Nginx installation and configuration

I am going to use nginx for my webserving needs. Install nginx and php process management to get nginx with PHP support: pacman -S nginx php-fpm

I got configuration information mostly from these two site:

Configuration

The server will be configured for low load on a local network. I therefor limit the number of worker processes and the maxmum number of connections. The root folder for the web content will be /srv/http.

The entry types_hash_max_size 4096 was required because the fast CGI configuration file added many variables.

#as which user it should run. Defaults to http
#user http;
#how many processes to use. limits max amount of concurrent connections
worker_processes 1;
events {
  worker_connections 128;
}

http {
  # needed on arch, to stop nginx from complaining
  types_hash_max_size 4096;
  #move data directly between file descriptors; more efficient than read/write
  sendfile on;
  #delay sending to try to send out only full packets
  tcp_nopush on;

  #compress server responses
  gzip on;

  server {
    #first is the port, second is a flag to define this server declaration to
    #be used as default
    listen 80 default_server;

    #serve files from this directory
    root /srv/http;

    location ~ \.php$ {
      fastcgi_pass unix:/run/php-fpm/php-fpm.sock
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name
      #fastcgi_params is an arch config file defining a variety of fastcgi
      #parameters
      include fastcgi_params;
    }
    #enable uploads with PUT, secured by user/pasword from a file
    location / {
      dav_methods PUT;
      dav_access user:rw group:r all:r;
      create_full_path on;
      limit_except GET {
        auth_basic "My Domain";
        auth_basic_user_file /srv/htpasswd
      }
    }
  }
}

Uploads

The second location block enables uploads to the webserver with the HTTP PUT command. Files can transferred with curl: curl http://loebl-pi:8888/ -T foo.html.

The htpasswd files has to be manually created. Each line is a username followed by a colon and an encoded password. The encoded password can be created with openssl passwd <password-to-hash>.

PHP configuration

Arch already contains a rather complete PHP configuration. Only necessary changes are listed here. The configuration file is located in /etc/php/php.ini

Set engine to off
Set expose_php to off
Set memory_limit to 64M
Set file_uploads to off
Set date.timezone to Europe/Berlin (or your local time zone)

I am using PHP-FPM to manage PHP processes. It has its own configuration file under /etc/php/php-fpm.conf . Changed values:

Set process.max to 16

Additionally there are pool configuration files under /etc/php/php-fpm.d. I kept them at the default.

Activate nginx and PHP

The arch packages ship with systemd jobs. Once enabled nginx and PHP will start at boot. To enable them and start for the current session execute as root:

systemctl enable php-fpm
systemclt enable nginx
systemctl start php-fpm
systemctl start nginx

Firewall rule

Building on the base setup introduced in the first chapter, I can drop a file named in_nginx.conf into /etc/nft_rules to add my rules:

tcp dport 80 accept