Loading...
 
Skip to main content

History: Nginx

Source of version: 16

Copy to clipboard
            ! Nginx

Nginx (read engine X) is a light weight webserver, reverse proxy and load balancer. It can an alternative to Apache when using PHP-FPM protocol or can be a proxy to Apache.  

!! Config examples

!!! PHP FPM

Nginx provide modules to communicate to PHP-FPM (FastCGI Process Manager). PHP-FPM can listen for connections using TCP port or sockets. The following example demostrate a Nginx config file to deploy Tiki using PHP-FPM.

{CODE(colors=nginx)}
server {
    listen       80;
    listen       443 ssl;
    server_name  example.com

    ssl_certificate /etc/nginx/ssl/example.com.crt;
    ssl_certificate_key /etc/nginx/ssl/example.com.key;

    root /var/www/html;
    index tiki-index.php index.php index.html;

    location / {
        # Use route.php to have SEO-friendly URLs
        try_files $uri $uri/ /route.php?q=$uri&$args;
    }

    location ~ \.(bak|exe|inc|ini|lib|pl|py|sh|sql|tpl)$ {
        deny all;
    }

    location ~ \.php$ {
        include fastcgi_params;

        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

        # Avoid issues with HTTP header injections
        fastcgi_param  HTTP_PROXY         "";

        fastcgi_pass   127.0.0.1:9000;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}
{CODE}

The reason to set -+HTTP_PROXY ""+- is to avoid issues with HTTP header injections (https://httpoxy.org/).

!!! Proxying Apache

Sometimes, Tiki deployments are too coupled to -+.htaccess+- file and it is not possible to use the PHP-FPM and Nginx only. In this cases is possible to use Nginx as a reverse proxy to Apache. Nginx can directly deliver to browser static files and send to Apache just the requests to PHP files. The next example demonstrate this idea, supposing apache is running on port 8080.

{CODE(colors=nginx)}
server {
    listen       80;
    listen       443 ssl;
    server_name  example.com

    ssl_certificate /etc/nginx/ssl/example.com.crt;
    ssl_certificate_key /etc/nginx/ssl/example.com.key;

    root /var/www/html;
    index tiki-index.php index.php index.html;

    location / {
        # Use route.php to have SEO-friendly URLs
        try_files $uri $uri/ /route.php?q=$uri&$args;
    }

    location ~ \.(bak|exe|inc|ini|lib|pl|py|sh|sql|tpl)$ {
        deny all;
    }

    location ~ \.php$ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_pass   http://127.0.0.1:8080;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}
{CODE}


!!! Enforcing HTTPS

We can forbid insecure connections to Tiki by making Nginx redirect all content from http:// to https://. But it is important to check Tiki configuration to avoid conflicts. Tiki also needs to be setup to allow https everywhere. The most known issue about missconfiguration is problems to login on Tiki.

{CODE(colors=nginx)}
server {
    listen       80;
    server_name  example.com;
    return 301   https://$server_name$request_uri;
}

server {
    listen       443 ssl;
    server_name  example.com

    ssl_certificate /etc/nginx/ssl/example.com.crt;
    ssl_certificate_key /etc/nginx/ssl/example.com.key;

    root /var/www/html;
    index tiki-index.php index.php index.html;

    location / {
        # Use route.php to have SEO-friendly URLs
        try_files $uri $uri/ /route.php?q=$uri&$args;
    }

    location ~ \.(bak|exe|inc|ini|lib|pl|py|sh|sql|tpl)$ {
        deny all;
    }

    location ~ \.php$ {
        include fastcgi_params;

        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

        # Avoid issues with HTTP header injections
        fastcgi_param  HTTP_PROXY         "";

        fastcgi_pass   127.0.0.1:9000;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}
{CODE}



!! Troubleshooting

!!! NetBSD PHP

The original NetBSD 6.0 nginx.conf has got a line
{CODE()}fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;{CODE}
This leads to a __File not found__ error page, and the line must be replaced with
{CODE()}fastcgi_param  SCRIPT_FILENAME  $request_filename;{CODE}
or
{CODE()}fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;{CODE}
to enable PHP.

!!! Debian PHP
The same error as in NetBSD was observed as Debian 6.0 (Squeeze), the file is:
/etc/nginx/sites-available/default.

The problem is solved by using dotdeb:
[http://www.howtoforge.com/installing-php-5.3-nginx-and-php-fpm-on-ubuntu-debian|http://www.howtoforge.com/installing-php-5.3-nginx-and-php-fpm-on-ubuntu-debian]

!!! PHP General
((Nginx-php-fpm))


* [http://www.stevestreeting.com/2012/05/09/apache-to-nginx-php-fpm-part-1/|http://www.stevestreeting.com/2012/05/09/apache-to-nginx-php-fpm-part-1/]
* [http://www.stevestreeting.com/2012/05/24/apache-to-nginx-part-2/|http://www.stevestreeting.com/2012/05/24/apache-to-nginx-part-2/]
        

History

Advanced
Information Version
Benoit Grégoire 23
Benoit Grégoire 22
Benoit Grégoire 21
Benoit Grégoire 20
Benoit Grégoire Merge forced https and base configuration for easier maintenance 19
Fabio Montefuscolo 18
luciash d' being 🧙 typos 17
Fabio Montefuscolo 16
Fabio Montefuscolo 15
Fabio Montefuscolo 14
Fabio Montefuscolo 13
Fabio Montefuscolo 12
rjsmelo 11
Jean-Marc Libs 10
Jean-Marc Libs 9
Jean-Marc Libs 8
Frank Guthausen Part 1 7
Frank Guthausen Debian, dotdeb and php-fpm 6
Frank Guthausen link to php-fpm 5
Frank Guthausen PHP on Nginx NetBSD II 4
Frank Guthausen PHP on Nginx NetBSD 3
Marc Laporte 2
Marc Laporte 1