How to use Nginx for php

What nginx is

Apache has been famous web server software so far. But Apache has some problems when there is big traffic. Nginx is another famous server software and that is more popular recently. Nginx might have better performance when there is big traffic.

Prerequisite

• CentOS 7
• If you want to use a virtual machine to make virtual CentOS 7, see here.
• You don't need to install Apache (httpd) if you use only Nginx.

Install PHP

Supposing we are using CentOS 7. Enable IUS repository.

$ cd ~
$ curl 'https://setup.ius.io/' -o setup-ius.sh
$ sudo bash setup-ius.sh

And install PHP7.2.

$ sudo yum remove php-cli mod_php php-common php-fpm 
$ sudo yum -y install php72u-fpm-nginx mod_php72u php72u-cli php72u php72u-mysqlnd php72u-gd php72u-mbstring php72u-opcache php72u-xml php72u-pecl-xdebug php72u-pdo php72u-devel php72u-json

Install Nginx

Add epel repository (for CentOS7). Run this command:

$ sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Then install nginx.

$ sudo yum install nginx

Start and enable nginx and php-fpm.

$ sudo systemctl start nginx
$ sudo systemctl enable nginx
$ sudo systemctl restart php-fpm
$ sudo systemctl enable php-fpm

Configuration

Run this command to edit php-fpm configuration.

$ sudo vi /etc/php-fpm.d/www.conf

Look for the block containing "listen = 127.0.0.1:9000" and make it comment. And, instead, uncomment "listen = /run/php-fpm/www.sock". 

Then look for the block containing "listen.acl_users" and uncomment "listen.acl_users = nginx". Then save and close it. 

Now we will make Nginx use socket.

$ sudo vi /etc/nginx/conf.d/php-fpm.conf

Then make "server 127.0.0.1:9000;" comment and uncomment "server unix:/run/php-fpm/www.sock;". 

We will configurate Nginx conf file. Open it this way:

$ sudo vi /etc/nginx/conf.d/default.conf

Write something like this in the conf file:

server {
    listen 80;
    # document root
    root /laravel-coreui/src/public;
    index index.php index.html index.htm;
    charset utf-8;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";


    location / {
        try_files $uri $uri/ /index.php?$is_args$args;
    }
    
    location ~* \.(?:css|js|map|jpe?g|png|gif|ico|js|woff|woff2|ttf)$ { }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php-fpm;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }

}

Save and close it.

Restart php-fpm and nginx.

$ sudo systemctl restart php-fpm
$ sudo systemctl restart nginx

Symbolic link

We will make "Symbolic link" because it is useful. If we make symbolic link from /vagrant to /var/www/html, everything inside the share folder (/vagrant) is instantly copied to the Apache folder (/var/www/html) so that anything updated in the share folder is also instantly updated in the Apache folder too.

(You can also define another sync folder in the Vagrantfile to sync between the folder in the host and the httpd folder in the guest. I am lazy, so I just use this symlink.)

Do these commands:

$ sudo rm -rf /usr/share/nginx/html
$ sudo ln -fs /vagrant /usr/share/nginx/html

We will check if symbolic link is correctly created. Make a test.txt in the sync folder and run this in the virtual machine:

$ ls /usr/share/nginx/html

If all the files are synced, you made it successfully. If not, something is wrong.

When everything is ok, create 50x.html in the folder "/vagrant" because the file was deleted when I created the symlink instead of the actual folder "/usr/share/nginx/html".

And we will install vim (an editor) which would be useful to edit files:

$ sudo yum install vim-enhanced

SELinux

SELinux interrupts Apache for security reasons. You can authorize the Apache to work:

$ sudo yum -y install policycoreutils-python
$ sudo semanage permissive -a httpd_t

But I think it is better to disable SELinux permanently.

$ sudo setenforce 0

And open the "/etc/selinux/config" file and set the SELinux to disabled:

$ sudo vi /etc/selinux/config

And change it like this:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.

SELINUX=disabled #Change HERE!!!!!

# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Check if Nginx is working

Write as follows in .txt file and save it as "index.php".

<?php
phpinfo();

If you have synced /vagrant and /usr/share/nginx/html, just simply put this index.php in the shared folder. If not, save this file in /usr/share/nginx/html.

Then check 192.168.33.10 from a browser. If this is displayed, nginx is working. 

References

• (External link)[Digital ocean] How To Upgrade to PHP 7 on CentOS 7