Nginx for FreePBX


#1

On Debian 10, PHP 7.3, FreePBX 15 (the configuration I have been working on to help push current PHP compatibility) I set up a new server with Nginx + PHP-FPM instead of Apache + mod_php and thought I would share my configuration notes here.

Nginx configuration is overall simpler than Apache, but it does not use .htaccess files, so the settings that otherwise would be handled by Apache’s .htaccess need to be handled in the server configuration.

First, remove apache if it’s installed.

Install nginx and php-fpm: apt-get install nginx php-fpm

Make the same mods to /etc/php/7.3/fpm/php.ini that you would if using apache:

  • sed -i 's/\(^upload_max_filesize = \).*/\120M/' /etc/php/7.3/fpm/php.ini
  • sed -i 's/\(^memory_limit = \).*/\1256M/' /etc/php/7.3/fpm/php.ini

Set FPM to use the asterisk user by editing /etc/php/7.3/fpm/pool.d/www.conf and changing user =, group =, listen.owner =, and listen.group = to asterisk. (Write your own sed if you want :wink: )

Now to nginx. Edit /etc/nginx/nginx.conf and there also set user to asterisk. Other defaults are ok.

Finally you set up your site by editing the /etc/nginx/sites-enabled/default file or moving it aside and building your own. Here is mine configured for FreePBX. Replace HOSTNAME with your hostname.

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    # Omit next four lines if not using HTTPS. Cert/key locations work
    # for Letsencrypt-generated cert from Certificate Manager.
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    ssl_certificate /etc/asterisk/keys/HOSTNAME/fullchain.pem;
    ssl_certificate_key /etc/asterisk/keys/HOSTNAME/private.pem;

    root /var/www/html;

    index index.html index.htm index.nginx-debian.html index.php;

    server_name HOSTNAME;  # don't use _ or FreePBX may complain about referer

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;  # server defaults are good
        fastcgi_pass unix:/run/php/php7.3-fpm.sock;
        fastcgi_param HTACCESS on;  # disables FreePBX htaccess warning
    }

    # disallows the things that the FreePBX .htaccess files disallow
    location ~ (/\.ht|/\.git|\.ini$|/libraries|/helpers|/i18n|/node|/views/.+php$) {
        deny all;
    }

    # from the api module .htaccess file
    rewrite ^/admin/api/([^/]*)/([^/]*)/?(.*)?$ /admin/api/api.php?module=$1&command=$2&route=$3 last;

}

FreePBX Community Documentation