Nginx Installation and Configuration

From Biowikifarm Metawiki
Revision as of 04:46, 30 June 2012 by Gregor Hagedorn (Talk | contribs)

Jump to: navigation, search

Based on

Protocol of work done so far:

sudo nano /etc/apt/sources.list

add lines:

# necessary only for php-fpm, the php version for nginx:
deb http://packages.dotdeb.org stable all

Add the GnuPG key to your distribution:

wget http://www.dotdeb.org/dotdeb.gpg
cat dotdeb.gpg | sudo apt-key add -
rm dotdeb.gpg

Install:

sudo apt-get update
sudo apt-get install php5 php5-fpm php-pear php5-common php5-mcrypt php5-mysql php5-cli php5-gd
sudo apt-get install nginx

Change php-fpm configuration with:

sudo nano /etc/php5/fpm/php-fpm.conf

and mostly

sudo nano /etc/php5/fpm/pool.d/www.conf

setting:

pm.max_children = 25
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pm.max_requests = 1500
request_terminate_timeout = 450s

Change nginx configuration with:

sudo nano /etc/nginx/nginx.conf

adding the settings for

client_max_body_size 20M;
client_body_buffer_size 128k;

edit the default vhost config:

cd /etc/nginx/sites-enabled; nano /etc/nginx/sites-available/default

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 location ~ \.php$ { # NOTE 1: You should have "cgi.fix_pathinfo = 0;" in php.ini to # prevent break-ins, else if non-existing file 123.txt/x.php is # passed, php may execute 123.txt! (or even ".jpg", which may contain embedded php...) # NOTE 2: the following also may prevent this, serving ONLY the file itself: try_files $uri =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # TEST FILE: /var/www/phpinfo_1417869461139.php; fastcgi_index index.php;

### NOT SURE WHETHER NECESSARY: fastcgi_split_path_info ^(.+\.php)(/.+)$;

# With php5-cgi on 9001: # fastcgi_pass 127.0.0.1:9001; # With php5-fpm on 9000: # fastcgi_pass 127.0.0.1:9000; # With php5-fpm on sock (note that the listen directive # /etc/php5/fpm/pool.d/www.conf has to reflect this: fastcgi_pass unix:/var/run/php5-fpm.sock; }

NOTE: The security change "cgi.fix_pathinfo = 0;" in php.ini was applied on biowikifarm.

NOTE: One failure we experienced was that we tested php with the phpinfo.php file, which, however, uses short php open tags. The default FPM-based php.ini in /etc/php5/fpm has short_open_tag = Off however. This initially and wrongly lead us to the conclusion that php was not working.


(To create symlinks for further vhost files like "www.example.com" under sites-enabled:

ln -s /etc/nginx/sites-available/www.example.com /etc/nginx/sites-enabled/www.example.com

)


NOT YET DONE OR CHECKED, our keys are elsewhere: For ssl on port 443, copy and paste the entire vhost code into the bottom of the vhost file, change 'listen' to 443 and point to the ssl certs:

ssl on;
ssl_certificate /path/to/certificate/www.website.com.crt;
ssl_certificate_key /path/to/certificate_key/www.website.com.key;


Restart php5-fpm and nginx:

 sudo /etc/init.d/php5-fpm restart && sudo /etc/init.d/nginx restart

STOP:

sudo /etc/init.d/php5-fpm stop; sudo /etc/init.d/nginx stop



(TEMP: TESTING NOW ON port 8880, TEST URLs: http://biowikifarm.net:8880/phpinfo_1417869461139.php http://biowikifarm.net:8880/metawiki/index.php?title=Upgrades_and_Changes&diff=0&oldid=3936 )