4

I've done a bit of research on running NGinx and PHP with FastCGI on separate servers, and have successfully set it up on test virtual machines. I've ran into the problem that these articles describe...

...which is that in order for this setup to work, the PHP files need to be in the same directory on BOTH servers, even though the machines running the php-fpm worker is actually executing the scripts. I've tested this myself; if I remove a file 'test.php' in the document root on the NGinx server, it throws a 404 or 403 even though the file still exists on the PHP-FPM machine.

My question: is there no way around this? I know using a central storage running NFS is one solution, but I would like to avoid the performance issues associated with that.

If it helps, here are my config files:

/etc/nginx/sites-enabled/test-app.conf

upstream test-app {
    server <php-fpm-server-ip>:9001;
}

server {
    listen 80;
    listen [::]:80;

    server_name test.app.com;
    root /var/www/html;
    index index.php index.html index.htm;

    location ~ \.php$ {
        try_files $uri $uri/ =404;
        fastcgi_pass test-app;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

}
Improve this question
6
  • Would it be an option for you to install nginx on your machine running php-fpm as well?
    – gxx
    Commented Dec 19, 2015 at 1:33
  • Why aren't you colocating them? NGINX is very lightweight and doesn't usually consume too much RAM or CPU compared to PHP.
    – Joel E Salas
    Commented Dec 19, 2015 at 2:28
  • @JoelESalas and gf_: it's a high performance application
    – Scott Crooks
    Commented Dec 19, 2015 at 23:26
  • 2
    @ScottCrooks There's almost no way you've determined that NGINX is a performance bottleneck for you. I've done over a million NGINX events per hour and it has never been the bottleneck.
    – Joel E Salas
    Commented Dec 21, 2015 at 4:28
  • @JoelESalas You're right, NGinx is not really a "bottleneck." I guess I should have explained what I'm trying to accomplish. I want NGinx and PHP-FPM on separate servers so I can scale them independently. In other words, if I see that performance on the NGinx side is getting worse, I can add more servers for balancing.
    – Scott Crooks
    Commented Dec 21, 2015 at 17:14

2 Answers 2

Reset to default
1

If you really want to do this, remove this from nginx under your \.php location:

try_files $uri $uri/ =404;

That is what causes it to check the filesystem before passing the request off to the fcgi upstream. Also verify that the fcgi process has the root directory set properly so it can't read random php files now that nginx can't do existence checking.

Improve this answer
4
  • ** UPDATE** @Andrew: Actually the fix you suggested doesn't work either. If I comment out that line, I get the same problem. Something I'm doing wrong? I only commented out the line from my code above, nothing else.
    – Scott Crooks
    Commented Dec 20, 2015 at 18:45
  • ** UPDATE 2 ** @Andrew: Actually that suggestions works, thank you!
    – Scott Crooks
    Commented Dec 21, 2015 at 17:15
  • This is not a good idea. You still have the potential to execute all requests bound for that location block as PHP code. If I upload a "JPG" that is really just PHP code, I can upload and execute my own code trivially on your site. There are many more examples.
    – Joel E Salas
    Commented Dec 21, 2015 at 19:21
  • 2
    In the presented config, it would only execute if the file ends in .php, and with or without try_files, PHP is still vulnerable to exactly the scenario you describe. Yes, there are plenty of security questions that need to be addressed. No, I'm not going to address them. Because of the way the question was phrased, the asker has to determine the security/performance tradeoffs for himself; I am merely pointing out the proximate cause of the error.
    – Andrew Domaszek
    Commented Dec 22, 2015 at 0:26
0

The php files need to exist on both 'nginx server' and 'php-fpm' server Otherwise, nginx will return 404 page not found

You need to sync all files from local nginx server (file must exist but can be 0 byte in content) and back-end php server (the actual php scripts)

Or you can share files between servers using SSHFS, NFS being another. You put the php script in the local folder (php-fpm server), then you mount this folder to nginx server. In the nginx.conf , document root you point it to the mounted folder That's it , no need to sync files

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .