As such, I’ve decided to make this blog fast and secure, by employing the standard technologies (Varnish Cache and free LetsEncrypt.org SSL certificates).
Here’s the architecture I’ve chosen:
- bottom layer: PHP-FPM running on unix sockets instead of touching the network stack (which is arguably slower and I don’t like having an extra open port exposed);
- middle layer: NginX webserver and reverse-proxy. This is what serves the actual content, HTTP only (no SSL at this stage)
- caching layer (internet facing): Varnish Cache
- SSL layer: Nginx
Alright, let’s look at each and every one of these layers, in a from-zero-to-hero fashion. All this assumes a Debian Linux or derivative box (be it a virtual machine, a VPS/VDS, dedicated physical server in some datacenter, or your basement, your development machine, docker containers… whatever).
And another assumption is that you need root (sudo) access to said box, and are comfortable with the Linux command line lingo and basic commands.
1. PHP (feel free to skip this if your site doesn’t use this archaic programming language)
sudo apt-get install php7.0-fpm
You only need the php-fpm package, not all the fluff that you normally get when you generically install ‘php’.
After you install it, break out your favourite editor on that box (vim/nano/emacs/whatever-floats-your-boat), and go make the required modifications to php-fpm’s config file, (on my Ubuntu Xenial LTS [16.04.2] it’s at: /etc/php/7.0/fpm/pool.d/www.conf), and look for the ‘listen =’ stanza, change it if necessary to:
listen = /run/php/php7.0-fpm.sock
You’re free to choose a different path where to allow php to store its socket file, but the defaults are sane enough for me. On some older systems it prefers to create that file unde /var/run/…
Whatever, it doesn’t really matter where it is, as long as the user which runs php on your system has full read and write access to that file.