Hi there,

I'm new to NGINX - pretty tired of using XAMPP, since it's too slow.

I'm looking for help, to setup a full production webserver.
So far, NGINX + PHP-FPM + APC should be awesome.

I've setup NGINX using this -> http://eksith.wordpress.com/2008/12/08/nginx-php-on-windows/
I've tried using these conf's -> https://gist.github.com/1620307

But it's still failing.

I really need some help mere.

By biggest wish is, that I have a webinterface, can click "new website", choose "php version" etc, and then NGINX will setup a new virtualhost for PHP 5.3, and ready for Joomla in this excamle. If possible, automated FTP & MySQL passwords generated could be nice.

Will this be possible to do automatic? If not, I need help setting it up, as I'm used to with XAMPP.

Thanks! =)

Drop apc and go for xcache, drop your nginx config file here and tell us whats not working.

I haven't seen any GUI kind of setup for what you want so you might have to make it yourself. Or keep it simple and script the stuff which ain't that hard.

itpp2012 Wrote:
-------------------------------------------------------
> Drop apc and go for xcache, drop your nginx config
> file here and tell us whats not working.
>
> I haven't seen any GUI kind of setup for what you
> want so you might have to make it yourself. Or
> keep it simple and script the stuff which ain't
> that hard.


Do you have a complete tutorial for that setup?

The .conf that does not work:

## latest version at https://gist.github.com/1620307
#
# author cedric.walter, www.waltercedric.com
# to be saved in /etc/nginx/nginx.conf

#user www-data;

# = to the number of CPU - 1
# you may want to leave one core for the system and its interrupts
# and the other cores for the web server
worker_processes 8;

#pid /var/run/nginx.pid;

events {
# worker_connections : This is the amount of client connections a
# single child process will handle by themselves at any one time.
# (default: 1024) Note: Multiply worker_processes times worker_connections
# for the total amount of connections Nginx will handle. Our example is
# setup to handle 3*64=192 concurrent connections in total. Clients who
# connect after the max has been reached will be denied access.
worker_connections 1024;
# multi_accept on;
}

http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;

## Hardening ####
server_tokens off;

### (default is 8k or 16k) The directive specifies the client request body buffer size.
# If the request body is more than the buffer, then the entire request body or some part is written in a temporary file.
client_body_buffer_size 8K;

### Directive sets the headerbuffer size for the request header from client. For the overwhelming
### majority of requests a buffer size of 1K is sufficient. Increase this if you have a custom header
### or a large cookie sent from the client (e.g., wap client).
client_header_buffer_size 1k;

### Directive assigns the maximum accepted body size of client request, indicated by the line Content-Length
### in the header of request. If size is greater the given one, then the client gets the error
### "Request Entity Too Large" (413). Increase this when you are getting file uploads via the POST method.
client_max_body_size 2m;

### Directive assigns the maximum number and size of buffers for large headers to read from client request.
### By default the size of one buffer is equal to the size of page, depending on platform this either 4K or 8K,
### if at the end of working request connection converts to state keep-alive, then these buffers are freed.
### 2x1k will accept 2kB data URI. This will also help combat bad bots and DoS attacks.
large_client_header_buffers 2 1k;

### The first parameter assigns the timeout for keep-alive connections with the client.
### The server will close connections after this time. The optional second parameter assigns
### the time value in the header Keep-Alive: timeout=time of the response. This header can
### convince some browsers to close the connection, so that the server does not have to. Without
### this parameter, nginx does not send a Keep-Alive header (though this is not what makes a connection "keep-alive").
keepalive_timeout 300 300;

### Directive sets the read timeout for the request body from client.
### The timeout is set only if a body is not get in one readstep. If after
### this time the client send nothing, nginx returns error "Request time out"
### (408). The default is 60.
client_body_timeout 10;

### Directive assigns timeout with reading of the title of the request of client.
### The timeout is set only if a header is not get in one readstep. If after this
### time the client send nothing, nginx returns error "Request time out" (408).
client_header_timeout 10;

### Directive assigns response timeout to client. Timeout is established not on entire
### transfer of answer, but only between two operations of reading, if after this time
### client will take nothing, then nginx is shutting down the connection.
send_timeout 10;

### Directive describes the zone, in which the session states are stored i.e. store in slimits. ###
### 1m can handle 32000 sessions with 32 bytes/session, set to 5m x 32000 session ###
### limit_zone slimits $binary_remote_addr 5m;

### Control maximum number of simultaneous connections for one session i.e. ###
### restricts the amount of connections from a single ip address ###
limit_conn slimits 5;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include mime.types;
default_type application/octet-stream;

##
# Logging Settings
##

access_log "c:\nginx\logs\access.log";
error_log "c:\nginx\logs\error.log";

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include C:/nginx/conf.d/*.conf;
include C:/nginx//nginx/htdocs/*;
}


#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

Working default config:


#user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;


events {
worker_connections 1024;
}


http {
include mime.types;
default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;

#gzip on;

server {
listen 80;
server_name localhost;

#charset koi8-r;

#access_log logs/host.access.log main;

location / {
root html;
index index.php index.html index.htm;
autoindex on;
}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /nginx$fastcgi_script_name;
include fastcgi_params;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;

# location / {
# root html;
# index index.html index.htm;
# }
#}


# HTTPS server
#
#server {
# listen 443;
# server_name localhost;

# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;

# ssl_session_timeout 5m;

# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
# ssl_prefer_server_ciphers on;

# location / {
# root html;
# index index.html index.htm;
# }
#}

}


I want a config, so that I easily can make new Joomla websites f.x.
By adding virtualhost info (like in XAMPP), and then just a new folder in c:\nginx\htdocs\newfoldername

I want it secure and simple.

First use worker_processes 1, under windows only 1 works, you can get more by making a pool and load-balancing that pool.

sendfile off;
Use slashes in paths not backslashes.

See my other posts about how to handle backends like php-cgi and also using a pool.
http://forum.nginx.org/read.php?2,226613
http://forum.nginx.org/read.php?11,226806

If you want simple then create a block, test it properly and then copy/paste it for new sites, its that easy.

If you want security then you need to look at creating multiple users, assign them to groups and assign ntfs rights to those groups for each member and add a deny all for all other resources that group doesn't need, create limited services for nginx and php and assign groups for them, same thing with the ntfs rights. Cross reference the security settings with what the sites require. Use open_basedir and doc_root with the php backend to further box in all processes (on top of restrictive ntfs rights). When thats done nobody can go anywhere you don't want.

I run professional erp/crm services like this under windows(nginx 1.2.1, php 5.3.13 threadsafe and xcache 2.0.0) [doing 1270 requests/sec on static and 200 requests/sec on dynamic on a single box one core] which are just as secure as linux can be, its just a matter of boxing everything in using basic stuff nobody bothers to use and hence are pushed to linux.

If you can't figure this out yourself then hire someone to do this for you, it is basic 101 windows security.

If you have a good config, for a virtual server with 8 CPU's, 8GB ram, then please share it :)

When using original config:



#user nobody;
worker_processes 8;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;


events {
worker_connections 1024;
}


http {
include mime.types;
default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

sendfile off;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;

#gzip on;

server {
listen 80;
server_name localhost;

#charset koi8-r;

#access_log logs/host.access.log main;

location / {
root html;
index index.php index.html index.htm;
autoindex on;
}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /nginx$fastcgi_script_name;
include fastcgi_params;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;

# location / {
# root html;
# index index.html index.htm;
# }
#}


# HTTPS server
#
#server {
# listen 443;
# server_name localhost;

# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;

# ssl_session_timeout 5m;

# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
# ssl_prefer_server_ciphers on;

# location / {
# root html;
# index index.html index.htm;
# }
#}

}

And created httpdocs/joomla folder,

It gives me this output:

The page you are looking for is temporarily unavailable.
Please try again later.

Error.log:
2012/06/11 09:54:08 [error] 2256#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 10.10.4.159, server: localhost, request: "GET /joomla/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "site.domain.tld"

Set worker_processes to 1.

How are you having phpcgi loading ? (config)

Check if your w8k server is blocking ports above 1024, you might need to enable this first.

You can't have nginx using 8 cores as such, you need to create 8 nginx instances with 8 users (to overcome the win32 limits imposed on the build) and use a loadbalancer in front of them, they ty each instance to a cpu.

Each instance can be linked to a phpcgi pool, 4 max for each instance, with 8 it would be 32.

Ppl have asked which loadbalancer a few times, the answer used to be any software solution but it is better to use a simple hardware loadbalancer for this purpose, but this will require 8 lan cards to be available for each instance. If 4 is the max due to VM restrictions you can duplicate the VM for the other 4 but keep the phpcgi pool together on one VM.

Do you have a working nginx.conf for Windows that I can use?

Sure but thats not the magic thing you need when it comes to multiple workers and to overcome the win32 limits, apart from path settings everything can be used from other OS samples, the download win32 zipfile contains a good enough example.

Or look at these;
http://eksith.wordpress.com/2008/12/08/nginx-php-on-windows/
http://kbeezie.com/view/nginx-configuration-examples/

No go.
Still looking for a full working nginx.conf, optimized for a Windows Server 2008, and ready for CMS websites, like WordPress and Joomla.

Bump?