The last 1 or 2 years I have been running nginx as reverse proxy in front of Apache2. Now with the release of nginx version 1.2.0 I decided to revamp my installation and use nginx as a standalone server again. This guide explains my installation which uses nginx, PHP via FastCGI connector and SSL running on Ubuntu 10.04.
I want to use the current version of nginx, so I use the PPA repository where current nginx builds can be found:
sudo apt-get install python-software-properties
sudo add-apt-repository ppa:nginx/stable
sudo apt-get update
sudo apt-get install nginxCurrently this will install nginx version 1.2.0. Now install the packages required for php:
sudo apt-get install php5-cgiNow we need to create a start/stop script to start our cgi process. Create a file /etc/init.d/php-fastcgi with the following contents:
#!/bin/sh
USER=www-data
CHILDREN=3
MAX_REQUESTS=1000
RETVAL=0
start() {
echo -n "Starting PHP FastCGI: "
start-stop-daemon --quiet --start --background --chuid "$USER" --exec /usr/bin/env -- - USER=$USER PATH=/usr/bin PHP_FCGI_CHILDREN=$CHILDREN PHP_FCGI_MAX_REQUESTS=$MAX_REQUESTS /usr/bin/php-cgi -b 127.0.0.1:9000
RETVAL=$?
echo "OK"
}
stop() {
echo -n "Stopping PHP FastCGI: "
killall -q -w -u $USER /usr/bin/php-cgi
RETVAL=$?
echo "OK"
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo "Usage: php-fastcgi {start|stop|restart}"
exit 1
;;
esac
exit $RETVALThis script will start 3 PHP worker processes which will server up to 1000 requests each. Make the script executable:
sudo chmod a+x /etc/init.d/php-fastcgiNow you can try to start the php daemon:
sudo /etc/init.d/php-fastcgi startYou should see the daemons in the process list. If everything is running so far, enable autostart for the service:
sudo update-rc.d php-fastcgi defaultsThe next step is to create a self signed SSL certificate:
openssl req -new -x509 -days 4312 -nodes -keyout /etc/nginx/web.pem -out /etc/nginx/web.pemWhen filling out the certificate details, make sure that you enter your domain name in the field “Common Name”. The above command will create a self signed certificate file.
The last step is to create virtual host configurations for nginx. Here is an example which can act as a boilerplate to setting up a new vhost which will listen on http and https. Let’s say we want to create a vhost for a domain mydomain.com where the files are located at /srv/www/vhosts/mydomain.com/httpdocs. Create a new file /etc/nginx/sites-available/mydomain.com with the following contents:
server {
listen 80;
listen 443 ssl;
server_name mydomain.com www.mydomain.com;
ssl_certificate /etc/nginx/web.pem;
ssl_certificate_key /etc/nginx/web.pem;
access_log /srv/www/vhosts/mydomain.com/logs/access.log combined;
error_log /srv/www/vhosts/mydomain.com/logs/error.log;
root /srv/www/vhosts/mydomain.com/httpdocs;
index index.php;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php {
try_files $uri = 404;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
}
}If you want to redirect all non-ssl traffic to the https port, add the following lines inside the server block:
if ($ssl_protocol = "") {
rewrite ^ https://$server_name$request_uri? permanent;
}To activate the vhost, create a symbolic link in the directory /etc/nginx/sites-enabled/:
ln -s /etc/nginx/sites-available/mydomain.com /etc/nginx/sites-enabled/mydomain.comAnd now reload the nginx configuration:
sudo /etc/init.d/nginx reloadEverything should be working by now.
Leave a Reply