Backend Development 6 min read

Common Pitfalls and Best Practices for Configuring Nginx with PHP

This article examines typical mistakes in Nginx‑PHP configurations—such as misplaced index directives, misuse of the if statement, and fastcgi parameter issues—and presents a cleaner, more reliable configuration using inheritance, try_files, and the appropriate fastcgi.conf file.

Art of Distributed System Architecture Design

May 7, 2016

Common Pitfalls and Best Practices for Configuring Nginx with PHP

Many developers configure Nginx + PHP by simply copying outdated tutorials, which often contain errors that can cause security and maintenance problems.

A typical naive configuration looks like this:

server {
    listen 80;
    server_name foo.com;
    root /path;
    location / {
        index index.html index.htm index.php;
        if (!-e $request_filename) {
            rewrite . /index.php last;
        }
    }
    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /path$fastcgi_script_name;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
    }
}

This configuration suffers from several issues: the index directive is placed inside a location block, causing duplication when multiple locations are added; the if statement is misused for request routing, which should be handled by try_files; and the fastcgi parameter file choice is suboptimal.

Because location blocks are siblings, index does not inherit, so it should be defined at the server level to apply to all locations.

The if (!-e $request_filename) pattern is a common anti‑pattern; the proper directive is try_files $uri $uri/ /index.php;, which safely checks file existence without the pitfalls of the rewrite module.

There are two fastcgi configuration files: fastcgi_params and fastcgi.conf. The latter adds the SCRIPT_FILENAME definition (

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

) and avoids hard‑coding paths, reducing the risk of duplicate parameters.

When PHP’s cgi.fix_pathinfo is enabled, an additional security check is needed; using try_files $uri =404; inside the PHP location prevents unintended file execution.

A cleaned‑up configuration incorporating these recommendations is:

server {
    listen 80;
    server_name foo.com;
    root /path;
    index index.html index.htm index.php;
    location / {
        try_files $uri $uri/ /index.php;
    }
    location ~ \.php$ {
        try_files $uri =404;
        include fastcgi.conf;
        fastcgi_pass 127.0.0.1:9000;
    }
}

Although this version resolves most of the earlier problems, further refinements may be needed for compatibility with fastcgi_split_path_info and other advanced use cases.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.

Configuration Best Practices PHP Web server fastcgi

Written by

Art of Distributed System Architecture Design

Introductions to large-scale distributed system architectures; insights and knowledge sharing on large-scale internet system architecture; front-end web architecture overviews; practical tips and experiences with PHP, JavaScript, Erlang, C/C++ and other languages in large-scale internet system development.

0 followers

Reader feedback

How this landed with the community

Rate this article

Was this worth your time?

Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.