Tag: Nginx

Whitelist IPs in Nginx

I want to whitelist my clients IP addresses (and my office IPs) to allow them to view a site, while the rest of the world will be redirected to another site, using Nginx. My Nginx server is behind a load balancer.

Using the geo module I am able to do this rather easily. By default, geo will use $remote_addr for the IP address. However, because our server is behind a load balancer this will not work, as it would always be the IP of the load balancer. You can pass in a parameter to geo to specify where it should get the IP value. In this case, we want to get the IP from $http_x_forwarded_for.

What this is doing is assigning the variable $redirect_ips the value after the IP address. So, if my IP is 1.2.3.4, $redirect_ips will have a value of 0, or false. If my ip is not matched, it will get the default value of 1, or true;

Ok, with that, my server directive now looks like:

 

Enable status for php-fpm

Accessing the PHP-FPM Status screen is easy enough. First, enable pm.status in your php pool:

Then add the following block to your Nginx vhost conf:

Restart php-fpm and nginx and then browse to http://<SERVERIP>/status. You will be presented with some useful information on the current status of your PHP-FPM pool.

By default /status will just show a short status, like an overview of all of the processes. To see output on each process append ?full to the url, http://<SERVERIP>/status?full. You can also pass ?json to get JSON output, if you wanted to feed the data into some other log or stats processing tool (thinking like, greylog or logstash?).

Here is a breakdown of the stats presented to you:

pool – the name of the pool.
process manager – static, dynamic or ondemand.
start time – the date and time FPM has started.
start since – number of seconds since FPM has started.
accepted conn – the number of request accepted by the pool.
listen queue – the number of request in the queue of pending connections (see backlog in listen(2)).
max listen queue – the maximum number of requests in the queue of pending connections since FPM has started.
listen queue len – the size of the socket queue of pending connections.
idle processes – the number of idle processes.
active processes – the number of active processes.
total processes – the number of idle + active processes.
max active processes – the maximum number of active processes since FPM has started.
max children reached – number of times the process limit has been reached.

Use this information to tune your pool configuration.