Archive for March, 2013

The importance of having ntpd configured

Ok, not really importance of having it configured, but at least a post to try and get myself to remember to do it.

I discovered that the Dreamhost server I’m hosting this blog on has bad clock drift. I’m not sure why it’s happening (I’d imagine that it should be one of the first things configured in a mass server environment, but hey…)

Anyway, having a ~5 minute clock drift broke the WordPress Google Authentication plugin – and anything else that’d rely on time. So I decided to quickly check my VPSes and just make sure they had ntpd up and running.

And oddly enough, the Xen instances didn’t, the ones where ntpd is the most necessary since it maintains an internal clock state disassociated from the wall clock. OpenVZ at least (appears to) inherit from the the container host, and both hosts I’m with appear to have ntpd enabled (or at least my clocks that are pretty close to the ntp.org pool time.

In any case, getting ntpd setup on the Xen instances was painless:

yum install ntp
systemctl enable ntpd
systemctl start ntpd
ntpdate -q 0.fedora.pool.ntp.org

By default ntpd uses the NTP.org pool, so the extra ntpdate command is in theory unnecessary, but that just forced time to get in sync quickly.

Config credit goes to the Fedora official docs

, ,

No Comments

Getting CodeIgniter/Bonfire running on nginx

So… I’ve been trying CI/Bonfire as a quick PHP dev platform. Unfortunately, it’s pre-packaged for Apache’s .htaccess, so it takes a bit of configuration to get working on nginx. The following assumes PHP-FPM is actually working though.

 Installing CI/Bonfire

For some reason, the install portion has its own index.php. So the default PHP pretty URL rewriting fails – or in this case, causes infinite redirects.

The trick was to add an extra location to nginx’s config file:

# Installing Bonfire/CI requires this - install has its own index.php
     location /install/ {
       try_files $uri $uri/ /install/index.php;
     }

Once the install is done, we can swap it out for URL rewriting:

# URL rewriting generally requires this, PHP specific
location / {
    try_files $uri $uri/ /index.php;
    allow all;
}

There was one extra thing necessary to do: change in the index_page variable in  bonfire/application/config/config.php. This was probably a result of my testing to try and get things working, but I had “index.php” in it, so all the generated pages had index.php/ prepended to the internal links.

Hat tip to http://ericlbarnes.com/posts/codeigniter-nginx-virtual-host/ for a good starting point

, , , ,

No Comments

Getting PHP-FPM running on nginx

Getting FastCGI working on nginx

I have two files – a modified version of FastCGI_params, and an extra file that contains my configuration directives for .php files.

The second file is simply named php_fastcgi and is located in the same folder as nginx.conf, and is include php_fastcgi;-d anywhere I need PHP support:

# Process PHP files with FastCGI
location ~* \.php$ {
    fastcgi_pass unix:/var/run/php-fpm/www-pool.socket;
    include /etc/nginx/fastcgi_params;
}

As for the fastcgi_params file, it’s slight modification of the default file, included here for simplicity:

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  PATH_INFO          $fastcgi_script_name;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

Getting PHP-FPM sessions working

The default path, /var/lib/php/sessions is – by default – owned by root, and group apache, so the nginx user can’t write to it. So we have to change the folder owner and group:

chgrp nginx /var/lib/php 
mkdir /var/lib/php/session

Alternatively, create a new directory in /tmp, something like /tmp/php-fpm, and make php-fpm the owner of that, and point php-fpm at that directory. (It would also prevent yum ever mucking with permissions on the folder, something which I’m not sure if it was just my imagination, or actually happened…)

, ,

2 Comments