Jump to content

ProcessWire on NGINX

jose

By jose,
in General Support

 Share

Recommended Posts

jose Jr. Member

jose

Posted
Posted

Hello Everyone,

Sorry that I have not been on the forums much of late.  As my development team moves to use ProcessWire as our main cms tool for clients.  We have needed to make sure that ProcessWire works on nginx platform.  We use both apache and nginx, we found as many already have that nginx is faster and easier to configure.  It scales well and when you really need speed it is a great solution.

Anyways with all that being said ProcessWire was surprisingly easy to configure for nginx and did not require adding or modifying any code. Using the same "try_files"  directives used for Wordpress and Dupral I was able to run it under nginx, here is a sample config:
 


upstream php {

        server unix:/tmp/php-cgi.socket;

        server 127.0.0.1:9000;

}


server

{

    listen      80;

    server_name  hostname;


    root  /websites/path/to/processwire;

    index index.php;


    try_files $uri $uri/ /index.php?it=$uri&$args;


    location ~ \.php$ {

        fastcgi_split_path_info ^(.+\.php)(/.+)$;

        include fastcgi.conf;

        fastcgi_intercept_errors on;

        fastcgi_pass php;

    }

}

There are a few things that still need to be done like protecting the wire and certain directories like assets but so far everything looks to be working correctly. 

If ProcessWire has a test suite, I could run it against this server to see if everything is functioning properly. I think that advertising the fact that ProcessWire works under nginx would greatly help to attract more eyes to the project(not that it isn't doing great already) and to give options to hosting and scalability. If you would like help working on this for official support of the platform, perhaps with adding detection algorithms to the install or anything else that is needed, I would be glad to help.  Anyways I hope someone finds this post useful.

  • Like 3
Link to comment
Share on other sites
ryan Hero Member

ryan

Posted
Posted

Jose,

Thanks so much for your efforts here. We would definitely appreciate your help in getting official nginx support for PW. I don't have experience with nginx, but your post makes me want to try it out. For starters, I will update our site next week to cross reference your info here so it'll be easy for others to find, and let me know what else I can do to provide better support for nginx. You'd mentioned the installer, but I'm not exactly sure what to detect--I think I need to get nginx installed on my dev server. I look forward to the next steps here.

Thanks!!

Ryan

Link to comment
Share on other sites
jose Jr. Member

jose

Posted
  • Author
Posted

Ryan,

I think that you will like nginx a whole lot.  It is light weight, easy to use, asynchronous, over all a great piece of software.  That's not to knock apache at all since we still use apache and it is rock solid.

If you want to play with it quickly I recommend a virtual machine, either hosted like on cloudserver by rackspace(just started using this service and so far I am happy with it) or fire up virtual box or vmware and install debian linux(squeeze).  With a basic install add the dotdeb repositories and install these packages

apt-get install nginx php5-mysql php5-fpm php5-gd postfix mysql-server

Install postfix as an internet site/with direct delivery and keep all defaults.

Once everything is installed you can edit and create the configuration files /etc/nginx/sites-available and sites-enabled directories.

A simple start of nginx server

/etc/init.d/nginx start

and your off and running.

There is a lot of great documentation out there this is just meant to peak your appetite for nginx.

As far as the install is concerned, the are 2 areas:

1)  .htaccess file is not supported under nginx the fact that its not there should not fire off an error (perhaps a warning) if we are not under apache.

2) rewrite module detection, again not needed for nginx, perhaps a warning instead of an error.  I am sure we can detect nginx with the simple $_SERVER['SERVER_SOFTWARE'] global. 

Other then that ProcessWire seems to install and work perfectly under nginx. I will be updating the rewrite rules for nginx to exclude the core folder from direct access when I get closer to deployment of 3 projects we are building with ProcessWire.

I would tend to agree that a more formal documentation would be better then relying on a forum, you never know what can happen to a forum.  I would be glad to help write formal configuration documentation as well as help write the detection code in the installer.  I am excited to see this project moving forward so well and hope to be a consistent contributer and community member.  Thanks again for all your efforts.

  • Like 1
Link to comment
Share on other sites
ryan Hero Member

ryan

Posted
Posted

Thanks for these instructions Jose, I will definitely have to give this a try sometime. I've been running on entry-level VPSs for a long time, and something that uses less resources than Apache could actually be very useful in this environment.

I would appreciate your help in writing the formal documentation for install under nginx and making the installer more nginx friendly. It sounds like what we should do is have the installer suppress a couple of it's error messages if it detects nginx as the server software. If you can send me the output of this from an nginx server sometime, this may help:

<?php print_r($_SERVER);

I think adding a page a formal documentation to the site would be great, so lets plan on that, and I'll definitely take you up on your offer to help write it.

I will be updating the rewrite rules for nginx to exclude the core folder from direct access when I get closer to deployment of 3 projects we are building with ProcessWire.

For security, there are actually quite a few things that you need to block access to. It's important that http access be blocked to all of these:

  • *.module
  • *.cache
  • /wire/core/*.php and *.inc
  • /wire/modules/*.php and *.inc (and all dirs below)
  • /site/modules/*.php and *.inc (and all dirs below)
  • /site/templates/*.php and *.inc (and all dirs below)
  • /site/templates-admin/*.php and *.inc
  • /wire/templates-admin/*.php and *.inc
  • /site/assets/*.php (and all dirs below)
  • /site/assets/cache/* everything
  • /site/assets/logs/* everything
  • /site/assets/sessions/* everything
  • /site/assets/backups/* everything
  • /site/assets/config/* everything
  • /site/assets/install/* everything
  • /site/install/* (and all dirs below)
  • /site/config.php

Lastly, the server should not pass the request to ProcessWire if the URL doesn't match this pattern:

-_.a-zA-Z0-9/

If the URL contains anything other than those characters (and ranges), the server should not send the request to PW. (excluding query strings, which aren't a consideration). Let me know if this is not possible in nginx for some reason, as it may still be okay since PW sanitizes this too. But this can really help with keeping out a lot of junk/bot/exploratory traffic.

Link to comment
Share on other sites
  • 3 months later...
ryan Hero Member

ryan

Posted
Posted

I haven't heard any more on it here. What environments are people using it in? Is this something used by any hosting providers, or just something one would use on their own dedicated server? Just wondering what might be the best way for me to get a test environment going sometime in the future.

Link to comment
Share on other sites
diogo Hero Member

diogo

Posted
Posted

I'm asking because I was reading some tutorials and advices for installing the server on Linode, and there are lots of people using nginx instead of apache. they advice it especially for vps plans with less ram. It also seems like a growing number of people are using it, might be worth to have a look.

The configuration for php applications doesn't look too complicated. here is an example for joomla http://docs.joomla.org/Nginx, and here you can find some more applications http://wiki.nginx.org/Configuration

and here is a primer http://blog.martinfjordvald.com/2010/07/nginx-primer/

Link to comment
Share on other sites
ryan Hero Member

ryan

Posted
Posted

Thanks those looks should be helpful, I will take a closer look soon. It sounded to me like Jose had things working well with nginx, though I never did hear back about the directories that needed to be blocked and rewrite rules that need to be maintained for security. I'm guessing that will be a relatively simple solution, but would want to make sure those issues are covered before running it.

Link to comment
Share on other sites
  • 7 months later...
recyclerobot Jr. Member

recyclerobot

Posted
Posted

Update: I now have PW running on nginx. It took a little longer than expected & I'll post more when I've investigated it further.

Hi Netcarver, I'm currently transferring some PW projects to a nginx server, can you give some more details about important steps to make this less painfull? :)

Link to comment
Share on other sites
netcarver Hero Member

netcarver

Posted
Posted

Hi recyclerobot,

I don't know if this will help but here's a quick rundown of what I did to get this working.

I setup a new Ubuntu 12.04 64-bit server in a fresh virtual machine & configured it as an SSH server with a static IP address (Actually, I just cloned one I'd prepared for something else). Then I followed this HowToForge tutorial about installing nginx + mysql + php-fpm. Only thing I did different to the linked tutorial was that I setup APC instead of Xcache.

Following that I installed vim-nox, git & phpmyadmin and then created a new DB and DB user for ProcessWire to use. I then did a git clone into /usr/share/nginx/www/pw and added an entry to /etc/hosts called "pw-nginx.test" and also setup this config file in /etc/nginx/sites-available/pw-nginx.test ...

server {
	listen 80;
	server_name pw-nginx.test;
	root /usr/share/nginx/www/pw;
	index index.php;
	try_files $uri /index.php?it=$uri&$args;
	location ~ \.php$ {
			fastcgi_split_path_info ^(.+\.php)(/.+)$;
			include fastcgi_params;
			fastcgi_index index.php;
			fastcgi_intercept_errors on;
			fastcgi_pass unix:/tmp/php5-fpm.sock;
	}
	location ~ /\.ht {
			deny all;
	}
}

That's about as bare bones as I could make it.

Next, I created a symlink to this file in /etc/nginx/sites-enabled, reloaded nginx and pointed my browser at pw-nginx.test (I had to add pw-nginx.test to /etc/hosts on my client box too) and I saw the ProcessWire installation page. You may need to fix any permission issues and definitely ignore the warning about .htaccess problems in order to install ProcessWire.

Well, to cut a long story short, ProcessWire installed fine and, as far as I can tell, the admin and public interfaces work correctly too.

But note this: This configuration is totally insecure. All the protected assets that Ryan posted about above (except for the .htaccess file) are accessible from publicly accessible URLs. As I'm new to nginx, I've not had time to lock down what I posted above.

All the above is from memory and I may have missed something. If something occurs to me, I'll update the above.

Anyway, hope that helps.

  • Like 2
Link to comment
Share on other sites
recyclerobot Jr. Member

recyclerobot

Posted
Posted 
server {
	listen 80;
	server_name pw-nginx.test;
	root /usr/share/nginx/www/pw;
	index index.php;
	try_files $uri /index.php?it=$uri&$args;
	location ~ \.php$ {
			fastcgi_split_path_info ^(.+\.php)(/.+)$;
			include fastcgi_params;
			fastcgi_index index.php;
			fastcgi_intercept_errors on;
			fastcgi_pass unix:/tmp/php5-fpm.sock;
	}
	location ~ /\.ht {
			deny all;
	}
}

That's about as bare bones as I could make it.

Hi Netcarver, thx so much for your help, managed to get it up and running, now testing a nginx in the cloud with assets on an amazon S3 and shared database, that should give me enough breathing room to let this baby grow :)

Link to comment
Share on other sites
  • 4 months later...
Miguel Newbie

Miguel

Posted
Posted

Hi, there

I run pw on nginx too, here you are my $0.02

When I was setting up pw I got a page with the error "No input file specified" which I think served to me not nginx, but a php engine.

I solved that by adding this line to the location block in nginx site config:

fastcgi_param SCRIPT_FILENAME /path/to/processwire/root/folder/$fastcgi_script_name;

  • Like 1
Link to comment
Share on other sites
  • 2 months later...
neildarlow Newbie

neildarlow

Posted
Posted

Hi,

I use ProcessWire under NGiNX on both FreeBSD for production and Fedora for development. My security configuration is as follows:

    ### SECURITY - Protect crucial files
    location ~ /\. {
	    deny  all;
    }
    location ~ /(COPYRIGHT|LICENSE|README|htaccess)\.txt {
	    deny  all;
    }
    location ~ ^/site(-[^/]+)?/assets/(.*\.php|backups|cache|config|install|logs|sessions) {
	    deny  all;
    }
    location ~ ^/site(-[^/]+)?/install {
	    deny  all;
    }
    location ~ ^/(site(-[^/]+)?|wire)/(config(-dev)?|index\.config)\.php {
	    deny  all;
    }
    location ~ ^/((site(-[^/]+)?|wire)/modules|wire/core)/.*\.(inc|module|php|tpl) {
	    deny  all;
    }
    location ~ ^/(site(-[^/]+)?|wire)/templates(-admin)?/.*\.(inc|html?|php|tpl) {
	    deny  all;
    }

I can share rewriting and php-fpm configuration also if required.

Regards,

Neil Darlow

  • Like 5
Link to comment
Share on other sites
neildarlow Newbie

neildarlow

Posted
Posted

Hi,

This is a complete server configuration block for NGiNX communicating with php-fpm.

There are a few things that will require customisation:

  1. server_name
  2. root
  3. access_log and error_log
  4. fastcgi_pass - socket or TCP specification
  5. configuration blocks relating to 40x and 50x error handling

Note the use of fastcgi_param HTTP_MOD_REWRITE On; which quiets an installer error about requiring mod_rewrite. You might also want to copy htaccess.txt to .htaccess in the ProcessWire top-level directory.

   server {
    listen	    80 default_server;
    server_name   localhost localhost.localdomain;
    index		 index.php index.html;
    root		  /var/www/html;
    access_log    /var/log/nginx/access.log  main;
    error_log	 /var/log/nginx/error.log  notice;
    default_type  application/x-php;

    ### SECURITY - Protect crucial files
    location ~ /\. {
	    deny  all;
    }
    location ~ /(COPYRIGHT|LICENSE|README|htaccess)\.txt {
	    deny  all;
    }
    location ~ ^/site(-[^/]+)?/assets/(.*\.php|backups|cache|config|install|logs|sessions) {
	    deny  all;
    }
    location ~ ^/site(-[^/]+)?/install {
	    deny  all;
    }
    location ~ ^/(site(-[^/]+)?|wire)/(config(-dev)?|index\.config)\.php {
	    deny  all;
    }
    location ~ ^/((site(-[^/]+)?|wire)/modules|wire/core)/.*\.(inc|module|php|tpl) {
	    deny  all;
    }
    location ~ ^/(site(-[^/]+)?|wire)/templates(-admin)?/.*\.(inc|html?|php|tpl) {
	    deny  all;
    }

    ### GLOBAL REWRITE
    location / {
	    try_files  $uri  $uri/  /index.php?it=$uri&$args;
    }

    # pass the PHP scripts to FastCGI server on local socket
    #
    location ~ .+\.php((/|\?).*)?$ {
	    fastcgi_pass					 unix:/run/php-fpm/php-fpm.sock;
	    fastcgi_index				    index.php;
	    fastcgi_split_path_info		  ^(.+\.php)(.*)$;
	    fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
	    fastcgi_param  PATH_INFO		 $fastcgi_path_info;
	    fastcgi_param  HTTP_MOD_REWRITE  On;
	    include  fastcgi_params;
    }
    # redirect server error pages to the static page /40x.html
    #
    error_page  404  /404.html;
    location = /40x.html {
	    root  /usr/share/nginx/html;
    }
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
	    root  /usr/share/nginx/html;
    }
   }

In the php-fpm configuration you need to specify unix socket or TCP connection parameters and possibly the chdir setting. These are distribution-dependent values and you will need to determine the correct values for your scenario.

My configuration is as follows:

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific address on
;						    a specific port;
;   'port'				 - to listen on a TCP socket to all addresses on a
;						    specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
;listen = 127.0.0.1:9000
listen = /run/php-fpm/php-fpm.sock

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
;				 mode is set to 0666
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

; Chdir to this directory at the start. This value must be an absolute path.
; Default Value: current directory or / when chroot
chdir = /var/www/html

Please note that I researched these configurations and the preceeding security configuration from original documentation. I did not rely on howtos available on the Internet. Each has been carefully implemented and undergone significant testing before going into production.

Regards,

Neil Darlow

  • Like 9
Link to comment
Share on other sites
neildarlow Newbie

neildarlow

Posted
Posted

What is it for? Just for installer?

@k07n: Yes. If you set your permissions correctly on the webserver, apply the HTTP_MOD_REWRITE parameter and copy htaccess.txt to .htaccess then the only warning you receive from the installer is that it can't determine the server software version but it may be possible to continue (which it is!). I should also add that I didn't include: fastcgi_intercept_errors on; in my server configuration block. I have this in my NGiNX http block as a global switch.

@netcarver: Thank you for the kind words. I may not post frequently but I try to make what I write useful to others.

Regards,

Neil Darlow

  • Like 2
Link to comment
Share on other sites
  • 3 months later...
u-nikos Jr. Member

u-nikos

Posted
Posted

Hey all,

I've converted the ProcessWire 2.3 rules to Nginx. Hope this will help some people :)

Greetings,

Niek

server {
	listen 80;
	listen 443 ssl;

	root /var/www/example.com/public_html;
	server_name example.com www.example.com;
	ssl_certificate /etc/pki/tls/certs/example.com.crt;
	ssl_certificate_key /etc/pki/tls/private/example.com.key;

	client_max_body_size 50m;
	access_log /var/www/example.com/_logs/access.log;
	error_log /var/www/example.com/_logs/error.log;

	# -----------------------------------------------------------------------------------------------
	# Set default directory index files
	# -----------------------------------------------------------------------------------------------

	index index.php index.html index.htm;

	# -----------------------------------------------------------------------------------------------
	# Optional: Redirect users to the 'www.' version of the site (uncomment to enable).
	# For example: http://processwire.com/ would be redirected to http://www.processwire.com/
	# -----------------------------------------------------------------------------------------------

	if ($host !~* ^www\.) {
		rewrite ^(.*)$ $scheme://www.$host$1 permanent;
	}

	# -----------------------------------------------------------------------------------------------
	# Access Restrictions: Protect ProcessWire system files
	# -----------------------------------------------------------------------------------------------

	# Block access to ProcessWire system files
	location ~ \.(inc|info|module|sh|sql)$ {
		deny all;
	}

	# Block access to any file or directory that begins with a period
	location ~ /\. {
		deny all;
	}

	# Block access to protected assets directories
	location ~ ^/(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) {
		deny all;
	}

	# Block acceess to the /site/install/ directory
	location ~ ^/(site|site-[^/]+)/install($|/.*$) {
		deny all;
	}

	# Block dirs in /site/assets/ dirs that start with a hyphen
	location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* {
		deny all;
	}

	# Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
	location ~ ^/(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ {
		deny all;
	}

	# Block access to any PHP-based files in /templates-admin/
	location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP or markup files in /site/templates/
	location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP files in /site/assets/
	location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ {
		deny all;
	}

	# Block access to any PHP files in core or core module directories
	location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any PHP files in /site/modules/
	location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any software identifying txt files
	location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ {
		deny all;
	}

	# Block all http access to the default/uninstalled site-default directory
	location ~ ^/site-default/ {
		deny all;
	}

	# -----------------------------------------------------------------------------------------------
	# If the request is for a static file, then set expires header and disable logging.
	# Give control to ProcessWire if the requested file or directory is non-existing.
	# -----------------------------------------------------------------------------------------------

	location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ {
		expires 24h;
		log_not_found off;
		access_log off;
		try_files $uri $uri/ /index.php?it=$uri&$args;
	}

	# -----------------------------------------------------------------------------------------------
	# This location processes all other requests. If the request is for a file or directory that
	# physically exists on the server, then load the file. Else give control to ProcessWire.
	# -----------------------------------------------------------------------------------------------

	location / {
		try_files $uri $uri/ /index.php?it=$uri&$args;
	}

	# -----------------------------------------------------------------------------------------------
	# Pass .php requests to fastcgi socket
	# -----------------------------------------------------------------------------------------------

	location ~ \.php$ {

		# Check if the requested PHP file actually exists for security
		try_files $uri =404;

		# Fix for server variables that behave differently under nginx/php-fpm than typically expected
		fastcgi_split_path_info ^(.+\.php)(/.+)$;

		# Set environment variables
		include fastcgi_params;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

		# Pass request to php-fpm fastcgi socket
		fastcgi_pass unix:/var/run/example.com_fpm.sock;
	}
}
  • Like 14
  • Thanks 1
Link to comment
Share on other sites
  • 2 months later...
manddar Jr. Member

manddar

Posted
Posted

Hey all,

I've converted the ProcessWire 2.3 rules to Nginx. Hope this will help some people :)

Greetings,

Niek

server {
	listen 80;
	listen 443 ssl;

	root /var/www/example.com/public_html;
	server_name example.com www.example.com;
	ssl_certificate /etc/pki/tls/certs/example.com.crt;
	ssl_certificate_key /etc/pki/tls/private/example.com.key;

	client_max_body_size 50m;
	access_log /var/www/example.com/_logs/access.log;
	error_log /var/www/example.com/_logs/error.log;

	# -----------------------------------------------------------------------------------------------
	# Set default directory index files
	# -----------------------------------------------------------------------------------------------

	index index.php index.html index.htm;

	# -----------------------------------------------------------------------------------------------
	# Optional: Redirect users to the 'www.' version of the site (uncomment to enable).
	# For example: http://processwire.com/ would be redirected to http://www.processwire.com/
	# -----------------------------------------------------------------------------------------------

	if ($host !~* ^www\.) {
		rewrite ^(.*)$ $scheme://www.$host$1 permanent;
	}

	# -----------------------------------------------------------------------------------------------
	# Access Restrictions: Protect ProcessWire system files
	# -----------------------------------------------------------------------------------------------

	# Block access to ProcessWire system files
	location ~ \.(inc|info|module|sh|sql)$ {
		deny all;
	}

	# Block access to any file or directory that begins with a period
	location ~ /\. {
		deny all;
	}

	# Block access to protected assets directories
	location ~ ^/(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) {
		deny all;
	}

	# Block acceess to the /site/install/ directory
	location ~ ^/(site|site-[^/]+)/install($|/.*$) {
		deny all;
	}

	# Block dirs in /site/assets/ dirs that start with a hyphen
	location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* {
		deny all;
	}

	# Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
	location ~ ^/(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ {
		deny all;
	}

	# Block access to any PHP-based files in /templates-admin/
	location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP or markup files in /site/templates/
	location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP files in /site/assets/
	location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ {
		deny all;
	}

	# Block access to any PHP files in core or core module directories
	location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any PHP files in /site/modules/
	location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any software identifying txt files
	location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ {
		deny all;
	}

	# Block all http access to the default/uninstalled site-default directory
	location ~ ^/site-default/ {
		deny all;
	}

	# -----------------------------------------------------------------------------------------------
	# If the request is for a static file, then set expires header and disable logging.
	# Give control to ProcessWire if the requested file or directory is non-existing.
	# -----------------------------------------------------------------------------------------------

	location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ {
		expires 24h;
		log_not_found off;
		access_log off;
		try_files $uri $uri/ /index.php?it=$uri&$args;
	}

	# -----------------------------------------------------------------------------------------------
	# This location processes all other requests. If the request is for a file or directory that
	# physically exists on the server, then load the file. Else give control to ProcessWire.
	# -----------------------------------------------------------------------------------------------

	location / {
		try_files $uri $uri/ /index.php?it=$uri&$args;
	}

	# -----------------------------------------------------------------------------------------------
	# Pass .php requests to fastcgi socket
	# -----------------------------------------------------------------------------------------------

	location ~ \.php$ {

		# Check if the requested PHP file actually exists for security
		try_files $uri =404;

		# Fix for server variables that behave differently under nginx/php-fpm than typically expected
		fastcgi_split_path_info ^(.+\.php)(/.+)$;

		# Set environment variables
		include fastcgi_params;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

		# Pass request to php-fpm fastcgi socket
		fastcgi_pass unix:/var/run/example.com_fpm.sock;
	}
}

This worked like charm for me with Debian 7 + Nginx 1.2.1 + PW2.3 setup. Only change I did is instead of 'fastcgi_pass unix:/var/run/example.com_fpm.sock;' I am using 'fastcgi_pass 127.0.0.1:9000;'

Any advantages of using one over other ?

Thank you for posting complete config file @u-nikos

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...