Setting up nginx + php-fpm + apc on CentOS 6.2 x64

Download Repositories Let’s get started by adding the the necessary repositories:

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

Install and Configure MySQL

Install MySQL.

yum --enablerepo=remi install mysql mysql-server

Start MySQL and secure it.

service mysqld start
/usr/bin/mysql_secure_installation

When running mysql_secure_installation, just answer yes to all the prompts.

Install and Configure NGINX and PHP

Configure nginx repo.

nano /etc/yum.repos.d/nginx.repo

Add the following lines inside the nginx.repo file:

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

Install nginx, php-fpm and the necessary php modules.

yum --enablerepo=remi install nginx php php-fpm php-common
yum --enablerepo=remi install php-pear php-pdo php-mysqlnd
yum --enablerepo=remi install php-pgsql php-pecl-memcache
yum --enablerepo=remi install php-gd php-mbstring php-mcrypt php-xml

Install and configure apc.

yum --enablerepo=remi install php-pecl-apc

The default APC settings will work out of the box but I suggest you read this article about limiting APC caching to specific virtual sites first if you intend to run a good number of sites on your server. Configure nginx conf

nano /etc/nginx/nginx.conf

Use the following configuration.

user nginx;
## set to number of cpu cores
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
    worker_connections 1024;
}
http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    # turn off access log
    access_log off;
    server_names_hash_bucket_size   64;
    ## tcp options
    tcp_nodelay on;
    tcp_nopush on;
    keepalive_timeout 10;
    sendfile on;
    ## include virtual host conf
    include /etc/nginx/vhosts/*.conf;
}

Create the directory for virtual hosts and create the virtual host conf file. A note, I turned off logging because I use CloudFlare and I find its access reporting better than using the nginx log file. Make a default virtual host.

mkdir /etc/nginx/vhosts/
nano /etc/nginx/vhosts/default.conf

Use the following configuration.

server
{
    listen 80 default;
    error_log /var/log/nginx/default.error.log crit;
    root /home/default/public_html;
    index index.php index.html index.htm;
    # use fastcgi for all php files
    location ~ \.php$
    {
        # secure *.php files
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

I usually setup the user and user directory in this particular manner after I create the corresponding domain.conf file.

adduser default
passwd default
mkdir /home/default/public_html
chown root:nginx /home/default/
chmod 775 /home/default/

Take note that whenever you upload files to public_html, you may need to chmod it to 775 (for folders and files that need write permissions) and chown it to nginx:nginx. Configure php-fpm

nano /etc/php-fpm.d/www.conf

Use the following settings:

[www]
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
user = nginx
group = nginx
pm = dynamic
pm.max_children = 10
pm.start_servers = 4
pm.min_spare_servers = 2
pm.max_spare_servers = 10
pm.max_requests = 500
request_terminate_timeout = 30
slowlog = /var/log/php-fpm/www-slow.log
catch_workers_output = yes
security.limit_extensions = .php
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_admin_value[session.save_path] = /tmp

Change owner of php-fpm folder:

chown -R nginx:nginx /var/log/php-fpm

Also set the logging level to warning on the main php-fpm configuration file found here /etc/php-fpm.conf so that the log file won’t get bloated by php notices.

log_level = warning

Your configuration is done at this point.

Start and Configure Services

service nginx start
service php-fpm start

If both daemons ran without a hitch then configure all to start on boot. If you get a permission denied error, it could be due to SELinux security and you’ll have to follow this instruction to disable it.

chkconfig nginx on
chkconfig php-fpm on
chkconfig mysqld on

Test NGINX

Before you do any tests disable iptables first, this will be configured later on after we are sure everything is running fine.

service iptables stop

Now try accessing whatever domain you’ve setup on your virtual host, in this case domain.com. If you got everything right you should see a 403 nginx page. That’s all folks.  ]]>