Nginx 設定
Complete Nginx setup guide for FeedbackPulse SaaS.
前提条件
- Nginx 1.18+
- PHP-FPM 8.2+
- SSL certificate (recommended)
Basic Server Block
Create a new Nginx config:
sudo nano /etc/nginx/sites-available/feedbackpulse
Paste the following:
server {
listen 80;
listen [::]:80;
server_name yourdomain.com www.yourdomain.com;
root /var/www/feedbackpulse-saas/public;
index index.php index.html;
charset utf-8;
# Laravel URL rewriting
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# PHP processing
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_hide_header X-Powered-By;
}
# Deny access to hidden files
location ~ /\.(?!well-known).* {
deny all;
}
# Static file caching
location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ {
expires 30d;
add_header Cache-Control "public, immutable";
}
# Max upload size (for photos, logos)
client_max_body_size 20M;
# Logging
access_log /var/log/nginx/feedbackpulse-access.log;
error_log /var/log/nginx/feedbackpulse-error.log;
}
Enable the site:
sudo ln -s /etc/nginx/sites-available/feedbackpulse /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-enabled/default # Remove default site (optional)
sudo nginx -t # Test configuration
sudo systemctl restart nginx
HTTPS Server Block (with Let's Encrypt)
# Redirect HTTP to HTTPS
server {
listen 80;
listen [::]:80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://yourdomain.com$request_uri;
}
# Main HTTPS server
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name yourdomain.com www.yourdomain.com;
root /var/www/feedbackpulse-saas/public;
index index.php index.html;
charset utf-8;
# SSL Configuration
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# Security Headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Laravel URL rewriting
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# PHP processing
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_hide_header X-Powered-By;
fastcgi_read_timeout 300;
}
# Deny access to hidden files (except .well-known for ACME)
location ~ /\.(?!well-known).* {
deny all;
}
# Static file caching
location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ {
expires 30d;
add_header Cache-Control "public, immutable";
}
client_max_body_size 20M;
access_log /var/log/nginx/feedbackpulse-access.log;
error_log /var/log/nginx/feedbackpulse-error.log;
}
Wildcard Subdomain Support
For tenant subdomains like acme.yourdomain.com:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name yourdomain.com *.yourdomain.com;
root /var/www/feedbackpulse-saas/public;
# Use a wildcard SSL certificate
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
# ... rest of the config same as HTTPS block above ...
index index.php index.html;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_hide_header X-Powered-By;
}
location ~ /\.(?!well-known).* {
deny all;
}
client_max_body_size 20M;
}
Requires: Wildcard DNS record + wildcard SSL certificate. See Wildcard DNS Setup.
PHP-FPM 設定
Optimize PHP-FPM for FeedbackPulse:
sudo nano /etc/php/8.2/fpm/pool.d/www.conf
Key settings:
; Process management
pm = dynamic
pm.max_children = 20
pm.start_servers = 5
pm.min_spare_servers = 3
pm.max_spare_servers = 10
pm.max_requests = 500
; Timeouts
request_terminate_timeout = 300
; Upload limits
php_admin_value[upload_max_filesize] = 20M
php_admin_value[post_max_size] = 25M
php_admin_value[memory_limit] = 256M
Restart PHP-FPM:
sudo systemctl restart php8.2-fpm
Laravel Forge / Ploi / RunCloud
If you're using a managed server provider:
Laravel Forge
- Create a new site with domain
yourdomain.com - Set Web Directory to
/public - Deploy your code (Git or upload)
- Forge automatically configures Nginx correctly
- Enable SSL via the "SSL" tab (Let's Encrypt)
Ploi
- Add a new site → enter your domain
- Set root to
/public - Deploy code
- SSL is auto-configured
RunCloud
- Create a web app → select "PHP" → enter domain
- Set public path to
public - Deploy via Git or file manager
- Enable SSL
Verify Nginx 設定
# Test syntax
sudo nginx -t
# Check if PHP-FPM is running
sudo systemctl status php8.2-fpm
# Check if Nginx is running
sudo systemctl status nginx
# Check which PHP-FPM socket is in use
ls /var/run/php/
# Restart everything
sudo systemctl restart php8.2-fpm nginx
Common Nginx Issues
| Issue | Solution |
|---|---|
| 502 Bad Gateway | PHP-FPM isn't running or socket path is wrong. Check fastcgi_pass matches your PHP-FPM socket. |
| 404 on all routes | Missing try_files $uri $uri/ /index.php?$query_string; in location block. |
| 413 Request Entity Too Large | Increase client_max_body_size (default is 1M). |
| "File not found" | Check that root points to the public/ directory and $realpath_root is used in SCRIPT_FILENAME. |
| Blank page | Check storage/logs/laravel.log and /var/log/nginx/feedbackpulse-error.log. |