Tag: «nginx»

Once browsers realize that a site can be opened over https, they no longer want to open it over plain http. Firefox and Chrome definitely behave like that. VKontakte is an example. And once a site is opened over https, some resources on the page may still be loaded over http, but not Javascript files. Those get blocked and must be loaded over https only.

Today I was making a simple iframe app for VK. Basically it was just a lightly styled php page into which I inserted the php code of a ticket booking and purchase system. After setting the URL in the VK app, I discovered that VK works over HTTPS and my page was also trying to load over HTTPS. Since my server did not support https, I had to configure it.

I got the certificate from StartSSL for free. I configured everything, everything started working (my blog could now also be opened as https://arm1.ru — I turned that off and left only http for now, because all Disqus comments and social-media likes broke :) and I do not really need https on that domain anyway), hallelujah, the script started loading. But the PHP code of the ticket system essentially returns its own HTML, and that HTML loads various js code over http. Since that gets blocked, nothing works again :) It is a hellish chain, really. VK -> iframe -> my server -> ticket server. Now I am waiting for them to set up https on their side and serve all js code over it.

But I did get a couple of useful lessons out of it.

1. Whenever possible, load external js not as “http://site.com/code.js” but as “//site.com/code.js”. The // means “use the current connection protocol”. The browser handles the check, so you do not need to check the protocol in code yourself.
2. Experience gained from bringing up and configuring https on my own server. Two guides so I do not lose them:
   1. Getting a free SSL certificate (via StartSSL).
   2. Configuring an HTTPS server in nginx.

Now the main thing is not to forget that in a year the SSL certificate will need to be renewed.

If after configuring nginx and php-fpm to work through php5-fpm.sock, Nginx throws a 502 bad gateway error and the log contains something like this:

*20 connect() to unix:/usr/local/var/run/php5-fpm.sock failed (2: No such file or directory) while connecting to upstream

Then the permissions problem can be fixed like this:

cd /usr/local/var/run
sudo chmod 666 php5-fpm.sock

If that helped, then in /usr/local/etc/php/5.5/php-fpm.conf you should also uncomment this line:

listen.mode = 0666

About speeding things up. A couple of useful points.

As is well known, browsers limit the number of simultaneous connections per domain while loading a site. Because of this, site elements are loaded sequentially. Every image/js/css file is a separate connection. If there are many such elements on a site's pages, you can speed up loading by moving static assets to subdomains. For example: s1.domain.com, s2.domain.com, and so on. So if the browser has, say, a limit of 5 connections per domain, now you get 5 connections for each subdomain. If you spread everything out correctly, load speed can theoretically increase almost fivefold.

The downside: the number of simultaneous connections to the server also grows. With the same site traffic, the number of connections grows by about 5 times as well (if you have 5 subdomains). If Nginx is the frontend, it has a limit on the number of connections in its config. And since there are now 5 times more connections, it also has to do more work at the same time than before. So with this acceleration we are also pushing Nginx closer to its simultaneous connection limit, and as a result the site may fail to open for the user or some files may simply not be served during loading.

The Nginx logs will show an error like:

"...socket() failed (24: Too many open files) while connecting to upstream..."

To see the current limit from the console:

ulimit -n

To see it nicely formatted like this:

nginx: worker process

Limit                     Soft Limit           Hard Limit           Units
Max open files            1024                 1048576              files
Currently open files: 945

nginx: master process /usr/sbin/nginx
Limit                     Soft Limit           Hard Limit           Units
Max open files            1024                 1048576              files

you can run this in the console:

for pid in `pidof nginx`; do echo "$(< /proc/$pid/cmdline)"; egrep 'files|Limit' /proc/$pid/limits; echo "Currently open files: $(ls -1 /proc/$pid/fd | wc -l)"; echo; done

To change the limit:

• add these lines to /etc/security/limits.conf:
  * soft nofile 16384
  * hard nofile 16384
• run as root:
  

  ulimit -n 16384

• restart Nginx, just in case.

They also write that you can simply add this to the Nginx config:

worker_rlimit_nofile 16384

and restart it.