nginx + php5-fpm on Debian
Mark Alan
m6rkalan at gmail.com
Thu Feb 21 20:06:18 UTC 2013
On Thu, 21 Feb 2013 14:07:45 +0100, GASPARD Kévin
<list-reader at koshie.fr> wrote:
> > nginx -V 2>&1|sed 's,--,\n--,g'
> nginx version: nginx/1.2.1
Ok, this seems pretty standard for Debian.
> > find /etc/nginx/ -name *.conf|xargs -r grep -v '^\s*\(#\|$\)'
> /etc/nginx/conf.d/koshie-island.koshie.fr.conf:server {
> /etc/nginx/conf.d/koshie-island.koshie.fr.conf:
> listen
To get out of a hole, first you must stop digging.
So, in order to regain control of your Nginx under Debian:
1. Clean /etc/nginx/conf.d/
sudo mkdir /etc/nginx/conf.d-backup
sudo mv /etc/nginx/conf.d/* /etc/nginx/conf.d-backup/
2. Simplify your /etc/nginx/sites-available/default
server {
listen 80 default_server;
server_name_in_redirect off;
return 444;
}
server {
listen 443 default_server ssl;
server_name_in_redirect off;
ssl_certificate /etc/ssl/certs/dummy-web.crt;
ssl_certificate_key /etc/ssl/private/dummy-web.key;
return 444;
}
3. Create simpler domain config files,
and put them inside /etc/nginx/sites-available/:
# /etc/nginx/sites-available/koshiefr # for http only
server {
listen 80;
server_name www.koshie.fr; # may also add IP here
return 301 $scheme://koshie.fr$request_uri; # 301/perm 302/temp
}
server {
listen 80;
server_name koshie.fr;
root /var/www/koshiefr; # avoid non alfanum here & rm last /
#client_max_body_size 8M;
#client_body_buffer_size 256K;
index index.php /index.php;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
}
}
# /etc/nginx/sites-available/koshiefrs # for https only
server {
listen 443; # ssl not needed here
server_name www.koshie.fr; # may also add IP here
return 301 $scheme://koshie.fr$request_uri; # 301=perm, 302=temp
}
server {
listen 443 ssl;
server_name koshie.fr;
root /var/www/koshiefr; # avoid non alfanum here
#client_max_body_size 8M;
#client_body_buffer_size 256K;
ssl_certificate /etc/ssl/certs/dummy-web.crt;
ssl_certificate_key /etc/ssl/private/dummy-web.key;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
}
}
4. link files into place:
sudo ln -svf /etc/nginx/sites-available/default \
/etc/nginx/sites-enabled/
sudo ln -svf /etc/nginx/sites-available/koshiefr \
\ /etc/nginx/sites-enabled/
sudo ln -svf /etc/nginx/sites-available/koshiefrs \
\ /etc/nginx/sites-enabled/
5. restart nginx:
a) again keep it simple (I don't trust Debian's nginx restart)
sudo /etc/init.d/nginx stop
sudo /etc/init.d/nginx start
sudo /etc/init.d/nginx status
b) OR, if the server is 'in production', use alternative 'restart'
trying to not disturb the established connections:
pgrep nginx && sudo kill -s USR2 $(cat /var/run/nginx.pid)
pgrep nginx >/dev/null && sudo kill -s QUIT \
$(cat /var/run/nginx.pid.oldbin)
sleep .5
pgrep nginx || sudo /etc/init.d/nginx start
# check status
sudo /usr/sbin/nginx -t && /etc/init.d/nginx status
6. regarding PHP-FPM:
a) DO install at least:
sudo apt-get install php5-fpm php5-suhosin php-apc
and, if needed:
# sudo apt-get install php5-mysql php5-mcrypt php5-gd
A common simple PHP config could include:
grep -v '^\s*\(;\|$\)' /etc/php5/fpm/*.conf
[global]
pid = /var/run/php5-fpm.pid
error_log = /var/log/php5-fpm.log
include=/etc/php5/fpm/pool.d/*.conf
grep -v '^\s*\(;\|$\)' /etc/php5/fpm/pool.d/*.conf[www]
user = www-data
group = www-data
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 10
pm.start_servers = 4
pm.min_spare_servers = 2
pm.max_spare_servers = 6
pm.max_requests = 384
request_terminate_timeout = 30s
chdir = /var/www
# restart it
pgrep php5-fpm && sudo /etc/init.d/php5-fpm restart
sleep .5
pgrep php5-fpm || sudo /etc/init.d/php5-fpm start
Because of the above 'chdir = /var/www' and 'group = www-data' files
inside /var/www/ like, for instance, those inside /var/www/koshiefr/
should be owned (and readable, or read/writeable) by group www-data
REMEMBER:
- keep it simple,
- do trust nginx defaults as they usually work rather well,
- test each config file well and restart/reload its parent app (nginx
or php) before doing another config change.
And, if you can live with a lighter Nginx, you can try my own
extra-light nginx builds from: https://launchpad.net/~malan/+archive/dev
sudo dpkg -i nginx-common*.deb
sudo dpkg -i nginx-light*.deb
Regards,
M.
More information about the nginx
mailing list