Nginx is quickly overtaking Apache as the favorite web server. For web apps built in languages like Rails and Python it’s virtually ubiquitous, but it’s a bit slower to catch on in the PHP world. Part of the reason for that is how easily PHP and Apache go together. However, PHP and Nginx can cooperate nearly as easily, and with the release of PHP 7, combining the two can be a fairly speedy option.
The Packages
First thing’s first. Update Ubuntu and get the the Nginx and PHP packages.
# sudo apt-get update && sudo apt-get -y upgrade # sudo apt-get -y install nginx php7.0 php7.0-fpm
When the installation is finished, the packages should all be in place, and actually running. To make sure that this is the case, you can check that both Nginx and the PHP-FPM services are running in Systemd.
# sudo systemctl status nginx # sudo systemctl status php7.0-fpm
If Systemd confirms that both services are running, the server should actually be up, and you should be able to see the default Nginx welcome page by navigating to localhost
in the browser.
Configuration
Of course, that isn’t anywhere near ready to actually host anything. There is some configuration needed to point Nginx at some actual content and improve security. The root directory for Nginx configuration files is located at /etc/nginx
. Thankfully, there are already defaults there from Ubuntu that make the configuration process much easier.
Nginx.conf
The main configuration file for Nginx is nginx.conf
. Open it in the text editor of your choosing. It will require root permissions, so a text-based editor like Vim will probably be best. The default configuration is mostly alright. There are obviously things that can be done to improve the system speed and security, but most of that is beyond the scope of this basic tutorial. If you want to improve performance, the commented Gzip options will help with compression and can speed things up. On the security side, adding the following three lines will help to prevent malicious activity.
add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block";
Site Configuration
Once the lines are added, save and exit. There are two folders in the Nginx root, sites-available
and sites-enabled
. sites-available
stores site configurations. sites-enabled
contains symlinks to the configuration files in sites-available
. This way, enabling and disabling sites is as simple as creating and removing symlinks.
Using your text editor, create a file at /etc/nginx/sites-available/yoursite
. This file will contain any site-specific configuration for your new PHP 7 website. The following example contains a breakdown in the comments of what each line does. It’s a fairly basic configuration, but it will get the job done.
server { #Nginx should listen on port 80 for requests to yoursite.com listen 80; server_name yoursite.com; #Create access and error logs in /var/log/nginx access_log /var/log/nginx/yoursite.access_log main; error_log /var/log/nginx/yoursite.error_log info; #Nginx should look in /var/www/yoursite for your website root /var/www/yoursite/; #The homepage of your website is a file called index.php index index.php; #Specifies that Nginx is looking for .php files location ~ \.php$ { #If a file isn’t found, 404 try_files $uri =404; #Include Nginx’s fastcgi configuration include /etc/nginx/fastcgi.conf; #Look for the FastCGI Process Manager at this location fastcgi_pass unix:/run/php/php7.0-fpm.sock; } }
When you have that file created, save it and move into the sites-enabled
directory. From there, create the symlink back to file you just created.
# cd /etc/nginx/sites-enabled # sudo ln -s /etc/nginx/sites-available/yoursite
PHP.ini Security
Security is a moving target, and it is impossible to stay ahead of every possible threat, but it is always a good idea to lock down any new server installation as much as possible. There are a few simple tweaks that can be made to the php.ini
configuration file that will help to secure PHP. With your text editor, open up /etc/php/7.0/fpm/php.ini
. This is a huge file. Again, Vim or something with a search function is probably best.
First find disable_functions
and add phpinfo,system,mail,exec
to the end of the string of functions that are already there. Then find file_uploads
and set it to Off
. Next, find sql.safe_mode
and switch it On
. Last, find allow_url_fopen
and set it to Off
. Before closing out the file, add one more line to the end.
register_globals = Off
When that’s all done, save and close. Restart the server and it should be ready to go.
# sudo systemctl restart php7.0-fpm # sudo systemctl restart nginx
Where To Go Next
As it sits, the Ubuntu server should be able to run most PHP websites. Any PHP files placed in the /var/www/yoursite
will be run by the server. It will look for the index.php
file first and the website can branch out form there. Of course, there is a lot more that can be done to configure PHP and Nginx for speed, security, and just about any special case situation, but now you have a strong starting point.