Nginx Installation and Configuration

From Biowikifarm Metawiki
Revision as of 22:31, 7 February 2015 by Andreas Plank (Talk | contribs) (location: check order)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Based on


Installation

sudo nano /etc/apt/sources.list

add lines:

# necessary only for php-fpm, the php version for nginx:
deb http://packages.dotdeb.org stable all

Add the GnuPG key to your distribution:

wget http://www.dotdeb.org/dotdeb.gpg
cat dotdeb.gpg | sudo apt-key add -
rm dotdeb.gpg

Install nginx, fpm, new php:

sudo apt-get update
sudo apt-get install php5 php5-fpm php-pear php5-common php5-mcrypt php5-mysql php5-cli php5-gd php5-curl php5-dev php5-imagick php5-imap php5-intl php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc
sudo apt-get install libapache2-mod-php5 php5-apc
sudo apt-get install nginx

Apply "cgi.fix_pathinfo = 0;" in php.ini (security, avoid loading undesired php in a subfolder).

Change php-fpm configuration with:

sudo nano /etc/php5/fpm/php-fpm.conf

and

sudo nano /etc/php5/fpm/pool.d/www.conf

setting:

pm.max_children = 25
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pm.max_requests = 1500
request_terminate_timeout = 450s

Change nginx configuration with:

sudo nano /etc/nginx/nginx.conf

adding various settings.

edit the default vhost config:

cd /etc/nginx/sites-enabled; nano /etc/nginx/sites-available/00_default
  • If you are running your own domain, see "Virtual Hosts" below.
  • To create symlinks for further vhost files like "www.example.com" under sites-enabled:

ln -s /etc/nginx/sites-available/www.example.com /etc/nginx/sites-enabled/www.example.com


NOTE: One failure we experienced was that we tested php with the phpinfo.php file, which, however, uses short php open tags. The default FPM-based php.ini in /etc/php5/fpm has short_open_tag = Off however. This initially and wrongly lead us to the conclusion that php was not working.
NOTE: for testing we used port 8880, which goes through bgbm (but not jki) firewalls.


Restart apache, nginx and fpm (we still use apache for certain uses):

sudo /usr/sbin/apache2ctl -k graceful && sudo service nginx restart && sudo service php5-fpm restart

STOP:

sudo /etc/init.d/php5-fpm stop; sudo /etc/init.d/nginx stop

Configuration: Locations and Rewrites

See for instance /etc/nginx/sites-available/default

Cheat sheet

location

Syntax:
location [ = | ^~ | ~ | ~* ] uri { ... }
location @name { … }
Context: server, location
Check order:
  (1) location = string-uri { … }   exact, identical match (stop further searching)
  (2) location ^~ string-uri { … }  match beginning with (stop further searching)
  (3) location ~  regex-uri { case sensitive }   ┬ executed in order of appearance
  (3) location ~* regex-uri { case insensitive } ┘
  (4) location string-uri { … }

The order in which location directives are checked is as follows:

(1) Directives with the "=" prefix that match the query exactly (literal string). If found, searching stops.
(2) All "^~" prefixed locations with conventional strings. If it matches, searching stops.
(3) Regular expressions, in the order they are defined in the configuration file.
(4) All remaining directives with conventional strings, “most specific“ strings are executed:
1 location /w/ { … }
2 location /w/images/details/ { … }
3 location /w/images/a/ { … }
             Examples of requests:   “/”     “/documents/document.html”   “/documents/1.jpg”
                                      │ “/index.html”  │  “/images/1.gif”       │
location = / {                      ←─┘      │         │         │              │  ← rank check order (1): matches the query / only
  [ configuration A ]                        │         │         │              │
}                                            │         │         │              │
location / {                                 │         │         │              │  ← rank check order (4): matches any query
  [ configuration B ]               ←────────┘         │         │              │    but regular expressions and any longer
}                                                      │         │              │    conventional blocks will be matched first
location /documents/ {                                 │         │              │  ← rank check order (4)
  [ configuration C ]               ←──────────────────┘         │              │
}                                                                │              │
location ^~ /images/ {                                           │              │  ← rank check order (2): matches any query beginning with /images/
  [ configuration D ]               ←────────────────────────────┘              │    and halts searching, so regular expressions will not be checked.
}                                                                               │
location ~* \.(gif|jpg|jpeg)$ {                                                 │  ← rank check order (3): matches any case insensitive request ending in gif, jpg, or jpeg
  [ configuration E ]               ←───────────────────────────────────────────┘    except for those beginning with /images/ (=configuration D)
}                                    (not to C, because regex is executed before)

rewrite, try_files

Syntax:
rewrite regex replacement [flag];
Context: server, location, if
Check order rules:
 * executed in order of appearance
 * [flag] can terminate further processing of the directives
    ├→ last → stops processing the current set of ngx_http_rewrite_module directives 
    │         and starts a search for a new location matching the changed URI;
    ├→ break → stops processing the current set of ngx_http_rewrite_module directives as with the break directive;
    ├→ redirect → returns a temporary redirect (302 code); used if a replacement string does not start with “http://” or “https://”.
    └→ permanent → returns a permanent redirect (301 code)
 * “http://” or “https://” begins the rewrite: the processing stops and the redirect is returned to a client

Examples (see also http://wiki.nginx.org/Pitfalls)

 1 location / {
 2   # Redirect domain-only access (= no path given, w/o or with /) to default wiki:
 3   # 302 → temporary redirect
 4   # 301 → permanent redirect
 5   return 301 "^[/]?$" /web/;
 6 }
 7 location ^~ /web/ {
 8   try_files $uri $uri/ @do_wikipage; # if it fails try named location block @do_wikipage
 9 }
10 location @do_wikipage {   # try as wiki page:
11   rewrite "^/web/?(.+)$" /w/index.php?title=$1&args redirect;  #(wiki reports 404 for non-existing pages! But can be created)
12 }

Virtual hosts

Virtual host configurations are in /etc/nginx/sites-available They are linked from /etc/nginx/sites-enabled

The default configuration file (containing biowikifarm.net) is /etc/nginx/sites-available/00-default

This file is linked from /etc/nginx/sites-enabled/default

Each domain on biowikifarm (other than biowikifarm.net) has its own configuration file in sites-available. To create a new configuration, make a copy of default.dpkg-dist. To enable the domain, link it from sites-enabled. To test if the configuration is OK, run

sudo nginx -t
sudo nginx -t -c /etc/nginx/nginx.conf # test a specific configuration file

Changes will take effect after you restart nginx.

The "old" configuration files (2014.12.05) are now in /etc/nginx/sites-available-backup

See also: