Topics

Devops And Release Engineering

Devops and Release Engineering's Topics

Arash Sanieyan

Arash Sanieyan

June 14 2011

Our NGINX Configuration

Here's a snippet for our nginx configuration that does the SEF rewrite similar to .htaccess

server {

listen 80; server_name www.anahitapolis.com;

access_log /var/log/nginx/anahitapolis.com-access.log; error_log /var/log/nginx/anahitapolis.com-error.log;

large_client_header_buffers 4 8k; # prevent some 400 errors

root /var/www/anahitapolis.com; index index.php index.html; fastcgi_index index.php;

client_max_body_size 40m;

if ( !-e $request_filename ) { rewrite (/|\.json|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ /index.php last; break; }

location ~ /logs/* { deny all; break; }

#Static Files location ~ \.(jpg|jpeg|gif|css|png|js|ico)$ { access_log off; expires modified 30d; }

# PHP location ~ \.php { include /etc/nginx/fastcgi_params; keepalive_timeout 0; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass 127.0.0.1:9000; } }

Very cool! Thank you!
Andy Nash
Andy Nash
June 15 2011 Permalink
Awesome thanks for posting that Arash! It so far seems to have fixed my problem too (though its not stable - hoping it is caching issues though) - the only slight drawback with it is that currently it does not do the rewrite within a location context which prevents Anahita co-existing with other 'front-end controller' web applications within the same document root. Not a problem for me right now though.

You could put it within a location context if Anahita was in a sub-folder, but then because it uses if, we come up against the 'if is evil' problem: http://wiki.nginx.org/IfIsEvil

I tried using try_files instead of if, but it seemed to break things, so I'll leave it for now, but hopefully we'll get it to work that way as sooner or later someone is going to want to do that.

Some differences in mine that I will be keeping and others may be interested in are the following, but note that I am not an authority on this (I've just gleaned things by reading up on it), and your environment may differ, so this is not necessarily a 'better' way:

keepalive_timeout 0;I have 65, not 0, for performance reasons, and it is in my /etc/nginx/nginx.conf as it is good for all sites.

I have the following to ensure photo uploads work - I didn't want to disable these security in php.ini as they exist for a reason. I may try and move these into a location, so that they are only set when absolutely needed:
fastcgi_param PHP_VALUE "session.cookie_httponly=offnsession.use_only_cookies=offnsuhosin.session.encrypt=offnsuhosin.session.cryptua=offnsuhosin.simulation=on";
[Replace the 'n's with backslash n in the above]

include /etc/nginx/fastcgi_params;can be written as a relative link as nginx usually starts looking in /etc/nginx:include fastcgi_params;

Also, as I run HTTPS too I have a second identical virtual host for that, and as well as the relevant SSL stuff, I have this in the PHP section for the SSL virtual host:
fastcgi_param HTTPS on;
Aleks Blumentals
Aleks Blumentals
December 30 2011 Permalink
Andy, could I ask you to share the SSL stuff - I am confused about it
Arash Sanieyan
Arash Sanieyan
December 31 2011 Permalink
Hi Alkes,

Does this help ?


ssl_certificate /path/to/certificate;
ssl_certificate_key /path/to/certificate/key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!MD5;

server {

listen 443;
ssl on;
server_name your.server.name;

access_log /path/to/access/log
error_log /path/to/error/log

large_client_header_buffers 4 8k; # prevent some 400 errors

root /path/to/anahita/
index index.php index.html;
fastcgi_index index.php;

if ( !-e $request_filename ) {
rewrite (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ /index.php last;
break;
}

location ~ /logs/* {
deny all;
break;
}

# PHP
location ~ \.php {

include /etc/nginx/fastcgi_params;
keepalive_timeout 0;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
fastcgi_pass 127.0.0.1:9000;
}
}
Aleks Blumentals
Aleks Blumentals
December 31 2011 Permalink
I will try ;-) and report back

May be you have some clues

1) Anahita Bazahr - is not allowing updates - seems as if I am recognised but I get "Install path does not exist" messages ... is this related to any specfic server settings? functions I must implement
Aleks, you may want to review your ownership permissions, chances are you are not able to write to the parent directory path
Umesh
Umesh
March 05 2012 Permalink
Hi Arash,

How did you manage to get a clean URL without index.php?

I'm getting /community/index.php/component/pages/page/40?alias=my test page

whereas anahitapolis.com gets a nice and clean URL as

/component/pages/page/56580?alias=february-2012-hangout-schedule 

Could you please point me to specific nginx configuration entries?

Powered by Anahita