If you are impatient, the code is at nginx_drupal. If you want to know what it’s about - read on.

I recently needed to set up a consistent web server configuration for a Drupal web site. That site has 6 web servers and 3 images servers. The goal was to have a single nginx configuration file, with as little duplication as possible. The images servers are meant for the static content, and for imagecache only.

Although the servers are different (some are meant for generic web, some are meant just as images servers) I wanted to have a generic config, that will give maximum flexibility to the administrator. Such a config file can reside in a single location on the internal network, and be accessible from all servers through NFS.

The “role” of the server is dictated by it’s name, and this is controlled by the system administrator by configuring the load balancer. For example, if she finds out that only one image server is enough, she can route web communication to the other images servers, and they will become web servers. The only per-machine limitation is the hardware itself (amount of RAM, strength of CPU). We wanted to even off-load the web servers even more, by delegating imagecache tasks of manipulating images to the image servers - leaving more CPU to the web servers available.

This configuration also uses boost module for static page caching, so this was taken into account too. Of course, if boost files do not exist, processing is sent to Drupal. This means it can also work in environments without boost installed.

To summarize the requirements:

• Consistent and clean nginx config file
• Web servers serve full Drupal
• Web servers serve Boost generated files if they exist
• Images servers serve static files
• Images servers generate images through imagecache if they do not exist
• Images servers do not allow full drupal access
• A server “role” is set by its name. Whoever received the “http://www…” request is the web server, whoever received the “http://images…” request is the images server.

I’ve seen a number of posts on nginx Drupal configuration but all seem either too complex, too specific, or both. I wanted to hide the “Drupal” part from the administrator, so she needs to configure only what is needed for her specific case. This allows to support add additional applications, like Wordpress easily (not only PHP based).

We wanted to have another environment on the live servers for testing and staging purposes. While it is not recommended to have a test/devel environment on live server, we wanted to have the ability to see how the system behaves on the real hardware on occassion. The config files allow for easy set up of a staging/qa/whatever environment.

While there, I implemented a couple of protections that do not appear in Drupal’s stock .htaccess file, like limiting the executable to “index.php” only on the root directory (prevents attacks on third party libraries and ill-written modules), and added htaccess protection to files that users should not be running, like ‘update.php’.

I’ve shared the config files on github - grab your copy from nginx_drupal. There is a README file there that should help you get started quite easily.

Feel free to fork it or send me imporevements