How Can We Help?
< All Docs
Print

Nginx and PHP-FastCGI in Arch Linux

Table of Content

The Nginx web server has been created to handle low and high traffic requirements efficiently. While often used for the production of static content, it is also able to manage dynamic pages. This guide helps you to upload nginx to your Linux-powered Cloud server with PHP and FastCGI.

Set the Hostname

Please be sure you have followed our instructions for setting your hostname before you start installing and configuring the components described in this guide. Make sure it is correctly set with the following commands:

hostname
hostname -f

You should display a short name in the first command and your fully qualified  (FQDN) domain name in the second.

Install Software

Make the following commands, including the Nginx web server, PHP and compiler tools, to update your system:

pacman -Sy
pacman -S pacman
pacman -S sudo base-devel php-cgi spawn-fcgi nginx
cd /opt
wget http://aur.archlinux.org/packages/spawn-fcgi-php/spawn-fcgi-php.tar.gz
tar -zxvf spawn-fcgi-php.tar.gz
cd /opt/spawn-fcgi-php
makepkg --asroot
pacman -U spawn-fcgi-php.pkg.

Edit the /etc/rc.conf file, adding “nginx” and “spawn-fcgi-php” to the “DEAMONS=” line as shown in the below excerpt:

/etc/rc.conf

DAEMONS=(syslog-ng network netfs crond sshd ntpd nginx spawn-fcgi-php)

You have created spawn-fcgi-php from a source, so that you can recompile a page from the spawn-fcgi-php package when updates are available. you can also check your Arch User Repository page (AUR).

Issue the below command to start the PHP FastCGI process:

/etc/rc.d/spawn-fcgi-php start

spawn-fcgi-php  launches four child php-cgi  processes in its default configuration. Test the normal load configuration. You can change this value by editing the PHP FCGI CHILDREN value in the /etc/conf.d/spawn-fcgi-php.conf  file if you are aware that you would want to modify the child processes which will be spawned.

Configure Virtual Hosting

Create web content directories and logs by placing the commands that follow. Please ensure that you substitute your domain name for "abc.com."

mkdir -p /srv/http/abc.com/public_html
mkdir /srv/http/abc.com/logs

Issued to create nginx virtual host directories the following commands:

mkdir /etc/nginx/conf/sites-available
mkdir /etc/nginx/conf/sites-enabled

Specify the virtual host file of your website:

/etc/nginx/sites-available/www.abc.com

server {
server_name www.abc.com abc.com;
access_log /srv/http/abc.com/logs/access.log;
error_log /srv/http/abc.com/logs/error.log;
root /srv/http/abc.com/public_html;

location / {
    index index.html index.htm index.php;
}

location ~ \.php$ {
    include /etc/nginx/fastcgi_params;
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME /srv/http/abc.com/public_html$fastcgi_script_name;
}

}

Important security note: If you plan on running file uploading applications (e.g., images), the above settings may put you at risk by allowing arbitrary code execution. The short explanation is that a correctly crafted URI ending in ".php" can cause the image to be processed as PHP, combined with a malicious image file which actually has valid PHP. You may want to check information on the Neal Poole blog for further information on this behaviour.

You may want to change your settings to include an attempt files directive to alleviate this issue. Please note: this fix needs to reside on the same server for nginx and the php-fcgi workers.

/etc/nginx/sites-available/www.abc.com

location ~ .php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /srv/http/abc.com/public_html$fastcgi_script_name;
}

It's also good to ensure that your applications are secured by any upload directories. A "/Images" directory is secured in the following configuration excerpt.

/etc/nginx/sites-available/www.abc.com

location ~ .php$ {
include /etc/nginx/fastcgi_params;
if ($uri !~ "^/images/") {
fastcgi_pass 127.0.0.1:9000;
}
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /srv/http/abc.com/public_html$fastcgi_script_name;
}

After reviewing your security configuration, issue the following commands to allow the website:

cd /etc/nginx/conf/sites-enabled/
ln -s /etc/nginx/conf/sites-available/www.abc.com

/etc/nginx/conf/nginx.conf

http {

include /etc/nginx/conf/sites-enabled/*;

Run Nginx start command as follows:

/etc/rc.d/nginx start

Test PHP with FastCGI

In the public html directory of your site, create a file called "test.php" with the following content:

/srv/http/abc.com/public_html/test.php

The standard "PHP info" output is displayed when you visit http://www.abc.com/test.php  in your browser. Feel free to have the web server Nginx configured for dynamic content to use PHP-FastCGI!

Table of Contents