Contents

Install and configure nginx and PHP-FastCGI on Ubuntu 16.04

08 Aug 2017 0 196  0
Install and configure Nginx and php_fastcgi
Install and configure Nginx and php_fastcgi

Install nginx, PHP for Processing, and Required Packages

Start by installing the nginx web server and PHP dependencies with the command below.

$ sudo apt-get install nginx php7.0-cli php7.0-cgi php7.0-fpm

Configure nginx Virtual Hosting and the PHP Processor

In this guide, we will be using the domain ‘yourdomain.com’ as an example site. Substitute your own nFQDN or IP as shown in the configuration steps below.

Nginx uses server directives to specify name-based virtual hosts. Nginx will call these ‘server blocks’.

All of the server blocks are contained in the server directives in site files and are placed in ‘/etc/nginx/sites-available’. Once turned on, they will be included in the main nginx configuration by default.

  1. Nginx has a sample configuration which you can use as a template. To make a new file with the basic server block for configuration, you will need to enter the command below while replacing the example domain with your own.
$ tail /etc/nginx/sites-available/default -n 13 | cut -c 2- | sudo tee /etc/nginx/sites-available/yourdomain.com 1> /dev/null

The last command reads the example server block contained in the last 13 lines of the default site file, it will cut out the ‘#’ comment symbols and will output the result to a new site file. For extra security, there will be no visual output.

You can also manually copy the last section from ‘/etc/nginx/sites-available/default’ to a new file, ‘/etc/nginx/sites-available/yourdomain.com’.

You will have to manually remove the ‘#’ in front of the relevant lines.

  1. Now, you should have the following server block in the nginx virtual host configuration.

Replace all of the ‘yourdomain.com’ instances with your own domain and modify the root path as shown below, make sure to also add the location ‘~ \. php$ block’

File: /etc/nginx/sites-available/yourdomain.com

server {
 listen 80;
 listen [::]:80;

server_name yourdomain.com;

root /var/www/html/yourdomain.com/public_html;
 index index.html index.php;

location / {
 try_files $uri $uri/ =404;
 }
 location ~ \.php$ {
 include snippets/fastcgi-php.conf;
 include fastcgi_params;
 fastcgi_pass unix:/run/php/php7.0-fpm.sock;
 fastcgi_param SCRIPT_FILENAME /var/www/html/yourdomain.com/public_html$fastcgi_script_name;
 }
}
  1. Make a root directory as referenced in the configuration, replacing ‘yourdomain.com’ with your own domain name.
$ sudo mkdir -p /var/www/html/yourdomain.com/public_html
  1. You can now enable the site and disable the default host. Lastly, restart the web server.
$ sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled 
$ sudo rm /etc/nginx/sites-enabled/default 
$ sudo systemctl restart php7.0-fpm nginx

To deactivate the site, delete the symbolic link.

$ sudo rm /etc/nginx/sites-enabled/yourdomain.com sudo systemctl restart nginx

Once the source file is saved, the site can be re-enabled at any time by recreating the symbolic link.

In case you are using nginx to host more than one site, make multiple virtual host files using the method above.

You may want to edit the ‘http’ block in ‘/etc/nginx/nginx.conf’, which applies across all sites and will allow the following options, along with others.

Hide HTTP header information using ‘server_tokens’
Configure ‘SSL/TLS’ settings
Customize log file paths
Important Security Considerations

If you plan to run applications that support file uploads such as images, then the configurations above may put you at a security risk by allowing arbitrary code execution. This behavior’s simple explanation is due to a properly crafted URI which ends in ‘.php’, in combination with a malicious image file that will probably contain valid PHP and will thus result in the image being processed as PHP.

To mitigate this problem, you will have to modify your configuration to include a ‘try_files’ directive like shown below.

File: /etc/nginx/sites-available/yourdomain.com

location ~ \.php$ {
 try_files $uri =404;
 include /etc/nginx/fastcgi_params;
 fastcgi_pass unix:/run/php/php7.0-fpm.sock;
 fastcgi_index index.php;
 fastcgi_param SCRIPT_FILENAME /var/www/html/example.com/public_html/$fastcgi_script_name;
}

Additionally, you can secure any upload directories your applications can use. The shown configuration will demonstrate securing an ‘/images’ directory.

File: /etc/nginx/sites-available/yourdomain.com

location ~ \.php$ {
 include /etc/nginx/fastcgi_params;
 if ($uri !~ "^/images/") {
 fastcgi_pass unix:/run/php/php7.0-fpm.sock;
 }
 fastcgi_index index.php;
 fastcgi_param SCRIPT_FILENAME /var/www/html/example.com/public_html/$fastcgi_script_name;
}

Test PHP with FastCGI

Make a new file called ‘example.php’ in your site’s ‘public_html’ directory with the following contents.

File: /var/www/html/example.com/public_html/example.php

<?php phpinfo(); ?>

When you visit ‘http://www.yourdomain.com/example.php’ in your browser, the standard ‘PHP info’ output should be shown.

Conclusion

Congratulations, you have now configured the nginx web server to use PHP-FastCGI for dynamic content.

0 Comments
Add a comment

Leave a Reply