Building a Nginx PHP-FPM Server - Recommendations?

I had the dedicated box pulled and the OS reloaded; I failed to mention that the LAMP stack was suppose to be installed as per the original setup.  I decided that since the box was bare to try and follow a guide on getting Nginx and PHP-FPM installed since Dolphin would run better under that config than Apache with PHP as an Apache mod.  I have Nignx installed and PHP-FPM as well.  Have started PHP-FPM, Nignx installed but not yet configured and started; working on that.  Even getting some feel back for the VI editor from my Unix days at University; is there another editor that would be better to use or does it really matter?

I thought I would ask in the forums about Nginx and Dolphin and if I should be aware of anything and if I am foolish for attempting this with such limited knowledge; of course that never stopped me before

Just in case your interested for future reference. I see you already did this by hand, but i do believe i mentioned that compiling is for the most part a thing of the past.

The Redhat Enterprise Linux repo already has Nginx available in it's repository which can be used for CentOS. So basically that repo just needs to be enabled and then yum can install it. Then all that remains is to configure it. Precompilied binaries save a lot of time.

Anyhow, for future reference.
http://www.cyberciti.biz/faq/rhel-fedora-install-configure-nginx-php5/

One reason I went the long road of downloading and compiling is that Nginx current release is 1.2.0 and I was not sure if the repository would have the current release.  Yes, I haven't done this stuff in awhile.

I have found that the box does not have an FTP server, what does one recommend?  I am using webmin to help manage the server so having a module for webmin for the FTP server would be nice.

You will need to see what webmin currently has a module for. Normally that would be ProFTPD Server.

I am not sure of which version the repo would have for nginx. But servers are suppose to be stable. So sometimes running the most recent version of something is not always the best choice. When building a server you want stability, not cutting edge.

This is the reason i prefer Redhat Enterprise/CentOS rather than Fedora/Ubuntu. The former run with time tested stable versions while the latter run with cutting edge newer software. I from my experience running a small ISP where server stability is important, have seen the proof for myself.

It is listed on the Nginx site as "The first version of the 1.2.x stable branch has been released." so I figured it should be OK to use it for our site.

Yes, I went with CentOS 6 this time around instead of Ubuntu 12.04 as I did with the VPS.  Ubuntu may be fine for a workstation but I wanted something that I knew would be stable for the server.  I am learning as I go.

Will check to see about ProFTPD

Thanks for your help

I guess I am just too stupid to do this stuff.  I installed ProFTP but can not figure out how to connect through FTP; it always replies with

Status:    Connection established, waiting for welcome message...
Response:    220 FTP Server ready.
Command:    USER Fred
Response:    331 Password required for Fred
Command:    PASS ***********
Response:    530 Login incorrect.
Error:    Critical error
Error:    Could not connect to server

I created user Fred and set the password so I know it is correct.

I set password to normal, but it always changes to pre-encrypted.

I did figure out how Nginx handles vhosts and have it serving up a test page.  Still don't know how to get ProFTPD working.

Make sure Iptables aren't blocking your FTP connection.. I've had that cause problems for me in the past & it's given the perception of invalid credentials vs connection refused. 

I just saw you are running centos.

>service iptables stop 

will give you a quick test. I don't suspect this is your problem, but worth ruling it out. 

I ditched proftp a while ago in favor of vsftpd. It's much easier to configure (at least it was for me) as far as chrooting users to their home directories etc.

Thanks.  I might just switch to vsftpd; I had that on the VPS and had no trouble setting it up.  My problem is that I don't if it is something I did, or something I did not do LOL.

Another problem I have not been able to figure out is that Nginx is not passing php files to php-fpm; when trying to access phpinfo.php to get php info the browser wants to download the file.  Not much luck reading through the search results.

My nginx config file contains

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ .php$ {
            root           html;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
            include        fastcgi_params;
        }

What does the root entry mean?

If anyone can shed some light on this, it would be a big help since if I can not process php, I can not use Nginx and php-fpm for Dolphin.

I am learning!  [happy dance here]

It is now working after some more searches.  Plus, I found a vulnerability that allows one to execute backdoor scripts.  Here is the location that I am using.

   # Pass all .php files onto a php-fpm/php-fcgi server.
   location ~ .php$ {
   root   /var/www/domain.tld/public_html;
   # Zero-day exploit defense.
   # http://forum.nginx.org/read.php?2,88845,page=3
   # Won't work properly (404 error) if the file is not stored on this
   # server, which is entirely possible with php-fpm/php-fcgi.
   # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
   #another machine.  And then cross your fingers that you won't get hacked.
   fastcgi_pass   127.0.0.1:9000;
   try_files $uri =404;
   fastcgi_split_path_info ^(.+.php)(/.+)$;
   include /webserver/nginx/conf/fastcgi_params;
   fastcgi_index index.php;
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   #fastcgi_intercept_errors on;
   }

The root of course is where your files for the site will be located.  Another error, if you will look back at the first location block, was that I was not pointing the include to where my fastcgi_params were located on the server.

Actually, the fastcgi_params is located in the same directory as the ngnix config, so the path should not be needed.

I am getting real close to a usable setup here.  Nginx is up and running, mySQL is up and running, phpMyAdmin (took me a while to figure out the 404 error) is up and running; FTP server is up and running. PHP-Fast CGI is up and running.

Now I have a question about the website directory; how should I set up permissions?  What should be the user:group of the website directory?  I see examples where /www/public_html has apache:apache as the user group permissions.  Do I need to set up a nginx user and group for the website directory and what should the permissions be?  I have never done the nuts and bolts at this level before, not even with the VPS I had.  I don't want to be chasing errors with Dolphin that are the results of me not setting the permissions correctly.

Hi geek_girl, thanks for sharing your experience with making your built. Would you have a recommendation step by step to make dolphin on nginx. I'm trying to build a test server and overwhelmed with info. I really liked this tut: http://www.boonex.com/n/this-is-what-i-did-to-get-d7-x-working-on-a-server, but i'd prefer to go with nginx instead of apache. Thanks!

I wish I had took notes then.  I was doing a lot of internet searches and doing a lot of reading.  First of all, I suggest CentOS since it is based on Red Hat Enterprise; it is a very stable OS.  I am using CentOS 6 64 bit on a xeon based blade server in a hosted environment (in other words I am leasing the server).  I got the server with the OS installed along with webmin for the control panel.  That was basically it.  To make sure I got the latest stable version of Nginx, I used wget, and then configured, make, make install, basically following guides I found on the net.  You can use yum for a quick install but you will get the version in the repo; and even updating the repo does not mean it will include the latest version.  Now I am working from SSHing into the server and changing to root permissions.  That will be determined by how your host sets up the server and they will provide that info to you.  I use Putty to SSH into the server.  Once you have things installed you can use the File Manager in Webmin to edit the config files.

It is fairly easy to get things installed and set up; I think Nginx is easier to work with than Apache.  The one thing you need to know is that Nginx does not use .htaccess.  There is a tut here on how to set up the equivalent of .htaccess in dolphin, which is very easy.

I will be happy to share what I know; it might be easier to just ask specific questions.  Oh, one thing is PHP-FPM, you want to run that as the same user:group that owns the Dolphin files; that is set in the PHP-FPM config file; you don't want to run php as root.

Thanks again for the valuable advice, i really appreciate it! I will also try sharing my knowledge here on nginx .

What are you starting with for your server?  If you are starting with a LAMP configuration, there are two things, one, you need to shut down Apache.  Plus, php will most likely be set up as an Apache mod.  You might be able to find someone that will set up a LEMP (the E being Nginx) for you but the best prices come without anything and it is not that hard to install things.  I was scared about having a bare box with just CentOS installed but once I started working with it my fear was unfounded.  There is so much information on the net and you can just copy a command and then do the right-click in the SSH window to paste that command on the command line.  For the latest version of Nginx, you will need to pull down the binary file, then run configure, then run make, then run make install.  If you don't care about having the latest version, then you can just use yum to install Niginx all in one go.

I can not find the exact commands I used to install Nginx but as I said, there are tutorials on the net.

As for an example of an Nginx config file:

#user nobody;
worker_processes  4;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include mime.types;
    default_type  application/octet-stream;

    index  index.html index.htm index.php;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;
    client_max_body_size 200M;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    gzip_http_version 1.1;
    gzip_min_length 200;
    gzip_vary on;
    gzip_comp_level 6;
    gzip_proxied any;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    gzip_buffers 16 8k;

    # Load virtual host configuration files.
    include /nginx/sites-enabled/*;


server {
    listen       80;
    server_name  www.fasttimes.net fasttimes.net;

    root   /www/public_html/fasttimes;

    access_log /www/public_html/fasttimes/access_log/access.log;
    error_log /www/public_html/fasttimes/error_log/error.log;

    # serve static files directly
    location ~* ^.+(templates|flash|media|plugins)/.+.(jpg|jpeg|gif|css|png|js|ico)$ {
        access_log        off;
        expires           30d;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /.ht {
        deny  all;
    }

    #Dolphin Rewrite Rules
    location / {
    include dolphin_rewrites.conf;
    }

   # Pass all .php files onto a php-fpm/php-fcgi server.
   location ~ .php$ {
   root   /www/public_html/fasttimes;
   # Zero-day exploit defense.
   # http://forum.nginx.org/read.php?2,88845,page=3
   # Won't work properly (404 error) if the file is not stored on this
   # server, which is entirely possible with php-fpm/php-fcgi.
   # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
   #another machine.  And then cross your fingers that you won't get hacked.
   fastcgi_pass   127.0.0.1:9000;
   try_files $uri =404;
   fastcgi_split_path_info ^(.+.php)(/.+)$;
   include /nginx/conf/fastcgi_params;
   fastcgi_index index.php;
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   #fastcgi_intercept_errors on;
   }

}

any time you make changes to the nginx config file you need to restart nginx for that config file to be read; otherwise, your changes will not be applied.

thats not exactly correct but ok ...

Well, if it is not correct, then correct me.  I am learning Nginx as well.  I was told that any time I made changes to the nginx.cnf that I needed to restart Nginx.  If that is not true, then educated me and others.  Nothing is worst than telling someone they are not exactly correct without telling them why.

sorry for the late response ...

well if you run nginx as service you could use "service nginx reload" to reload the configuration.
if you start it outside of a service you could to the same as seen here: http://wiki.nginx.org/CommandLine#Stopping_or_Restarting_Nginx