Fellow developers have been on at me for the last couple of years to ditch Apache and move to nginx. If you know what nginx is then you know why, if not let’s have a quick look at what nginx is.
Nginx (pronounced engine-x) is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Igor Sysoevstarted development of Nginx in 2002, with the first public release in 2004. Nginx now hosts nearly 12.18% (22.2M) of active sites across all domains. Nginx is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption.Nginx Official Website
Now I’m not going to go into why nginx may or may not perform better than Apache, today I’m simply going to talk you through setting up a fresh CentOS 6 installation with a LEMP (Linux, nginx, MySQL and PHP) stack.
sudo to the start of your commands.CentOS and Repositories
Let’s start with a clean install of CentOS with nothing installed. We’re going to make it easy by installing everything via Yum, however CentOS’s package support is a bit crap so we need to add a couple of extra repos:
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
Installing MySQL
Now we need to install MySQL. This is fairly simple:
yum install mysql mysql-server
Once the download and install is complete we start MySQL and ensure it starts on system boot up:
chkconfig --levels 235 mysqld on service mysqld start
We also need to do some basic configuration which can be done easily using the mysql_secure_installation command. You will be prompted for your current password, as we’ve only just installed MySQL you can leave this blank.
Enter current password for root (enter for none): OK, successfully used password, moving on...
CentOS automates the configuration process quite nicely, you’ll need to set a root password followed by a series of questions, most of which you can leave as the default answer. This does things like remove anonymous access and test tables etc. Once complete it will reload and implement all the changes. Simple.
By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MySQL installation should now be secure. Thanks for using MySQL!
Installing nginx
Yum makes installing nginx nice and easy (now we have the right repos setup!):
yum install nginx
As with MySQL we need to start nginx and make sure it starts on system boot.
chkconfig --levels 235 nginx on service nginx start
Now we can test to see if it has works by simply going to our IP or hostname in a browser. You should see the following.
Installing PHP
We’re going to be using PHP-FPM which we can install from the REMI repo we added earlier. Our yum install script is a little different as we need to tell yum to use the REMI repo.
yum --enablerepo=remi install php-fpm php-mysql ..... ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: php-fpm x86_64 5.4.14-1.el6.remi remi 1.3 M php-mysql x86_64 5.4.14-1.el6.remi remi 134 k Installing for dependencies: compat-mysql51 x86_64 5.1.54-1.el6.remi remi 1.4 M php-common x86_64 5.4.14-1.el6.remi remi 892 k php-pdo x86_64 5.4.14-1.el6.remi remi 117 k Updating for dependencies: mysql-libs x86_64 5.5.31-1.el6.remi remi 774 k Transaction Summary ================================================================================ Install 5 Package(s) Upgrade 1 Package(s) Total download size: 4.6 M Is this ok [y/N]:
Configuring PHP
We need to make a small change to our default PHP config to tighten up the security a little. So open up your php.ini in your favourite code editor:
nano /etc/php.ini
Find the line, cgi.fix_pathinfo=1, and change the 1 to 0.
cgi.fix_pathinfo=0
When set to 1 the php interpreter will try to process the file that is as close to the requested file as possible. This could lead to possible PHP exploits, when set to 0 the interpreter will only process the exact file path. Save your changes and exit.
Configuring nginx
We need to alter a couple of things in our nginx configuration, open up the default config file in your favourite editor:
nano /etc/nginx/nginx.conf
We want to increase the number of worker_processes. With nginx the maximum number of clients = worker_processes * worker_connections so a basic config can handle nearly a thousand concurrent connections. However a good tweak is to increase your number of worker_processes based on the number of processor cores you have. Increase the number of worker processes to match how many CPU cores you have, you can check how many cores you have with the following command:
cat /proc/cpuinfo | grep processor processor : 0 processor : 1 processor : 2 processor : 3
So in my case:
worker_processes 4;
We also want to modify the user that nginx or PHP-FPM run as. These need to be the same user so you have 2 choices:
nano /etc/php-fpm.d/www.conf
Then find the user and group settings and change them from apache to nginx:
; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. ; RPM: apache Choosed to be able to access some dir as httpd user = nginx ; RPM: Keep a group allowed to write in log dir. group = nginx
Alternatively we can change the user nginx runs as to match the PHP-FPM default config. Open up the nginx confif file we edited earlier and edit the user found right at the top of the file:
user apache;
Finally we need to configure our nginx virtual hosts. This is much simpler to configure than Apache. Take a look at the config below, it is slightly different to our default config, but I’ll explain the changes below:
#
# The default server
#
server {
listen 80;
server_name mydomain.com;
location / {
root /usr/share/nginx/html;
index index.php index.html index.htm;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
So what did we change?
- We added index.php to the index line.
- Change the server_name to your domain name or IP address (replace the mydomain.com in the configuration above)
- Change the root to
/usr/share/nginx/html;This of course can be whatever you like. - Uncomment the section beginning with
"location ~ \.php$ {" - Change the root to access the actual document root,
/usr/share/nginx/html;This should match the root above. - Change the fastcgi_param line to help the PHP interpreter find the PHP script that we stored in the document root home.
Once you’ve made your change save and exit. Then all we need to do is restart PHP-FPM to make the changes take effect:
service php-fpm restart
Testing
Our basic configuration is complete! Let’s test to make sure it is all working. Create a new file:
nano /usr/share/nginx/html/test.php
Then add the following line:
<?php phpinfo();
If you now browse to your hostname or IP address you should now see the PHP Info page! How easy was that?
This should get you up and running, have a play and you will find loads more you can do. Also check out this article on great nginx and PHP-FPM config tips and tweaks!