1. Download and install packages
zypper install nginx php5-fpm chmod 1733 /var/lib/php5
2. Configure php-fpm
cp -p /etc/php5/fpm/php-fpm.conf.default /etc/php5/fpm/php-fpm.conf vi /etc/php5/fpm/php-fpm.conf include=/etc/php5/fpm/vhosts.d/*.conf pm.max_children = 30 rlimit_files = 102400 catch_workers_output = yes emergency_restart_threshold 10 emergency_restart_interval 30s process_control_timeout 10s ;listen = 127.0.0.1:9000 listen = /var/run/php5-fpm.sock listen.owner = nginx error_log = /var/log/php-fpm/php-fpm.log security.limit_extensions = .php .do .json .soap
3. Configure php-fpm
cp /etc/php5/cli/php.ini /etc/php5/fpm/ vi /etc/php5/fpm/php.ini # add below line cgi.fix_pathinfo=0
4. Configure nginx for reverse proxy
vi /etc/nginx/nginx.conf # Config for 4 Xeon CPU # Total amount of users you can serve = worker_processes * worker_connections worker_processes 8; # 2 * Number of CPUs worker_rlimit_nofile 102400; # Each connection needs a filehandle (or 2 if you are proxying) events { worker_connections 8192; # 4096 clients/second = It's the key to high performance use epoll; } http { # ............ server_tokens off; # DDoS Defense limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:20m; limit_req_zone $binary_remote_addr zone=req_limit_per_ip:20m rate=50r/s; server { # ............ # DDoS Defense limit_conn conn_limit_per_ip 100; limit_req zone=req_limit_per_ip burst=100 nodelay; # reverse proxy configuration location ~* ^.+\.(php|do|json|soap)$ { root /srv/www/htdocs; try_files $uri =404; # prevent attack fastcgi_connect_timeout 3s; fastcgi_read_timeout 10s; #fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.do; fastcgi_split_path_info ^(.+\.[^\.\?\/]+)(/.*)$; fastcgi_hide_header x-powered-by; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; if (!-f $document_root$fastcgi_script_name) { return 404; } include fastcgi_params; } } }
5. Restart service
systemctl enable nginx.service systemctl restart nginx.service systemctl enable php-fpm.service systemctl restart php-fpm.service
♦ ulimit for open files
ulimit -a vi /etc/security/limits.conf # add below line (require reboot for effect) nginx hard nofile 8192 nginx soft nofile 8192
♦ References
http://www.howtoforge.com/perfect-server-opensuse-12.2-x86_64-nginx-dovecot-ispconfig-3-p4
https://www.linux.co.kr/home2/board/subbs/board.php?bo_table=lecture&wr_id=1685
http://stackoverflow.com/questions/7325211/tuning-nginx-worker-process-to-obtain-100k-hits-per-min
http://www.codestance.com/tutorials-archive/nginx-tuning-for-best-performance-255
https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration