# nginx.conf problem



## fred974 (Oct 3, 2013)

Hello everyone,

I wonder if anybody on here could help me spot where I am going wrong with my nginx.cong file. Basically, If I use the lynx browser, I can see that everything is good. But when accessing it via a normal browser outside of local host, I get the following

```
This page can't be displayed
```

nginx.conf

```
worker_processes     4;   
worker_priority      15;   

events {
worker_connections 512; 
accept_mutex        on;  

}

http {

  client_body_timeout      5s; 
  client_header_timeout    5s; 
  keepalive_timeout       75s; 
  send_timeout             5s;ta

 ## General Options
  charset                   utf-8;
  default_type              application/octet-stream;
  gzip                      off; 
  gzip_static               on;  
  gzip_proxied             any;  
  ignore_invalid_headers    on;
  include                   /usr/local/nginx/conf/mime.types;
  keepalive_requests        50;  
  keepalive_disable         none;
  max_ranges                0;  
  msie_padding              off;
  open_file_cache           max=1000 inactive=2h;
  open_file_cache_errors    on;
  open_file_cache_min_uses  1;
  open_file_cache_valid     1h;
  output_buffers            1 512;
  postpone_output           1440; 
  read_ahead                512K; 
  recursive_error_pages     on;
  reset_timedout_connection on;  
  sendfile                  on; 
  server_tokens             off;
  server_name_in_redirect   off;
  source_charset            utf-8;
  tcp_nodelay               on; 
  tcp_nopush                off;

 ## Request limits
  limit_req_zone  $binary_remote_addr  zone=gulag:1m   rate=60r/m;

 ## Log Format
  log_format  main  '$remote_addr $host $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $ssl_cipher $request_time';

  server {
      add_header  Cache-Control "public";
     #add_header  Content-Security-Policy "default-src 'none';style-src 'self';img-src 'self' data: ;";
      add_header  X-Frame-Options "DENY";
      access_log  /var/log/nginx/access.log main buffer=32k;
      error_log   /var/log/nginx/error.log error;
      expires     max;
      limit_req   zone=gulag burst=200 nodelay;
      listen      127.0.0.1:80;
      root        /www/webs/mysite_com/httpdocs;
      server_name mysite.com www.mysite.com;

     ## Restricted Access directory by password in the access_list file.
      location ^~ /secure/ {
            allow 127.0.0.1/32;
            allow 10.10.10.0/24;
            deny all;
            auth_basic "RESTRICTED ACCESS";
            auth_basic_user_file /www/webs/mysite_com/httpdocs/secure/;
        }

     ## Serve an empty 1x1 gif _OR_ an error 204 (No Content) for favicon.ico
      location = /favicon.ico {
       #empty_gif;
        return 204;
      }

     ## default location
      location  / { try_files $uri $uri/ =404; }

     ## All other errors get the generic error page
      error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 495 496 497
                 500 501 502 503 504 505 506 507 /error_page.html;
      location  /error_page.html { internal; }
  }
}
```

The error.log file is completely empty :- no error messages. DNS is not the problem because if I try my old configuration file, it works ok.


----------



## SirDice (Oct 3, 2013)

Your server is only bound to 127.0.0.1 and thus not accessible from outside the host.


----------



## fred974 (Oct 3, 2013)

Hi @SirDice,

I changed the nginx.conf

```
listen      127.0.0.1:80;
```
to 

```
listen      80;
```


```
error_log   /var/log/nginx/error.log error;
```
to

```
error_log   /var/log/nginx/error.log debug;
```

I can now see the website.


Thank you

Fred


----------



## fred974 (Oct 3, 2013)

Sorry, the index.html works fine but when *I* tried my index.php:


```
<?
phpinfo();
?>
```
I get 


```
The website cannot display the page
  HTTP 500
```

I did add this in my nginx.conf:

```
index       index.php index.html index.htm;
```

*A*ny idea?


----------



## SirDice (Oct 3, 2013)

Yes, you need to enable PHP in nginx.conf.


----------



## fred974 (Oct 3, 2013)

Hi,

I compiled Nginx --without-http_fastcgi_module. Do you have an example on how to enable PHP without fastcgi by any chance?

Thank you


----------



## SirDice (Oct 3, 2013)

Nope, I've only used it with PHP-FPM and even that gives me a major headache. It's a nice web server for static content but the combination with PHP is a major PITA to configure correctly. There are hundreds of examples on the internet and pretty much all of them contain one or more security issues. I spent several days trying to configure it properly, never really succeeded. In the end I ditched nginx and used the tried and tested combination of Apache and PHP. Had that up and running securely in a couple of minutes.

http://wiki.nginx.org/Pitfalls


----------



## fred974 (Oct 3, 2013)

SirDice said:
			
		

> Nope, I've only used it with PHP-FPM and even that gives me a major headache. It's a nice web server for static content but the combination with PHP is a major PITA to configure correctly. There are hundreds of examples on the internet and pretty much all of them contain one or more security issues. I spent several days trying to configure it properly, never really succeeded. In the end I ditched nginx and used the tried and tested combination of Apache and PHP. Had that up and running securely in a couple of minutes.
> 
> http://wiki.nginx.org/Pitfalls



I don't blame you! I'm starting to feel the same..But *I*'ll keep going. I will most certainly recompile with the PHP-FPM module. Thank you very much for your help


----------



## quintessence (Oct 4, 2013)

(off-topic)
Hi guys, why don't you just use it as reverse proxy in front of Apache+PHP?
Don't you like 444 status code for blocking "bad bots" :e


----------



## SirDice (Oct 4, 2013)

We already have a load-balancer in front of the web servers. It spreads the incoming traffic to about 6-9 web servers. We are looking into replacing the load-balancers with haproxy and maybe combine that with varnish. But currently everything is running smoothly so we're not in a real rush.


----------



## fred974 (Oct 4, 2013)

quintessence said:
			
		

> (off-topic)
> Hi guys, why don't you just use it as reverse proxy in front of Apache+PHP?
> Don't you like 444 status code for blocking "bad bots" :e



I'm interested. My problem is the amount of system resources Apache uses in contrast to Nginx..


----------



## quintessence (Oct 4, 2013)

Hi,
If you keep your backend processes small number, there will be not a problem with resources. Of course everything depends on configuration.
I used to have the popular OpenX banner system, which served around 50-70 millions impressions per day (monthly around 2 billions impressions) and web part (not database, i.e Nginx as frontend and one Apache instance as backend) was running on single server with only 4GB memory and 1 package CPU (4 cores) with no any problems. Database - single server again without any kind of balancers in front or some sort HA, has double resources as the web one and hard drives are faster. I'm still have it, but now it is not used same as before. If you check on OpenX website what are requirenments for such number of impressions, like you need tons of resources, a lot of servers in cluster and so on, you will never use it.
I have used to test only for performance purpose to replace Apache+PHP on the same server with spawn-fcgi or php-fpm for small time and I didn't see any changes in performance or resources (even performance was worst but I didn't play a lot, because testing was for really small time like some hours), so I didn't see reason to replace such stable and good working Apache backend with anything else.
I'm a big fan of Nginx, not only because it saves your money for buying unnecessary resources, it is just "must have app" for high load web applications. Its try_files is a unique and universal for every kind of PHP (and not only PHP) apps behind it. Having 50 types of different PHP applications starting from some small apps up to frameworks, and universal way to configure everything in a proper way with just 1-2 rows configuration - must have it, it just works, saves your time, saves your resources, saves your headache. :e Non standart 444 code for blocking "bad bots" is also unique, why to spend your traffic by returning 443, why just not return 0 bytes to "them".


----------

