Tran­si­tion to nginx: part 2 – con­vert­ing a gallery v2 installation

In my first tran­si­tion to nginx I wrote that I was hap­py about the speed increase I got for my Horde web­mail set­up. After­wards I con­vert­ed a Gallery v2 instal­la­tion (yes, old, not under active devel­op­ment any­more, but inter­nal and still work­ing). There I have not seen any obvi­ous speed difference.

I did not con­vert all .htac­cess rewrite rules, the one for the “easy and beau­ti­ful” URL names was too com­plex for the con­vert­er for rewrite I found. As it is just for inter­nal use, I just switched back to the not so nice “tech­ni­cal” URL names.

The impor­tant part of the apache 2.2 installation:

ExpiresActive On
ExpiresDefault "now plus 1 hour"
ExpiresByType image/* "now plus 1 month"
ExpiresByType text/javascript "now plus 1 month"
ExpiresByType application/x-javascript "now plus 1 month"
ExpiresByType text/css "now plus 1 month"

<Location /> # Insert filter SetOutputFilter DEFLATE

# Netscape 4.x has some problems... BrowserMatch ^Mozilla/4 gzip-only-text/html

# Netscape 4.06-4.08 have some more problems BrowserMatch ^Mozilla/4\.0[678] no-gzip

# MSIE masquerades as Netscape, but it is fine BrowserMatch \bMSIE !no-gzip !gzip-only-text/html # Don't compress images SetEnvIfNoCase Request_URI \ \.(?:gif|jpe?g|png|gz|bz2|zip|pdf)$ no-gzip dont-vary

# Make sure proxies don't deliver the wrong content Header append Vary User-Agent env=!dont-vary </Location>

The nginx config:

worker_processes  1;

error_log  <filename>;

events {         worker_connections      1024;         use                     kqueue; }

http {     include       mime.types;     default_type  application/octet-stream;

    access_log  <filename>;

    sendfile    on;

        keepalive_timeout       15;         client_body_timeout     300;         client_header_timeout   12;         send_timeout            300;         client_body_in_file_only clean;         client_body_buffer_size 128k;         client_max_body_size 40M;

        gzip on;         gzip_min_length 1000;         gzip_types       text/plain text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript;         gzip_disable     "msie6";

        include blacklist.conf;

    server {         listen       80;         server_name  <hostname>;

        add_header   x-frame-options            "sameorigin";         add_header   x-xss-protection           "1; mode=block";         add_header   x-content-type-options     "nosniff";

        charset utf-8;

        #access_log  logs/host.access.log  main;

        if ($bad_client) { return 403; }

        location / {             root   /usr/local/www/gallery2;             index  index.php;

                location ~ \.php {
                        # Zero-day exploit defense.
                        # http://forum.nginx.org/read.php?2,88845,page=3
                        # Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
                        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine.  And then cross your fingers that you won't get hacked.
                        try_files $uri =404;

                        fastcgi_split_path_info ^(.+\.php)(/.+)$;                         fastcgi_keep_conn       on;                         fastcgi_index      index.php;                         include          fastcgi_params;                         fastcgi_param      SCRIPT_FILENAME $document_root$fastcgi_script_name;                         fastcgi_pass        unix:/var/run/php.fcgi;                 }         }

        # redirect server error pages to the static page /50x.html         #         error_page   500 502 503 504  /50x.html;         location = /50x.html {             root   /usr/local/www/nginx-dist;         }

        # deny access to .htaccess files, if Apache's document root         # concurs with nginx's one         #         location ~ /\.ht {             deny  all;         }

        location ~ \.(inc|class)$ {
                deny all;
        }
        location ^~ /lib/tools/po/ {
                deny all;
        }
    }
}

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.