Difference between revisions of "Nginx Installation and Configuration"

From Biowikifarm Metawiki
Jump to: navigation, search
m (location: check order)
 
(33 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
Based on  
 
Based on  
* http://www.howtoforge.com/installing-php-5.3-nginx-and-php-fpm-on-ubuntu-debian
 
 
* http://www.webhostingtalk.com/showthread.php?t=1025286 = for debian 6
 
* http://www.webhostingtalk.com/showthread.php?t=1025286 = for debian 6
 +
* http://www.howtoforge.com/installing-nginx-with-php5-and-mysql-support-on-debian-lenny
 +
* http://www.howtoforge.com/installing-php-5.3-nginx-and-php-fpm-on-ubuntu-debian
 +
* Very helpful for mediawiki: http://blog.bigdinosaur.org/mediawiki-on-nginx/
 +
* Interesting and authoritative, but covers only single mediawiki in root, not clear how to modify: http://wiki.nginx.org/MediaWiki
 +
* Mediawiki, very useful mediawiki-config-generator: http://shorturls.redwerks.org/
 +
* Highly recommended: http://www.nginx-discovery.com/2011/04/day-45-location-regexp-or-no-regexp.html
 +
* nginx behaves differently with respect to output flushing than apache, perhaps a solution here: http://www.justincarmony.com/blog/2011/01/24/php-nginx-and-output-flushing/
 +
 +
 +
__TOC__
 +
 +
== Installation ==
  
 
  sudo nano /etc/apt/sources.list
 
  sudo nano /etc/apt/sources.list
Line 13: Line 24:
 
  rm dotdeb.gpg
 
  rm dotdeb.gpg
  
Install:
+
Install nginx, fpm, new php:
 
  sudo apt-get update
 
  sudo apt-get update
  sudo apt-get install php5 php5-fpm php-pear php5-common php5-mcrypt php5-mysql php5-cli php5-gd
+
  sudo apt-get install php5 php5-fpm php-pear php5-common php5-mcrypt php5-mysql php5-cli php5-gd php5-curl php5-dev php5-imagick php5-imap php5-intl php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc
 +
sudo apt-get install libapache2-mod-php5 php5-apc
 
  sudo apt-get install nginx
 
  sudo apt-get install nginx
 +
 +
Apply "cgi.fix_pathinfo = 0;" in php.ini (security, avoid loading undesired php in a subfolder).
  
 
Change php-fpm configuration with:
 
Change php-fpm configuration with:
  sudo nano /etc/php5/fpm/php5-fpm.conf
+
  sudo nano /etc/php5/fpm/php-fpm.conf
 +
and
 +
sudo nano /etc/php5/fpm/pool.d/www.conf
 
setting:
 
setting:
 
  pm.max_children = 25
 
  pm.max_children = 25
Line 30: Line 46:
 
Change nginx configuration with:
 
Change nginx configuration with:
 
  sudo nano /etc/nginx/nginx.conf
 
  sudo nano /etc/nginx/nginx.conf
adding the settings for
+
adding various settings.
client_max_body_size 20M;
+
client_body_buffer_size 128k;
+
  
 
edit the default vhost config:
 
edit the default vhost config:
  cd /etc/nginx/sites-enabled; nano /etc/nginx/sites-available/default
+
  cd /etc/nginx/sites-enabled; nano /etc/nginx/sites-available/00_default
  
server {
+
* If you are running your own domain, see "Virtual Hosts" below.
                listen 80;
+
* To create symlinks for further vhost files like "www.example.com" under sites-enabled:
                server_name website.com www.website.com;
+
ln -s /etc/nginx/sites-available/www.example.com /etc/nginx/sites-enabled/www.example.com
  
                access_log /var/log/nginx/website.access_log;
 
                error_log /var/log/nginx/website.error_log;
 
  
                root /var/www/www.website.com;
 
                index index.php index.htm index.html;
 
  
                location ~ .php$ {
+
: NOTE: One failure we experienced was that we tested php with the phpinfo.php file, which, however, uses short php open tags. The default FPM-based php.ini in /etc/php5/fpm has short_open_tag = Off however. This initially and wrongly lead us to the conclusion that php was not working.
                  fastcgi_pass  127.0.0.1:9000;
+
                  fastcgi_index  index.php;
+
                  fastcgi_param  SCRIPT_FILENAME /var/www/www.website.com$fastcgi_script_name;
+
                  include fastcgi_params;
+
                }
+
      }
+
  
 +
: NOTE: for testing we used port 8880, which goes through bgbm (but not jki) firewalls.
  
 +
----
  
The original default file contains a note:
 
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini - we did change that.
 
  
 +
Restart apache, nginx and fpm (we still use apache for certain uses):
 +
sudo /usr/sbin/apache2ctl -k graceful && sudo service nginx restart && sudo service php5-fpm restart
 +
STOP:
 +
sudo /etc/init.d/php5-fpm stop; sudo /etc/init.d/nginx stop
  
(To create symlinks for further vhost files like "www.example.com" under sites-enabled:
+
== Configuration: Locations and Rewrites ==
ln -s /etc/nginx/sites-available/www.example.com /etc/nginx/sites-enabled/www.example.com
+
)
+
  
 +
See for instance <code>/etc/nginx/sites-available/default</code>
 +
* http://wiki.nginx.org/HttpRewriteModule
 +
* http://wiki.nginx.org/HttpCoreModule
  
'''NOT YET DONE OR CHECKED, our keys are elsewhere:'''
+
=== Cheat sheet ===
For ssl on port 443, copy and paste the entire vhost code into the bottom of the vhost file, change 'listen' to 443 and point to the ssl certs:
+
ssl on;
+
ssl_certificate /path/to/certificate/www.website.com.crt;
+
ssl_certificate_key /path/to/certificate_key/www.website.com.key;
+
  
 +
==== location ====
  
Restart php5-fpm and nginx:
+
'''Syntax:'''
  sudo /etc/init.d/php5-fpm restart; sudo /etc/init.d/nginx restart
+
  {{Nginx docurl|location}} [ = | ^~ | ~ | ~* ] uri { ... }
 +
{{Nginx docurl|location}} @name { … }
 +
'''Context:''' server, location
 +
'''Check order:'''
 +
  (1) {{Nginx docurl|location}} = string-uri { … }  exact, identical match (''stop'' further searching)
 +
  (2) {{Nginx docurl|location}} ^~ string-uri { … }  match beginning with (''stop'' further searching)
 +
  (3) {{Nginx docurl|location}} ~  regex-uri { ''case sensitive'' }  ┬ ''executed in order of appearance''
 +
  (3) {{Nginx docurl|location}} ~* regex-uri { ''case '''in'''sensitive'' } ┘
 +
  (4) {{Nginx docurl|location}} string-uri { … }
  
----
+
The order in which location directives are checked is as follows:
 +
: (1) Directives with the "=" prefix that match the query exactly (literal string). If found, searching stops.
 +
: (2) All "^~" prefixed locations with conventional strings. If it matches, searching stops.
 +
: (3) Regular expressions, in the order they are defined in the configuration file.
 +
: (4) All remaining directives with conventional strings, “most specific“ strings are executed:
 +
<syntaxhighlight lang="text" line="true" style="margin-left:1.5em;">
 +
location /w/ { … }
 +
location /w/images/details/ { … }
 +
location /w/images/a/ { … }
 +
</syntaxhighlight>
  
(TEMP: TO TEST on port 8183 first disable fedora:
+
<div class="pre-border-top-bottom-only pre-no-background">
  sudo /etc/init.d/fedora stop
+
              Examples of requests:   “/”    “/documents/document.html”  “/documents/1.jpg”
  sudo /etc/init.d/php5-fpm restart; sudo /etc/init.d/nginx restart
+
                                      │ “/index.html” │  “/images/1.gif”      │
TESTING
+
location = / {                      ←─┘      │        │        │              │  ← rank check order (1): matches the query / '''only'''
http://biowikifarm.net:8183/metawiki/index.php?title=Upgrades_and_Changes&diff=0&oldid=3936
+
  [ configuration A ]                        │        │        │              │
results in: "502 Bad Gateway - nginx/1.2.1"
+
  }                                            │        │        │              │
REVERT WITH:
+
location / {                                │        │        │              │  ← rank check order (4): matches any query
sudo /etc/init.d/php5-fpm stop; sudo /etc/init.d/nginx stop
+
  [ configuration B ]              ←────────┘        │        │              │    but regular expressions and any longer
sudo /etc/init.d/fedora start
+
}                                                      │        │              │    conventional blocks will be matched first
)
+
location /documents/ {                                │        │              │  ← rank check order (4)
 +
  [ configuration C ]              ←──────────────────┘        │              │
 +
}                                                                │              │
 +
location ^~ /images/ {                                          │              │  ← rank check order (2): matches any query ''beginning'' with /images/
 +
  [ configuration D ]              ←────────────────────────────┘              │    and halts searching, so regular expressions will not be checked.
 +
}                                                                              │
 +
location ~* \.(gif|jpg|jpeg)$ {                                                │  ← rank check order (3): matches any ''case insensitive'' request ending in gif, jpg, or jpeg
 +
  [ configuration E ]              ←───────────────────────────────────────────┘    except for those beginning with /images/ (=configuration D)
 +
}                                    (not to C, because regex is executed ''before'')
 +
</div>
 +
 
 +
==== rewrite, try_files ====
 +
 
 +
'''Syntax:'''
 +
{{Nginx docurl|rewrite}} regex replacement [flag];
 +
'''Context:''' server, location, if
 +
'''Check order rules:'''
 +
  * executed in order of appearance
 +
  * [flag] can terminate further processing of the directives
 +
    ├→ last → stops processing the current set of ngx_http_rewrite_module directives
 +
    │        and ''starts a search for a new location'' matching the changed URI;
 +
    ├→ break → stops processing the current set of ngx_http_rewrite_module directives as with the break directive;
 +
    ├→ redirect → returns a temporary redirect (302 code); used if a replacement string does not start with “http://” or “https://”.
 +
    └→ permanent → returns a permanent redirect (301 code)
 +
  * “http://” or “https://” begins the rewrite: the processing stops and the redirect is returned to a client
 +
 
 +
Examples (see also http://wiki.nginx.org/Pitfalls)
 +
<syntaxhighlight lang="apache" line="true" style="margin-left:1.5em;" highlight="8">
 +
location / {
 +
  # Redirect domain-only access (= no path given, w/o or with /) to default wiki:
 +
  # 302 → temporary redirect
 +
  # 301 → permanent redirect
 +
  return 301 "^[/]?$" /web/;
 +
}
 +
location ^~ /web/ {
 +
  try_files $uri $uri/ @do_wikipage; # if it fails try named location block @do_wikipage
 +
}
 +
location @do_wikipage {  # try as wiki page:
 +
  rewrite "^/web/?(.+)$" /w/index.php?title=$1&args redirect;  #(wiki reports 404 for non-existing pages! But can be created)
 +
}
 +
</syntaxhighlight>
 +
 
 +
===Virtual hosts===
 +
 
 +
Virtual host configurations are in /etc/nginx/sites-available
 +
They are linked from /etc/nginx/sites-enabled
 +
 
 +
The default configuration file (containing biowikifarm.net) is /etc/nginx/sites-available/00-default
 +
 
 +
This file is linked from /etc/nginx/sites-enabled/default
 +
 
 +
Each domain on biowikifarm (other than biowikifarm.net) has its own configuration file in sites-available.
 +
To create a new configuration, make a copy of default.dpkg-dist.
 +
To enable the domain, link it from sites-enabled.
 +
To test if the configuration is OK, run
 +
<syntaxhighlight lang="bash">
 +
sudo nginx -t
 +
sudo nginx -t -c /etc/nginx/nginx.conf # test a specific configuration file
 +
</syntaxhighlight>
 +
 
 +
Changes will take effect after you restart nginx.
 +
 
 +
The "old" configuration files (2014.12.05) are now in /etc/nginx/sites-available-backup
 +
 
 +
See also:
 +
*[https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-virtual-hosts-on-ubuntu-14-04-lts Nginx Server Blocks]
 +
*[http://colorer.sourceforge.net/eclipsecolorer/ Eclipse colorer] open with->other->colorer editor
 +
*[http://nginx.org/en/docs/ Nginx documentation]
 +
*[http://wiki.nginx.org/Configuration Nginx Configuration]
 +
*[http://wiki.nginx.org/Pitfalls Common Nginx configuration pitfalls]
 +
[[Category:Nginx]]

Latest revision as of 22:31, 7 February 2015

Based on


Installation

sudo nano /etc/apt/sources.list

add lines:

# necessary only for php-fpm, the php version for nginx:
deb http://packages.dotdeb.org stable all

Add the GnuPG key to your distribution:

wget http://www.dotdeb.org/dotdeb.gpg
cat dotdeb.gpg | sudo apt-key add -
rm dotdeb.gpg

Install nginx, fpm, new php:

sudo apt-get update
sudo apt-get install php5 php5-fpm php-pear php5-common php5-mcrypt php5-mysql php5-cli php5-gd php5-curl php5-dev php5-imagick php5-imap php5-intl php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc
sudo apt-get install libapache2-mod-php5 php5-apc
sudo apt-get install nginx

Apply "cgi.fix_pathinfo = 0;" in php.ini (security, avoid loading undesired php in a subfolder).

Change php-fpm configuration with:

sudo nano /etc/php5/fpm/php-fpm.conf

and

sudo nano /etc/php5/fpm/pool.d/www.conf

setting:

pm.max_children = 25
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pm.max_requests = 1500
request_terminate_timeout = 450s

Change nginx configuration with:

sudo nano /etc/nginx/nginx.conf

adding various settings.

edit the default vhost config:

cd /etc/nginx/sites-enabled; nano /etc/nginx/sites-available/00_default
  • If you are running your own domain, see "Virtual Hosts" below.
  • To create symlinks for further vhost files like "www.example.com" under sites-enabled:

ln -s /etc/nginx/sites-available/www.example.com /etc/nginx/sites-enabled/www.example.com


NOTE: One failure we experienced was that we tested php with the phpinfo.php file, which, however, uses short php open tags. The default FPM-based php.ini in /etc/php5/fpm has short_open_tag = Off however. This initially and wrongly lead us to the conclusion that php was not working.
NOTE: for testing we used port 8880, which goes through bgbm (but not jki) firewalls.


Restart apache, nginx and fpm (we still use apache for certain uses):

sudo /usr/sbin/apache2ctl -k graceful && sudo service nginx restart && sudo service php5-fpm restart

STOP:

sudo /etc/init.d/php5-fpm stop; sudo /etc/init.d/nginx stop

Configuration: Locations and Rewrites

See for instance /etc/nginx/sites-available/default

Cheat sheet

location

Syntax:
location [ = | ^~ | ~ | ~* ] uri { ... }
location @name { … }
Context: server, location
Check order:
  (1) location = string-uri { … }   exact, identical match (stop further searching)
  (2) location ^~ string-uri { … }  match beginning with (stop further searching)
  (3) location ~  regex-uri { case sensitive }   ┬ executed in order of appearance
  (3) location ~* regex-uri { case insensitive } ┘
  (4) location string-uri { … }

The order in which location directives are checked is as follows:

(1) Directives with the "=" prefix that match the query exactly (literal string). If found, searching stops.
(2) All "^~" prefixed locations with conventional strings. If it matches, searching stops.
(3) Regular expressions, in the order they are defined in the configuration file.
(4) All remaining directives with conventional strings, “most specific“ strings are executed:
1 location /w/ { … }
2 location /w/images/details/ { … }
3 location /w/images/a/ { … }
             Examples of requests:   “/”     “/documents/document.html”   “/documents/1.jpg”
                                      │ “/index.html”  │  “/images/1.gif”       │
location = / {                      ←─┘      │         │         │              │  ← rank check order (1): matches the query / only
  [ configuration A ]                        │         │         │              │
}                                            │         │         │              │
location / {                                 │         │         │              │  ← rank check order (4): matches any query
  [ configuration B ]               ←────────┘         │         │              │    but regular expressions and any longer
}                                                      │         │              │    conventional blocks will be matched first
location /documents/ {                                 │         │              │  ← rank check order (4)
  [ configuration C ]               ←──────────────────┘         │              │
}                                                                │              │
location ^~ /images/ {                                           │              │  ← rank check order (2): matches any query beginning with /images/
  [ configuration D ]               ←────────────────────────────┘              │    and halts searching, so regular expressions will not be checked.
}                                                                               │
location ~* \.(gif|jpg|jpeg)$ {                                                 │  ← rank check order (3): matches any case insensitive request ending in gif, jpg, or jpeg
  [ configuration E ]               ←───────────────────────────────────────────┘    except for those beginning with /images/ (=configuration D)
}                                    (not to C, because regex is executed before)

rewrite, try_files

Syntax:
rewrite regex replacement [flag];
Context: server, location, if
Check order rules:
 * executed in order of appearance
 * [flag] can terminate further processing of the directives
    ├→ last → stops processing the current set of ngx_http_rewrite_module directives 
    │         and starts a search for a new location matching the changed URI;
    ├→ break → stops processing the current set of ngx_http_rewrite_module directives as with the break directive;
    ├→ redirect → returns a temporary redirect (302 code); used if a replacement string does not start with “http://” or “https://”.
    └→ permanent → returns a permanent redirect (301 code)
 * “http://” or “https://” begins the rewrite: the processing stops and the redirect is returned to a client

Examples (see also http://wiki.nginx.org/Pitfalls)

 1 location / {
 2   # Redirect domain-only access (= no path given, w/o or with /) to default wiki:
 3   # 302 → temporary redirect
 4   # 301 → permanent redirect
 5   return 301 "^[/]?$" /web/;
 6 }
 7 location ^~ /web/ {
 8   try_files $uri $uri/ @do_wikipage; # if it fails try named location block @do_wikipage
 9 }
10 location @do_wikipage {   # try as wiki page:
11   rewrite "^/web/?(.+)$" /w/index.php?title=$1&args redirect;  #(wiki reports 404 for non-existing pages! But can be created)
12 }

Virtual hosts

Virtual host configurations are in /etc/nginx/sites-available They are linked from /etc/nginx/sites-enabled

The default configuration file (containing biowikifarm.net) is /etc/nginx/sites-available/00-default

This file is linked from /etc/nginx/sites-enabled/default

Each domain on biowikifarm (other than biowikifarm.net) has its own configuration file in sites-available. To create a new configuration, make a copy of default.dpkg-dist. To enable the domain, link it from sites-enabled. To test if the configuration is OK, run

sudo nginx -t
sudo nginx -t -c /etc/nginx/nginx.conf # test a specific configuration file

Changes will take effect after you restart nginx.

The "old" configuration files (2014.12.05) are now in /etc/nginx/sites-available-backup

See also: