{"id":758,"date":"2015-05-08T16:54:54","date_gmt":"2015-05-09T01:54:54","guid":{"rendered":"http:\/\/blog.box.kr\/?p=758"},"modified":"2015-05-08T16:54:54","modified_gmt":"2015-05-09T01:54:54","slug":"nginx-fcgiexample","status":"publish","type":"post","link":"https:\/\/blog.box.kr\/?p=758","title":{"rendered":"NGINX : FcgiExample"},"content":{"rendered":"

FastCGI Example<\/span><\/h1>\n

First thing, I recommend keeping all your typical FCGI settings in a single file and importing them.<\/p>\n

For example you might have an \/etc\/nginx\/fastcgi.conf (or \/etc\/nginx\/fastcgi_params: installed by default on debian) file that looks like this:<\/p>\n

\n
\n
#fastcgi.conf<\/span>\nfastcgi_param<\/span><\/a>  GATEWAY_INTERFACE  CGI\/1.1<\/span>;<\/span>\nfastcgi_param<\/span><\/a>  SERVER_SOFTWARE    nginx;<\/span>\nfastcgi_param<\/span><\/a>  QUERY_STRING       $query_string<\/span>;<\/span>\nfastcgi_param<\/span><\/a>  REQUEST_METHOD     $request_method<\/span>;<\/span>\nfastcgi_param<\/span><\/a>  CONTENT_TYPE       $content_type<\/span>;<\/span>\nfastcgi_param<\/span><\/a>  CONTENT_LENGTH     $content_length<\/span>;<\/span>\nfastcgi_param<\/span><\/a>  SCRIPT_FILENAME    $document_root<\/span>$fastcgi_script_name<\/span>;<\/span>\nfastcgi_param<\/span><\/a>  SCRIPT_NAME        $fastcgi_script_name<\/span>;<\/span>\nfastcgi_param<\/span><\/a>  REQUEST_URI        $request_uri<\/span>;<\/span>\nfastcgi_param<\/span><\/a>  DOCUMENT_URI       $document_uri<\/span>;<\/span>\nfastcgi_param<\/span><\/a>  DOCUMENT_ROOT      $document_root<\/span>;<\/span>\nfastcgi_param<\/span><\/a>  SERVER_PROTOCOL    $server_protocol<\/span>;<\/span>\nfastcgi_param<\/span><\/a>  REMOTE_ADDR        $remote_addr<\/span>;<\/span>\nfastcgi_param<\/span><\/a>  REMOTE_PORT        $remote_port<\/span>;<\/span>\nfastcgi_param<\/span><\/a>  SERVER_ADDR        $server_addr<\/span>;<\/span>\nfastcgi_param<\/span><\/a>  SERVER_PORT        $server_port<\/span>;<\/span>\nfastcgi_param<\/span><\/a>  SERVER_NAME        $server_name<\/span>;<\/span><\/pre>\n<\/div>\n<\/div>\n
This allows you to keep your individual FCGI configurations as simple as possible. You may also want to replace $document_root in SCRIPT_FILENAME and DOCUMENT_ROOT with an actual path, the $document_root variable is hardcoded and may not reflect your install (will cause variations on ‘script not found’ errors, usually)<\/p>\n
To use Nginx + Virtual Host + PHP you should ommit the SCRIPT_NAME variable in order for PHP to choose the correct DOCUMENT_ROOT.<\/p>\n
Spawning a FastCGI Process<\/span><\/h3>\n
Unlike Apache or Lighttpd, Nginx does not automatically spawn FCGI processes. You must start them separately. In fact, FCGI is a lot like proxying. There’s a few ways to start FCGI programs, but luckily PHP5 will auto-spawn as many as you set in the PHP_FCGI_CHILDREN environment variable. So we simply run php -b 127.0.0.1:9000 manually, or create an init script like so:<\/p>\n
#!\/bin\/bash\nBIND=127.0.0.1:9000\nUSER=www-data\nPHP_FCGI_CHILDREN=15\nPHP_FCGI_MAX_REQUESTS=1000\n\nPHP_CGI=\/usr\/bin\/php-cgi\nPHP_CGI_NAME=`basename $PHP_CGI`\nPHP_CGI_ARGS=\"- USER=$USER PATH=\/usr\/bin PHP_FCGI_CHILDREN=$PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=$PHP_FCGI_MAX_REQUESTS $PHP_CGI -b $BIND\"\nRETVAL=0\n\nstart() {\n      echo -n \"Starting PHP FastCGI: \"\n      start-stop-daemon --quiet --start --background --chuid \"$USER\" --exec \/usr\/bin\/env -- $PHP_CGI_ARGS\n      RETVAL=$?\n      echo \"$PHP_CGI_NAME.\"\n}\nstop() {\n      echo -n \"Stopping PHP FastCGI: \"\n      killall -q -w -u $USER $PHP_CGI\n      RETVAL=$?\n      echo \"$PHP_CGI_NAME.\"\n}\n\ncase \"$1\" in\n    start)\n      start\n \u00a0;;\n    stop)\n      stop\n \u00a0;;\n    restart)\n      stop\n      start\n \u00a0;;\n    *)\n      echo \"Usage: php-fastcgi {start|stop|restart}\"\n      exit 1\n \u00a0;;\nesac\nexit $RETVAL\n<\/pre>\n
Save this to \/etc\/init.d\/ (or wherever your init scripts are) as php-fcgi Install the usual way (for this debian init script, it’s update-rc.d php-fcgi defaults) and start it.<\/p>\n
Connecting Nginx to the running FastCGI Process<\/span><\/h3>\n
Now that the FCGI process is running, we must tell Nginx to proxy requests to it via the FCGI protocol:<\/p>\n
\n
\n
location<\/span><\/a> ~<\/span> .php$ {<\/span>\n  include<\/span><\/a> \/etc\/nginx\/fcgi_params;<\/span> #or whatever you named it<\/span>\n  fastcgi_pass<\/span><\/a>  127.0.0.1:9000<\/span>;<\/span>\n}<\/span><\/pre>\n<\/div>\n<\/div>\n
Restart Nginx.<\/p>\n
Secure your upload directory!!<\/span><\/h3>\n
Too many example configs fail to secure the “uploads” directory of the application. Remember that if someone can upload a file named xyz.php and the uploads dir is publically accessible then you have given the attacker an easy way to insert PHP onto your site…<\/p>\n
So if your app has an upload dir “\/images\/” then insert if ($uri\u00a0!~ “^\/images\/”) before fastcgi_pass, as so:<\/p>\n
\n
\n
location<\/span><\/a> ~<\/span> .php$ {<\/span>\n  include<\/span><\/a> \/etc\/nginx\/fastcgi_params;<\/span>\n  if<\/span><\/a> (<\/span>$uri<\/span>\u00a0!~<\/span> \"^\/images\/\"<\/span>)<\/span> {<\/span>\n    fastcgi_pass<\/span><\/a> 127.0.0.1:9000<\/span>;<\/span>\n  }<\/span>\n}<\/span><\/pre>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
FastCGI Example First thing, I recommend keeping all your typical FCGI settings in a single file and importing them. For example you might have an \/etc\/nginx\/fastcgi.conf (or \/etc\/nginx\/fastcgi_params: installed by default on debian) file that looks like this: #fastcgi.conf fastcgi_param GATEWAY_INTERFACE CGI\/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; This allows you to keep your individual FCGI configurations as simple as possible. You may also want to replace $document_root in SCRIPT_FILENAME and DOCUMENT_ROOT with an actual path, the $document_root variable is hardcoded and may not reflect your install (will cause variations on ‘script not found’ errors, usually) To use Nginx + Virtual Host + PHP you should ommit the SCRIPT_NAME variable in order for PHP to choose the correct DOCUMENT_ROOT. Spawning a FastCGI Process Unlike Apache or Lighttpd, Nginx does not automatically spawn FCGI processes. You must start them separately. In fact, FCGI is a lot like proxying. There’s a few ways to start FCGI programs, but luckily PHP5 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"ngg_post_thumbnail":0,"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[5],"tags":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p5q9Zn-ce","jetpack-related-posts":[{"id":766,"url":"https:\/\/blog.box.kr\/?p=766","url_meta":{"origin":758,"position":0},"title":"install bugzilla with nginx on centos7","date":"2015-05-11","format":false,"excerpt":"Set the Hostname Before you begin installing and configuring the components described in this guide, please make sure you\u2019ve followed our instructions for setting your hostname. Issue the following commands to make sure it is set properly: hostname hostname -f The first command should show your short hostname, and the\u2026","rel":"","context":"In "Linux"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":694,"url":"https:\/\/blog.box.kr\/?p=694","url_meta":{"origin":758,"position":1},"title":"* APM\uc124\uce58","date":"2015-04-15","format":false,"excerpt":"1. \uc124\uc815 \ubc29\ud654\ubcbd \ucf1c\uc838 80 \ud3ec\ud2b8, 3306 \ud3ec\ud2b8 vi \/etc\/sysconfig\/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT \/etc\/init.d\/iptables restart #\ub9c8\uc9c0\ub9c9\uc73c\ub85c \ub2e4\uc2dc \ubc29\ud654\ubcbd \ub54c\ubb38\uc5d0 \uc124\uc815\uc774 \uc801\uc6a9\ub429\ub2c8\ub2e4 2. \ub2eb\uae30SELINUX vi \/etc\/selinux\/config\u2026","rel":"","context":"In "\uae30\uc220\uc790\ub8cc"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":760,"url":"https:\/\/blog.box.kr\/?p=760","url_meta":{"origin":758,"position":2},"title":"[\ubcf4\uc548|\uc124\uc815]nginx .php$ \ubb38\uc81c \ubc0f apache \ud658\uacbd\ubcc0\uc218 \uc138\ud305","date":"2015-05-08","format":false,"excerpt":"location ~ .php($|\/) {\u00a0 include \/etc\/nginx\/fastcgi_params;\u00a0 fastcgi_pass unix:\/var\/run\/nginx\/php-fcgi.socket;\u00a0 fastcgi_index index.php;\u00a0 }\u00a0 index index.html index.php;\u00a0 \uc694\ub7f0\uc2dd\uc73c\ub85c \uc138\ud305\ud558\uba74 \uc544\ud30c\uce58\uc5d0\uc11c \ucc98\ub7fc a.php\/a\/b\/c \ud615\uc2dd\uc758 \uc2e4\ud589\uc774 \uac00\ub2a5\ud574\uc9d1\ub2c8\ub2e4.\u00a0 \uc544\ub798\uc758 \uc138\ud305\uc744 \uc801\uc6a9\ud558\uba74\u00a0 http:\/\/phpschool.com\/gnuboard4\/bbs\/board.php?bo_table=qna_install&wr_id=98096\u00a0 \uc694 \ubcf4\uc548\ubb38\uc81c\uac00 \ud574\uacb0\ub429\ub2c8\ub2e4.\u00a0 filename: \/etc\/nginx\/fastcgi_params\u00a0 fastcgi_param\u00a0 QUERY_STRING\u00a0 \u00a0 \u00a0 $query_string;\u00a0 fastcgi_param\u00a0 REQUEST_METHOD\u00a0 \u00a0 $request_method;\u00a0 fastcgi_param\u00a0 CONTENT_TYPE\u00a0 \u00a0 \u00a0 $content_type;\u00a0 fastcgi_param\u00a0 CONTENT_LENGTH\u00a0 \u00a0 $content_length;\u00a0 set\u2026","rel":"","context":"In "\uae30\uc220\uc790\ub8cc"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":750,"url":"https:\/\/blog.box.kr\/?p=750","url_meta":{"origin":758,"position":3},"title":"NGINX: SELinux Changes when Upgrading to RHEL 6.6 \/ CentOS 6.6","date":"2015-05-08","format":false,"excerpt":"If you upgrade a running system to Red Hat Enterprise Linux (RHEL) 6.6 or CentOS 6.6, the Security Enhanced Linux (SELinux) security permissions that apply to NGINX are\u00a0relabelled to a much stricter posture. Although the permissions are adequate for the default configuration of NGINX, configuration for additional features can be\u2026","rel":"","context":"In "Linux"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":778,"url":"https:\/\/blog.box.kr\/?p=778","url_meta":{"origin":758,"position":4},"title":"NGINX :: Resolving "403 Forbidden" error","date":"2015-05-12","format":false,"excerpt":"http:\/\/nginxlibrary.com\/403-forbidden-error\/ JAN 9TH, 2012 403 Forbidden errors are Nginx\u2019s way of telling \u201cYou have requested for a resource but we cannot give it to you.\u201d 403 Forbidden is technically not an error but a HTTP status code. 403 response headers are intentionally returned in many cases such as - User\u2026","rel":"","context":"In "\uae30\uc220\uc790\ub8cc"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":703,"url":"https:\/\/blog.box.kr\/?p=703","url_meta":{"origin":758,"position":5},"title":"NGINX , TOMCAT\uc73c\ub85c Virtual Host \uad6c\uc131 \ud558\uae30","date":"2015-04-15","format":false,"excerpt":"1. NGINX \uc758 \uae30\uc874 \ub514\ub809\ud1a0\ub9ac\uc778 \/etc\/nginx\/config.d\/ \ud558\uc704\uc5d0 \uc0ac\uc6a9\ud560 \ub3c4\uba54\uc77c \ubcc4\ub85c *.conf\uc744 \uc0dd\uc131 \ud55c\ub2e4. 2. \ub0b4\uc6a9\uc740 \ud558\uae30\uc640 \uac19\uc774 \ud55c\ub2e4. server { listen 80; server_name www.aaaa.com; location \/ { proxy_pass http:\/\/127.0.0.1:(\uc5f4\ub9acPORT \ubcf4\ud1b5 8080); } } 3. \ub9cc\uc57d \ud2b9\uc815 \ub514\ub809\ud1a0\ub9ac\ubcc4\ub85c TOMCAT\uc11c\ubc84\ub97c \ub098\ub20c\ub54c\ub294 \uc544\ub798\uc640 \uac19\uc774 \uc14b\ud305 \ud55c\ub2e4. server { listen 80; server_name www.aaaa.com; \u00a0\u2026","rel":"","context":"In "\uae30\uc220\uc790\ub8cc"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/posts\/758"}],"collection":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=758"}],"version-history":[{"count":0,"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/posts\/758\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=758"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=758"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}