Nginx + php + fpm plug'n'play configuration
Francis Daly
francis at daoine.org
Fri Apr 1 19:32:38 MSD 2011
On Fri, Apr 01, 2011 at 04:14:40PM +0200, Daniele Pignedoli wrote:
Hi there,
> Hi guys, im new to Nginx.
Welcome. You'll probably want to refer to the manuals for more information
on everything you read here; but for testing purposes, hopefully the
following will help.
> Im running on a ubuntu 10.04 server machine, and im trying to understand how
> to configure nginx in order to run a website with many subdomains, where
> every of them must run php with a different user, without restarting nginx
> or php5-fpm.
The short answer is "it's not a problem; nginx doesn't know or care
about php". But that's not what you want to hear, so...
> Basically, when i need to a subdomain, i have a script that create the
> server user, then his folder owned by him; for example, for the
> foo.example.com subdomain i will have a `foo` user and a
> /var/www/vhosts/subdomains/foo/htdocs folder.
On the nginx side, there are two main ways to approach this.
Run one nginx instance which can read files of all users; or run one nginx
instance as each user which only has access to that user's files, plus
one "main" nginx which will proxy_pass to the correct per-user instance.
The first case is probably easier. An nginx.conf with something like
===
http {
server {
root /tmp/$host/html;
}
}
===
will probably do most of what you want. "$host" is "whatever the client
sent in the Host: header" (approximately), so you'll want to make sure
that nothing nasty happens in edge cases, such as "no Host: header
at all" or "Host: .." or "Host: *" and the like.
> So, for every requests to *.example.com, i need to:
> 1. check if user and folder exists
"error_page 404" may help here. But it may cause confusion if there are
"genuine" 404s generated.
> 2. invoke fpm with the matching user/group (maybe the group will be the same
> for every subdomain)
nginx doesn't do php. But it does "fastcgi_pass" to a fastcgi server,
which is what fpm is.
So run one fastcgi server per user, accessible at a derivable
location. And add something like
===
location ^~ /php/ {
fastcgi_pass unix:/tmp/$host/fcgi.sock;
include fastcgi.conf;
}
===
inside the server{} block, and all requests for /php/something will be
sent to the appropriate fastcgi server (failing if it is not there).
> Any suggestion about?
In this example I use $host as the on-filesystem key. You can set that
to something else, if you prefer.
Also, if you want to run one nginx per user, then you would listen
on a unix socket, and proxy_pass to that socket in the "main" server,
similar to fastcgi_pass above. And it would probably be "error_page 502"
if the per-user server isn't responding.
And, I have no idea if FPM has a better way of splitting things per-user
without restarting when users are changed.
And, of course, none of this is tested by me ;-)
But if I wanted to do this, I'd probably adjust my "enable user" script
to run a dedicated php fastcgi server as this user, and possibly also
a dedicated nginx server. And then turn them off in my "disable user"
script. The main nginx would run always.
Good luck with it,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list