Nginx installation and configuration

The configuration is nginx HTTP server, PHP FastCGI Process Manager (PHP-FPM), and the Alternative PHP Cache (APC).

Installation

The first step is to download the nginx software from the Nginx website. If using the Ubuntu distribution, following are the steps,

(i) Download the nginx signing keys from the Nginx website,

$ wget http://nginx.org/keys/nginx_signing.key

(ii) Add this key to the apt keyring,

$ sudo apt-key add nginx_signing.key

(iii) Add the following lines at the end of the file, /etc/apt/sources.list

deb http://nginx.org/packages/ubuntu/ version-code nginx
deb-src http://nginx.org/packages/ubuntu/ version-code nginx

In the above two lines, replace version-code, with the value for the relevant Ubuntu version.

(iv) Install the software by giving the commands,

$ sudo apt-get update
$ sudo apt-get install nginx

(v) verify the nginx version installed,

$ nginx -v

The next step is to install PHP-FPM.

$ sudo apt-get install php5-fpm 
$ sudo apt-get install php-pear
$ sudo apt-get install libpcre3-dev

Next, open the file /etc/php5/fpm/php.ini in a text editor. In this file, find the entry, cgi.fix_pathinfo and set it to zero. That is, set

cgi.fix_pathinfo=0

Finally, go to the directory, /etc/php5/fpm/pool.d. Open the file, www.conf, in your favorite text editor. In this file, locate the line

listen = 127.0.0.1:9000

Change this line to,

listen = /tmp/php-fpm.sock

Also add/uncomment the following lines,

listen.owner = www-data
listen.group = www-data

We need to enable the OPcache. OPcache is compiled by default in PHP 5.5+ but is not enabled. Open the file, /etc/php5/fpm/php.ini, search for string opcache and uncomment or add the following lines,

opcache.enable=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.max_wasted_percentage=5
opcache.use_cwd=1
opcache.validate_timestamps=1
opcache.revalidate_freq=60
opcache.revalidate_path=0
opcache.save_comments=0
opcache.load_comments=0
opcache.fast_shutdown=1
opcache.enable_file_override=1
opcache.optimization_level=0xffffffff
opcache.inherited_hack=1
opcache.dups_fix=0
opcache.force_restart_timeout=180
opcache.error_log=/var/log/opcache/opcache.log
opcache.log_verbosity_level=1

Reboot the system so that the changes take effect.

Configuration

nginx is configured as per the directives in the configuration file /etc/nginx/nginx.conf. The configuration file follows a block structured syntax, where blocks can be nested and the directives of an outer block apply to the inner block. Also, there can be some global directives. The following is a sample nginx.conf file.

user  www-data www-data;
worker_processes  2;
pid        /var/run/nginx.pid;

events {
    worker_connections  2048;
}

http {
    index index.php index.html index.htm;
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    client_header_timeout  3m;
    client_body_timeout    3m;
    send_timeout           3m;
    client_header_buffer_size    1k;
    gzip on;
    gzip_min_length  1100;
    gzip_buffers     4 8k;
    gzip_types       text/plain;
    output_buffers   1 32k;
    postpone_output  1460;
    sendfile         on;
    tcp_nopush       on;
    tcp_nodelay      on;
    keepalive_timeout  75 20;

    # first "virtual" host
    server {
        server_name www.domain1.com;
        root /var/www/domain1/;
        access_log /var/log/domain1/access.log main;
        error_log  /var/log/domain1/error.log warn;

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }
        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }
        location = /backup {
                deny all;
        }
        location ~* \.(txt|log)$ {
                allow 127.0.0.1;
                deny all;
        }
        location ~ \..*/.*\.php$ {
                return 403;
        }
        location / {
                try_files $uri $uri/ @rewrite;
                expires max;
        }
        location @rewrite {
                rewrite ^/(.*)$ /index.php?q=$1;
        }
        location ~ \.php$ {
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_intercept_errors on;
                fastcgi_pass unix:/tmp/php-fpm.sock;
        }
    }

    # to ensure that http://domain1.com is re-written as http://www.domain1.com
    server {
        server_name domain1.com;
        return 301 $scheme://www.domain1.com$request_uri;
    }

    # second "virtual" host
    server {
        server_name domain2.com;
        root /var/www/domain2/;
        access_log /var/log/domain2/access.log main;
        error_log  /var/log/domain2/error.log warn;

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }
        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }
        location = /backup {
                deny all;
        }
        location ~* \.(txt|log)$ {
                allow 127.0.0.1;
                deny all;
        }
        location ~ \..*/.*\.php$ {
                return 403;
        }
        location / {
                try_files $uri $uri/ @rewrite;
                expires max;
        }
        location @rewrite {
                rewrite ^/(.*)$ /index.php?q=$1;
        }
        location ~ \.php$ {
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_intercept_errors on;
                fastcgi_pass unix:/tmp/php-fpm.sock;
        }
    }

    # to ensure that http://www.domain2.com is re-written as http://domain2.com
    server {
        server_name www.domain2.com;
        return 301 $scheme://domain2.com$request_uri;
    }

    # default "catch-all" server block
    server {
        listen          80 default_server;
        server_name     _;   # invalid server name; will never trigger a real host name  
        access_log /var/www/log/default/access.log main;
        server_name_in_redirect off;
        root            /var/www/default;
    }
}                                         

The file, fastcgi_params, is,

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

Finally, edit the file, /etc/php5/fpm/pool.d/www.conf. Open this file in a text editor and find the line,

listen = 127.0.0.1:9000

Change this line to,

listen = /tmp/php-fpm.sock

Save the file and reset the computer so that above changes take effect. If any further change is made in the nginx configuration file, the nginx server can be restarted with the command,

$ sudo invoke-rc.d nginx restart