nginx + php5-fpm on Debian

Mark Alan m6rkalan at gmail.com
Thu Feb 21 20:06:18 UTC 2013 

On Thu, 21 Feb 2013 14:07:45 +0100, GASPARD Kévin
<list-reader at koshie.fr> wrote:
> > nginx -V 2>&1|sed 's,--,\n--,g'
> nginx version: nginx/1.2.1

Ok, this seems pretty standard for Debian.

> > find /etc/nginx/ -name *.conf|xargs -r grep -v '^\s*\(#\|$\)'
> /etc/nginx/conf.d/koshie-island.koshie.fr.conf:server {
> /etc/nginx/conf.d/koshie-island.koshie.fr.conf:
> listen

To get out of a hole, first you must stop digging.

So, in order to regain control of your Nginx under Debian:

1. Clean /etc/nginx/conf.d/
  sudo mkdir /etc/nginx/conf.d-backup
  sudo mv /etc/nginx/conf.d/* /etc/nginx/conf.d-backup/

2. Simplify your /etc/nginx/sites-available/default
server {
  listen 80 default_server;
  server_name_in_redirect off;
  return 444;
}
server {
  listen 443 default_server ssl;
  server_name_in_redirect off;
  ssl_certificate /etc/ssl/certs/dummy-web.crt;
  ssl_certificate_key /etc/ssl/private/dummy-web.key;
  return 444;
}

3. Create simpler domain config files,
and put them inside /etc/nginx/sites-available/:

# /etc/nginx/sites-available/koshiefr # for http only
server {
  listen 80;
  server_name www.koshie.fr; # may also add IP here
  return 301 $scheme://koshie.fr$request_uri; # 301/perm 302/temp
}
server {
  listen 80;
  server_name koshie.fr;
  root /var/www/koshiefr; # avoid non alfanum here & rm last /
  #client_max_body_size      8M;
  #client_body_buffer_size 256K;
  index index.php /index.php;
  location ~ \.php$ {
    include fastcgi_params;
    fastcgi_pass 127.0.0.1:9000;
   }
}

# /etc/nginx/sites-available/koshiefrs # for https only
server {
 listen 443; # ssl not needed here
 server_name www.koshie.fr; # may also add IP here
 return 301 $scheme://koshie.fr$request_uri; # 301=perm, 302=temp
}
server {
  listen 443 ssl;
  server_name koshie.fr;
  root /var/www/koshiefr; # avoid non alfanum here
  #client_max_body_size      8M;
  #client_body_buffer_size 256K;
  ssl_certificate /etc/ssl/certs/dummy-web.crt;
  ssl_certificate_key /etc/ssl/private/dummy-web.key;
  location ~ \.php$ {
    include fastcgi_params;
    fastcgi_pass 127.0.0.1:9000;
   }
}

4. link files into place:

sudo ln -svf /etc/nginx/sites-available/default \
 /etc/nginx/sites-enabled/

sudo ln -svf /etc/nginx/sites-available/koshiefr \
 \ /etc/nginx/sites-enabled/

sudo ln -svf /etc/nginx/sites-available/koshiefrs \
 \ /etc/nginx/sites-enabled/

5. restart nginx:
a) again keep it simple (I don't trust Debian's nginx restart)
  sudo /etc/init.d/nginx stop
  sudo /etc/init.d/nginx start
  sudo /etc/init.d/nginx status

b) OR, if the server is 'in production', use alternative 'restart'
trying to not disturb the established connections:

  pgrep nginx && sudo kill -s USR2 $(cat /var/run/nginx.pid)
  pgrep nginx >/dev/null && sudo kill -s QUIT \
     $(cat /var/run/nginx.pid.oldbin)
  sleep .5
  pgrep nginx || sudo /etc/init.d/nginx start

# check status
  sudo /usr/sbin/nginx -t && /etc/init.d/nginx status

6. regarding PHP-FPM:
a) DO install at least:
sudo apt-get install php5-fpm php5-suhosin php-apc
and, if needed:
# sudo apt-get install php5-mysql php5-mcrypt php5-gd

A common simple PHP config could include:

grep -v '^\s*\(;\|$\)' /etc/php5/fpm/*.conf

[global]
pid = /var/run/php5-fpm.pid
error_log = /var/log/php5-fpm.log
include=/etc/php5/fpm/pool.d/*.conf

grep -v '^\s*\(;\|$\)' /etc/php5/fpm/pool.d/*.conf[www]

user = www-data
group = www-data
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 10
pm.start_servers = 4
pm.min_spare_servers = 2
pm.max_spare_servers = 6
pm.max_requests = 384
request_terminate_timeout = 30s
chdir = /var/www

# restart it
  pgrep php5-fpm && sudo /etc/init.d/php5-fpm restart
  sleep .5
  pgrep php5-fpm || sudo /etc/init.d/php5-fpm start

Because of the above 'chdir = /var/www' and 'group = www-data' files
inside /var/www/ like, for instance, those inside /var/www/koshiefr/
should be owned (and readable, or read/writeable) by group www-data

REMEMBER: 
  - keep it simple,
  - do trust nginx defaults as they usually work rather well,
  - test each config file well and restart/reload its parent app (nginx
    or php) before doing another config change.

And, if you can live with a lighter Nginx, you can try my own
extra-light nginx builds from: https://launchpad.net/~malan/+archive/dev
  sudo dpkg -i nginx-common*.deb
  sudo dpkg -i nginx-light*.deb

Regards,

M.

More information about the nginx mailing list