After upgrading to Nginx 1.4.7 and PHP 5.4.28 (or 5.5.12), you may start seeing errors like the following:
2014/05/03 13:27:41 [crit] 4202#0: *1 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: xx.xxx.xx.xx, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "xx.xx.xx.xx"
The fix is to edit /etc/php5/fpm/pool.d/www.conf and set the listen.mode to 666 (be sure to uncomment the line as well):
listen.mode = 0666
Continuing with our migration to Nginx (see previous posts here and here), the next set of servers to move were a load balanced group of PHP servers. Each server consists of an http server on port 80, an https server on port 443 and an upstream PHP server on port 8000.
- 1 to n upstream PHP servers can be configured, either local or remote
- configuration supports both http (80) and https (443)
- SSL is terminated before being passed to the upstream server
- PHP upstream server uses PHP5-FPM via a local socket
- static files are served directly via Nginx and are set to max expires
There are also some future optimizations I’m currently looking at:
As a follow up to my previous post, the next two applications that needed migration were our Jira and Sendy installations.
Here are the Nginx configs for both:
I’ve recently begun working with Nginx as we’re finally moving off of Apache in our infrastructure. The first thing I noticed is documentation for various types of configurations is a bit sporadic. A lot is outdated and many don’t use best practices.
The first application I’m working on is a CodeIgniter-based PHP site which needs a few rewrite rules to function properly. I dug up this tutorial but it unfortunately uses a lot of if statements which I quickly learned are evil in Nginx.
Below is the configuration that I’ve settled upon (for now) which takes into account some best practices including:
- uses php-fpm for the upstream server via a unix socket
- redirects all http://www.example.com traffic to example.com
- passes all requests under the root to the front-controller as long as they don’t exist (allows nginx to directly serve static files)
- prevents uncontrolled requests from being passed to php
- prevents any access to leftover .htaccess files
I’m hoping to add some of the additional rewrite functionality found in the tutorial at a later date.