# How build webserver with nginx and wordpress?

## pmam

I want to build, for the first time a web-server, at home behind NAT router - my intention is to get Nginx web-server with Wordpress.

I have just installed nginx and it works locally - now need some support that did not find by google.

I followed this https://wiki.gentoo.org/wiki/Nginx - not sure all mentioned there is needed in my case but these have done:

- added to make.conf: NGINX_ADD_HTTP="fastcgi"

- emerge nginx and left the defult nginx.conf as is for 'Single site access'.

- added these lines to nginx.conf:

```
location ~ \.php$ {

                       # Test for non-existent scripts or throw a 404 error

                       # Without this line, nginx will blindly send any request ending in .php to php-fpm

                       try_files $uri =404;

                       include /etc/nginx/fastcgi.conf;

                       fastcgi_pass unix:/run/php-fpm.socket;

           }
```

- emerge php with fpm,gd USE flags in pcakage.use.

At the moment looks that nginx run ok but when I try to start php I get errors:

```
/etc/init.d/php-fpm start

 * Starting PHP FastCGI Process Manager ...

[25-Jan-2016 21:35:04] ERROR: [/etc/php/fpm-php5.6/php-fpm.conf:23] unknown entry 'listen'

[25-Jan-2016 21:35:04] ERROR: failed to load configuration file '/etc/php/fpm-php5.6/php-fpm.conf'

[25-Jan-2016 21:35:04] ERROR: FPM initialization failed

 * start-stop-daemon: failed to start `/usr/lib/php5.6/bin/php-fpm'                                                                                    [ !! ]

 * ERROR: php-fpm failed to start
```

I found this https://wiki.gentoo.org/wiki/PHP with recommendations that not mentioned in above wiki:

to add php USE flag to make.conf for enabling support for PHP in other packages,

and emerge lighttpd - are they really needed?

Need mysql for my setup?

May be need to add modules to nginx for php or changes need to do in ngnix.conf?

I am quite confused and do not find coherent guidance for this mission - (i.e: there is a wiki for wordpress with apache but not with nginx) -

Please advise what I did wrong or what is missing?

Later on I will consider safety issues: I have been told, by this forum that dynamic server with php etc,

is much more vulnerable -  what ports need to open? and how to secure this activity?

----------

## dalu

what does your /etc/php/fpm-php5.6/php-fpm.conf look like?

because the error message in php-fpm says it all really.

----------

## pmam

dalu Hi,

Here my /etc/php/fpm-php5.6/php-fpm.conf - This is the default file - just added 2 lines (below [global]) added according wiki recommendation 

(/etc/php/fpm-php5.6/php.ini is also the default - just added TIMEZONE):

```
listen = /run/php-fpm.socket

listen.owner = nginx
```

```
;;;;;;;;;;;;;;;;;;;;;

; FPM Configuration ;

;;;;;;;;;;;;;;;;;;;;;

; All relative paths in this configuration file are relative to PHP's install

; prefix (/usr/lib/php5.3). This prefix can be dynamicaly changed by using the

; '-p' argument from the command line.

; Include one or more files. If glob(3) exists, it is used to include a bunch of

; files from a glob(3) pattern. This directive can be used everywhere in the

; file.

; Relative path can also be used. They will be prefixed by:

;  - the global prefix if it's been set (-p arguement)

;  - /usr/lib/php5.3 otherwise

;include=/etc/php/fpm-php5.3/fpm.d/*.conf

;;;;;;;;;;;;;;;;;;

; Global Options ;

;;;;;;;;;;;;;;;;;;

[global]

listen = /run/php-fpm.socket

listen.owner = nginx

; Pid file

; Note: the default prefix is /var/lib

; Default Value: none

; Warning: pid file is overriden by the Gentoo init script.

; FPM will refuse to start if you uncomment this settingi and make use of the

; init script. 

; pid = /var/run/php-fpm.pid

; Error log file

; Note: the default prefix is /var/lib

; Default Value: log/php-fpm.log

error_log = /var/log/php-fpm.log

; Log level

; Possible Values: alert, error, warning, notice, debug

; Default Value: notice

;log_level = notice

; If this number of child processes exit with SIGSEGV or SIGBUS within the time

; interval set by emergency_restart_interval then FPM will restart. A value

; of '0' means 'Off'.

; Default Value: 0

;emergency_restart_threshold = 0

; Interval of time used by emergency_restart_interval to determine when 

; a graceful restart will be initiated.  This can be useful to work around

; accidental corruptions in an accelerator's shared memory.

; Available Units: s(econds), m(inutes), h(ours), or d(ays)

; Default Unit: seconds

; Default Value: 0

;emergency_restart_interval = 0

; Time limit for child processes to wait for a reaction on signals from master.

; Available units: s(econds), m(inutes), h(ours), or d(ays)

; Default Unit: seconds

; Default Value: 0

;process_control_timeout = 0

; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging.

; Default Value: yes

;daemonize = yes

;;;;;;;;;;;;;;;;;;;;

; Pool Definitions ; 

;;;;;;;;;;;;;;;;;;;;

; Multiple pools of child processes may be started with different listening

; ports and different management options.  The name of the pool will be

; used in logs and stats. There is no limitation on the number of pools which

; FPM can handle. Your system will tell you anyway :)

; Start a new pool named 'www'.

; the variable $pool can we used in any directive and will be replaced by the

; pool name ('www' here)

[www]

; Per pool prefix

; It only applies on the following directives:

; - 'slowlog'

; - 'listen' (unixsocket)

; - 'chroot'

; - 'chdir'

; - 'php_values'

; - 'php_admin_values'

; When not set, the global prefix (or /usr/lib/php5.3) applies instead.

; Note: This directive can also be relative to the global prefix.

; Default Value: none

;prefix = /path/to/pools/$pool

; The address on which to accept FastCGI requests.

; Valid syntaxes are:

;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific address on

;                            a specific port;

;   'port'                 - to listen on a TCP socket to all addresses on a

;                            specific port;

;   '/path/to/unix/socket' - to listen on a unix socket.

; Note: This value is mandatory.

listen = 127.0.0.1:9000

; Set listen(2) backlog. A value of '-1' means unlimited.

; Default Value: 128 (-1 on FreeBSD and OpenBSD)

;listen.backlog = -1

 

; List of ipv4 addresses of FastCGI clients which are allowed to connect.

; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original

; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address

; must be separated by a comma. If this value is left blank, connections will be

; accepted from any ip address.

; Default Value: any

;listen.allowed_clients = 127.0.0.1

; Set permissions for unix socket, if one is used. In Linux, read/write

; permissions must be set in order to allow connections from a web server. Many

; BSD-derived systems allow connections regardless of permissions. 

; Default Values: user and group are set as the running user

;                 mode is set to 0666

;listen.owner = nobody

;listen.group = nobody

;listen.mode = 0666

; Unix user/group of processes

; Note: The user is mandatory. If the group is not set, the default user's group

;       will be used.

user = nobody

group = nobody

; Choose how the process manager will control the number of child processes.

; Possible Values:

;   static  - a fixed number (pm.max_children) of child processes;

;   dynamic - the number of child processes are set dynamically based on the

;             following directives:

;             pm.max_children      - the maximum number of children that can

;                                    be alive at the same time.

;             pm.start_servers     - the number of children created on startup.

;             pm.min_spare_servers - the minimum number of children in 'idle'

;                                    state (waiting to process). If the number

;                                    of 'idle' processes is less than this

;                                    number then some children will be created.

;             pm.max_spare_servers - the maximum number of children in 'idle'

;                                    state (waiting to process). If the number

;                                    of 'idle' processes is greater than this

;                                    number then some children will be killed.

; Note: This value is mandatory.

pm = dynamic

; The number of child processes to be created when pm is set to 'static' and the

; maximum number of child processes to be created when pm is set to 'dynamic'.

; This value sets the limit on the number of simultaneous requests that will be

; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.

; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP

; CGI.

; Note: Used when pm is set to either 'static' or 'dynamic'

; Note: This value is mandatory.

pm.max_children = 50

; The number of child processes created on startup.

; Note: Used only when pm is set to 'dynamic'

; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2

;pm.start_servers = 20

; The desired minimum number of idle server processes.

; Note: Used only when pm is set to 'dynamic'

; Note: Mandatory when pm is set to 'dynamic'

pm.min_spare_servers = 5

; The desired maximum number of idle server processes.

; Note: Used only when pm is set to 'dynamic'

; Note: Mandatory when pm is set to 'dynamic'

pm.max_spare_servers = 35

 

; The number of requests each child process should execute before respawning.

; This can be useful to work around memory leaks in 3rd party libraries. For

; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.

; Default Value: 0

;pm.max_requests = 500

; The URI to view the FPM status page. If this value is not set, no URI will be

; recognized as a status page. By default, the status page shows the following

; information:

;   accepted conn        - the number of request accepted by the pool;

;   pool                 - the name of the pool;

;   process manager      - static or dynamic;

;   idle processes       - the number of idle processes;

;   active processes     - the number of active processes;

;   total processes      - the number of idle + active processes.

;   max children reached - number of times, the process limit has been reached,

;                          when pm tries to start more children (works only for

;                          pm 'dynamic')

; The values of 'idle processes', 'active processes' and 'total processes' are

; updated each second. The value of 'accepted conn' is updated in real time.

; Example output:

;   accepted conn:        12073

;   pool:                 www

;   process manager:      static

;   idle processes:       35

;   active processes:     65

;   total processes:      100

;   max children reached: 1

; By default the status page output is formatted as text/plain. Passing either

; 'html' or 'json' as a query string will return the corresponding output

; syntax. Example:

;   http://www.foo.bar/status

;   http://www.foo.bar/status?json

;   http://www.foo.bar/status?html

; Note: The value must start with a leading slash (/). The value can be

;       anything, but it may not be a good idea to use the .php extension or it

;       may conflict with a real PHP file.

; Default Value: not set 

;pm.status_path = /status

 

; The ping URI to call the monitoring page of FPM. If this value is not set, no

; URI will be recognized as a ping page. This could be used to test from outside

; that FPM is alive and responding, or to

; - create a graph of FPM availability (rrd or such);

; - remove a server from a group if it is not responding (load balancing);

; - trigger alerts for the operating team (24/7).

; Note: The value must start with a leading slash (/). The value can be

;       anything, but it may not be a good idea to use the .php extension or it

;       may conflict with a real PHP file.

; Default Value: not set

;ping.path = /ping

; This directive may be used to customize the response of a ping request. The

; response is formatted as text/plain with a 200 response code.

; Default Value: pong

;ping.response = pong

 

; The timeout for serving a single request after which the worker process will

; be killed. This option should be used when the 'max_execution_time' ini option

; does not stop script execution for some reason. A value of '0' means 'off'.

; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)

; Default Value: 0

;request_terminate_timeout = 0

 

; The timeout for serving a single request after which a PHP backtrace will be

; dumped to the 'slowlog' file. A value of '0s' means 'off'.

; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)

; Default Value: 0

;request_slowlog_timeout = 0

 

; The log file for slow requests

; Default Value: not set

; Note: slowlog is mandatory if request_slowlog_timeout is set

;slowlog = /var/log/php-fpm-$pool.log.slow

 

; Set open file descriptor rlimit.

; Default Value: system defined value

;rlimit_files = 1024

 

; Set max core size rlimit.

; Possible Values: 'unlimited' or an integer greater or equal to 0

; Default Value: system defined value

;rlimit_core = 0

 

; Chroot to this directory at the start. This value must be defined as an

; absolute path. When this value is not set, chroot is not used.

; Note: you can prefix with '$prefix' to chroot to the pool prefix or one

; of its subdirectories. If the pool prefix is not set, the global prefix

; will be used instead.

; Note: chrooting is a great security feature and should be used whenever 

;       possible. However, all PHP paths will be relative to the chroot

;       (error_log, sessions.save_path, ...).

; Default Value: not set

;chroot = 

 

; Chdir to this directory at the start.

; Note: relative path can be used.

; Default Value: current directory or / when chroot

;chdir = /var/www

 

; Redirect worker stdout and stderr into main error log. If not set, stdout and

; stderr will be redirected to /dev/null according to FastCGI specs.

; Note: on highloaded environement, this can cause some delay in the page

; process time (several ms).

; Default Value: no

;catch_workers_output = yes

 

; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from

; the current environment.

; Default Value: clean env

;env[HOSTNAME] = $HOSTNAME

;env[PATH] = /usr/local/bin:/usr/bin:/bin

;env[TMP] = /tmp

;env[TMPDIR] = /tmp

;env[TEMP] = /tmp

; Additional php.ini defines, specific to this pool of workers. These settings

; overwrite the values previously defined in the php.ini. The directives are the

; same as the PHP SAPI:

;   php_value/php_flag             - you can set classic ini defines which can

;                                    be overwritten from PHP call 'ini_set'. 

;   php_admin_value/php_admin_flag - these directives won't be overwritten by

;                                     PHP call 'ini_set'

; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.

; Defining 'extension' will load the corresponding shared extension from

; extension_dir. Defining 'disable_functions' or 'disable_classes' will not

; overwrite previously defined php.ini values, but will append the new value

; instead.

; Note: path INI options can be relative and will be expanded with the prefix

; (pool, global or /usr/lib/php5.3)

; Default Value: nothing is defined by default except the values in php.ini and

;                specified at startup with the -d argument

;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com

;php_flag[display_errors] = off

;php_admin_value[error_log] = /var/log/fpm-php.www.log

;php_admin_flag[log_errors] = on

;php_admin_value[memory_limit] = 32M
```

----------

## dalu

yeah that's the mistake

there's a global section and the listen directive doesn't go there, hence the error message that it's not recognized or understood.

if you scroll down you will see "pool definitions"

the default pool in this config file is [www]

there's also a listen directive 127.0.0.1:9000

for starters I'd keep this in, less issues with permissions

and since it's a local service (not internet faced) and you won't expect many visitors, tcp is good enough

but if you have to, and since that's the way you want to do it

```

; listen = 127.0.0.1:9000

listen = /run/php-fpm.socket

listen.owner = nginx

listen.group = nginx

listen.mode = 0660

```

and remove the listen and listen.owner under [global]

edit: I forgot, replace nobody with nginx

```

user = nginx

group = nginx

```

note that when you put your php files anywhere you have to 

```

chown nginx:nginx

```

that means change owner of file/s to user nginx and group nginx

so to recap in php-fpm.conf

you have a [global] section

and you have pool definition sections

in this case [www]

those pool definitions are useful if you'd like to separate users and give them their own listening socket with their own resource limits, owner and so on

also php7 is out, you might want to check that out

if you still have issues, I'm all ears

----------

## pmam

Dear dalu,

Thanks for your helpful advise! 

Since it is the first time for me with webserver, I have some questions regarding your nice explanation -

First of all, after changing php-fpm.conf according your tips, php start working but still with NOTICE:

```
/etc/init.d/php-fpm restart

 * Starting PHP FastCGI Process Manager ...

[26-Jan-2016 15:40:24] NOTICE: [pool www] pm.start_servers is not set. It's been set to 20.
```

Can you please explain what does it mean 'pool' and if I need to create any directory called www somewhere,

or something else in order to cancel this NOTICE?

 *Quote:*   

> there's also a listen directive 127.0.0.1:9000
> 
> for starters I'd keep this in, less issues with permissions
> 
> and since it's a local service (not internet faced) and you won't expect many visitors, tcp is good enough
> ...

 

If I understand well - You described two ways of operations: local service and internet faced -

and your tip is in respect to internet faced - right? As far as I concerned, though at the moment my intention is to have the weserver at home,

behind NAT router - It should handle some visitors and it is not considered 'local service' - right?

 *Quote:*   

> note that when you put your php files anywhere you have to
> 
> Code:	
> 
> chown nginx:nginx 

 

Do you mean to do it to all php files that wordpress produces?

 *Quote:*   

> also php7 is out, you might want to check that out 

 

Does php7 is stable already? Why portage did not install it by default?

EDIT: Now I see php7 is not stable - worth to install?

----------

## dalu

I use php7 in production.

You probably don't have ~amd64 ACCEPT_KEYWORDS in make.conf

which is fine

When you have something like

/var/www/wordpress.pmam.com/htdocs/

you have to chown this directory to be owned by nginx

because you stated that nginx is ran unter nginx user and php-fpm's www pool is run under the nginx user

if you use a tcp socket as opposed to a unix socket then your performance will be slightly worse (and I mean slightly)

but you won't have permission problems since everyone can connect to 127.0.0.1:9000

but on the other hand that also means that should anyone get access to a local user account anyone can connect to 127.0.0.1:9000 without needing to be a special user (for instance nginx or the user). That might or might not be what you care about. In situations where you have private services that are behind some authentication middlewares you probably don't want that. But I don't think that's your concern right now.

You want it to work. And the easiest way is the tcp socket, because of permissions. And I'm talking about nginx communicating with the php socket (be it tcp or unix).

regarding the problem:

below [www]

find

pm.start_servers

if it's commented out uncomment it (remove the ; in front)

so it says

```

pm.start_servers = 20

```

which is a lot , you probably won't need more than 2

you really need to learn to comprehend error messages

it tells you what to do

a pool is a container in the broadest sense, pool, container, box, folder , they all contain stuff

----------

## pmam

dalu,

 *Quote:*   

> But I don't think that's your concern right now.

 

You are right but at least I need to know what is the current status - 

I followed this https://wiki.gentoo.org/wiki/Nginx and added to my nginx.conf:

```
location ~ \.php$ {

                       # Test for non-existent scripts or throw a 404 error

                       # Without this line, nginx will blindly send any request ending in .php to php-fpm

                       try_files $uri =404;

                       include /etc/nginx/fastcgi.conf;

                       fastcgi_pass unix:/run/php-fpm.socket;

           }
```

So it means nginx is exchanging information with the PHP process via a UNIX socket.

And according your tip - is it unix or tcp socket? If it is tcp, please inform if to cancel above lines or any change in nginx.conf?

Also - in your tip there is ; (commented) before  listen = 127.0.0.1:9000 - Is it ok, or need to uncomment?

Afterwards, as you said: "You want it to work."   :Smile:   so please inform if I can go a head and emerge wordpress - 

Since there is no wiki for wordpress with nginx(just with apache), please advise any particular needed steps - 

Need to install mysql? lighttpd? Should add php USE flag to make.conf? ( I saw all these in wordress&apache wiki...)

EDIT: Can you recommend on wikis to learn about php-fpm, socket etc...

Thanks

----------

## dalu

mysql: yes

lighthttpd: no, you have nginx

I can't comment on the rest

 *Quote:*   

> 
> 
> Also - in your tip there is ; (commented) before listen = 127.0.0.1:9000 - Is it ok, or need to uncomment? 
> 
> 

 

Well what do you see in nginx' configuration and does that answer your question?

Why are you overcomplicating it? I really hate repeating myself and I don't have time for help vampires, sorry.

http://lmgtfy.com/?q=nginx+php-fpm+mysql+wordpress

The setup you have right now works, don't overcomplicate it.

I'm out, peace

----------

