< All Docs

Install and configure Nginx and PHP-FastCGI in Ubuntu 16.04

Create a Microhost account to try this guide with a $50 credit.

Table of Content

Nginx is a lightweight, fast server built to manage both low- and high-traffic website requirements efficiently. While it is widely used for serving static content, it is also able to handle dynamic pages. This guide will assist you with the installation and execution of Nginx on your Ubuntu 16.04 Cloud server via FastCGI.

Before You Begin

Please enter the following commands in your cloud server to check your hostname:

hostname
hostname -f

The first command shows your brief hostname, and the second shows your full FQDN.

Update your system:

sudo apt-get update && sudo apt-get upgrade

Install Nginx, PHP for Processing, and Required Packages

Set up Nginx, PHP and required packages for processing

sudo apt-get install nginx php7.0-cli php7.0-cgi php7.0-fpm

Configure Nginx Virtual Hosting and the PHP Processor

The abc.com domain is used as a reference website in this guide. In the next configuration stage, remove your own FQDN or IP.

To define virtual hosts based on the names, Nginx uses server directives. These server blocks are named by Nginx. All domain blocks in site files stored in /etc/nginx/sites-available are included in domain directives. When turned on, they are included by default in the key nginx setup.

1. Nginx provides a template-based sample setup. Enter a command and replace abc.com with your domain to build a new, simple server block configuration file:

tail /etc/nginx/sites-available/default -n 13 | cut -c 2- | sudo tee /etc/nginx/sites-available/abc.com 1> /dev/null

The above command reads the server block example found in the default website file's last 13 lines, cuts out the # comments symbols, and output the result in a new site file. No visual performance is required for added protection.

Conversely, the /etc/nginx/sites-available/default last section may be copied to the new /etc/nginx/sites-available/abc.com file. The # must be inserted manually in front of the corresponding row.

2. Now in the Nginx virtual host configuration you will have the following server table. Substitute all abc.com instances with your domain, change the root path, and add position location ~ \.php$  .

/etc/nginx/sites-available/abc.com

server {
listen 80;
listen [::]:80;

server_name abc.com;

root   /var/www/html/abc.com/public_html;
index  index.html index.php;

location / {
    try_files $uri $uri/ =404;
}
location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        include fastcgi_params;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        fastcgi_param SCRIPT_FILENAME /var/www/html/abc.com/public_html$fastcgi_script_name;
}

}

3. Build this configuration root directory, substituting abc.com with your domain name

sudo mkdir -p /var/www/html/abc.com/public_html

4. Enable the domain, disable your host and restart the web server:

sudo ln -s /etc/nginx/sites-available/abc.com /etc/nginx/sites-enabled
sudo rm /etc/nginx/sites-enabled/default
sudo systemctl restart php7.0-fpm nginx

Simply remove the symbolic link to disable a site:

sudo rm /etc/nginx/sites-enabled/abc.com
sudo systemctl restart nginx

The source file is saved, and a symbolic link can be used to reactivate the site at any time.

If you are using nginx, build multiple virtual host files using the above process.

In /etc/nginx/nginx.conf, you might want to change the http block, which applies to any site and provides the following options, amongst others:

  • Using server tokens to cover HTTP header information
  • Set up settings for SSL / TLS
  • Customize paths for log file

Important Security Considerations

If you plan to run applications that support upload files (for example, images), the above settings will put you at risk for security by enabling the execution of arbitrary code. In short, a properly designed URI ending in ".php" will cause the image to be processed as a PHP, along with a malicious image file containing actually a legitimate PHP image.

You may like to update your configuration to include a test files directive, as shown in this extract, to alleviate this problem:

/etc/nginx/sites-available/abc.com

location ~ .php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/abc.com/public_html/$fastcgi_script_name;
}

In addition, it is a good idea to ensure that your applications can use any upload folders. A securing /images  directory is shown in the following configuration exception:

/etc/nginx/sites-available/abc.com

location ~ .php$ {
include /etc/nginx/fastcgi_params;
if ($uri !~ "^/images/") {
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/abc.com/public_html/$fastcgi_script_name;
}

Test PHP with FastCGI

Build a hello.php file with the following contents in the public_html directory of your site:

/var/www/html/abc.com/public_html/hello.php

The regular "PHP data" output is displayed when you visit http://www.abc.com/hello.php  in the browser.

Congratulations, for using dynamic content PHP-FastCGI, you built the Nginx web server!

Previous How to install WordPress with LEMP on CentOS server
Next Install SSL on Ubuntu server using Nginx
Table of Contents