FAQ

Page Discussion History

Drupal

Revision as of 18:57, 18 August 2011 by Duellj (Talk)

Contents

Drupal

There seems to be a lot of controversy as to the best way to put Nginx in front of Drupal without passing to an Apache server. Rather than explain the reasons all of these configs are wrong, I'd rather explain a better way. (Followed by bad)

Config

Here's the Nginx config:

server {
        server_name domain.tld;
        root /var/www/drupal6; ## <-- Your only path reference.
 
        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }
 
        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }
 
        # This matters if you use drush
        location = /backup {
                deny all;
        }
 
        # Very rarely should these ever be accessed outside of your lan
        location ~* \.(txt|log)$ {
                allow 192.168.0.0/16;
                deny all;
        }
 
        location ~ \..*/.*\.php$ {
                return 403;
        }
 
        location / {
                # This is cool because no php is touched for static content
                try_files $uri @rewrite;
        }
 
        location @rewrite {
                # Some modules enforce no slash (/) at the end of the URL
                # Else this rewrite block wouldn't be needed (GlobalRedirect)
                rewrite ^/(.*)$ /index.php?q=$1;
        }
 
        location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_intercept_errors on;
                fastcgi_pass unix:/tmp/phpfpm.sock;
        }
 
        # Fighting with ImageCache? This little gem is amazing.
        location ~ ^/sites/.*/files/imagecache/ {
                try_files $uri @rewrite;
        }
        # Catch image styles for D7 too.
        location ~ ^/sites/.*/files/styles/ {
                try_files $uri @rewrite;
        }
 
        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                log_not_found off;
        }
}

Not So Simple

For a while, I ran Drupal shop. I spent a lot of time tweaking and perfecting the recipe. Many things were left out of the above to keep from over complicating things. If you think I probably dealt with something already that you're fighting with then ask me (MTecknology) for some additional information.

My aim was to deliver a very functional Nginx config that can be very nearly a drop in working model.

Little About The Others

I'd like to explain what some of the others do wrong.

DO NOT DO THESE!

listen       192.168.0.1:80;

There's really no need to tell Nginx to listen to only a single interface. By default Nginx will listen to all interfaces. If you're reading this, then there's probably not much reason for you to have this line.

access_log  logs/host.access.log  main;

This isn't that bad. There's nothing wrong with it. However, system logs should be in /var/log/. That's what that directory exists for. Try something like /var/log/nginx/yoursite_access.log.

location = / {
        root   /path/to/drupal;
        index  index.php;
}

For the love of god, stop doing this. Not YOU. Everyone out there that does this and spreads it. The root and index directives do not belong here. Check out the Pitfalls page for an explanation of why.

if (!-f $request_filename) {
        rewrite  ^(.*)$  /index.php?q=$1  last;
        break;
}
 
if (!-d $request_filename) {
        rewrite  ^(.*)$  /index.php?q=$1  last;
        break;
}

Again, NO! See IfIsEvil. If is very rarely ever (EVER) something you should use. heck out the Pitfalls page for an explanation of why.

fastcgi_pass 127.0.0.1:8888;

This isn't 'wrong' per say. You will get better performance and more security by binding to a socket though. You're no longer exposing a point of attack. With ports you're limited to the number of ports available on the system and you can't dynamically allocate them. In the case of sockets, you can control, allocate, and utilize them much easier.

fastcgi_param  SCRIPT_FILENAME  /path/to/drupal$fastcgi_script_name;

You know how I complained about "location = / { root /path/to/drupal; }" above? Why am I bringing it up again? If you set your root properly then instead of "/path/to/drupal" you could just use "$document_root". What makes it amazing is that you then have one less line that needs to change whenever you change things. The root is just setup.

include /usr/local/nginx/fastcgi.conf;

This is minor at best. A full path is not needed if your config is inside of your nginx config directory. The better option here is to just use "include fastcgi.conf;" Better would be to leave the .conf off of a file that's not read dynamically.

Notes

Drupal in a subdirectory

If you're running Drupal in a subdirectory, you will need to tweak the rewrite directive a bit. The example above would take a URL like example.com/drupal/node/123 and ask Drupal for example.com/index.php?q=drupal/node/123 , which obviously won't work for subdirectory hosting. This alternative rewrite string handles Drupal in one level of subdirectory (ie /drupal/node/123 , but not /directory/drupal/node/123 ). For more exotic configurations, simply tweak the regular expression used for the rewrite directive.

        location @rewrite {
                # Drupal in a subdirectory
                rewrite ^/([^/]*)/(.*)(/?)$ /$1/index.php?q=$2&$args;
        }

Anything Else?

If you have any questions here, please ping me on IRC. I'm MTecknology on Freenode. I hang out in #nginx most of my time.