I decided to take a break from my love affair with Apache and set up a recent development project on Nginx. I’ve seen nothing but good things in terms of speed and performance from Nginx. I decided to set up a LEMP server (Linux, Nginx, MySQL, PHP), minus the MySQL as it’s already installed on my VM host server, and plus SSL. Here’s the full setup tutorial on Debian Wheezy:
Step #1 – Installing the packages
MySQL can be installed into the mix with a simple:
Step #2 – Configure php5-fpm
Open /etc/php5/fpm/php.ini and set:
Now edit /etc/php5/fpm/pool.d/www.conf and ensure that the listen directive is set as follows:
This is already the case on Debian Wheezy, however may be set to 127.0.0.1 or other values on other versions. Lastly, restart php5-fpm with:
Step #3 – Configure Nginx and SSL
First, create a web content directory:
Next, edit /etc/nginx/sites-available/default to set the first site’s configuration. The directives are reasonably self explanatory:
I’ve extended this configuration to meet my requirements. My configuration is intended to:
Redirect all port HTTP requests to HTTPS
Serve HTTPS with a reasonable secure configuration and cipher suite
Enable the .php file extension, and pass PHP scripts to php5-fpm
Now whereas Apache2 has a SSLCertificateChainFile directive for specifying a certificate chain, Nginx does not. In this case, the server certificate and any chained certificates are all placed into a single file, starting with my server certificate, and followed by two certificates in the chain:
An in depth SSL tester is provided by Qualys here: https://www.ssllabs.com/ssltest/
Now test the configuration and assuming no errors, restart Nginx:
Lastly, test that PHP is functioning as expected by editing /var/www/index.php:
Then access index.php. In my case, I’ve used curl to verify. If the code is interpreted and evaluated successfully, the output will show:
If PHP has not been installed correctly, the script may be delivered as-is:
In this case, go back and verify the installation and configuration as above, ensuring that Nginx and php5-fpm were both restarted after configuration changes were made.