Nginx + php + fpm plug'n'play configuration

Francis Daly francis at daoine.org
Fri Apr 1 19:32:38 MSD 2011 

On Fri, Apr 01, 2011 at 04:14:40PM +0200, Daniele Pignedoli wrote:

Hi there,

> Hi guys, im new to Nginx.

Welcome. You'll probably want to refer to the manuals for more information
on everything you read here; but for testing purposes, hopefully the
following will help.

> Im running on a ubuntu 10.04 server machine, and im trying to understand how
> to configure nginx in order to run a website with many subdomains, where
> every of them must run php with a different user, without restarting nginx
> or php5-fpm.

The short answer is "it's not a problem; nginx doesn't know or care
about php". But that's not what you want to hear, so...

> Basically, when i need to a subdomain, i have a script that create the
> server user, then his folder owned by him; for example, for the
> foo.example.com subdomain i will have a `foo` user and a
> /var/www/vhosts/subdomains/foo/htdocs folder.

On the nginx side, there are two main ways to approach this.

Run one nginx instance which can read files of all users; or run one nginx
instance as each user which only has access to that user's files, plus
one "main" nginx which will proxy_pass to the correct per-user instance.

The first case is probably easier. An nginx.conf with something like

===
http {
  server {
    root /tmp/$host/html;
  }
}
===

will probably do most of what you want. "$host" is "whatever the client
sent in the Host: header" (approximately), so you'll want to make sure
that nothing nasty happens in edge cases, such as "no Host: header
at all" or "Host: .." or "Host: *" and the like.

> So, for every requests to *.example.com, i need to:
> 1. check if user and folder exists

"error_page 404" may help here. But it may cause confusion if there are
"genuine" 404s generated.

> 2. invoke fpm with the matching user/group (maybe the group will be the same
> for every subdomain)

nginx doesn't do php. But it does "fastcgi_pass" to a fastcgi server,
which is what fpm is.

So run one fastcgi server per user, accessible at a derivable
location. And add something like

===
    location ^~ /php/ {
      fastcgi_pass  unix:/tmp/$host/fcgi.sock;
      include fastcgi.conf;
    }
===

inside the server{} block, and all requests for /php/something will be
sent to the appropriate fastcgi server (failing if it is not there).

> Any suggestion about?

In this example I use $host as the on-filesystem key. You can set that
to something else, if you prefer.

Also, if you want to run one nginx per user, then you would listen
on a unix socket, and proxy_pass to that socket in the "main" server,
similar to fastcgi_pass above. And it would probably be "error_page 502"
if the per-user server isn't responding.

And, I have no idea if FPM has a better way of splitting things per-user
without restarting when users are changed.

And, of course, none of this is tested by me ;-)

But if I wanted to do this, I'd probably adjust my "enable user" script
to run a dedicated php fastcgi server as this user, and possibly also
a dedicated nginx server. And then turn them off in my "disable user"
script. The main nginx would run always.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org

More information about the nginx mailing list