DEV Community

Wycliffe A. Onyango
Wycliffe A. Onyango

Posted on

100 Days of DevOps: Day 20

#bash #devops #nginx #php

Configuring Nginx + PHP-FPM Using Unix Socket

My goal was to optimize a PHP application's performance and security by configuring Nginx and PHP-FPM to communicate via a Unix socket. This approach is superior to using TCP/IP because it eliminates network overhead and provides a more secure, file system-based communication channel.

Here is a breakdown of the exact steps I followed to complete the exercise:

Step 1: Nginx Installation

First, I installed the Nginx web server on app server 2.

  • I used yum to install the package and its dependencies:

    sudo yum install nginx -y

Step 2: Configuring Nginx

Next, I configured Nginx to listen on the specified port and set the document root.

  • I edited the main Nginx configuration file (/etc/nginx/nginx.conf).
  • In the server block, I set the listening port to 8097 and the document root to /var/www/html.
  • This ensured Nginx was correctly serving files from the required directory on the specified port.

Step 3: Installing and Configuring PHP-FPM

I then installed PHP-FPM version 8.2 and configured it to use a Unix socket.

  • I added the EPEL and Remi repositories to get the specific PHP version.

  • I enabled the PHP 8.2 module and installed php-fpm.

    sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -y
sudo yum install https://rpms.remirepo.net/enterprise/remi-release-9.rpm -y
sudo dnf module enable php:remi-8.2 -y
sudo dnf install php-fpm -y

  • I created the directory for the Unix socket and set permissions for the nginx user.

    sudo mkdir -p /var/run/php-fpm
sudo chown nginx:nginx /var/run/php-fpm

  • I configured the PHP-FPM pool (/etc/php-fpm.d/www.conf) to listen on the Unix socket and set the user and group to nginx for security.

    listen = /var/run/php-fpm/default.sock
listen.owner = nginx
listen.group = nginx
user = nginx
group = nginx

Step 4: Connecting Nginx and PHP-FPM

The core of the exercise was to make Nginx and PHP-FPM work together.

  • I added a location ~ \.php$ block to the Nginx server configuration.

  • This block instructs Nginx to pass all requests for PHP files to the PHP-FPM Unix socket using the fastcgi_pass directive.

    location ~ \.php$ {
    root           /var/www/html;
    fastcgi_pass   unix:/var/run/php-fpm/default.sock;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    include        fastcgi_params;
}

Step 5: Troubleshooting and Verification

I encountered several issues during the process, and here’s how I resolved them:

  • Initial 404 Not Found Error: The request was reaching Nginx, but the server couldn't find the file. I confirmed the location block was correctly added.

  • File Permissions: I realized the nginx user couldn’t read the index.php file because it was owned by root. I fixed this by changing the file's ownership.

    sudo chown nginx:nginx /var/www/html/index.php

  • Configuration Conflicts: I found conflicting configurations in the conf.d and default.d directories that were taking precedence over my main server block. I disabled them by renaming the files.

    sudo mv /etc/nginx/conf.d/php-fpm.conf /etc/nginx/conf.d/php-fpm.conf.disabled
sudo mv /etc/nginx/default.d/php.conf /etc/nginx/default.d/php.conf.disabled

  • After each change, I ran sudo nginx -t to check the syntax and then reloaded the service with sudo systemctl reload nginx.

Finally, I verified the entire setup from the jump host.

  • I used curl to access the test page:

    curl http://stapp02:8097/index.php

  • The output showed a message from index.php, confirming that Nginx and PHP-FPM were successfully communicating via the Unix socket. My task was complete.

Top comments (0)