Using NGINX as a Web Server for Drupal

Please download to get full document.

View again

of 7
16 views
PDF
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Document Description
Nginx (engine-x) is a web server that is regarded to be faster than Apache and with a better performance on heavy load. The difference is summed up succinctly in a quote by Chris Lea on the Why Use Nginx? page: "Apache is like Microsoft Word, it
Document Share
Document Tags
Document Transcript
  Using NGINX as a Web Server for Drupal  Nginx (engine-x) is a web server that is regarded to be faster than Apache and with a better  performance on heavy load. The difference is summed up succinctly in a quote by Chris Lea onthe Why Use Nginx? page: "Apache is like Microsoft Word, it has a million options but youonly need six. Nginx does those six things, and it does five of them 50 times faster thanApache."Technically speaking, Apache is a process-and-thread-driven application, while Nginx is event-driven. In practice this means that Nginx needs much less memory than Apache to do the work,and also can work faster. There are claims that Nginx, working in a server of 512MB RAM, canhandle 10,000 (yes, ten thousands) concurrent requests without problem, while Apache withsuch a load would just commit harakiri (suicide). Besides, the configuration of Nginx, once youget used to it, is simpler and more intuitive than that of Apache.It seemed like something that I should definitely give a try, since my web server already had performance problems and I cannot afford to pay for increasing its capacity. Here I describe thesteps for installing and configuring Nginx to suit the needs of my web application (which is based on Drupal7, running on a 512MB RAM server at Rackspace).1. Installing nginx and php5-fpm2. Configuring php5-fpm3. Configuring nginx4. Configuration for phpMyAdmin5. SSL (HTTPS) support6. Avoid any DOS attacks7. Full configuration of the siteIn ubuntu server this is very easy: sudo apt-get install nginx nginx-doc php5-fpmupdate-rc.d apache2 disableupdate-rc.d nginx enableservice apache2 stopservice nginx start The main config file ( /etc/php5/fpm/php-fpm.conf ) did not need to be changed at all. Table of Contents1. Installing nginx and php5-fpm2. Configuring php5-fpm  On the pool configuration file ( /etc/php5/fpm/pool.d/www.conf ) I made only somesmall modifications:Listen to a unix socket, instead if a TCP socket: ;listen = 127.0.0.1:9000listen = /var/run/php-fpm.sock Other modified options: pm.max_requests = 5000php_flag[display_errors] = onphp_admin_value[memory_limit] = 128Mphp_admin_value[max_execution_time] = 90 I also made these modifications on /etc/php5/fpm/php.ini : cgi.fix_pathinfo=0max_execution_time = 90display_errors = Onpost_max_size = 16Mupload_max_filesize = 16Mdefault_socket_timeout = 90 Finally restarted the service  php5-fpm : service php5-fpm restart On ubuntu, the configuration of Nginx is located at /etc/nginx/ .Create a configuration file for the website, based on the drupal example configuration file: cd /etc/nginx/sites-available/cp /usr/share/doc/nginx-doc/examples/drupal.gz .gunzip drupal.gzmv drupal btranslator_devcd /etc/nginx/sites-enabled/ln -s ../sites-available/btranslator_dev . At /etc/nginx/sites-enabled/btranslator_dev  modify server name  and root ,and also add access log  and error log : server_name dev.btranslator.org l10n-dev.org.al;root /var/www/dev.btranslator.org; 3. Configuring nginx  access_log /var/log/nginx/btranslator_dev.access.log;error_log /var/log/nginx/btranslator_dev.error.log info; At /etc/nginx/sites-enabled/btranslator_dev , modify the name of the unixsocket at the fastcgi pass  line: location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi_params; # Intercepting errors will cause PHP errors to appear in Nginx logs fastcgi_intercept_errors on; fastcgi_pass unix:/var/run/php-fpm.sock;} At /etc/nginx/sites-enabled/btranslator_dev , add the index line as well, atthe root location: location / { index index.php; try_files $uri $uri/ @rewrite;} At /etc/nginx/sites-enabled/btranslator_dev , allow only localhost toaccess txt and log files: location ~* \.(txt|log)$ { allow 127.0.0.1; deny all;} At /etc/nginx/nginx.conf , decrease worker processes to 1 or 2: # worker_processes 4;worker_processes 2; These modifications are all we need, and then we can reload   or restart   the nginx  service: service nginx restart Add these lines inside the server section, at /etc/nginx/sites-enabled/btranslator_dev : # Configuration for phpMyAdmin 4. Configuration for phpMyAdmin  location /phpmyadmin { root /usr/share/; index index.php index.html index.htm; location ~ ^/phpmyadmin/(.+\.php)$ { try_files $uri =404; root /usr/share/; fastcgi_pass unix:/var/run/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/fastcgi_params; } location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /usr/share/; }}location /phpMyAdmin { rewrite ^/* /phpmyadmin last;} Then reload the nginx service.Add these lines at /etc/nginx/sites-enabled/btranslator_dev : server { listen 80; listen 443 ssl; ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; . . . . .} Since SSL connections have some overhead, to make them more efficient, add these lines aswell at /etc/nginx/nginx.conf  (in order to increase session timeout and and use lessexpensive encryption): http { . . . . . #keepalive_timeout 65; keepalive_requests 50; keepalive_timeout 300; ## Global SSL options ssl_ciphers HIGH:!aNULL:!MD5:!kEDH; ssl_prefer_server_ciphers on; ssl_protocols TLSv1; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; . . . . . } Then reload nginx. 5. SSL (HTTPS) support6. Avoid any DOS attacks  In order to avoid any DOS attacks, add these lines at /etc/nginx/nginx.conf http { . . . . . ## limit request frequency to 2 requests per second limit_req_zone $binary_remote_addr zone=one:10m rate=2r/s; limit_req zone=one burst=5; . . . . .} A full version of the file /etc/nginx/sites-enabled/btranslator_dev  looks likethis: server { listen 80; listen 443 ssl; ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; server_name dev.btranslator.org l10n-dev.org.al; root /var/www-ssl/dev.btranslator.org; access_log /var/log/nginx/btranslator_dev.access.log; error_log /var/log/nginx/btranslator_dev.error.log info; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } # This matters if you use drush location = /backup { deny all; } # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 127.0.0.1; deny all; } # This location block protects against a known attack. location ~ \..*/.*\.php$ { return 403; } # This is our primary location block. location / { index index.php; try_files $uri $uri/ @rewrite; expires max; } 7. Full configuration of the site
Search Related
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks