Conversion of PHP single machine setup to nginx/php residing on different boxes

aris · June 6, 2012, 3:18pm

Hello,

I am trying to implement
http://www.howtoforge.com/installing-nginx-with-
php5-and-mysql-support-on-debian-squeeze , where the nginx server config
looks like so:

            root   /usr/share;
    #
    #error_page   500 502 503 504  /50x.html;
    #location = /50x.html {
    #       root   /var/www/nginx-default;
    #}
    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
            #proxy_pass   http://127.0.0.1;
    #}
    # pass the PHP scripts to FastCGI server listening on

127.0.0.1:9000

    #
    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME

/var/www$fastcgi_script_name;

            include         fastcgi_params;
    }
    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
            deny  all;
    }

}

My setup looks slightly different from the one used for that howto, as I
have a host/firewall/nginx box that houses client applications in lxc-
containers. I am having trouble in setting up the ~ .php$ bit in that
context. My config lookis like this:

server {
listen 443;
server_name XXX;
client_max_body_size 40M;
# SSL is using CACert credentials
ssl on;
ssl_certificate /etc/ssl/private/cacert.XXX.org.pem;
ssl_certificate_key
/etc/ssl/private/cacert.XXX.org_privatkey.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:!LOW:RC4+RSA:+HIGH:+MEDIUM:+SSLv3:
+EXP;
ssl_prefer_server_ciphers on;
# Proxy the “feng-container” lxc container
location / {
proxy_pass http://10.10.10.3:80/;
}
location ~ .php$ {
try_files $uri =404;
fastcgi_pass 10.10.10.3:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
http://10.10.10.3:80/$fastcgi_script_name;
include fastcgi_params;
}
}

The “/” bit works, but php location gives me “404” despite ports 80/9000
being open …

Can anyone nudge me into the right direction on how to proceed here?

Thanks, Joh

Johannes_Graumann · June 6, 2012, 3:35pm

On Wed, Jun 06, 2012 at 04:18:10PM +0300, Johannes Graumann wrote:

Hi there,

    location ~ \.php$ {
            try_files $uri =404;

try_files refers to local files only. Module ngx_http_core_module

You probably don’t want it here at all.

            fastcgi_pass   10.10.10.3:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME

http://10.10.10.3:80/$fastcgi_script_name;

SCRIPT_FILENAME is a parameter that the fastcgi server will read, and
it will expect it to refer to a file on its filesystem that it should
load and process.

So: if the client requests the url /one/two.php, what file on the
10.10.10.3 server do you want that to correspond to? (From the
perspective
of the fasctcgi server, in case it is chroot’ed.)

Make SCRIPT_FILENAME be that filename.

All the best,

f

Francis D. [email protected]

Johannes_Graumann · June 6, 2012, 10:10pm

Francis D. wrote:

10.10.10.3 server do you want that to correspond to? (From the perspective
of the fasctcgi server, in case it is chroot’ed.)

Make SCRIPT_FILENAME be that filename.

Thanks a lot for your pointers, which nudged me in the right direction.
After also finding Nginx Library
specified-error/ I came up with the following, which is working (a
“info.php” script at the documentroot containing a call to “phpinfo()”
is
rendered properly and the output has “Server API: CGI/FastCGI”):

server {
listen 443;
server_name XXX.org XXX;
client_max_body_size 40M;
# SSL is using CACert credentials
ssl on;
ssl_certificate /etc/ssl/private/cacert.XXX.org.pem;
ssl_certificate_key
/etc/ssl/private/cacert.XXX.org_privatkey.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:!LOW:RC4+RSA:+HIGH:+MEDIUM:
+SSLv3:+EXP;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
include fastcgi_params;
}
}

Thank you. Joh

Johannes_Graumann · June 24, 2012, 12:34pm

Hello Again,

Johannes Graumann wrote:

SSL is using CACert credentials

root /var/www/;
}
}

As I wrote, this works fine for a plain “index.php” containing
“phpinfo()”.
I now want to use the setup to run fengoffice along the lines of
http://www.howtoforge.com/how-to-set-up-a-feng-office-suite-web-server-on-
ubuntu-server-10.10 . So I change the above setup to point at root
“/var/www/www.feng.graumannschaft.org/web/” which is where fenoffice’s
index.php resides on 10.10.10.3. THis however does not work and the
browser
pointed at the urls reports

Unable to connect
Iceweasel can’t establish a connection to the server at 10.10.10.3.

I seem to be missing rewriting somewhere, but no prowling the internet
has
given me an answer that will work. Can someone nudge me into the right
direction (again) how to fix this?

Thanks for any pointers, Joh