Nginx Installation and Configuration
Based on
- http://www.webhostingtalk.com/showthread.php?t=1025286 = for debian 6
- http://www.howtoforge.com/installing-nginx-with-php5-and-mysql-support-on-debian-lenny
- http://www.howtoforge.com/installing-php-5.3-nginx-and-php-fpm-on-ubuntu-debian
- http://blog.bigdinosaur.org/mediawiki-on-nginx/
Protocol of work done so far:
sudo nano /etc/apt/sources.list
add lines:
# necessary only for php-fpm, the php version for nginx: deb http://packages.dotdeb.org stable all
Add the GnuPG key to your distribution:
wget http://www.dotdeb.org/dotdeb.gpg cat dotdeb.gpg | sudo apt-key add - rm dotdeb.gpg
Install:
sudo apt-get update sudo apt-get install php5 php5-fpm php-pear php5-common php5-mcrypt php5-mysql php5-cli php5-gd sudo apt-get install nginx
Change php-fpm configuration with:
sudo nano /etc/php5/fpm/php-fpm.conf
and mostly
sudo nano /etc/php5/fpm/pool.d/www.conf
setting:
pm.max_children = 25 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 10 pm.max_requests = 1500 request_terminate_timeout = 450s
Change nginx configuration with:
sudo nano /etc/nginx/nginx.conf
adding the settings for
client_max_body_size 20M; client_body_buffer_size 128k;
edit the default vhost config:
cd /etc/nginx/sites-enabled; nano /etc/nginx/sites-available/default
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 location ~ \.php$ { # NOTE 1: You should have "cgi.fix_pathinfo = 0;" in php.ini to # prevent break-ins, else if non-existing file 123.txt/x.php is # passed, php may execute 123.txt! (or even ".jpg", which may contain embedded php...) # NOTE 2: the following also may prevent this, serving ONLY the file itself: try_files $uri =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # TEST FILE: /var/www/phpinfo_1417869461139.php; fastcgi_index index.php;
### NOT SURE WHETHER NECESSARY: fastcgi_split_path_info ^(.+\.php)(/.+)$;
# With php5-cgi on 9001: # fastcgi_pass 127.0.0.1:9001; # With php5-fpm on 9000: # fastcgi_pass 127.0.0.1:9000; # With php5-fpm on sock (note that the listen directive # /etc/php5/fpm/pool.d/www.conf has to reflect this: fastcgi_pass unix:/var/run/php5-fpm.sock; }
NOTE: The security change "cgi.fix_pathinfo = 0;" in php.ini was applied on biowikifarm.
NOTE: One failure we experienced was that we tested php with the phpinfo.php file, which, however, uses short php open tags. The default FPM-based php.ini in /etc/php5/fpm has short_open_tag = Off however. This initially and wrongly lead us to the conclusion that php was not working.
(To create symlinks for further vhost files like "www.example.com" under sites-enabled:
ln -s /etc/nginx/sites-available/www.example.com /etc/nginx/sites-enabled/www.example.com
)
NOT YET DONE OR CHECKED, our keys are elsewhere:
For ssl on port 443, copy and paste the entire vhost code into the bottom of the vhost file, change 'listen' to 443 and point to the ssl certs:
ssl on; ssl_certificate /path/to/certificate/www.website.com.crt; ssl_certificate_key /path/to/certificate_key/www.website.com.key;
Restart php5-fpm and nginx:
sudo /etc/init.d/php5-fpm restart && sudo /etc/init.d/nginx restart
STOP:
sudo /etc/init.d/php5-fpm stop; sudo /etc/init.d/nginx stop
(TEMP: TESTING NOW ON port 8880, TEST URLs: http://biowikifarm.net:8880/phpinfo_1417869461139.php http://biowikifarm.net:8880/metawiki/index.php?title=Upgrades_and_Changes&diff=0&oldid=3936 )