• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Transition to nginx: part 2 — converting a gallery v2 installation

Not open for further replies.



In my first transition to nginx I wrote that I was happy about the speed increase I got for my Horde webmail setup. Afterwards I converted a Gallery v2 installation (yes, old, not under active development anymore, but internal and still working). There I have not seen any obvious speed difference.

I did not convert all .htaccess rewrite rules, the one for the “easy and beautiful” URL names was too complex for the converter for rewrite I found. As it is just for internal use, I just switched back to the not so nice “technical” URL names.

The important part of the Apache 2.2 installation:
[INDENT]ExpiresActive On
ExpiresDefault "now plus 1 hour"
ExpiresByType image/* "now plus 1 month"
ExpiresByType text/javascript "now plus 1 month"
ExpiresByType application/x-javascript "now plus 1 month"
ExpiresByType text/css "now plus 1 month"

<Location />
# Insert filter
SetOutputFilter DEFLATE

# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html

# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4.0[678] no-gzip

# MSIE masquerades as Netscape, but it is fine
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
# Don't compress images
SetEnvIfNoCase Request_URI
.(?:gif|jpe?g|png|gz|bz2|zip|pdf)$ no-gzip dont-vary

# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
The nginx config:
[INDENT]worker_processes  1;

error_log  <filename>;

events {
        worker_connections      1024;
        use                     kqueue;

http {
    include       mime.types;
    default_type  application/octet-stream;

    access_log  <filename>;

    sendfile    on;

        keepalive_timeout       15;
        client_body_timeout     300;
        client_header_timeout   12;
        send_timeout            300;
        client_body_in_file_only clean;
        client_body_buffer_size 128k;
        client_max_body_size 40M;

        gzip on;
        gzip_min_length 1000;
        gzip_types       text/plain text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript;
        gzip_disable     "msie6";

        include blacklist.conf;

    server {
        listen       80;
        server_name  <hostname>;

        add_header   x-frame-options            "sameorigin";
        add_header   x-xss-protection           "1; mode=block";
        add_header   x-content-type-options     "nosniff";

        charset utf-8;

        #access_log  logs/host.access.log  main;[/INDENT]

[INDENT]        if ($bad_client) { return 403; }

        location / {
            root   /usr/local/www/gallery2;
            index  index.php;[/INDENT]

[INDENT]                location ~ .php {
                        # Zero-day exploit defense.
                        # http://forum.nginx.org/read.php?2,88845,page=3
                        # Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
                        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine.  And then cross your fingers that you won't get hacked.
                        try_files $uri =404;

                        fastcgi_split_path_info ^(.+.php)(/.+)$;
                        fastcgi_keep_conn       on;
                        fastcgi_index      index.php;
                        include          fastcgi_params;
                        fastcgi_param      SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        fastcgi_pass        unix:/var/run/php.fcgi;

        # redirect server error pages to the static page /50x.html
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/local/www/nginx-dist;

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        location ~ /.ht {
            deny  all;

[INDENT]        location ~ .(inc|class)$ {
                deny all;
        location ^~ /lib/tools/po/ {
                deny all;

Related Posts:

Continue reading...
Not open for further replies.