Nginx with PHP-fpm


#1

I ran into some trouble with Nginx and PHP-fpm. I saw some posts about it, but none of them were really helpful. I was getting 404’s from the setup and various other issues when I tried to work around that. So I figure I’d share my config and solutions with everyone. The key was translating the Apache rewrite rules to Nginx rewrite rules.

server {
    listen       80;
    server_name  domain.tld;
    server_name  www.domain.tld;
    rewrite      ^ https://$server_name$request_uri? permanent;
}

server {
    listen       443 ssl;
    server_name  domain.tld;
    server_name  www.domain.tld;

    root /var/www/sales;

    index index.php index.html index.htm;

    # NGINX conversion of the Apache rewrite rules
    if (!-e $request_filename){
            rewrite ^(.*)$ /index.php break;
    }
    location /setup {
            rewrite ^(.*)$ https://domain.tld/ redirect;
    }

    location ~ .php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
    }
}

Install on ngix
Error 404 on site.com/invoice/setup
#2

I am no nginx expert but i have it running on my server and it works well. :slight_smile: So maybe my config can help you. The italic one is only some security stuff so it is not essential for you:

server {
        listen 443 ssl;
        server_name debiantest;
        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;
        root /usr/share/nginx/www;
        index index.html index.htm index.php;
        _add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";_
_add_header X-Frame-Options "SAMEORIGIN";_
_add_header X-XSS-Protection "1; mode=block";_

_ssl_certificate /usr/ssl/zertifikat-pub.pem;_
_ssl_certificate_key /usr/ssl/zertifikat-key.pem;_

_ ssl_session_cache shared:SSL:1m;_
_ssl_session_timeout 5m;_

_ssl_protocols TLSv1.1 TLSv1.2;_
_ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK';
     location ~ \.php$ {_
			try_files $uri =404;
			fastcgi_split_path_info ^(.+\.php)(/.+)$;
			fastcgi_pass unix:/var/run/php5-fpm.sock;
			fastcgi_index index.php;
			include fastcgi_params;
     }

     location ~ /\.ht {
         deny all;
     }

 #invoiceplane
 location /invoice {

   rewrite  /setup https://$host:$server_port/invoice break;

       location  ~ /(conf|config|cache).* {
       deny all;
       return 404;

     }
   try_files $uri/ $uri /invoice/index.php$is_args$args;

 }
        _ssl_prefer_server_ciphers on;_
_        ssl_dhparam /usr/ssl/dhparams.pem;_

}