How do I configure Nginx as a high-performance web server for PHP applications?
Nginx is an asynchronous, event-driven web server using a non-blocking architecture that handles 10,000+ concurrent connections with just a few worker processes. It is the world's most popular web server for high-traffic sites and an excellent reverse proxy for PHP-FPM applications.
DETAILED EXPLANATION:
Apache vs Nginx architecture:
Apache: spawns one process/thread per connection. Under 10,000 concurrent connections = 10,000 processes consuming gigabytes of RAM.
Nginx: Single worker process per CPU core handles 10,000+ connections asynchronously using epoll. No new processes spawned per connection.
Nginx roles:
1. Web server: Serves static files (images, CSS, JS) directly from disk at line speed
2. Reverse proxy: Forwards PHP requests to PHP-FPM via Unix socket
3. Load balancer: Distributes traffic across backend servers
4. SSL terminator: Handles HTTPS, HTTP/2, TLS 1.3
5. API gateway: Rate limiting, auth, routing for microservices
WHEN TO USE:
- Any VPS or dedicated server running PHP applications
- High-traffic sites with 100+ concurrent users
- API servers needing low-latency responses
- Connect Quest VPS and dedicated servers work excellently with Nginx
STEP-BY-STEP - Production Nginx + PHP-FPM configuration:
=== /etc/nginx/nginx.conf (global settings) ===
worker_processes auto;
worker_rlimit_nofile 65535;
events {
worker_connections 4096;
use epoll;
multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
server_tokens off;
gzip on;
gzip_comp_level 5;
gzip_types text/plain text/css application/json application/javascript;
open_file_cache max=10000 inactive=20s;
include /etc/nginx/sites-enabled/*;
}
=== /etc/nginx/sites-available/mysite.conf ===
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name yourdomain.com;
root /var/www/html;
index index.php;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
# WordPress URL rewriting
location / {
try_files $uri $uri/ /index.php?$args;
}
# PHP via PHP-FPM Unix socket (faster than TCP)
location ~ \.php$ {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_read_timeout 300;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
}
# Cache static files 1 year
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff2)$ {
expires 1y;
access_log off;
}
# Security: deny sensitive files
location ~ /\.(ht|git|env) { deny all; }
location = /xmlrpc.php { deny all; }
}
Test and apply: nginx -t && systemctl reload nginx
REAL EXAMPLES:
Benchmark results on Connect Quest 4-core VPS:
Apache prefork: ~3,000 requests/second under 100 concurrent connections
Nginx: ~18,000 requests/second under 1,000 concurrent connections
Same hardware, 6x throughput advantage
Check HTTP/2 is active:
curl -I --http2 https://yourdomain.com | grep HTTP
Output: HTTP/2 200
FLOW:
HTTPS request -> Nginx (SSL termination + static files)
-> Static file (image/CSS/JS): serve from disk in microseconds
-> PHP file: fastcgi_pass -> PHP-FPM Unix socket -> PHP worker -> MySQL/Redis -> Response
KEY POINTS:
- worker_processes auto = one per CPU core
- Unix socket for PHP-FPM is 10-30% faster than TCP 127.0.0.1:9000
- HTTP/2 requires HTTPS - always combine with LetsEncrypt
- server_tokens off hides Nginx version from attackers
COMMON MISTAKES:
- Default worker_connections 768 too small for production (set 2048-4096)
- Missing gzip compression (30-70% bandwidth and speed improvement)
- Missing try_files for WordPress (all pages return 404)
QUICK FIX:
502 Bad Gateway: PHP-FPM not running. Run: systemctl status php8.1-fpm
504 Gateway Timeout: PHP script too slow. Increase fastcgi_read_timeout = 300
DIFFICULTY: Advanced
RELATED: PHP-FPM, WordPress, VPS Performance, SSL, Connect Quest VPS
DETAILED EXPLANATION:
Apache vs Nginx architecture:
Apache: spawns one process/thread per connection. Under 10,000 concurrent connections = 10,000 processes consuming gigabytes of RAM.
Nginx: Single worker process per CPU core handles 10,000+ connections asynchronously using epoll. No new processes spawned per connection.
Nginx roles:
1. Web server: Serves static files (images, CSS, JS) directly from disk at line speed
2. Reverse proxy: Forwards PHP requests to PHP-FPM via Unix socket
3. Load balancer: Distributes traffic across backend servers
4. SSL terminator: Handles HTTPS, HTTP/2, TLS 1.3
5. API gateway: Rate limiting, auth, routing for microservices
WHEN TO USE:
- Any VPS or dedicated server running PHP applications
- High-traffic sites with 100+ concurrent users
- API servers needing low-latency responses
- Connect Quest VPS and dedicated servers work excellently with Nginx
STEP-BY-STEP - Production Nginx + PHP-FPM configuration:
=== /etc/nginx/nginx.conf (global settings) ===
worker_processes auto;
worker_rlimit_nofile 65535;
events {
worker_connections 4096;
use epoll;
multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
server_tokens off;
gzip on;
gzip_comp_level 5;
gzip_types text/plain text/css application/json application/javascript;
open_file_cache max=10000 inactive=20s;
include /etc/nginx/sites-enabled/*;
}
=== /etc/nginx/sites-available/mysite.conf ===
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name yourdomain.com;
root /var/www/html;
index index.php;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
# WordPress URL rewriting
location / {
try_files $uri $uri/ /index.php?$args;
}
# PHP via PHP-FPM Unix socket (faster than TCP)
location ~ \.php$ {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_read_timeout 300;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
}
# Cache static files 1 year
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff2)$ {
expires 1y;
access_log off;
}
# Security: deny sensitive files
location ~ /\.(ht|git|env) { deny all; }
location = /xmlrpc.php { deny all; }
}
Test and apply: nginx -t && systemctl reload nginx
REAL EXAMPLES:
Benchmark results on Connect Quest 4-core VPS:
Apache prefork: ~3,000 requests/second under 100 concurrent connections
Nginx: ~18,000 requests/second under 1,000 concurrent connections
Same hardware, 6x throughput advantage
Check HTTP/2 is active:
curl -I --http2 https://yourdomain.com | grep HTTP
Output: HTTP/2 200
FLOW:
HTTPS request -> Nginx (SSL termination + static files)
-> Static file (image/CSS/JS): serve from disk in microseconds
-> PHP file: fastcgi_pass -> PHP-FPM Unix socket -> PHP worker -> MySQL/Redis -> Response
KEY POINTS:
- worker_processes auto = one per CPU core
- Unix socket for PHP-FPM is 10-30% faster than TCP 127.0.0.1:9000
- HTTP/2 requires HTTPS - always combine with LetsEncrypt
- server_tokens off hides Nginx version from attackers
COMMON MISTAKES:
- Default worker_connections 768 too small for production (set 2048-4096)
- Missing gzip compression (30-70% bandwidth and speed improvement)
- Missing try_files for WordPress (all pages return 404)
QUICK FIX:
502 Bad Gateway: PHP-FPM not running. Run: systemctl status php8.1-fpm
504 Gateway Timeout: PHP script too slow. Increase fastcgi_read_timeout = 300
DIFFICULTY: Advanced
RELATED: PHP-FPM, WordPress, VPS Performance, SSL, Connect Quest VPS