Nginx + php + fpm plug'n'play configuration

Daniele Pignedoli daniele.pignedoli at gmail.com
Tue Apr 5 13:59:43 MSD 2011


Hi francis, many thanks for your suggestion, with that i've been able to
setup a 'almost-work' enrivonment!

I have a file i my /etc/nginx/sites-available/ (softlinket do sites-enabled)
that looks as follow:

server{
>     listen            80;
>     server_name        ~^(?<domain>.+)\.test\.local$;
>     root            /var/www/test_$domain/htdocs;
>     location / {
>         index index.php;
>     }
>     location ~* \.(gif|jpg|png|ico)$ {
>         expires    30d;
>     }
>     location ~ \.php$ {
>         fastcgi_pass    unix:/var/run/php5-fpm-test_$domain.sock;
>         fastcgi_param    SCRIPT_FILENAME
> $document_root$fastcgi_script_name;
>         include            fastcgi_params;
>     }
> }
>

All my subdomains are hosted in /var/www/test_[subdomain_name], for example
foo.test.local => /var/www/test_foo/{htdocs,conf,private}

Then, in my /etc/php5/fpm/fpm.d/ i just create a new file for each
subdomain, for example:

[test_foo]
>
> listen = /var/run/php5-fpm-test_foo.sock
>
> user = test_foo
> group = test_foo
> pm = static
> pm.max_children = 10
>

..obviously this after i created the unix user `useradd test_foo`.

This isnt the "plug'n'play" behavior i was looking for, becose in order to
activate new domains i have to run `/etc/init.d/php-fpm reload`; but i
thought a solution: when i add a new domain, i first create a simple "temp"
php-cgi process in order to have the subdomain active instantly

php5-cgi -b /var/run/php5-fpm-test_bar.sock
>

Then, running a cron task that every night kill all the php5-cgi instances
and then reload the fpm configuration.

Do you think this could be a solution?

2011/4/1 Francis Daly <francis at daoine.org>

> On Fri, Apr 01, 2011 at 04:14:40PM +0200, Daniele Pignedoli wrote:
>
> Hi there,
>
> > Hi guys, im new to Nginx.
>
> Welcome. You'll probably want to refer to the manuals for more information
> on everything you read here; but for testing purposes, hopefully the
> following will help.
>
> > Im running on a ubuntu 10.04 server machine, and im trying to understand
> how
> > to configure nginx in order to run a website with many subdomains, where
> > every of them must run php with a different user, without restarting
> nginx
> > or php5-fpm.
>
> The short answer is "it's not a problem; nginx doesn't know or care
> about php". But that's not what you want to hear, so...
>
> > Basically, when i need to a subdomain, i have a script that create the
> > server user, then his folder owned by him; for example, for the
> > foo.example.com subdomain i will have a `foo` user and a
> > /var/www/vhosts/subdomains/foo/htdocs folder.
>
> On the nginx side, there are two main ways to approach this.
>
> Run one nginx instance which can read files of all users; or run one nginx
> instance as each user which only has access to that user's files, plus
> one "main" nginx which will proxy_pass to the correct per-user instance.
>
> The first case is probably easier. An nginx.conf with something like
>
> ===
> http {
>  server {
>    root /tmp/$host/html;
>  }
> }
> ===
>
> will probably do most of what you want. "$host" is "whatever the client
> sent in the Host: header" (approximately), so you'll want to make sure
> that nothing nasty happens in edge cases, such as "no Host: header
> at all" or "Host: .." or "Host: *" and the like.
>
> > So, for every requests to *.example.com, i need to:
> > 1. check if user and folder exists
>
> "error_page 404" may help here. But it may cause confusion if there are
> "genuine" 404s generated.
>
> > 2. invoke fpm with the matching user/group (maybe the group will be the
> same
> > for every subdomain)
>
> nginx doesn't do php. But it does "fastcgi_pass" to a fastcgi server,
> which is what fpm is.
>
> So run one fastcgi server per user, accessible at a derivable
> location. And add something like
>
> ===
>    location ^~ /php/ {
>      fastcgi_pass  unix:/tmp/$host/fcgi.sock;
>      include fastcgi.conf;
>    }
> ===
>
> inside the server{} block, and all requests for /php/something will be
> sent to the appropriate fastcgi server (failing if it is not there).
>
> > Any suggestion about?
>
> In this example I use $host as the on-filesystem key. You can set that
> to something else, if you prefer.
>
> Also, if you want to run one nginx per user, then you would listen
> on a unix socket, and proxy_pass to that socket in the "main" server,
> similar to fastcgi_pass above. And it would probably be "error_page 502"
> if the per-user server isn't responding.
>
> And, I have no idea if FPM has a better way of splitting things per-user
> without restarting when users are changed.
>
> And, of course, none of this is tested by me ;-)
>
> But if I wanted to do this, I'd probably adjust my "enable user" script
> to run a dedicated php fastcgi server as this user, and possibly also
> a dedicated nginx server. And then turn them off in my "disable user"
> script. The main nginx would run always.
>
> Good luck with it,
>
>        f
> --
> Francis Daly        francis at daoine.org
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>



-- 
Is cuma cá mhinice a théann tú ar strae; is é is tábhachtaí gurb áil leat do
bhealach a aimsiú arís.
--
I can accept failure, everyone fails at something - But I can't accept not
trying.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20110405/2aebfe79/attachment.html>


More information about the nginx mailing list