RHEL7: How to install a Nginx & PHP service.

Share this link


Nginx is one of the best webserver available today.
It consumes less resources (CPU, memory) but processes more requests simultaneously than most of  its competitors.
Because of a completely different mindset, you will have to learn the Nginx syntax from scratch except if you love regular expressions.

As Nginx doesn’t provide any PHP features, you will have to use the PHP-FPM solution, an alternative PHP FastCGI implementation.

Configuration Procedure

To install a Nginx & PHP webserver, execute the following steps:

Install Remi’s repository.

Enable the remi (if it’s not already done) and remi-php56 repositories:

# yum-config-manager --enable remi --enable remi-php56

Install the nginx and php-fpm packages:

# yum install -y nginx php-fpm

Install the php-opcache package to get good performances (mandatory):

# yum install -y php-opcache

Activate at boot time and start the nginx and php-fpm services:

# systemctl enable nginx && systemctl start nginx 
# systemctl enable php-fpm && systemctl start php-fpm

Add the HTTP service to the firewall configuration and reload it:

# firewall-cmd --permanent --add-service=http
# firewall-cmd --reload

The PHP configuration file is /etc/php.ini.
You should define cgi.fix_pathinfo=0 for security reasons and date.timezone to your default timezone (for example date.timezone=”America/New_York”).

The php-fpm configuration files are /etc/php-fpm.conf (for things which shouldn’t need to change) and /etc/php-fpm.d/www.conf (for things which need adjustment).

The Nginx configuration file is /etc/nginx/nginx.conf.

Here is a basic example of Nginx configuration file:

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log;
pid        /run/nginx.pid;

events {
   worker_connections  1024;

http {
   include       /etc/nginx/mime.types;
   default_type  application/octet-stream;

   log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for"';

   access_log  /var/log/nginx/access.log  main;

   sendfile        on;
   keepalive_timeout  65;

   server {
      listen       80 default_server;
      server_name  localhost;
      root         /var/www/html/mywebsite;
      index       index.html index.htm index.php

      location / {
           try_files $uri $uri/ /index.php?$args;
      error_page  404              /404.html;
      location = /40x.html {

      error_page   500 502 503 504  /50x.html;
      location = /50x.html {

      # pass the PHP scripts to FastCGI server listening on
      location ~ \.php$ {
         root           /var/www/html/mywebsite;
         try_files $uri =404;
         fastcgi_index    index.php;
         include              fastcgi_params;
         fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;

Note: Don’t forget to set the SELinux context:
# mkdir /var/www/html/mywebsite; restorecon -R /var/www/html/mywebsite

If you are migrating from RHEL 6 to RHEL 7, you could need to enable the httpd_unified boolean:

# setsebool -P httpd_unified 1

Also, if you use NFS, remember that:
In RHEL 7, the same SELinux policies that apply to Apache also apply to Nginx. So you can use the same booleans:

httpd_use_nfs (off , off) Allow httpd to use nfs

Set the correct boolean to allow the web server to use NFS.

# setsebool -P httpd_use_nfs 1

Source: serverfault thread about Nginx and NFS.

Additional Resources

Karl Johnson provides a Nginx full-featured solution called Nginx-more.
DigitalOcean offers a tutorial about the Nginx log module.
The Hostinger website provides a tutorial on How to Install Nginx, MySQL, PHP v7 (LEMP) stack on CentOS 7.
If you want to enable http/2 available with RHEL 7.4/CentOS 7.4, follow the tutorial about restoring http/2 fonctionality on Nginx.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Leave a Reply

RHCSA7: Task of the day

Allowed time: 5 minutes.
Create two users "tom" and "engine". "tom" has the UID/GID 3000 and "engine" the UID/GID 4000. "engine" doesn't have an interactive shell.

RHCE7: Task of the day

Allowed time: 10 minutes.
Change the SSH process configuration to only listen on the 443 port.

Follow me on Twitter

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...