About me and my Pi

How To's

Using vnStati
Setting a static IP
RPi as a DNS slave
Setting up fail2ban
Install Nginx & PHP

Other stuff here

PHP System Info
Icecast Server
Stuff (folder)

External links

Installing Nginx web server and PHP on Raspbian Jessie

Powered by Nginx web server

This tutorial is for Raspbian 8 (Jessie) and will go through the steps to install the Nginx web server and PHP5. We will use a config file to set the document root in our home directory, /home/pi/www

First, as always, get things up to date:

sudo apt-get update && sudo apt-get upgrade
Now, lets install Nginx and php5-fpm:
sudo apt-get install nginx php5-fpm
Great. Nginx should now be running. Check by going to your servers IP address or domain in a browser. You should see the Nginx test page.
Lets make a couple of changes in the Nginx config file:
sudo nano /etc/nginx/nginx.conf

On line 2, we should set the number of worker processes. The default is 4. I set mine to the amount of cpu cores on the machine, so for the Raspberry Pi Model B+, thats 1.

worker_processes 1;

I'm not interested in logging, so I change my logging settings to log into the big black hole of /dev/null. Change this if you wish:

# Logging Settings

access_log /dev/null;
error_log /dev/null;

A little further down, you will see Virtual Host Configs. There are two directories where Nginx will look for configuration files. The way I like to do it is disable the default settings and create my own config file in /etc/nginx/conf.d/

To do this, comment out the second line, so it just looks in the /etc/nginx/conf.d/ directory:

        # Virtual Host Configs

        include /etc/nginx/conf.d/*.conf;
#       include /etc/nginx/sites-enabled/*;

Thats it for the nginx.conf file, save it by CTRL+X then Y. Now, lets create a directory in our home directory where we can place our website files:

mkdir /home/pi/www

Now, we can make our own site configuration file. This is placed in /etc/nginx/conf.d/ as mentioned above, which will be an empty folder. Lets create our config file in there. You can name this file anything you wish, just make sure it has the .conf file extention. I will use pi.conf:

sudo nano /etc/nginx/conf.d/pi.conf

In this file, we can create a simple site configuration. The one I have provided below will use the web root directory that we created above to serve files from and allow directory listings (autoindex on). This is how I have mine set up. The first server configuration acts as the default configuration by setting 'server_name' to _

This underscore (instead of a domain) means Nginx will use the settings defined here for any domain or IP address. For example, you can reach this site direct from it's IP as it is the default site.

Specific virtual hosts can be set in further server settings in the same file. I have a 301 permament redirect from to, which can be seen at the bottom of the same pi.conf file. You can therefore configure Nginx easily to work with a sub domain or another domain entirely, specifying different document roots and settings for each. Since I only host the one domain here (and the www redirect), it's quite simple.

#Start of Default Server Configuration
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /home/pi/www;
    index index.php index.html index.htm;

    server_name _;

    location / {
        try_files $uri $uri/ =404;
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include /etc/nginx/fastcgi_params;

#Deny access to .htaccess files
    location ~ /\.ht {
        deny all;

#End of Default Server Configuration

#Start specific virtual hosts
server {
        return 301 $scheme://$request_uri;
#End specific virtual hosts

If you wanted to add another domain, add another virtual host at the bottom the same as the default server, but change the following settings to suit:

server_name _;

root /home/pi/www;
root /home/pi/example;

The two domains ensure both and will both be served from the defined root.

Thats it for the Nginx setup, save the file by CTRL+X then Y. Now, lets edit the php.ini file to make one little security tweak. By default, PHP allows running of PHP files hosted remotely, which is not a good idea. Lets change that. Open php.ini

sudo nano /etc/php5/fpm/php.ini

Now this file is big, so lets search for what we are looking for. In nano, we can use the 'Where Is' feature, by holding CTRL and pressing W. Type in allow_url_fopen and that should take you to that setting. Change it from On to Off, so it looks like:

; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
allow_url_fopen = Off

Save the file by CTRL+X then Y. Thats it, everything should be ready to go. Lets restart Nginx:

sudo service nginx restart

You can now add files to be served in your /home/pi/www/ directory.

Enabling SSL

To enable SSL on your new Nginx server, first, create a directory for the SSL certificate and key:

sudo mkdir /etc/nginx/ssl

Now, we can create the SSL certificate and key files in one command:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

You will be prompted to answer some questions. To leave a field blank, just enter a dot. Next, we configure Nginx to work with SSL. Open your Nginx configuration file and in the server block, underneath the listen on port 80 lines, add a listen 443 ssl line, as below:

#Start of Default Server Configuration
server {
    listen 80 default_server;
    listen [::]:80 default_server;
    listen 443 ssl;

And, under the server_name line, add the certificate and key as below:

 server_name _;

    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

Save the file by CTRL+X then Y, then restart Nginx:

sudo service nginx restart

Now, you should be able to navigate to and see your webpages via SSL! Be aware that this is a self signed certificate and therefore most browsers will give you a warning.

Adding a user with SFTP access to a web directory

To add a user with SFTP access to a jailed web directory, do the following (changing name 'john' to suit).

Create a new user with a dummy shell (no shell access):

sudo adduser --shell=/bin/false john

Change the owner and permissions of their home folder:

sudo chown root:john /home/john
sudo chmod 755 /home/barry

Create a folder for them to upload to (this will be our web root):

sudo mkdir /home/john/www
sudo chown john:john /home/john/www
sudo chmod 755 /home/john/www

Now, edit the SSH configuration:

sudo nano /etc/ssh/sshd_config

Comment out the following line:

Subsystem sftp /usr/lib/openssh/sftp-server

Now, at the bottom of the file, add:

Subsystem sftp internal-sftp
Match User john
    ChrootDirectory %h
    ForceCommand internal-sftp
    X11Forwarding no
    AllowTCPForwarding no

Finally, restart the SSH server:

sudo service sshd restart

Now you can add a new virtual host to nginx with the web root that we created above.

Happy web serving! John.

Back to home...