History: Nginx
Preview of version: 13
Nginx
Nginx (read engine X) is a light weight webserver, reverse proxy and load balancer. It can an alternative to Apache when using PHP-FPM protocol or can be a proxy to Apache.
PHP FPM
Nginx provide modules to communicate to PHP-FPM (FastCGI Process Manager). PHP-FPM can listen for connections using TCP port or sockets. The following example demostrate a Nginx config file to deploy Tiki using PHP-FPM.
server { listen 80; listen 443 ssl; server_name example.com ssl_certificate /etc/nginx/ssl/example.com.crt; ssl_certificate_key /etc/nginx/ssl/example.com.key; root /var/www/html; index tiki-index.php index.php index.html; location / { try_files $uri $uri/ /route.php?q=$uri&$args; } location ~ \.(bak|exe|inc|lib|pl|py|sh|sql|tpl)$ { deny all; } location ~ \.php$ { include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTP_PROXY ""; fastcgi_pass 127.0.0.1:9000; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }
The reason to set HTTP_PROXY ""
is to avoid issues with HTTP header injections (https://httpoxy.org/).
Proxying Apache
Sometimes, Tiki deployments are too coupled to .htaccess
file and it is not possible to use the PHP-FPM and Nginx only. In this cases is possible to use Nginx as a reverse proxy to Apache. Nginx can directly deliver to browser static files and send to Apache just the requests to PHP files. The next example demonstrate this idea, supposing apache is running on port 8080.
server { listen 80; listen 443 ssl; server_name example.com ssl_certificate /etc/nginx/ssl/example.com.crt; ssl_certificate_key /etc/nginx/ssl/example.com.key; root /var/www/html; index tiki-index.php index.php index.html; location / { try_files $uri $uri/ /route.php?q=$uri&$args; } location ~ \.(bak|exe|inc|lib|pl|py|sh|sql|tpl)$ { deny all; } location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8080; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }
NetBSD PHP
The original NetBSD 6.0 nginx.conf has got a line
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
This leads to a File not found error page, and the line must be replaced with
fastcgi_param SCRIPT_FILENAME $request_filename;
or
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
to enable PHP.
Debian PHP
The same error as in NetBSD was observed as Debian 6.0 (Squeeze), the file is:
/etc/nginx/sites-available/default.
The problem is solved by using dotdeb:
http://www.howtoforge.com/installing-php-5.3-nginx-and-php-fpm-on-ubuntu-debian
PHP General
Nginx SEO-friendly URLs
If feature sefurl is enabled (Preference name: feature_sefurl)
then nginx needs the following rewrite rule:
try_files $uri $uri/ /route.php?q=$uri&$args;
Nginx Security Settings
To avoid issues with HTTP header injections (https://httpoxy.org/) add the following directive to nginx:
fastcgi_param HTTP_PROXY "";
http://www.stevestreeting.com/2012/05/09/apache-to-nginx-php-fpm-part-1/
http://www.stevestreeting.com/2012/05/24/apache-to-nginx-part-2/