Note: You are currently viewing documentation for Moodle 3.4. Up-to-date documentation for the latest stable version of Moodle is likely available here: Nginx.

Nginx: Difference between revisions

From MoodleDocs
Main pageInstallationNginx
Installation
m (→‎See also: Updated the 'See also' section according to the recent change about using a plain PATH_INFO support w/o relying on an internal rewrite to HTTP GET file)
No edit summary
 
(14 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{Installing Moodle}}[[Nginx]] [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. The nginx project started with a strong focus on high concurrency, high performance and low memory usage. It is licensed under the 2-clause BSD-like license and it runs on Linux, BSD variants, Mac OS X, Solaris, AIX, HP-UX, as well as on other *nix flavors. It also has a proof of concept port for Microsoft Windows.
{{Installing Moodle}}[[Nginx]] [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. The nginx project started with a strong focus on high concurrency, high performance and low memory usage. It is licensed under the 2-clause BSD-like license and it runs on Linux, BSD variants, Mac OS X, Solaris, AIX, HP-UX, as well as on other *nix flavours. It also has a proof of concept port for Microsoft Windows.


''The following is community-contributed documentation on Nginx configuration. Amendmends and additions are welcome.''
''The following is community-contributed documentation on Nginx configuration. Amendments and additions are welcome.''


== Nginx configuration ==
== Nginx configuration ==
Line 9: Line 9:
Nginx is usually configured to interface with PHP via [http://php.net/manual/en/install.fpm.php php-fpm]. This is both fast and robust.
Nginx is usually configured to interface with PHP via [http://php.net/manual/en/install.fpm.php php-fpm]. This is both fast and robust.


==== php.ini ====
PHP-FPM's default behaviour for pools is usually to restrict the execution of scripts to a specific extension, i.e. .php. You should ensure that this behaviour is configured within your particular package/distribution, e.g. for debian,
Typically the php-fpm daemon with have it's own php.ini e.g. in debian it is /etc/php5/fpm/php.ini. The following setting is required,


'''php.ini'''
'''/etc/php5/fpm/pool.d/www.conf'''
<pre>
security.limit_extensions = .php
cgi.fix_pathinfo=0
</pre>


=== Nginx ===
=== Nginx ===


==== fcig_params ====
Add the following 'slash arguments' to compatible 'location' block on your vhosts 'server' in your nginx configuration (further explanation at '[[Using slash arguments]]').
The standard [http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_param fastcgi_params] file included in Nginx is not compatible with moodle; save a new fastcgi_params file with the following parameters,
 
In /etc/nginx/nginx.conf or /etc/nginx/conf.d/yourfilexyz.conf file
<pre>
<pre>
fastcgi_param QUERY_STRING $query_string;
location ~ [^/]\.php(/|$) {
fastcgi_param REQUEST_METHOD $request_method;
    fastcgi_split_path_info  ^(.+\.php)(/.+)$;
fastcgi_param CONTENT_TYPE $content_type;
    fastcgi_index            index.php;
fastcgi_param CONTENT_LENGTH $content_length;
    fastcgi_pass            127.0.0.1:9000;
    include                  fastcgi_params;
    fastcgi_param   PATH_INFO      $fastcgi_path_info;
    fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
</pre>


fastcgi_param SCRIPT_NAME $fastcgi_script_name;
If using php-fpm socket in the location block above, then instead of
fastcgi_param REQUEST_URI $request_uri;
<pre>fastcgi_pass            127.0.0.1:9000;</pre>
fastcgi_param DOCUMENT_URI $document_uri;
something like (php version, socket location might vary)
fastcgi_param DOCUMENT_ROOT $document_root;
<pre>fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;</pre>
fastcgi_param SERVER_PROTOCOL $server_protocol;


fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;


fastcgi_param REMOTE_ADDR $remote_addr;
If you find that this does not work (scripts, styles, and images not loading) '''and''' that there are <code>open() "..." failed (20: Not a directory)</code> lines appearing in your logs, check whether there are any directives related to static content '''before''' this block and try moving them '''after''' this block. I.e. location block for php should be above other location blocks in conf files.
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;


# PHP only, required if PHP was built with --enable-force-cgi-redirect
==== XSendfile aka X-Accel-Redirect ====
fastcgi_param REDIRECT_STATUS 200;
</pre>


==== server configuration ====
Setting Moodle and Nginx to use XSendfile functionality is a big win as it frees PHP from delivering files allowing Nginx to do what it does best, i.e. deliver files.  
Add the following 'slash arguments' compatible (see [[Using slash arguments]]) 'location' block to your vhosts 'server' configuration in your nginx configuration.


'''nginx.conf location:'''
Enable xsendfile for Nginx in Moodles config.php, this is documented in the config-dist.php, a minimal configuration look like this,
<pre>
<pre>
location ~ [^/]\.php(/|$) {
$CFG->xsendfile = 'X-Accel-Redirect';
    # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
$CFG->xsendfilealiases = array(
    fastcgi_split_path_info  ^(.+\.php)(/.+)$;
    '/dataroot/' => $CFG->dataroot
     include                  fastcgi_params;
);
     fastcgi_index            index.php;
</pre>
    fastcgi_pass            127.0.0.1:9000;
Accompany this with a matching 'location' block in your nginx server configuration.
<pre>
location /dataroot/ {
     internal;
     alias &lt;full_moodledata_path&gt;; # ensure the path ends with /
}
}
</pre>
</pre>
The definition of 'internal' here is '''critical''' as it prevents client access to your dataroot.


== See also ==
== See also ==
Line 64: Line 62:
* Real <tt>PATH_INFO</tt> support:
* Real <tt>PATH_INFO</tt> support:
** https://moodle.org/mod/forum/discuss.php?d=278916
** https://moodle.org/mod/forum/discuss.php?d=278916
* Internal rewriting to the HTTP GET <tt>file</tt> parameter:
** https://moodle.org/mod/forum/discuss.php?d=307388
** https://docs.moodle.org/dev/Install_Moodle_On_Ubuntu_with_Nginx/PHP-fpm
* '''[Deprecated]''' Internal rewriting to the HTTP GET <tt>file</tt> parameter:
** https://moodle.org/mod/forum/discuss.php?d=83445
** https://moodle.org/mod/forum/discuss.php?d=83445


Latest revision as of 18:02, 11 April 2019

Nginx [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. The nginx project started with a strong focus on high concurrency, high performance and low memory usage. It is licensed under the 2-clause BSD-like license and it runs on Linux, BSD variants, Mac OS X, Solaris, AIX, HP-UX, as well as on other *nix flavours. It also has a proof of concept port for Microsoft Windows.

The following is community-contributed documentation on Nginx configuration. Amendments and additions are welcome.

Nginx configuration

PHP-FPM

Nginx is usually configured to interface with PHP via php-fpm. This is both fast and robust.

PHP-FPM's default behaviour for pools is usually to restrict the execution of scripts to a specific extension, i.e. .php. You should ensure that this behaviour is configured within your particular package/distribution, e.g. for debian,

/etc/php5/fpm/pool.d/www.conf 

security.limit_extensions = .php

Nginx

Add the following 'slash arguments' to compatible 'location' block on your vhosts 'server' in your nginx configuration (further explanation at 'Using slash arguments').

In /etc/nginx/nginx.conf or /etc/nginx/conf.d/yourfilexyz.conf file 

location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info  ^(.+\.php)(/.+)$;
    fastcgi_index            index.php;
    fastcgi_pass             127.0.0.1:9000;
    include                  fastcgi_params;
    fastcgi_param   PATH_INFO       $fastcgi_path_info;
    fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

If using php-fpm socket in the location block above, then instead of 

fastcgi_pass             127.0.0.1:9000;

something like (php version, socket location might vary) 

fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;


If you find that this does not work (scripts, styles, and images not loading) and that there are open() "..." failed (20: Not a directory) lines appearing in your logs, check whether there are any directives related to static content before this block and try moving them after this block. I.e. location block for php should be above other location blocks in conf files.

XSendfile aka X-Accel-Redirect

Setting Moodle and Nginx to use XSendfile functionality is a big win as it frees PHP from delivering files allowing Nginx to do what it does best, i.e. deliver files.

Enable xsendfile for Nginx in Moodles config.php, this is documented in the config-dist.php, a minimal configuration look like this, 

$CFG->xsendfile = 'X-Accel-Redirect';
$CFG->xsendfilealiases = array(
    '/dataroot/' => $CFG->dataroot
);

Accompany this with a matching 'location' block in your nginx server configuration. 

location /dataroot/ {
    internal;
    alias <full_moodledata_path>; # ensure the path ends with /
}

The definition of 'internal' here is critical as it prevents client access to your dataroot.

See also

Retrieved from "https://docs.moodle.org/34/en/index.php?title=Nginx&oldid=131165"
Powered by MediaWiki