I’m considering nginx as an upgrade from Apache, on a virtual server
with many virtual hosts. I have no nginx experience (yet!)
I know that there are many reasons why nginx is likely better than
Apache in my environment, but on the other hand “if it isn’t broken,
don’t fix it”. However, there is one aspect that I consider broken, so
if nginx handles things differently that could be the reason to switch.
With Apache, if the config file has an error in it, Apache will error
and stop. The config test doesn’t catch all possible errors (eg I had a
situation where an SSL certificate was updated without the SSL key, and
the config test showed no problems, but a config reload took the server
offline for several minutes while the problem was resolved).
How robust is nginx?
To me, it seems simple: there should be startup scripts that start the
server, and roll-back to a known-good config if the current config
fails. But whatever the method, I’m looking for a server which has
considered this and found a solution to it.
Note: I am looking to use a distro package (to make maintenance easy) so
I’m not really looking for custom scripts, although that’s not being
ruled out. Distro will likely be Ubuntu server.
–
Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450
Registered in England (0456 0902) @ 13 Clarke Rd, Milton Keynes, MK1 1LG
On Thu, Jun 24, 2010 at 03:15:26PM +0100, Mark Rogers wrote:
situation where an SSL certificate was updated without the SSL key, and
Note: I am looking to use a distro package (to make maintenance easy) so
I’m not really looking for custom scripts, although that’s not being
ruled out. Distro will likely be Ubuntu server.
You can run “nginx -t” before applying configuration: it catches almost
all
possible errors except some fatal errors: no memory, files, etc.
If you send -HUP signal to reconfigure and a new configuration is bad,
then nginx continues to run with an old configuration, if no fatal
errors will happen. SSL certificate without key case is not the fatal
error.
–
Igor S.
http://sysoev.ru/en/
On 24/06/10 15:25, Igor S. wrote:
You can run “nginx -t” before applying configuration: it catches almost all
possible errors except some fatal errors: no memory, files, etc.
If you send -HUP signal to reconfigure and a new configuration is bad,
then nginx continues to run with an old configuration, if no fatal
errors will happen. SSL certificate without key case is not the fatal error.
I don’t think I could have hoped for a better answer - thank you very
much!
I note from the documentation that it is fairly simple to run multiple
instances of nginx behind a proxy to allow different virtual hosts to be
managed as different users (to prevent code on one site having
read/write access to other sites). Is this the best way to achieve this,
and if so how easy is it to set up? (Eg: do the startup scripts support
it, similar to how MySQL’s mysqld_multi startup script do?)
It looks like I will be setting up a test server to see how I can
migrate my Apache configuration to ngigx. My existing virtual host is
using Ubuntu 8.04, but this has only nginx_0.6.35. Ubuntu 10.04 only has
nginx_0.7.65. I don’t really want to roll my own (because I prefer to
have a repository that I can trust to keep on top of security updates).
So, what is the best way forward for me?
–
Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450
Registered in England (0456 0902) @ 13 Clarke Rd, Milton Keynes, MK1 1LG
Hi Mark,
I note from the documentation that it is fairly simple to run multiple
instances of nginx behind a proxy to allow different virtual hosts to be
managed as different users (to prevent code on one site having read/write
access to other sites).
Can u please share link to the page where you find that info?
I am, from long time, thinking about replacing apache with nginx in
shared-hosting environment.
Thanks,
-Rahul
On 27/06/10 15:10, Rahul B. wrote:
I note from the documentation that it is fairly simple to run multiple
instances of nginx behind a proxy to allow different virtual hosts to be
managed as different users (to prevent code on one site having read/write
access to other sites).
Can u please share link to the page where you find that info?
I am, from long time, thinking about replacing apache with nginx in
shared-hosting environment.
I may have overstated the “fairly simple” as I haven’t found specific
documentation, but I was referring to the comments at
Frequently Asked Questions | NGINX
(extract below). I would like to see an example configuration myself if
anyone can point me in the right direction.
Is support for chroot planned?
Unknown at this time. Unless/until that changes, you can achieve a
similar - or better - effect by using OS-level features (e.g. BSD Jails,
OpenVZ w/ proxyarp on Linux, etc.).
What about support for something like mod_suexec? What about support
for something like mod_suexec?
mod_suexec is a solution to a problem that Nginx does not have. When
running servers such as Apache, each instance consumes a significant
amount of RAM, so it becomes important to only have a monolithic
instance that handles all one’s needs. With Nginx, the memory and CPU
utilization is so low that running dozens of instances of it is not an
issue.
A comparable Nginx setup to Apache + mod_suexec is to run a separate
instance of Nginx as the CGI script user (i.e. the user that would have
been specified as suexec user under Apache), and then proxy to that from
the main Nginx instance.
Alternatively, PHP could simply be executed through FastCGI, which
itself would be running under a CGI script user account. (Note that
mod_php - the module suexec is normally utilized to defend against -
does not exist with Nginx.)
–
Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450
Registered in England (0456 0902) @ 13 Clarke Rd, Milton Keynes, MK1 1LG
Use php-fpm and setup one pool per user. That’s all the suexec you need

On 28/06/10 16:57, Michael S. wrote:
Use php-fpm and setup one pool per user. That’s all the suexec you need 
Should I be concerned by the comment on their website:
“It was not designed with virtual hosting in mind (large amounts of
pools) however it can be adapted for any usage model.”
–
Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450
Registered in England (0456 0902) @ 13 Clarke Rd, Milton Keynes, MK1 1LG
On 28/06/10 17:27, Michael S. wrote:
I wrote that. 
You can use the adaptive spawning in php 5.3 to try to craft a way to give each user a process to start at least and then a quota for each user and let them play in that. That’s basically the best suggestion I personally have. And just script in something to add to the config for each user and reload php-fpm.
Sorry, wasn’t paying attention!
One to investigate further, definitely. To be honest, I’ve never even
played with FastCGI (still an Apache mod_php user, need to
progress…), looks like I have some fun ahead of me!
–
Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450
Registered in England (0456 0902) @ 13 Clarke Rd, Milton Keynes, MK1 1LG
@Mark
Use php-fpm and setup one pool per user. That’s all the suexec you need 
You hit the bulls-eye!
This is something I was looking for so long.
And after my first use of php-fpm 2-3 days back, this “pool” setting
caught
my eyes.
We have already written php-cli scripts to create virtual hosts (domain
config) in nginx. Also we wrote some scripts for one-click wp installer
as
well as apache to nginx migration.
Separation between 2 users php env was next big challenge we were
facing.
I hope our company will be able to complete a mini-control-panel for
nginx
soon! 
Thanks,
-Rahul
I wrote that. 
You can use the adaptive spawning in php 5.3 to try to craft a way to
give each user a process to start at least and then a quota for each
user and let them play in that. That’s basically the best suggestion I
personally have. And just script in something to add to the config for
each user and reload php-fpm.