3

I am looking for a PHP framework that, if I'm lucky, just works in nginx under FastCGI, otherwise, one that doesn't take too much tweaking.

Improve this question
3
  • 4
    Ehm, what problems did you encounter with one of the 200 existing PHP frameworks? Commented Oct 22, 2010 at 16:27
  • 3
    Frameworks dont care about the web server. You just have to set it up correctly. Commented Oct 22, 2010 at 16:31
  • @Galen: The contents of $_SERVER vary by web server, so tweaking is indeed required. Commented Jul 19, 2011 at 16:14

3 Answers 3

Reset to default
23

Symfony 1.4 with nginx is fantastic. I have already done the tweaking, here is a generalization of my production config that I can vouch is fit for production use.

server {
  listen 80;

  server_name mysite.com;

  root /var/www/mysite.com/web;
  access_log /var/log/nginx/mysite.com.access.log;
  error_log /var/log/nginx/mysite.com.error.log;

  location ~ ^/(index|frontend|frontend_dev|backend|backend_dev)\.php$ {
    include fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
    fastcgi_param HTTPS off;
    fastcgi_pass   127.0.0.1:9000;
  }

  location / {
    index index.php;
    try_files $uri /index.php?$args;
  }
}

server {
  listen 443;

  ssl on;
  ssl_certificate      /etc/ssl/certs/mysite.com.crt;
  ssl_certificate_key  /etc/ssl/private/mysite.com.key;

  server_name mysite.com;

  root /var/www/mysite.com/web;
  access_log /var/log/nginx/mysite.com.access.log;
  error_log /var/log/nginx/mysite.com.error.log;
  location ~ ^/(index|frontend|frontend_dev|backend|backend_dev)\.php$ {
    include fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
    fastcgi_param HTTPS on;
    fastcgi_pass   127.0.0.1:9000;
  }

  location / {
    index index.php;
    try_files $uri /index.php?$args;
  }
}

PHP 5.4 Note

php5-fpm 5.4 that comes with dotdeb now uses sockets instead of the loopback by default. If you are using PHP 5.4 and you are getting a bad gateway error with the above config, try replacing all instances of 127.0.0.1:9000 with unix:/var/run/php5-fpm.sock.

php-fpm 5.4 also newly limits the file extensions that can be parsed as PHP to those specified in security.limit_extensions. This might be of interested if you have modified the location regex to include other file extensions than .php. The security note below still applies.

Security Note

This config only parses the files index.php, frontend.php, frontend_dev.php, backend.php and backend_dev.php with PHP.

With php and nginx in general, not just with symfony, using

location \.php$ {
  ...
}

causes a security vulnerability related to URLs that use pathinfo, like these: /index.php/foo/bar.

The common workaround is to set fix_pathinfo=0 in php.ini. This breaks pathinfo URLs, and symfony relies on them. The solution used here is to explicitly specify the files that get parsed as php.

For more information, see the nginx+php-cgi security alert

Platforms

This works and is secure on Debian Squeeze systems that use dotdeb for nginx and php-fpm packages, as well as Ubuntu 10.04 Lucid Lynx systems that use ppa/brianmercer for php-fpm. It might or might not work and be secure on other systems.

Usage note

To add another PHP file additionalfile.php to get parsed, use this syntax in both location blocks:

location ~ ^(index|frontend|frontend_dev|backend|backend_dev|additionalfile).php$ { ... }

Edit: Symfony 2.0 is out! Here is the config, adapted from the 1.4 config above:

server {
  listen 80;

  server_name symfony2;
  root /var/www/symfony2/web;

  error_log /var/log/nginx/symfony2.error.log;
  access_log /var/log/nginx/symfony2.access.log;

  location / {
    index app.php;
    if (-f $request_filename) {
      break;
    }
    rewrite ^(.*)$ /app.php last;
  }

  # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  #
  location ~ (app|app_dev).php {
    include fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
    fastcgi_param HTTPS off;
    fastcgi_pass   127.0.0.1:9000;
  }
}

server {
  listen 443;

  server_name symfony2;
  root /var/www/symfony2/web;

  ssl on;
  ssl_certificate      /etc/ssl/certs/symfony2.crt;
  ssl_certificate_key  /etc/ssl/private/symfony2.key;

  error_log /var/log/nginx/symfony2.error.log;
  access_log /var/log/nginx/symfony2.access.log;

  location / {
    index app.php;
    if (-f $request_filename) {
      break;
    }
    rewrite ^(.*)$ /app.php last;
  }

  # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  #
  location ~ (app|app_dev).php {
    include fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
    fastcgi_param HTTPS off;
    fastcgi_pass   127.0.0.1:9000;
  }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I had to remove the $ from your first location block in the 1.4 version for this kind of paths to work for me: /backend_dev.php/module/action. Is that bad in terms of security?
@SebastiánGrignoli Yes, that will cause a potential security vulnerability as well as a safety hazard. Someone could upload a file called index.php.jpg containing malicious php code and nginx will execute it. Or, you could upload a file index.php.txt, in which you intended to show your friends your example code for your recursive version of php's "unlink" function.
But as long as the third party malicious index.php.jpg does not reside in the root of the site, it won't match the expression and thus not execute. Right?
You are right. But it is a bit like arguing a small landmine in your house is better than a big one.
This whole Nginx approach to security seems like that to me.
2

As some commenters have noted you just need to set up nginx correctly. Here's a post that sets up nginx for codeigniter.

Improve this answer

3 Comments

I have been looking for either frameworks that require little tono setup, or posts illustrating how to set some up, thank you for this, i hadn't Stumbles across it; this helps a lot.
If you want to get the most out of nginx you really need to learn all the ins and outs of its configuration. If you want easy setup you're better off using apache
The more I have read the more I have realized that you are absolutely correct Rojoca, I was merly being lazy, and your link about codeignitor has helped wonders.
0

This repo helped me with symfony 1.4 on nginx+php-fpm [https://raw.githubusercontent.com/korjavin/docker-nginx-symfony/my/default][1]

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.