Nginx Install
In Debian it is advisable to use dotdeb repositories because it contains updated pre-compiled versions of Nginx. To do this place in /etc/apt/sources.list the repository packages.dotdeb.org, download and install their public key:
Once installed we can find Nginx's configuration files on /etc/nginx. Those that uses apache will notice that Debian uses sites-available and sites-enabled folders (on /etc/nginx/). For those who doesn't have a clue about the folders in the first one you can find the configuration files of the "available" Web sites and on the second folder a symbolic link to the sites that are on sites-available. As you can infer if there is not a symbolic link from a web page on sites-available to sites-enabled Nginx will NOT server the site. Now i will show you an edited /etc/nginx/nginx.conf file and try to explain its options:
In the main block we have: use www-data as user for running the nginx processes , use 4 Nginx processes (each process can attend multiple connections at the same time), it is recommended to use one process per CPU core; save the process id (pid) with the file name nginx.pid on /var/run/ directory. On the events block you can find worker_connections 768, this tells to Nginx that each process will attend 768 connections at the same time, this implies, that we are limiting Nginx to attend 4*768=3072 connections (max_clients=worker_processes* worker_connections) at the same time. Nginx can handle more than 10000 connections simultaneously but that will depend from the computer resources that your server(s) have. (RAM, CPU number/cores, disc speed and transfer speed, available network bandwidth, among others).
Note: the formula used to calculate the maximum number of connections that Nginx can handle changes if we use it as a reverse proxy. By default the clients browser opens two connections with the server and you have to consider the request that are made from the proxy to the backends, therefore the formula applied to this case is max_clients= (worker_processes * worker_connections)/4. Now we will talk briefly (i hope) about the options found in the http block:
sendfile (on|off): it tells Nginx that he has to use the sendfile() method for reads and writes to disk, sendfile is a kernel function on unix/linux that keeps a file descriptor for reading and another for writing optimizing the performance of those operations.
tcp_nopush (on|off): with this option on Nginx will try to send the http response header in one packet.
tcp_nodelay (on|off): when this is on it eliminates the buffer used for sending data to the client saving some milliseconds ;).
types_hash_max_size n: Nginx stores the static information like server name, map directive values, MIME types, request header names, among others on a hashes table. The default size of this table is 2048 and according to the Nginx manual you have to change its value only if you find a message on the logs telling you to do so.
server_tokens (on|off): here you can choose if you want Nginx version shown (i always leave it off as a "security measure").
include /etc/nginx/mime.types: indicates where is the file that contains the MIME types extensions(http://en.wikipedia.org/wiki/Multipurpose_Internet_Mail_Extensions).
default_type application/octet-stream: this options tells Nginx that if the client requests a file that exists on the server and has a unknown extension it has to prompt the user for download instead of executing this "estrange" file on the server.
access_log /var/log/nginx/access.log and error_log /var/log/nginx/error.log: this two options indicate in witch directory and with what name Nginx has to store the access and error log files. In access.log it is stored clients information like operating system name and version, browser, IP address, among others. In error.log it is stored the errors occurred when serving a web page, finding a file and errors related with the servers processes in general.
gzip (on|off): allows the activation or deactivation of gzip compression of files served to the clients. This is an important option because it can help saving network bandwidth and contributes with the increase of speed when serving the web page (as long as you choose an adequate compression level).
gzip_disable "msie6": it is used to disable compression if the client browser is Internet explorer version 6. This is necessary because that browser presents serious problems with this type of compression.
gzip_vary (on|off): the vary headers are used to tell world caches witch information they must store. It is recommended that you keep this option on when using compression.
gzip_types text/plain text/css application/x-javascript application/xml application/json image/png image/gif image/jpeg image/jpg: indicates witch file extensions must be compressed.
gzip_comp_level (0 – 9): here you can define the compression level that must be used, if you use a really high compression level(9) the client nodes will expend more time decompressing the files than if they download the uncompressed files. If you use a really low value(1) the file will be compressed but not too much so you wont benefit very much. I use 6 on this option and it works really well (if you want to discuss this topic i am all eyes).
gzip_buffers n m: this option indicates how many buffers and what will be their sizes to store the compressed files. client_body_in_single_buffer (on|off): it allows to store in a single buffer the entire body of the clients requests.
client_body_buffer_size n: in here you define the size of the buffer that stores the clients requests.
client_header_buffer_size n: tells Nginx the size of the buffer that stores the header if the clients requests.
client_max_body_size n: with this you can limit the size of the body of the client request.
large_client_header_buffers n m: limits the amount and the size of buffers to store the headers of the client request. If the the client request line is bigger than this size, Nginx sends a 414 error (The request URL is too big). If the client's request header is bigger than the size of the buffer Nginx will throw a 400 error (Bad request).
client_body_timeout n: specifies the how much should Nginx wait for the client's request body. If this value is too short the clients will get too many timeouts and will have trouble watching your site. If is too large one or many malicious clients could launch a successful DoS or DDos (maybe using slowlorris). Even without the paranoia your Nginx could collapse under heavy loads (or become really slow) if it waits too much time for the body of the clients requests.
client_header_timeout n: specifies the how much should Nginx wait for the client's request header. If this value is too short the clients will get too many timeouts and will have trouble watching your site. If is too large one or many malicious clients could launch a successful DoS or DDoS (maybe using slowlorris). Even without the paranoia your Nginx could collapse under heavy loads (or become really slow) if it waits too much time for the header of the clients requests.
keepalive_timeout n: represents the time that Nginx should wait before killing an idle connection. It has the same problem that the previous two options. Note: the fact that a connection is idle doesn't necessarily means that is evil, it can be waiting to be attended by a Nginx worker in a period of heavy load (or if you have a problems with php-fpm or your database there can be multiple of those connections).
send_timeout n: indicates how much time Nginx should wait for the clients to read the data that has been sent. It doesn't apply to the whole data transfer.
include /etc/nginx/conf.d/*.conf and include /etc/nginx/sites-enabled/*: these two options are used to point Nginx to the files where the rest of the configuration is stored (and allows you to use the sites-available sites-enabled approach). If you are using Nginx on OpenBSD these options will not appear by default because their Nginx version has all the configuration on a single file (nginx.conf).
In Debian there are two small apps that are installed with Nginx called ngxensite and ngxdissite. One enables a site so it can be served by Nginx(creates a symbolic link from the file with the config of the site in sites-available to sites-enabled). You can use those apps by placing a config file for a site in sites available and then executing ngxensite name_of_the_config_file.
Now we will see a generic nginx configuration made for a site that is located in /var/www/foo and it's called foo.bar.com with an explanation of the options:
listen [::]:80 default_server: with this you tell Nginx to listen on an IPv6 address and a given port. The address [::] means listen on all Ipv6 addresses available on the server.
access_log /var/log/nginx/foo.bar_access.log and error_log /var/log/nginx/foo.bar_error.log: indicates where Nginx should store the logs from the site foo.bar.com.
server_name foo.bar.com: here you indicate the FQDM (fully qualified domain name of the server). It is important to put the complete name of your site specially if you want to host multiple sites on one server.
root /var/www/foo: this option tells where is located the root directory of your site.
index index.html index.htm: specifies that the file that Nginx will send to the client when the request doesn't contain a file name should be index.html or index.htm.
location /: the first location block, here you tell what should the server do when the URI is / (foo.bar.com).
try_files $uri $uri/ =404: try_files is a function that tests if a file exists, $uri is a variable that stores the request made by the client (without the name of the server nor the domain, example: foo.bar.com/teatro/index.html, in this case $uri will contain teatro/index.html). The whole line means test if the file specified by the client exists, if it doesn't exists try using the name of the file as a directory, if none of them exists throw an error 404 (not found).
location = /favicon.ico: this means if a request asks exactly (=) for the file favicon.ico (the little icon on the left of the URL bar) execute the instructions enclosed between the braces ({}).
log_not_found off: do not log the error not found for the file specified by the location directive.
access_log off: deactivate the access log for the file specified by the location directive. Note: i recommend the use of the block shown beforehand because if you have problems with the favicon.ico your logs will flood with messages about this (and lets face it favicon.ico is not indispensable).
location ~* \.(ico|pdf|flv)$: this is an interesting location block in here you can see an explicit example about regular expressions (regex) (http://en.wikipedia.org/wiki/Regular_expression). When you put the symbol ~ you are telling Nginx that you are going to use a regex , * indicates that a character that can appear 0, 1 or more times, \. means take the dot simbol as a literal (you have to escape the dot because it is an operator used in regex) and (ico|pdf|flv)$ means that it can end ($) in ico, pdf o flv. Example: an user request the file pelicula.flv, Nginx passes the request through the regex location ~* \.(ico|pdf|flv)$, the characters that it finds are p,e,l,i,c,u,l,a followed by a "." then it checks the end of the name (flv), therefore that file name meets the regex and Nginx will execute the instructions contained inside that location block.
expires 1 y: this instruction indicates to the webcaches of the world that they can store the files of the types specified by the regex in the location block for as long as 1 year.
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$: Similar to the last regex all the file names that ends in .js, .css, .png, .jpg, .jpeg, .gif, .swf, .xml o .txt can be stored in the world's web caches for 14 days.
location ~ /\.ht: This regex searches for everything that starts with a slash(/) followed by .ht (example .htpasswd) and the instruction inside the block denies the access from anywhere (as you can infer you can use allow or deny for allowing access for certain files/locations from a given ip, example allow 192.168.1.1/32; deny all;).
In Debian if you have the dotdeb repositories just execute apt-get install php5-fpm as root to install it. On FreeBSD/OpenBSD you can install it from ports (cd /usr/ports/lang/php55/, make install clean, and select [x] FPM option).
Now you have to change some parameters inside its configuration files to optimize it and increase a little the security of php-fpm. We will start with the file /etc/php5/fpm/php.ini (in BSD i think is /usr/local/etc/php.ini). Change the following parameters:
Then we will go to /etc/php5/fpm/php5-fpm.conf (BSDs /usr/local/etc/php-fpm.conf) and uncomment and change the following:
Now we just have to change the configuration file that controls the php-fpm processes pool so we can optimize its behavior so it consume just enough computer resources to work. Go to /etc/php5/fpm/pool.d/www.conf and change the following:
pm.max_children is used to specify how many child processes will have each php-fpm process in a given time, pm.start_servers tells how many child processes must be on standby when the daemon starts, pm.min_spare_servers indicates the maximum amount of processes that has to be idle before creating new php processes, pm.max_spare_servers is the maximum amount of processes that has to be idle before it starts killing those processes and pm.max_requests is the maximum amount of request that each child process should attend.
It is important to recall that if you put high values in here php-fpm will consume all your resources. These values should be enough for most setups. If you need more start putting bigger values and find your equilibrium. Source: http://www.if-not-true-then-false.com/2011/nginx-and-php-fpm-configuration-and-optimizing-tips-and-tricks/.
Now we will restart php-fpm by using /etc/init.d/php5-fpm restart (/etc/rc.d/php-fpm restart BSD). Back in to Nginx we put in the configuration files of the sites that needs php the next location block after location /:
$fastcgi_path_info. fastcgi_pass unix:/var/run/php5-fpm.sock: here we pass the php script to the unix socket where php5-fpm listens. fastcgi_index index.php: specifies that the file that will be shown when the client request does not include a php file name will be index.php. include fastcgi_params: tells Nginx that the rest of the configuration parameters are found in the file fastcgi_params.
In order to use mysql we must install the mysql server, the client and the libraries necessary to manage mysql from php (php5-mysql). This is done by using apt-get install mysql-client mysql-server php5-mysql in Debian. IN BSD cd /usr/ports/databases/mysql55-server && make install clean, cd /usr/ports/databases/mysql55-client && make install clean and cd /usr/ports/databases/php55-mysql && make install clean.
After you install everything you can check if there are no problems by creating a .php file with the following code:
If you want to serve joomla pages you have to make sure that the directories images, cache, media, logs y tmp wont allow the execution of scripts, this is done using the next regex after location \.php:
If you are the kind of person that likes to upload files to your server via Joomla chances are that the Nginx will throw you a 413 error (entity too large). My advice is that you upload your files with scp or if you use windows as your client OS WinSCP. If you still want to use Joomla to upload files you must change client_max_body_size in /etc/nginx/nginx.conf to a value that suits your uploading needs :(.
It is possible that you maybe you need to increase the client_body_timeout too. Most of the descriptions of the options where taken from http://wiki.nginx.org. This is the official wiki of Nginx.
EOF
echo "deb http://packages.dotdeb.org squeeze all" >> /etc/apt/sources.list"
wget http://www.dotdeb.org/dotdeb.gpg
apt-key add dotdeb.gpg
apt-get update apt-get install nginxConfiguration
Once installed we can find Nginx's configuration files on /etc/nginx. Those that uses apache will notice that Debian uses sites-available and sites-enabled folders (on /etc/nginx/). For those who doesn't have a clue about the folders in the first one you can find the configuration files of the "available" Web sites and on the second folder a symbolic link to the sites that are on sites-available. As you can infer if there is not a symbolic link from a web page on sites-available to sites-enabled Nginx will NOT server the site. Now i will show you an edited /etc/nginx/nginx.conf file and try to explain its options:
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_types text/plain text/css application/x-javascript application/xml
application/json image/png image/gif image/jpeg image/jpg;
gzip_comp_level 6;
gzip_buffers 16 8k;
client_body_in_single_buffer on;
client_body_buffer_size 1K;
client_header_buffer_size 1k;
client_max_body_size 1k;
large_client_header_buffers 2 1k;
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 30;
send_timeout 10;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}In the main block we have: use www-data as user for running the nginx processes , use 4 Nginx processes (each process can attend multiple connections at the same time), it is recommended to use one process per CPU core; save the process id (pid) with the file name nginx.pid on /var/run/ directory. On the events block you can find worker_connections 768, this tells to Nginx that each process will attend 768 connections at the same time, this implies, that we are limiting Nginx to attend 4*768=3072 connections (max_clients=worker_processes* worker_connections) at the same time. Nginx can handle more than 10000 connections simultaneously but that will depend from the computer resources that your server(s) have. (RAM, CPU number/cores, disc speed and transfer speed, available network bandwidth, among others).
Note: the formula used to calculate the maximum number of connections that Nginx can handle changes if we use it as a reverse proxy. By default the clients browser opens two connections with the server and you have to consider the request that are made from the proxy to the backends, therefore the formula applied to this case is max_clients= (worker_processes * worker_connections)/4. Now we will talk briefly (i hope) about the options found in the http block:
sendfile (on|off): it tells Nginx that he has to use the sendfile() method for reads and writes to disk, sendfile is a kernel function on unix/linux that keeps a file descriptor for reading and another for writing optimizing the performance of those operations.
tcp_nopush (on|off): with this option on Nginx will try to send the http response header in one packet.
tcp_nodelay (on|off): when this is on it eliminates the buffer used for sending data to the client saving some milliseconds ;).
types_hash_max_size n: Nginx stores the static information like server name, map directive values, MIME types, request header names, among others on a hashes table. The default size of this table is 2048 and according to the Nginx manual you have to change its value only if you find a message on the logs telling you to do so.
server_tokens (on|off): here you can choose if you want Nginx version shown (i always leave it off as a "security measure").
include /etc/nginx/mime.types: indicates where is the file that contains the MIME types extensions(http://en.wikipedia.org/wiki/Multipurpose_Internet_Mail_Extensions).
default_type application/octet-stream: this options tells Nginx that if the client requests a file that exists on the server and has a unknown extension it has to prompt the user for download instead of executing this "estrange" file on the server.
access_log /var/log/nginx/access.log and error_log /var/log/nginx/error.log: this two options indicate in witch directory and with what name Nginx has to store the access and error log files. In access.log it is stored clients information like operating system name and version, browser, IP address, among others. In error.log it is stored the errors occurred when serving a web page, finding a file and errors related with the servers processes in general.
gzip (on|off): allows the activation or deactivation of gzip compression of files served to the clients. This is an important option because it can help saving network bandwidth and contributes with the increase of speed when serving the web page (as long as you choose an adequate compression level).
gzip_disable "msie6": it is used to disable compression if the client browser is Internet explorer version 6. This is necessary because that browser presents serious problems with this type of compression.
gzip_vary (on|off): the vary headers are used to tell world caches witch information they must store. It is recommended that you keep this option on when using compression.
gzip_types text/plain text/css application/x-javascript application/xml application/json image/png image/gif image/jpeg image/jpg: indicates witch file extensions must be compressed.
gzip_comp_level (0 – 9): here you can define the compression level that must be used, if you use a really high compression level(9) the client nodes will expend more time decompressing the files than if they download the uncompressed files. If you use a really low value(1) the file will be compressed but not too much so you wont benefit very much. I use 6 on this option and it works really well (if you want to discuss this topic i am all eyes).
gzip_buffers n m: this option indicates how many buffers and what will be their sizes to store the compressed files. client_body_in_single_buffer (on|off): it allows to store in a single buffer the entire body of the clients requests.
client_body_buffer_size n: in here you define the size of the buffer that stores the clients requests.
client_header_buffer_size n: tells Nginx the size of the buffer that stores the header if the clients requests.
client_max_body_size n: with this you can limit the size of the body of the client request.
large_client_header_buffers n m: limits the amount and the size of buffers to store the headers of the client request. If the the client request line is bigger than this size, Nginx sends a 414 error (The request URL is too big). If the client's request header is bigger than the size of the buffer Nginx will throw a 400 error (Bad request).
client_body_timeout n: specifies the how much should Nginx wait for the client's request body. If this value is too short the clients will get too many timeouts and will have trouble watching your site. If is too large one or many malicious clients could launch a successful DoS or DDos (maybe using slowlorris). Even without the paranoia your Nginx could collapse under heavy loads (or become really slow) if it waits too much time for the body of the clients requests.
client_header_timeout n: specifies the how much should Nginx wait for the client's request header. If this value is too short the clients will get too many timeouts and will have trouble watching your site. If is too large one or many malicious clients could launch a successful DoS or DDoS (maybe using slowlorris). Even without the paranoia your Nginx could collapse under heavy loads (or become really slow) if it waits too much time for the header of the clients requests.
keepalive_timeout n: represents the time that Nginx should wait before killing an idle connection. It has the same problem that the previous two options. Note: the fact that a connection is idle doesn't necessarily means that is evil, it can be waiting to be attended by a Nginx worker in a period of heavy load (or if you have a problems with php-fpm or your database there can be multiple of those connections).
send_timeout n: indicates how much time Nginx should wait for the clients to read the data that has been sent. It doesn't apply to the whole data transfer.
include /etc/nginx/conf.d/*.conf and include /etc/nginx/sites-enabled/*: these two options are used to point Nginx to the files where the rest of the configuration is stored (and allows you to use the sites-available sites-enabled approach). If you are using Nginx on OpenBSD these options will not appear by default because their Nginx version has all the configuration on a single file (nginx.conf).
In Debian there are two small apps that are installed with Nginx called ngxensite and ngxdissite. One enables a site so it can be served by Nginx(creates a symbolic link from the file with the config of the site in sites-available to sites-enabled). You can use those apps by placing a config file for a site in sites available and then executing ngxensite name_of_the_config_file.
Now we will see a generic nginx configuration made for a site that is located in /var/www/foo and it's called foo.bar.com with an explanation of the options:
server {
listen XX.XX.XX.XX:80 default_server;
listen [XXXX:XXXX:XXXX:XXX::XX]:80 default_server;
access_log /var/log/nginx/foo.bar_access.log;
error_log /var/log/nginx/foo.bar_error.log;
server_name foo.bar.com;
root /var/www/foo;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location ~* \.(ico|pdf|flv)$ {
expires 1y;
}
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ {
expires 14d;
}
location ~ /\.ht {
deny all;
}
}listen [::]:80 default_server: with this you tell Nginx to listen on an IPv6 address and a given port. The address [::] means listen on all Ipv6 addresses available on the server.
access_log /var/log/nginx/foo.bar_access.log and error_log /var/log/nginx/foo.bar_error.log: indicates where Nginx should store the logs from the site foo.bar.com.
server_name foo.bar.com: here you indicate the FQDM (fully qualified domain name of the server). It is important to put the complete name of your site specially if you want to host multiple sites on one server.
root /var/www/foo: this option tells where is located the root directory of your site.
index index.html index.htm: specifies that the file that Nginx will send to the client when the request doesn't contain a file name should be index.html or index.htm.
location /: the first location block, here you tell what should the server do when the URI is / (foo.bar.com).
try_files $uri $uri/ =404: try_files is a function that tests if a file exists, $uri is a variable that stores the request made by the client (without the name of the server nor the domain, example: foo.bar.com/teatro/index.html, in this case $uri will contain teatro/index.html). The whole line means test if the file specified by the client exists, if it doesn't exists try using the name of the file as a directory, if none of them exists throw an error 404 (not found).
location = /favicon.ico: this means if a request asks exactly (=) for the file favicon.ico (the little icon on the left of the URL bar) execute the instructions enclosed between the braces ({}).
log_not_found off: do not log the error not found for the file specified by the location directive.
access_log off: deactivate the access log for the file specified by the location directive. Note: i recommend the use of the block shown beforehand because if you have problems with the favicon.ico your logs will flood with messages about this (and lets face it favicon.ico is not indispensable).
location ~* \.(ico|pdf|flv)$: this is an interesting location block in here you can see an explicit example about regular expressions (regex) (http://en.wikipedia.org/wiki/Regular_expression). When you put the symbol ~ you are telling Nginx that you are going to use a regex , * indicates that a character that can appear 0, 1 or more times, \. means take the dot simbol as a literal (you have to escape the dot because it is an operator used in regex) and (ico|pdf|flv)$ means that it can end ($) in ico, pdf o flv. Example: an user request the file pelicula.flv, Nginx passes the request through the regex location ~* \.(ico|pdf|flv)$, the characters that it finds are p,e,l,i,c,u,l,a followed by a "." then it checks the end of the name (flv), therefore that file name meets the regex and Nginx will execute the instructions contained inside that location block.
expires 1 y: this instruction indicates to the webcaches of the world that they can store the files of the types specified by the regex in the location block for as long as 1 year.
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$: Similar to the last regex all the file names that ends in .js, .css, .png, .jpg, .jpeg, .gif, .swf, .xml o .txt can be stored in the world's web caches for 14 days.
location ~ /\.ht: This regex searches for everything that starts with a slash(/) followed by .ht (example .htpasswd) and the instruction inside the block denies the access from anywhere (as you can infer you can use allow or deny for allowing access for certain files/locations from a given ip, example allow 192.168.1.1/32; deny all;).
Nginx and PHP
br /> If you want to use php with Nginx you need to install php-fpm (php fastcgi proccess manager) and configure it so everything that ends in .php should be processed with that program.In Debian if you have the dotdeb repositories just execute apt-get install php5-fpm as root to install it. On FreeBSD/OpenBSD you can install it from ports (cd /usr/ports/lang/php55/, make install clean, and select [x] FPM option).
Now you have to change some parameters inside its configuration files to optimize it and increase a little the security of php-fpm. We will start with the file /etc/php5/fpm/php.ini (in BSD i think is /usr/local/etc/php.ini). Change the following parameters:
date.timezone = my_time_zone
cgi.fix_pathinfo=0
Then we will go to /etc/php5/fpm/php5-fpm.conf (BSDs /usr/local/etc/php-fpm.conf) and uncomment and change the following:
emergency_restart_threshold 10
emergency_restart_interval 1m
process_control_timeout 10s
Now we just have to change the configuration file that controls the php-fpm processes pool so we can optimize its behavior so it consume just enough computer resources to work. Go to /etc/php5/fpm/pool.d/www.conf and change the following:
listen = /var/run/php5-fpm.sock
pm.max_children = 9
pm.start_servers = 3
pm.min_spare_servers = 2
pm.max_spare_servers = 4
pm.max_requests = 400
pm.max_children is used to specify how many child processes will have each php-fpm process in a given time, pm.start_servers tells how many child processes must be on standby when the daemon starts, pm.min_spare_servers indicates the maximum amount of processes that has to be idle before creating new php processes, pm.max_spare_servers is the maximum amount of processes that has to be idle before it starts killing those processes and pm.max_requests is the maximum amount of request that each child process should attend.
It is important to recall that if you put high values in here php-fpm will consume all your resources. These values should be enough for most setups. If you need more start putting bigger values and find your equilibrium. Source: http://www.if-not-true-then-false.com/2011/nginx-and-php-fpm-configuration-and-optimizing-tips-and-tricks/.
Now we will restart php-fpm by using /etc/init.d/php5-fpm restart (/etc/rc.d/php-fpm restart BSD). Back in to Nginx we put in the configuration files of the sites that needs php the next location block after location /:
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
$fastcgi_path_info. fastcgi_pass unix:/var/run/php5-fpm.sock: here we pass the php script to the unix socket where php5-fpm listens. fastcgi_index index.php: specifies that the file that will be shown when the client request does not include a php file name will be index.php. include fastcgi_params: tells Nginx that the rest of the configuration parameters are found in the file fastcgi_params.
Nginx and MySQL
In order to use mysql we must install the mysql server, the client and the libraries necessary to manage mysql from php (php5-mysql). This is done by using apt-get install mysql-client mysql-server php5-mysql in Debian. IN BSD cd /usr/ports/databases/mysql55-server && make install clean, cd /usr/ports/databases/mysql55-client && make install clean and cd /usr/ports/databases/php55-mysql && make install clean.
After you install everything you can check if there are no problems by creating a .php file with the following code:
<? php
phpinfo();
?>
Joomla
If you want to serve joomla pages you have to make sure that the directories images, cache, media, logs y tmp wont allow the execution of scripts, this is done using the next regex after location \.php:
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$
{
return 403;
error_page 403 /403_error.html;
}
If you are the kind of person that likes to upload files to your server via Joomla chances are that the Nginx will throw you a 413 error (entity too large). My advice is that you upload your files with scp or if you use windows as your client OS WinSCP. If you still want to use Joomla to upload files you must change client_max_body_size in /etc/nginx/nginx.conf to a value that suits your uploading needs :(.
It is possible that you maybe you need to increase the client_body_timeout too. Most of the descriptions of the options where taken from http://wiki.nginx.org. This is the official wiki of Nginx.
EOF
No hay comentarios.:
Publicar un comentario