#Setting up nginx for PHP-fpm ## Use flags Recommended USE flags for nginx - put these in `/etc/portage/package.use` rather than `/etc/make.conf` to make this easier to change if need be. Recommended nginx flags: http http-cache ipv6 pcre ssl pcre-jit ### Modules Variable To specify the modules to compile for nginx, you can add a `NGINX_MODULES_HTTP` variable to the `make.conf` file. Some recommended flags are below: http2 gzip_static gunzip access auth_basic charset fastcgi gzip limit_conn limit_req proxy rewrite ssl headers_more flv mp4 upload_progress ## Config ### FastCGI Setup I recommend first duplicating `fastcgi.conf` in the `/etc/nginx/` folder as `php.conf`. ### Pathinfo Fix Pathinfo isn't properly passed to php by default. To generally apply the fix, add this location block to the server blocks you want set up. The easiest setup is to use an included file for each site. location ~ \.php { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; } ### Sites Each site should have a pattern like this server { listen 80; listen 443 ssl http2; server_name ~^example\.com$; keepalive_timeout 70; ssl_certificate /path/to/ssl/certificate; ssl_certificate_key /path/to/generated/key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_ciphers ECDHE-RSA-AES256-SHA256:AES256-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; root /path/to/root/dir/; include "php.conf"; } For non-ssl sites, the second listen line, and each line prefixed with ssl can be omitted. #### HTTP2 HTTP2 is the newest version of HTTP. It allows piplining different files into one request, and compresses HTTP headers making page loads much quicker. Firefox, Chrome, and Opera all support HTTP2. The downside is that it requires SSL. For browsers that don't support HTTP2, the server sends an HTTP 1.1 request instead.