Skip to content
Fragmented Development

GNUsocial on nginx and Debian 8

After running GNUsocial for years, I've chiseled my GNUsocial setup into something fairly fast and respectable (mostly through consistent experimentation and breakages. Sorry, users). Newer configuration changes require Debian 8, or "Jessie", so I thought I'd make a new post explaining things.

Requirements

To install GNUsocial the FragDev way, install the required libraries/daemons/etc using the following aptitude command:

aptitude install php5-fpm php5-gd php5-mysql php5-intl php5-memcache php5-memcached mariadb-server

You also need to enable backports on Debian to get a more updated version of nginx. This allows you to enable HTTP/2, which saves a lot of traffic overhead.

aptitude -t jessie-backports install nginx-full

Setting up the database/user in MariaDB is beyond the scope of this article. If you don't know how do that, running GNUsocial is going to be a rough ride. You might want to reconsider.

nginx configuration

The nginx configuration that FragDev uses has several modifications over the default GNUsocial nginx configuration.

server {

    # Enable HTTP/2 to speed up connections
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    root /var/www/micro.fragdev.com;
    index index.php;

    location / {

        # Try fetching requests in the following order:
        # - Look for a static file at that address
        # - Look for a directory at that address
        # - Rewrite the address
        try_files $uri $uri/ /index.php?p=$uri&$args;
    }

    # Prevent any avatar images from being run as PHP
    location /avatar {
        location ~ \.php {return 403;}
        try_files $uri =404;
    }

    # Prevent any user-uploaded files from being run as PHP
    location /file {
        location ~ \.php {return 403;}
        try_files $uri =404;
    }

    # Parse PHP files
    location ~ \.php {

        # Using try_files prevents PHP from having to process 404s
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        include fastcgi.conf;
    }

    [ Other common configurations... ]
}

This is much simpler and faster than the stock nginx configuration, because it removes a regular expression rewrite with a simpler, faster try_files entry. At high volume, this could save a decent amount of CPU - on our instance, it wasn't terribly noticeable.

HTTP/2 handles multiple requests for things like avatar images and other files with a single connection, saving a bunch of redundant connections and HTTP headers. Extra bandwidth is always nice.

memcache

Memcache is a bit of a mystery to me. I didn't have any success manually enabling the plugin, but somehow my CPU usage dropped by 2/3rds once the memcached daemon was running. I'm still poking around, and will update this section if I find anything relevant.


That's generally the configuration we have running on FragDev. We also use the queue daemons, which I explained in detail in my "GNUsocial daemons and systemd" post.

I'll continue updating this post as changes are made. Please share any tips and trips for improving performance!

Tags: php server gnusocial


Add Your Comment