====== nginx php5 fpm ======
[[https://www.guillaume-leduc.fr/projet-installation-configuration-nginx-php-fpm.html|Source]]

<sxh bash>
apt-get install nginx php5-fpm
</sxh>

/etc/php5/fpm/pool.d/www.conf
<sxh bash>
;listen = 127.0.0.1:9000
listen = /var/run/php5-fpm.sock
</sxh>

/etc/nginx/conf.d/php5-fpm.conf
<sxh bash>
upstream php5-fpm-sock {
        server unix:/var/run/php5-fpm.sock;
}
</sxh>

/etc/nginx/sites-available/default
<sxh bash>
server {
  listen 80 default_server;
 
  root /usr/share/nginx/html;
 
  index index.php index.html;
 
  access_log /var/log/nginx/default-access_log;
  error_log /var/log/nginx/default-error_log;
 
  location / {
    try_files $uri $uri/ /index.php?$args;
  }
 
  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_index index.php;
    fastcgi_pass php5-fpm-sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include /etc/nginx/fastcgi_params;
  }
}
</sxh>

<sxh bash>
service nginx restart
</sxh>

==== Drupal ====
<sxh bash>
server {
    server_name mysite.com;
    root /srv/www/mysite.com/htdocs;

    # Enable compression, this will help if you have for instance advagg‎ module
    # by serving Gzip versions of the files.
    gzip_static on;

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # This matters if you use drush prior to 5.x
    # After 5.x backups are stored outside the Drupal install.
    #location = /backup {
    #        deny all;
    #}

    # Very rarely should these ever be accessed outside of your lan
    location ~* \.(txt|log)$ {
        allow 192.168.0.0/16;
        deny all;
    }

    location ~ \..*/.*\.php$ {
        return 403;
    }

    # No no for private
    location ~ ^/sites/.*/private/ {
        return 403;
    }

    # Block access to "hidden" files and directories whose names begin with a
    # period. This includes directories used by version control systems such
    # as Subversion or Git to store control files.
    location ~ (^|/)\. {
        return 403;
    }

    location / {
        # This is cool because no php is touched for static content
        try_files $uri @rewrite;
    }

    location @rewrite {
        # You have 2 options here
        # For D7 and above:
        # Clean URLs are handled in drupal_environment_initialize().
        rewrite ^ /index.php;
        # For Drupal 6 and bwlow:
        # Some modules enforce no slash (/) at the end of the URL
        # Else this rewrite block wouldn't be needed (GlobalRedirect)
        #rewrite ^/(.*)$ /index.php?q=$1;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $request_filename;
        fastcgi_intercept_errors on;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
    }

    # Fighting with Styles? This little gem is amazing.
    # This is for D6
    #location ~ ^/sites/.*/files/imagecache/ {
    # This is for D7 and D8
    location ~ ^/sites/.*/files/styles/ {
        try_files $uri @rewrite;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires max;
        log_not_found off;
    }
    access_log /srv/www/mysite.com/log/access_log;
    error_log /srv/www/mysite.com/log/error_log;
}
</sxh>

==== Secure ====
/etc/nginx/conf.d/secure.conf
<sxh bash>
server_tokens off;
autoindex off;
</sxh>

==== Cache ====
/etc/nginx/conf.d/cache.conf
<sxh bash>
proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=one:10m max_size=200m;
</sxh>

vhost :
<sxh bash>
server {
...
    proxy_cache one;
    proxy_cache_valid any 5m;
    proxy_buffering off;
    add_header X-Cache-Status $upstream_cache_status;
...
}
</sxh>

{{tag>nginx php http}}