How to set up nginx with php-fpm

Documents and Sources
1

HOW TO SET UP NGINX WITH PHP-FPM

This thread is to show you how you can set up nginx with php-fpm in a basic set up. Note that these are only the minimum steps to be done to get a working setup.

You might consider making additional changes to further harden and secure your configuration.

STEP 1: INSTALL NGINX, PHP AND PHP-FPM

Install nginx, php and php-fpm using apt as packaging system:

sudo apt-get install nginx php php-fpm

STEP 2: CONNECT NGINX WITH PHP-FPM

Open the file /etc/nginx/sites-available/default and scroll to the following section:

#location ~ \.php$ {
#   include snippets/fastcgi-php.conf;
#
#   # With php-fpm (or other unix sockets):
#   fastcgi_pass unix:/run/php/php7.4-fpm.sock;
#   # With php-cgi (or other tcp sockets):
#   fastcgi_pass 127.0.0.1:9000;
#}

Now edit it to look like this :

location ~ \.php$ {
   include snippets/fastcgi-php.conf;

   # With php-fpm (or other unix sockets):
   fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}

NOTE: The entry /run/php/php7.4-fpm.sock can be different. If you have installed a different php version like for example 8.2 the entry would also be /run/php/php8.2-fpm.sock

STEP 3: CHECK USER AND GROUP OF PHP-FPM

To work correctly, the php-fpm user needs to be able to access ucs_client.sh and the related directory with read/write access. But in a standard setup php-fpm runs under the same user and group as the webserver nginx which is www-data. User www-data has very limited read/write access and might not be able to access any location outside it’s home directory /var/www/. So you either make this directory accessible for user www-data or change the user and group under which php-fpm is started.

To change the user and group under which php-fpm is started you have to modify /etc/php/<VERSION_NUMBER>/fpm/pool.d/www.conf (change <VERSION_NUMBER> to your version):

; Unix user/group of the child processes. This can be used only if the master
; process running user is root. It is set after the child process is created.
; The user and group can be specified either by their name or by their numeric
; IDs.
; Note: If the user is root, the executable needs to be started with
;       --allow-to-run-as-root option to work.
; Default Values: The user is set to master process running user by default.
;                 If the group is not set, the user's group is used.
user = www-data
group = www-data

You have to change user and group from www-data to your user and group.

STEP 4: START NGINX AND PHP-FPM

The following commands to start/stop php-fpm are based on the systemctl service name of php version 7.4 (“php7.4-fpm”) which means that If you have installed a different version than 7.4 the service name is different (for example “php8.2-fpm” for version 8.2).

To start the services using systemctl type:

sudo systemctl start nginx && sudo systemctl start php7.4-fpm

To stop the services using systemctl type:

sudo systemctl stop nginx && sudo systemctl stop php7.4-fpm