Nginx: Difference between revisions
m (→See also: Added another community ref.) |
Paul Verrall (talk | contribs) |
||
(4 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
{{Installing Moodle}}[[Nginx]] [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. The nginx project started with a strong focus on high concurrency, high performance and low memory usage. It is licensed under the 2-clause BSD-like license and it runs on Linux, BSD variants, Mac OS X, Solaris, AIX, HP-UX, as well as on other *nix | {{Installing Moodle}}[[Nginx]] [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. The nginx project started with a strong focus on high concurrency, high performance and low memory usage. It is licensed under the 2-clause BSD-like license and it runs on Linux, BSD variants, Mac OS X, Solaris, AIX, HP-UX, as well as on other *nix flavours. It also has a proof of concept port for Microsoft Windows. | ||
''The following is community-contributed documentation on Nginx configuration. | ''The following is community-contributed documentation on Nginx configuration. Amendments and additions are welcome.'' | ||
== Nginx configuration == | == Nginx configuration == | ||
Line 9: | Line 9: | ||
Nginx is usually configured to interface with PHP via [http://php.net/manual/en/install.fpm.php php-fpm]. This is both fast and robust. | Nginx is usually configured to interface with PHP via [http://php.net/manual/en/install.fpm.php php-fpm]. This is both fast and robust. | ||
PHP-FPM's default behaviour for pools is usually to restrict the execution of scripts to a specific extension, i.e. .php. You should ensure that this behaviour is configured within your particular package/distribution, e.g. for debian, | |||
''' | '''/etc/php5/fpm/pool.d/www.conf''' | ||
security.limit_extensions = .php | |||
=== Nginx === | === Nginx === | ||
Add the following 'slash arguments' compatible (see [[Using slash arguments]]) 'location' block to your vhosts 'server' configuration in your nginx configuration. | Add the following 'slash arguments' compatible (see [[Using slash arguments]]) 'location' block to your vhosts 'server' configuration in your nginx configuration. | ||
Line 25: | Line 21: | ||
<pre> | <pre> | ||
location ~ [^/]\.php(/|$) { | location ~ [^/]\.php(/|$) { | ||
fastcgi_split_path_info ^(.+\.php)(/.+)$; | fastcgi_split_path_info ^(.+\.php)(/.+)$; | ||
fastcgi_index index.php; | fastcgi_index index.php; | ||
Line 32: | Line 27: | ||
fastcgi_param PATH_INFO $fastcgi_path_info; | fastcgi_param PATH_INFO $fastcgi_path_info; | ||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
} | } | ||
</pre> | </pre> | ||
==== XSendfile aka X-Accel-Redirect ==== | ===== XSendfile aka X-Accel-Redirect ===== | ||
Setting Moodle and Nginx to use XSendfile functionality is a big win as it frees PHP from delivering files allowing Nginx to do what it does best, i.e. deliver files. | Setting Moodle and Nginx to use XSendfile functionality is a big win as it frees PHP from delivering files allowing Nginx to do what it does best, i.e. deliver files. | ||
Line 51: | Line 45: | ||
location /dataroot/ { | location /dataroot/ { | ||
internal; | internal; | ||
alias <full_moodledata_path>; | alias <full_moodledata_path>; # ensure the path ends with / | ||
} | } | ||
</pre> | </pre> | ||
The definition of 'internal' here is | The definition of 'internal' here is '''critical''' as it prevents client access to your dataroot. | ||
== See also == | == See also == |
Latest revision as of 09:30, 4 September 2015
Nginx [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. The nginx project started with a strong focus on high concurrency, high performance and low memory usage. It is licensed under the 2-clause BSD-like license and it runs on Linux, BSD variants, Mac OS X, Solaris, AIX, HP-UX, as well as on other *nix flavours. It also has a proof of concept port for Microsoft Windows.
The following is community-contributed documentation on Nginx configuration. Amendments and additions are welcome.
Nginx configuration
PHP-FPM
Nginx is usually configured to interface with PHP via php-fpm. This is both fast and robust.
PHP-FPM's default behaviour for pools is usually to restrict the execution of scripts to a specific extension, i.e. .php. You should ensure that this behaviour is configured within your particular package/distribution, e.g. for debian,
/etc/php5/fpm/pool.d/www.conf
security.limit_extensions = .php
Nginx
Add the following 'slash arguments' compatible (see Using slash arguments) 'location' block to your vhosts 'server' configuration in your nginx configuration.
nginx.conf location:
location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; fastcgi_pass 127.0.0.1:9000 (or your php-fpm socket); include fastcgi_params; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; }
XSendfile aka X-Accel-Redirect
Setting Moodle and Nginx to use XSendfile functionality is a big win as it frees PHP from delivering files allowing Nginx to do what it does best, i.e. deliver files.
Enable xsendfile for Nginx in Moodles config.php, this is documented in the config-dist.php, a minimal configuration look like this,
$CFG->xsendfile = 'X-Accel-Redirect'; $CFG->xsendfilealiases = array( '/dataroot/' => $CFG->dataroot );
Accompany this with a matching 'location' block in your nginx server configuration.
location /dataroot/ { internal; alias <full_moodledata_path>; # ensure the path ends with / }
The definition of 'internal' here is critical as it prevents client access to your dataroot.
See also
- Real PATH_INFO support:
- Internal rewriting to the HTTP GET file parameter: