Hi,
On 20/03/2019 06:18, waleedkh wrote:
Hi There, I have a question I am hoping someone can assist with.
I have a setup with a front end Nginx server on a public IP and two end
servers on private IP's.
I am using PHP-FPM fastcgi to do my upstream load balancing on NGinx.
I don't think that statement makes much sense. The front end Nginx
receives all the requests and has to load balance as it passes to PHP-FPM.
Each server is a clone of the original NGinx server with all the web content
sitting on all three of them.
My question is where does that content actually get served from? I suspect
it is only on the front end NGinx server.
It is impossible to tell without your from-end nginx config.
What I think you *should* be doing is this:
serve the static files (.htm, .html, .js, .css, images) using the front
end Nginx. That is the most efficient way to handle those.
Serving .php files that exist using PHP-FPM.
If I understand the set up correctly, you don't need Nginx on the
backend, and you don't want PHP-FPM to have a public IP for security
reasons.
The reason for having all the files in each location might be that it
makes the release process simple, and it also enables the front end
process to test for the existence of .php files to stop "zero day"
exploits.
Does this mean the web content files can then be removed on the back end
servers (on private IP)?
If so, is it just fastcgi processing that would then happen on the back end
servers, so there is no need to have any of the web application files
running on it?
That is how I would set it up.
Rgds
Ian
--
Ian Hobson
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
