Nginx with PHP-fpm

jwiltse · May 9, 2016, 1:06am

I ran into some trouble with Nginx and PHP-fpm. I saw some posts about it, but none of them were really helpful. I was getting 404’s from the setup and various other issues when I tried to work around that. So I figure I’d share my config and solutions with everyone. The key was translating the Apache rewrite rules to Nginx rewrite rules.

server {
    listen       80;
    server_name  domain.tld;
    server_name  www.domain.tld;
    rewrite      ^ https://$server_name$request_uri? permanent;
}

server {
    listen       443 ssl;
    server_name  domain.tld;
    server_name  www.domain.tld;

    root /var/www/sales;

    index index.php index.html index.htm;

    # NGINX conversion of the Apache rewrite rules
    if (!-e $request_filename){
            rewrite ^(.*)$ /index.php break;
    }
    location /setup {
            rewrite ^(.*)$ https://domain.tld/ redirect;
    }

    location ~ .php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
    }
}

IT-Support · May 9, 2016, 8:29pm

I am no nginx expert but i have it running on my server and it works well. So maybe my config can help you. The italic one is only some security stuff so it is not essential for you:

server {
        listen 443 ssl;
        server_name debiantest;
        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;
        root /usr/share/nginx/www;
        index index.html index.htm index.php;
        _add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";_
_add_header X-Frame-Options "SAMEORIGIN";_
_add_header X-XSS-Protection "1; mode=block";_

_ssl_certificate /usr/ssl/zertifikat-pub.pem;_
_ssl_certificate_key /usr/ssl/zertifikat-key.pem;_

_ ssl_session_cache shared:SSL:1m;_
_ssl_session_timeout 5m;_

_ssl_protocols TLSv1.1 TLSv1.2;_
_ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK';
     location ~ \.php$ {_
			try_files $uri =404;
			fastcgi_split_path_info ^(.+\.php)(/.+)$;
			fastcgi_pass unix:/var/run/php5-fpm.sock;
			fastcgi_index index.php;
			include fastcgi_params;
     }

     location ~ /\.ht {
         deny all;
     }

 #invoiceplane
 location /invoice {

   rewrite  /setup https://$host:$server_port/invoice break;

       location  ~ /(conf|config|cache).* {
       deny all;
       return 404;

     }
   try_files $uri/ $uri /invoice/index.php$is_args$args;

 }
        _ssl_prefer_server_ciphers on;_
_        ssl_dhparam /usr/ssl/dhparams.pem;_

}