Securing nginx with Letsencrypt

For several years now users have been taught to look for the green padlock in the address bar to ensure the site they are using is secure. But certificates are expensive due to the efforts that go in to proving your identity.

Letsencrypt are trying to help secure the web by issuing short term (90 day) certificates to users who can demonstrate through a simple challenge and response that they are in control of a host.

Continue reading “Securing nginx with Letsencrypt”

PHP fpm process manager options explained

PHP FPM (FastCGI Process Manager) is a popular technology for processing php directives, particularly when used in conjunction with NGINX although it can be used with Apache.   

In a common deployment scenario, the webserver is configured as a reverse-proxy with fpm providing the heavy lifting by processing the php code.  Some of the most significant benefits of this approach are the ability to scale both up and out as your site or application grows.

Although every Linux distribution will work ‘out of the box’, there are a number of parameters which can be tuned to enhance performance.

Continue reading “PHP fpm process manager options explained”

Permanent redirects with Nginx

Recently, I had the need to redirect all traffic from one domain to identical URLs on a new domain.  Luckily, NGINX provides a simple way to accomplish this.

The following will work as an available site for domain www.domainone.com on any NGINX version after 0.9.1:

server {
server_name www.domainone.com;
return 301 http://www.domaintwo.com$request_uri;
}

The server will listen on port 80 for request to www.domainone.com and redirect to the same request at www.domaintwo.com.

Note that the server is being asked to provide a 301 status code to inform the requesting client that the redirect is permanent. If you are wishing to redirect encrypted traffic then you will need a similar block listening at port 443.