Nginx + php + fpm plug'n'play configuration

Francis Daly francis at
Fri Apr 1 19:32:38 MSD 2011

On Fri, Apr 01, 2011 at 04:14:40PM +0200, Daniele Pignedoli wrote:

Hi there,

> Hi guys, im new to Nginx.

Welcome. You'll probably want to refer to the manuals for more information
on everything you read here; but for testing purposes, hopefully the
following will help.

> Im running on a ubuntu 10.04 server machine, and im trying to understand how
> to configure nginx in order to run a website with many subdomains, where
> every of them must run php with a different user, without restarting nginx
> or php5-fpm.

The short answer is "it's not a problem; nginx doesn't know or care
about php". But that's not what you want to hear, so...

> Basically, when i need to a subdomain, i have a script that create the
> server user, then his folder owned by him; for example, for the
> subdomain i will have a `foo` user and a
> /var/www/vhosts/subdomains/foo/htdocs folder.

On the nginx side, there are two main ways to approach this.

Run one nginx instance which can read files of all users; or run one nginx
instance as each user which only has access to that user's files, plus
one "main" nginx which will proxy_pass to the correct per-user instance.

The first case is probably easier. An nginx.conf with something like

http {
  server {
    root /tmp/$host/html;

will probably do most of what you want. "$host" is "whatever the client
sent in the Host: header" (approximately), so you'll want to make sure
that nothing nasty happens in edge cases, such as "no Host: header
at all" or "Host: .." or "Host: *" and the like.

> So, for every requests to *, i need to:
> 1. check if user and folder exists

"error_page 404" may help here. But it may cause confusion if there are
"genuine" 404s generated.

> 2. invoke fpm with the matching user/group (maybe the group will be the same
> for every subdomain)

nginx doesn't do php. But it does "fastcgi_pass" to a fastcgi server,
which is what fpm is.

So run one fastcgi server per user, accessible at a derivable
location. And add something like

    location ^~ /php/ {
      fastcgi_pass  unix:/tmp/$host/fcgi.sock;
      include fastcgi.conf;

inside the server{} block, and all requests for /php/something will be
sent to the appropriate fastcgi server (failing if it is not there).

> Any suggestion about?

In this example I use $host as the on-filesystem key. You can set that
to something else, if you prefer.

Also, if you want to run one nginx per user, then you would listen
on a unix socket, and proxy_pass to that socket in the "main" server,
similar to fastcgi_pass above. And it would probably be "error_page 502"
if the per-user server isn't responding.

And, I have no idea if FPM has a better way of splitting things per-user
without restarting when users are changed.

And, of course, none of this is tested by me ;-)

But if I wanted to do this, I'd probably adjust my "enable user" script
to run a dedicated php fastcgi server as this user, and possibly also
a dedicated nginx server. And then turn them off in my "disable user"
script. The main nginx would run always.

Good luck with it,

Francis Daly        francis at

More information about the nginx mailing list