Nginx: Difference between revisions
(Initial copy-paste from forum about slasharguments on Nginx) |
No edit summary |
||
| (23 intermediate revisions by 9 users not shown) | |||
| Line 1: | Line 1: | ||
{{Installing Moodle}}[[Nginx]] | {{Installing Moodle}}[[Nginx]] [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. The nginx project started with a strong focus on high concurrency, high performance and low memory usage. It is licensed under the 2-clause BSD-like license and it runs on Linux, BSD variants, Mac OS X, Solaris, AIX, HP-UX, as well as on other *nix flavours. It also has a proof of concept port for Microsoft Windows. | ||
''The following is community-contributed documentation on Nginx configuration'' | ''The following is community-contributed documentation on Nginx configuration. Amendments and additions are welcome.'' | ||
''' | == Nginx configuration == | ||
=== PHP-FPM === | |||
Nginx is usually configured to interface with PHP via [http://php.net/manual/en/install.fpm.php php-fpm]. This is both fast and robust. | |||
PHP-FPM's default behaviour for pools is usually to restrict the execution of scripts to a specific extension, i.e. .php. You should ensure that this behaviour is configured within your particular package/distribution, e.g. for debian, | |||
'''/etc/php5/fpm/pool.d/www.conf''' | |||
security.limit_extensions = .php | |||
=== Nginx === | |||
Add the following 'slash arguments' to compatible 'location' block on your vhosts 'server' in your nginx configuration (further explanation at '[[Using slash arguments]]'). | |||
In /etc/nginx/nginx.conf or /etc/nginx/conf.d/yourfilexyz.conf file | |||
<pre> | <pre> | ||
location ~ [^/]\.php(/|$) { | |||
fastcgi_param | fastcgi_split_path_info ^(.+\.php)(/.+)$; | ||
fastcgi_param | fastcgi_index index.php; | ||
fastcgi_pass 127.0.0.1:9000; | |||
include fastcgi_params; | |||
fastcgi_param PATH_INFO $fastcgi_path_info; | |||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |||
} | |||
</pre> | |||
If using php-fpm socket in the location block above, then instead of | |||
<pre>fastcgi_pass 127.0.0.1:9000;</pre> | |||
something like (php version, socket location might vary) | |||
<pre>fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;</pre> | |||
If you find that this does not work (scripts, styles, and images not loading) '''and''' that there are <code>open() "..." failed (20: Not a directory)</code> lines appearing in your logs, check whether there are any directives related to static content '''before''' this block and try moving them '''after''' this block. I.e. location block for php should be above other location blocks in conf files. | |||
==== XSendfile aka X-Accel-Redirect ==== | |||
Setting Moodle and Nginx to use XSendfile functionality is a big win as it frees PHP from delivering files allowing Nginx to do what it does best, i.e. deliver files. | |||
Enable xsendfile for Nginx in Moodles config.php, this is documented in the config-dist.php, a minimal configuration look like this, | |||
<pre> | |||
$CFG->xsendfile = 'X-Accel-Redirect'; | |||
$CFG->xsendfilealiases = array( | |||
'/dataroot/' => $CFG->dataroot | |||
); | |||
</pre> | </pre> | ||
Accompany this with a matching 'location' block in your nginx server configuration. | |||
<pre> | <pre> | ||
location | location /dataroot/ { | ||
internal; | |||
alias <full_moodledata_path>; # ensure the path ends with / | |||
} | } | ||
</pre> | </pre> | ||
The definition of 'internal' here is '''critical''' as it prevents client access to your dataroot. | |||
== See also == | == See also == | ||
* https://moodle.org/mod/forum/discuss.php?d=83445 | * Real <tt>PATH_INFO</tt> support: | ||
** https://moodle.org/mod/forum/discuss.php?d=278916 | |||
** https://moodle.org/mod/forum/discuss.php?d=307388 | |||
* '''[Deprecated]''' Internal rewriting to the HTTP GET <tt>file</tt> parameter: | |||
** https://moodle.org/mod/forum/discuss.php?d=83445 | |||
[[Category:Installation]] | [[Category:Installation]] | ||
[[es:Nginx]] | |||
Latest revision as of 18:02, 11 April 2019
Nginx [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. The nginx project started with a strong focus on high concurrency, high performance and low memory usage. It is licensed under the 2-clause BSD-like license and it runs on Linux, BSD variants, Mac OS X, Solaris, AIX, HP-UX, as well as on other *nix flavours. It also has a proof of concept port for Microsoft Windows.
The following is community-contributed documentation on Nginx configuration. Amendments and additions are welcome.
Nginx configuration
PHP-FPM
Nginx is usually configured to interface with PHP via php-fpm. This is both fast and robust.
PHP-FPM's default behaviour for pools is usually to restrict the execution of scripts to a specific extension, i.e. .php. You should ensure that this behaviour is configured within your particular package/distribution, e.g. for debian,
/etc/php5/fpm/pool.d/www.conf
security.limit_extensions = .php
Nginx
Add the following 'slash arguments' to compatible 'location' block on your vhosts 'server' in your nginx configuration (further explanation at 'Using slash arguments').
In /etc/nginx/nginx.conf or /etc/nginx/conf.d/yourfilexyz.conf file
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
If using php-fpm socket in the location block above, then instead of
fastcgi_pass 127.0.0.1:9000;
something like (php version, socket location might vary)
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
If you find that this does not work (scripts, styles, and images not loading) and that there are open() "..." failed (20: Not a directory) lines appearing in your logs, check whether there are any directives related to static content before this block and try moving them after this block. I.e. location block for php should be above other location blocks in conf files.
XSendfile aka X-Accel-Redirect
Setting Moodle and Nginx to use XSendfile functionality is a big win as it frees PHP from delivering files allowing Nginx to do what it does best, i.e. deliver files.
Enable xsendfile for Nginx in Moodles config.php, this is documented in the config-dist.php, a minimal configuration look like this,
$CFG->xsendfile = 'X-Accel-Redirect';
$CFG->xsendfilealiases = array(
'/dataroot/' => $CFG->dataroot
);
Accompany this with a matching 'location' block in your nginx server configuration.
location /dataroot/ {
internal;
alias <full_moodledata_path>; # ensure the path ends with /
}
The definition of 'internal' here is critical as it prevents client access to your dataroot.
See also
- Real PATH_INFO support:
- [Deprecated] Internal rewriting to the HTTP GET file parameter:
