nginx & php fpm - the webserver you might actually like - php usergroup berlin
DESCRIPTION
Slides from the talk given at the Berlin PHP Usergroup 2012.11.06TRANSCRIPT
NGINXTHE WEB SERVER YOU MIGHT ACTUALLY LIKE
ABOUT MESoftware EngineerPHP since 10 yearsCICleanCodeDevOpsTDDShippingBullet points
INSTEAD OF ME
LET'S GO
WHY ANOTHER WEBSERVER?
WHY NOT LIGHTTPD?
THE BASICSIntroMultiple Servers / DomainsStatic contentCachingSSLError pagesRewritesAuthLoad BalancingProxyPHP!Fancy PHP!
INTROsudo apt-get install nginx
/etc/nginx/nginx.conf/etc/nginx/conf.d/*.conf
NGINX CONF BASICS/etc/nginx/nginx.conf
user nginx;worker_processes 4;worker_cpu_affinity 0001 0010 0100 1000;
error_log /var/log/nginx/error.log warn;pid /var/run/nginx.pid;
events { worker_connections 1024;}
NGINX CONF BASICS/etc/nginx/nginx.conf
http { include /etc/nginx/mime.types; default_type application/octet-stream;
access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;}
SERVERS/etc/nginx/conf.d/mySite.conf/etc/nginx/sites-enabled/wallbash
server { server_name wallbash.com wallbash.de; listen 80; root /var/www/myApp/html/ // ...}
server { server_name _; listen 80; root /var/www/myOtherApp/html/}
STATIC CONTENT/etc/nginx/conf.d/anyConfig.conf
server { // ...
location / { }}
FANCY STATIC CONTENTInside Server Blocks
location ~ ̂\/(js|img|css|downloads)\/ {}
location ~ \.(js|css|png|gif|jpg|pdf)$ {}
CACHINGlocation ~ ̂\/(js|img|css)\/ { expires 14d;}
DENY ACCESS TO ALL .DOT-FILESInside Server Blocks
location ~ /\. { access_log off; log_not_found off; deny all;}
SSL
Or just
server { server_name _; listen 443; ssl on;}
server { listen 443 default_server ssl;}
SSL - CONFIGssl_certificate wildcard.crt;ssl_certificate_key wildcard.key;
ssl_session_timeout 5m;ssl_session_cache shared:SSL:10m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;ssl_ecdh_curve secp521r1;
ERROR PAGES
STARTUP BONUS:
error_page 500 501 502 503 504 /500.html;
location /500.html { internal;}
server { server_name *nextBigThing.io;
location /500 { return 500; }}
REWRITES
HTTPS ALL THE THINGS
OLDSCHOOL
server { server_name _; listen 80; rewrite ̂ https://$host$request_uri permanent;}
rewrite ̂/users/(.+)$ /show?user=$1? last;
AUTHlocation / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/myApp.htpasswd;}
LOAD BALANCINGupstream web_workers { server www1.example.com; server www2.example.com; server www3.example.com;}
LOAD BALANCING LEGACYupstream web_workers { ip_hash; server www1.example.com; server www2.example.com; server www3.example.com;}
PROXYlocation / { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_cache zone;
//Default: proxy_cache_key $scheme$proxy_host$uri$is_args$args;}
PHP!
PHP-FPM!?!FastCGI Process Manager
PROCESS MANAGEMENT FOR THE MASSESThink: "supervisord"; But without caring
sudo apt-get install php5-fpm
/etc/php5/fpm/php-fpm.conf
// Don't restart the webserver, restart php :)sudo service php5-fpm restart
FPM-CONFIG[myApp]listen = 9000;listen.allowed_clients = 127.0.0.1
user = phpgroup = php
request_terminate_timeout = 10
request_slowlog_timeout = 1slowlog = /var/log/php-fpm/myApp-slow.log
FPM-CONFIG - PROCESS MANAGEMENTpm = dynamicpm.max_children = 50pm.start_servers = 5pm.min_spare_servers = 5pm.max_spare_servers = 35
NGINX + PHPlocation / { fastcgi_pass 127.0.01.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root/index.php; include fastcgi_params;}
APPLICATION SERVERS!location / { fastcgi_pass anontherServer:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root/index.php; include fastcgi_params;}
SCALING!location / { fastcgi_pass workers; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root/index.php; include fastcgi_params;}
upstream workers { server App1:9000; server App2:9000; server 192.168.10.3:9000;}
THANK YOU
