Updated 6 March 2019


Installing and setting up Nginx

First install Nginx:

emerge -a nginx

Nginx configuration

All Nginx settings, as well as those of the sites that run on Nginx are contained in the /etc/nginx/nginx.conf file. Настройте вариант, при котором параметры для сайтов хранятся не в одном файле настройки nginx.conf.

user nginx nginx;
# worker processes number
worker_processes 4;

error_log /var/log/nginx/error_log info;

events {
    worker_connections 1024;
    use epoll;

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main
        '$remote_addr - $remote_user [$time_local] '
        '"$request" $status $bytes_sent '
        '"$http_referer" "$http_user_agent" '

    client_header_timeout 10m;
    client_body_timeout 10m;
    send_timeout 10m;

    connection_pool_size 256;
    client_header_buffer_size 1k;
    large_client_header_buffers 4 2k;
    request_pool_size 4k;

    gzip off;

    # hide nginx version
    server_tokens off;
    output_buffers 1 32k;
    postpone_output 1460;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    keepalive_timeout 75 20;

    ignore_invalid_headers on;

    index index.html;

    # конфигурационные файлы сайтов
    include /etc/nginx/sites-enabled/*.conf;

Create a path for configuration files with site parameters:

mkdir /etc/nginx/sites-enabled

Запустите Nginx:

/etc/init.d/nginx start

Add Nginx to autostart:

rc-update add nginx

Example of Nginx configuration

Create a config file for localhost:

server {
    # Порт, на котором работает ресурс
    listen 80;
    # Название ресурса, по которому будет осуществляться доступ
    server_name localhost;
    # Пути, по которым будут записываться логи
    access_log /var/log/nginx/localhost.access_log main;
    error_log /var/log/nginx/localhost.error_log info;
    # Корневая папка ресурса
    root /var/calculate/www/localhost/htdocs;

Create an index file to check the health of the server:

mkdir -p /var/calculate/www/localhost/htdocs

echo 'Hello!' > /var/calculate/www/localhost/htdocs/index.html


Перед тем, как перезапускать службу nginx, всегда выполняйте проверку правильности сделанных изменений командой nginx -t

nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If this was successful, reread the Nginx configuration:

/etc/init.d/nginx reload

Use the command line web client curl to check that nginx is up and running:

curl http://localhost


Настройка обратного прокси на Nginx

Под обратным проксированием обычно понимается процесс, в котором сервер, получающий запрос от клиента, не обрабатывает его полностью самостоятельно, а частично или целиком отправляет этот запрос для обработки другим (upstream) серверам. Иными словами, он не перенаправляет клиента, а самостоятельно отправляет запрос и возвращает полученный ответ обратно клиенту.

Настройте обратный прокси, взаимодействующий с внутренним HTTP-сервисом, работающим на порте 8080:

server {
  listen 80;
  access_log /var/log/nginx/proxy.log;

  location / {

Configuring HTTPS for Nginx

Сгенерируйте ключ для протокола Диффи-Хеллмана:

openssl dhparam -out /etc/nginx/ssl-dhparams.pem 4096
Generating DH parameters, 4096 bit long safe prime, generator 2
This is going to take a long time

Create a file describing the general SSL parameters:

# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.

ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;


ssl_dhparam /etc/nginx/ssl-dhparams.pem;

Getting a Let's Encrypt certificate

Получите сертификат доменов и для Nginx, следуя руководству.

Example of HTTPS configuration

Добавьте настройки HTTPS для

server {
    listen 80;
    listen 443 ssl;

    include ssl.conf;
    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;

    access_log /var/log/nginx/ main;
    error_log /var/log/nginx/ info;

    include acme.conf;

    root /var/calculate/www/;

Installing and configuring PHP-FPM

PHP-FPM (FastCGI Process Manager) is a high-performance and scalable interface for interaction between a web server and a web application, a further development of the CGI technology.
The main advantage of FastCGI is the separation between the dynamic language and the web server. Эта технология позволяет запускать web-сервера и CGI-процессы на различных хостах, что улучшает масштабируемость и безопасность без заметной потери производительности.

To install PHP-FPM, run:

emerge -a php

После вывода всей информации для установки PHP необходимо согласиться с версией PHP по умолчанию. You can cancel the installation and specify the required version of PHP at the next installation try. Use php -m to display all available and running extensions.

Использование UNIX-сокета для взаимодействия Nginx c PHP является предпочтительным и рекомендуемым вариантом!

Edit the pool for handling the sites for which this socket will be specified in the configuration:

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
user = nginx
group = nginx

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   ''    - to listen on a TCP socket to a specific IPv4 address on
;                            a specific port;
;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all addresses
;                            (IPv6 and IPv4-mapped) on a specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /run/php-fpm.socket

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
listen.owner = nginx = nginx
;listen.mode = 0660

; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 20

Внесите необходимые изменения в файл настроек, запретив исполнение произвольного кода на сервере с правами PHP-процесса при загрузке файла и указав временную зону:

; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting
; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts

; Defines the default timezone used by the date functions
date.timezone = "Europe/Moscow"


В примере указан путь для версии PHP 7.1. Отредактируйте путь, если используется другая версия PHP.

Start the PHP-FPM service:

/etc/init.d/php-fpm start

Add PHP-FPM to autostart:

rc-update add php-fpm

Example of Nginx configuration with PHP code

To provide PHP support, add the following to the configuration of the site running under Nginx. In the example below, Nginx exchanges information with the PHP process via a UNIX socket. В блок server добавьте блок location, в котором и будут описаны правила работы с PHP.

Apply the settings:

# localhost
server {
    listen 80;
    access_log /var/log/nginx/ main;
    error_log /var/log/nginx/ info;
    root /var/calculate/www/localhost/htdocs;
    location ~ \.php$ {
        # Check for non existing scripts or for error 404
        # Without this line, nginx will immediately send any requests ending with .php to php-fpm
        try_files $uri =404;
        include /etc/nginx/fastcgi.conf;
        fastcgi_pass unix:/run/php-fpm.socket;

Create a file and put the code for outputting information about PHP in it:

echo '<?php phpinfo(); ?>' > /var/calculate/www/localhost/htdocs/info.php

Edit access rights for all files in the root folder of the site:

chown -R nginx:nginx /var/calculate/www/localhost/htdocs

Add the corresponding entry to DNS. In the absence of DNS, you can add the entry to the static table of names of the computer from which the site will be accessed.

For Linux based systems, edit the list of domain names:


Check that Nginx has been configured correctly and re-read the file:

nginx -t && /etc/init.d/nginx reload


/etc/init.d/php-fpm start

Type in your browser. If everything is OK, you will see a page with complete info on PHP.