Nginx – Ramblings on startups, NYC, advertising and hacking (mostly Python)

Nginx, PHP5-FPM and Permission Denied Errors

After upgrading to Nginx 1.4.7 and PHP 5.4.28 (or 5.5.12), you may start seeing errors like the following:

2014/05/03 13:27:41 [crit] 4202#0: *1 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: xx.xxx.xx.xx, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "xx.xx.xx.xx"

The fix is to edit /etc/php5/fpm/pool.d/www.conf and set the listen.mode to 666 (be sure to uncomment the line as well):

listen.mode = 0666

Load Balancing a Reverse Proxy with Nginx, PHP5-FPM & SSL

Continuing with our migration to Nginx (see previous posts here and here), the next set of servers to move were a load balanced group of PHP servers. Each server consists of an http server on port 80, an https server on port 443 and an upstream PHP server on port 8000.

1 to n upstream PHP servers can be configured, either local or remote
configuration supports both http (80) and https (443)
SSL is terminated before being passed to the upstream server
PHP upstream server uses PHP5-FPM via a local socket
static files are served directly via Nginx and are set to max expires

There are also some future optimizations I’m currently looking at:

enable the proxy cache (http://people.adams.edu/~cdmiller/posts/nginx-reverse-proxy-cache/)
serve static files directly from the proxy server, rather than via the upstream server

Configuring Nginx with Jira & Sendy

As a follow up to my previous post, the next two applications that needed migration were our Jira and Sendy installations.

Here are the Nginx configs for both:

Configuring Nginx & CodeIgniter with Rewrite Rules

I’ve recently begun working with Nginx as we’re finally moving off of Apache in our infrastructure. The first thing I noticed is documentation for various types of configurations is a bit sporadic. A lot is outdated and many don’t use best practices.

The first application I’m working on is a CodeIgniter-based PHP site which needs a few rewrite rules to function properly. I dug up this tutorial but it unfortunately uses a lot of if statements which I quickly learned are evil in Nginx.

Below is the configuration that I’ve settled upon (for now) which takes into account some best practices including:

uses php-fpm for the upstream server via a unix socket
redirects all http://www.example.com traffic to example.com
passes all requests under the root to the front-controller as long as they don’t exist (allows nginx to directly serve static files)
prevents uncontrolled requests from being passed to php
prevents any access to leftover .htaccess files

I’m hoping to add some of the additional rewrite functionality found in the tutorial at a later date.

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: