx configuration with: 

sudo nano /etc/nginx/nginx.conf

adding various settings.

edit the default vhost config: 

cd /etc/nginx/sites-enabled; nano /etc/nginx/sites-available/default

(To create symlinks for further vhost files like "www.example.com" under sites-enabled: 

ln -s /etc/nginx/sites-available/www.example.com /etc/nginx/sites-enabled/www.example.com

)


NOTE: One failure we experienced was that we tested php with the phpinfo.php file, which, however, uses short php open tags. The default FPM-based php.ini in /etc/php5/fpm has short_open_tag = Off however. This initially and wrongly lead us to the conclusion that php was not working.
NOTE: for testing we used port 8880, which goes through bgbm (but not jki) firewalls.


Restart apache and nginx (we still use apache for certain uses): 

sudo /usr/sbin/apache2ctl -k graceful  && sudo /etc/init.d/nginx restart

Restart php5-fpm and nginx: 

 sudo /etc/init.d/php5-fpm restart && sudo /etc/init.d/nginx restart

STOP: 

sudo /etc/init.d/php5-fpm stop; sudo /etc/init.d/nginx stop
Retrieved from "https://biowikifarm.net/metawiki/index.php?title=Nginx_Installation_and_Configuration&oldid=4081"