nginx from and php7.1

Posted March 26, 2017 6.9k views
NginxUbuntu 16.04

I was testing nginx with dynamic modules from but I could not get php7.1-fmp wordking. Nginx works, modules works but not php. I am not to knowledgeable is server management.
I followed this tutorial except for nginx that I installed from ppa and mariadb instead of mysql:
Something is missing but I don’t know what?

Thank you

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
25 answers


Generally this section:

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.1-fpm.sock;

… would look something like:

    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass unix:/run/php/php7.1-fpm.sock;

The difference being we’re swapping snippets/fastcgi-php.conf with fastcgi_params.

Not all NGINX repositories have a snippets directory that contains blocks of code. Even if they do, not all of them contain everything that’s needed (at least, that has been my experience).

If you don’t mind trying something different, and you have a few extra minutes, I wrote and installer for NGINX that handles a source installation hands-free.

It includes HTTP2, Brotli, a few modules, and multiple example configurations with it.

If you run:

cd /opt


git clone

Followed by:

cd installers/nginx
chmod +x

And finally:


You’ll have a fully configured and optimized NGINX setup with a working PHP configuration that you can copy from the ./installers/nginx/examples directory.

Within this directory there’s a php directory which contains a php.conf file. That’s the one you need and to set it up, all you’d do is:

cp installers/nginx/examples/php/php.conf /etc/nginx/sites/yourdomain.conf


nano /etc/nginx/sites/yourdomain.conf

… and configure it to your liking. There’s also examples on how to setup SSL, Load Balancing, Proxy, and others.

The installer will take about 20-30 minutes as this is a source compile, not a stock repo package. It’s detailed and sets up everything you’d have to do a source compile to setup. A systemd service is also included, so NGINX is controlled using:

systemctl start nginx
systemctl restart nginx
systemctl stop nginx

The only thing I’d recommend doing is:

1). Run the installer on a fresh Ubuntu 16.04 droplet, or;
2). Run:

apt-get -y remove nginx
apt-get -y purge nginx
rm -rf /etc/nginx

This wipes your current NGINX installation, so if you need to backup anything, do it before the above commands. That said, the installer has all the examples you need to get things working and I will be more than happy to help should you have any questions.

As for the examples directory, most are setup so that you only need to change the server_name directive. The only other thing you may need to modify is the fastcgi_pass directive since you’re using sockets instead of TCP, or you can modify:


and change listen to use and restart php-fpm and the example I provided will work without any changes other than those for your domain.


What doesn’t seem to be working?

If you’ll post your server block, I’d be more than happy to take a look at it for you :-).

I did a info.php file:
Put it in my server directory and it won’t load. I followed the DO tutorial mention before, it works when using ubuntu nginx but not the ppa nginx.

My nginx config looks like this:

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;
    index index.php index.html index.htm index.nginx-debian.html;

    server_name server_domain_or_IP;

    location / {
        try_files $uri $uri/ =404;

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.1-fpm.sock;

    location ~ /\.ht {
        deny all;

Thank you

@hansen Yes I had it in my test droplet, just didn’t post it, thank you.
@jtittle Thank you will try.

  • @stephgiguere

    Awesome – let me know how it goes. As noted above, it does take some time as the setup is definitely geared towards production, so it’s a full source compile from scratch and it takes care of generating a dhparam.pem file, which is needed for SSL (which is one reason it takes so long to finish as that’s a time-intensive process).

    I tested it on 2GB-64GB Droplets and they all seem to take around the same time to complete – around 30-40 minutes.

Ok got it working with php and your script on a test droplet. I also installed php7.1 from your script. I had to change the pool.d www.conf. All of those details are so confusing when you don’t know.
Does nginx have pagespeed compiled in it?
If so do I need to take extra step to use it?

@jtittle Also do you think it would be better to rebuild my live site droplet and install mariadb, nginx and php7.1 from your script or would just changing nginx to your compile be ok?

@jtittle Answered my own question about pagespeed, just followed the end of this toturial:

by Toli
ngx_pagespeed, or just pagespeed, is an Nginx module designed to optimize your site automatically by reducing the size of its resources and hence the time the clients' browsers need to load it. This article will guide you through the installation and configuration of the pagespeed module for Nginx.


When it comes to PHP, that’s one of the areas I’m working to simplify. Working with PHP-FPM is really easy, though it’s not very obvious that you need to change or create multiple files in ./pool.d.

When it comes to secure deployments, each site you deploy should run as a different user and each user should have their own PHP-FPM configuration file in ./pool.d. Each configuration file should set it’s own listen port as well.

The main lines you want to change in the original www.conf file for PHP-FPM are:

[www] => [yourusername]
user  = serveradmin => user  = yourusername
group = serveradmin => group = yourusername
listen = => listen = => listen =


The rest of the configuration is something you’d want to take a look at should you need to tune for performance. The defaults work pretty well and in most cases, unless you’re running a super-busy site, they’ll work.

As for NGINX, currently the installer will install the latest Mainline version of NGINX as well as compile in the following:

– NGINX Dev. Kit (Module)
– NGINX Headers More (Module)
– NGINX VTS (Module)
– Brotli (for Brotli Compression)
– LibBrotli
– NGINX Brotli (Module – Depends on Brotli & LibBrotli)
– NAXSI (Module)
– Google Pagespeed (Module)
– NGINX Set Misc (Module)

All modules are statically compiled.

As for using my installers exclusively, you can for sure. Except for NGINX, the majority will use either official repositories, or repositories I’ve used for years without any issues (as is the case for PHP). If you plan to use mine though, I’d honestly recommend installing everything from scratch on a new Droplet that hasn’t had anything else installed on it so there are no potential conflict scenarios.

The three installers will setup NGINX Mainline, PHP 5.6, 7.0, or 7.1 (your choice), and MariaDB 10.x. While they shouldn’t cause issues on a system that has had them installed, I find it best to start with a blank canvas.

If you want to run them on your current, I would advise using both remove and purge. You would need to backup your MySQL databases first though as purge may destroy them.

I wanted to setup ufw but when I run ufw status I only see OpenSSL and not nginx https. How to add it

  • @stephgiguere

    ufw is already setup on 16.04/16.10, so we’d just need to configure it.

    I normally don’t use service names as I prefer to be a little more precise, so I’ll be using ports in place of ssh, nginx, https, etc.

    First thing, disable ufw.

    ufw disable

    Now to ensure we’re working from a clean slate, we’ll reset ufw.

    ufw reset

    With a clean slate, we want to configure our default policies. We’re going to deny all incoming and allow all outgoing. These settings won’t lock you out since ufw should be disabled before running these commands (double check, because running these will lock you out if it’s not).

    ufw default deny incoming
    ufw default allow outgoing

    We’re setting up a deny all on incoming as we want to deny access on all ports except those we specify. It’s far easier to whitelist than it is to blacklist.

    Now we’ll allow SSH (22), HTTP (80), and HTTPS (443)

    ufw allow 22/tcp
    ufw allow 80/tcp
    ufw allow 443/tcp

    At this point, connections will be allowed on ports 22 (SSH), 80 (HTTP), and 443 (HTTPS), but all other connection attempts on other ports inbound will be denied (i.e. someone trying to connect on port 3434 won’t be permitted).

    Unless you’re running a a database server (external – on another droplet), or have a need to open up another port, that’s it. We just need to enable ufw again now.

    ufw enable

    It’ll ask you to confirm that you want to enable it and warn that you may get disconnected, and that’s fine. You won’t be disconnected as you’ve added port 22, which, unless you’ve changed the SSH port, should be the port you’re connected on when running these commands.

Thank you
Does your compile include naxsi?

Previous 1 2 3 Next