Another experience with Nginx, Drupal and CentOS

I had a chance to try Nginx on a CentOS 6 server with the intention of running Drupal 7 on it a few weeks ago. It was a little less easy than expected so I've decided to run through a few of the more tricky steps that I underwent in case I need to do it again, or indeed they are of help to others!

After running a yum install nginx

I found that not all modules the nginx Drupal configuration files required were present. After downloading the latest nginx source and recompiling a few times to add in dependencies I skipped prior to this I found the following compile options worked for me.

One caveat is that the nginx upload progress module should be downloaded first and placed in the /root/ directory (for the following compile options as that's the location set for the --add-module option!)

If PCRE is not installed, it should be, to allow URL rewrites:

yum install pcre-devel

Similarly, the compile options will require openssl for SSL support:

yum install openssl-devel

./configure --add-module=/root/nginx-upload-progress-module/ --sbin-path=/usr/local/sbin --with-http_ssl_module --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-cc-opt="-I /usr/include/pcre" --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx --conf-path=/etc/nginx/nginx.conf --with-file-aio --with-http_flv_module --with-http_mp4_module --with-ipv6

After making and installing I moved the existing contents of /etc/nginx to a backup folder and cloned the Drupal settings from perusio's repository into /etc/nginx
git clone git://github.com/perusio/drupal-with-nginx.git

I did make a few alterations to suit my system more appropriately but these may be omitted in other usecases:

  • Renamed the user from www-data to nginx
  • Allowed access to nginx status to an external IP address (my own)
  • Changed ports for PHP CGI server (as I had another service operating on port 9000)

Other than that, I created the myself a site config file within sites-available by copying the existing example.com.conf and inputting my own values. The most important values to check and/or change are:

  • server name (The vhost nginx should be listening for ie adammalone.net)
  • Log locations (debugging one large error log on a multi-site install is a major pain)
  • root (where the website is installed)

The only caveat with the above is that nginx will only allow access to index.php as standard. To allow access externally to cron.php and update.php then the line including additional configuration will need to be uncommented: include sites-available/drupal_cron_update.conf;

I use drush for cron and update so this was not an issue in my install. 

After all the time it took learning about nginx configuration and after having used apache for years prior I decided to change back to apache for a number of reasons. The primary reason was the site experienced a few random lock ups. I'm unsure whether this was attributable to nginx or PHP CGI, but having limited knowledge in the two I was unable to do much better than restart both services to clear the issue. 

I did, however, find that nginx config files were a little easier to understand at first glimpse over apache. Simple declarations and not a lot of them mean a site can be raised very easily without a great deal of worrying about 

</VirtualHost> without matching <VirtualHost> section
or
Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

Nginx also seemed a little snappier using default untuned configuration compared to default untuned apache configuration. This may just be due to the server I was using being more suited to those defaults but it sure did seem more responsive from an end user perspective.

My overall conclusions would probably be to try it out, as it may work nicely for differing uses however for the time being I'll stick with apache. It does serve most websites after all!

Comments

Submitted by diet (not verified) on

I am truly delighted to at this post which includes tons of helpful facts, thanks for providing such information.

Submitted by Emile (not verified) on

Excellent weblog right here! Additionally your website is very fast! What web host are you using? Can I get your associate hyperlink in your host?

I desire my website loaded up as quickly as yours lol

Submitted by Adam Malone on

Mammoth host my server. They're pretty speedy especially within Australia as the server is located in this country.
I'm running Drupal with a number of cache additions as well as sitting behind cloudflare which probably speeds me up a little too!

Submitted by 411 (not verified) on

Wanted posting. Loads of excellent writing here. I wish I found the site sooner. Congrats!

Submitted by sudoku (not verified) on

These are in fact impressive ideas in regarding blogging. You have touched some good
points here. Any way keep up wrinting.

Submitted by Anonymous (not verified) on

I'd like to thank you for the efforts you've put in writing this blog. I'm hoping to view the same high-grade content by you later on as well. In truth, your creative writing abilities has encouraged me to get my very own blog now ;)

Submitted by Cam (not verified) on

Hello there! Do you know if they make any plugins to safeguard against hackers?

I'm kinda paranoid about losing everything I've worked hard on.

Any suggestions?

There are a number of ways to protect your server from outside attackers.

  • Follow a guide that will keep the server as protected as possible such as http://wiki.centos.org/HowTos/OS_Protection
  • Keep modules in Drupal up to date
  • Don't log in from insecure locations.
  • Vet which modules you install so you are sure of its veracity.
  • Take care when you write modules to ensure they do not have vulnerabilities.

Other than that, just realise that if it's on the internet it is never 100% safe.

Submitted by cap (not verified) on

An impressive share! I've just forwarded this onto a co-worker who had been conducting a little research on this. And he in fact bought me dinner because I discovered it for him... lol. So let me reword this.... Thank YOU for the meal!! But yeah, thanks for spending the time to discuss this topic here on your site.

Does that mean I'm owed a meal by someone?

Submitted by sherrie (not verified) on

Lucky me I discovered your blog by accident (stumbleupon).

I've bookmarked it for later!

Submitted by Adam Malone on

I've updated the information and compile flags to take into account PCRE and openssl support!

Testing on Fedora 17 shows these compile flags work in a similar manner.

Add new comment