Operating Systems

Debian 9 Stretch with The Nix Packet Manager running NGinx + PHP 7 FPM & CHROOT

Experimenting with the package manager of the future

Start of with a Fresh install of Debian 9 Stretch and proceed to install the NIX Packet Manager:  (Dont use root but a privileged user with SUDO permission)

# curl | sh

Then install the following packages using the nix-env command

# nix-env -i mariadb nginx openssl php

To query your database of installed packages you can issue

# nix-env -q

Next we add a user for php-fpm pool

# sudo mkdir -p /var/www/server1.asbra.lan
# sudo adduser --home /var/www/server1.asbra.lan/ --no-create-home --disabled-login web-server1

Configure the PHP-FPM Pool

Add virtual host config for PHP-FPM, With chroot

# vim ~/.nix-profile/etc/php-fpm.d/server1.conf


    user = web-server1
    group = nogroup

    listen =

    pm = dynamic
    pm.max_children = 5
    pm.start_servers = 2
    pm.min_spare_servers = 1
    pm.max_spare_servers = 3
    pm.status_path = /status

    chroot = /var/www/server1.asbra.lan
    chdir = /html

    php_flag[display_errors] = on
Configure NGinx Virtual Host

# vim ~/.nix-profile/conf/nginx.conf

http {


    server {
        listen 80;
        server_name server1.asbra.lan;
        access_log logs/server1.asbra.lan.access.log;

       location / {
            root /var/www/server1.asbra.lan/html;
            index index.html index.htm;
        location ~ \.php$ {
            root /html;
            fastcgi_index index.php;
            include fastcgi_params;
            fastcgi_param SCRIPT_NAME $fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

Start Services

# sudo ~/nix-profile/bin/php-fpm
# sudo ~/nix-profile/bin/nginx

Restart Services

# sudo kill -USR2 $(ps waux | grep "php-fpm: master" |egrep '^root(.*)' | awk '{print $2}')
# sudo ~/nix-profile/bin/nginx -s reload

By Nimpen J. Nordström

System Developer and Network Security Enthusiast

Leave a Reply

Your email address will not be published. Required fields are marked *