Welcome to Centmin Mod Community
Register Now

I'm seeking your assistance as I've reached a bottleneck.

Discussion in 'AlmaLinux 8 & Rocky Linux 8 Beta Testing' started by Alexcroydon, Nov 22, 2023.

Tags:
  1. Alexcroydon

    Alexcroydon New Member

    13
    3
    3
    Sep 10, 2022
    Croydon
    Ratings:
    +4
    Local Time:
    7:07 AM
    1.25.2
    10.4.31
    Hello everyone, I'm seeking your assistance as I've reached a bottleneck.

    I'm using Cloudflare's SSL/TLS encryption set to Full (strict) Authenticated Origin Pulls.
    I have two virtual hosts; one hosts Drupal 10, which runs exceptionally fast and exceeds performance expectations.
    However, the second host, ClientExec, is on a subdomain and requires IonCube Loader.
    There might be an issue with the certificates or something else causing ClientExec to run very slowly.

    Thank you for your help.

    Hetzner 4 vCPU 8 GB RAM


    Code (Text):
    rpm -q almalinux-release
    almalinux-release-8.8-3.el8.x86_64
    

    Code (Text):
    lscpu
    Architecture:        x86_64
    CPU op-mode(s):      32-bit, 64-bit
    Byte Order:          Little Endian
    CPU(s):              4
    On-line CPU(s) list: 0-3
    Thread(s) per core:  1
    Core(s) per socket:  4
    Socket(s):           1
    NUMA node(s):        1
    Vendor ID:           AuthenticAMD
    BIOS Vendor ID:      QEMU
    CPU family:          23
    Model:               49
    Model name:          AMD EPYC Processor
    BIOS Model name:     NotSpecified
    Stepping:            0
    CPU MHz:             2495.312
    BogoMIPS:            4990.62
    Hypervisor vendor:   KVM
    Virtualization type: full
    L1d cache:           32K
    L1i cache:           32K
    L2 cache:            512K
    L3 cache:            16384K
    NUMA node0 CPU(s):   0-3
    Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm rep_good nopl cpuid extd_apicid tsc_known_freq pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm cmp_legacy cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw topoext perfctr_core ssbd ibrs ibpb stibp vmmcall fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 clzero xsaveerptr wbnoinvd arat umip rdpid arch_capabilities
    

    Code (Text):
    df -hT
    Filesystem     Type      Size  Used Avail Use% Mounted on
    devtmpfs       devtmpfs  3.7G     0  3.7G   0% /dev
    tmpfs          tmpfs     3.7G     0  3.7G   0% /dev/shm
    tmpfs          tmpfs     3.7G   73M  3.6G   2% /run
    tmpfs          tmpfs     3.7G     0  3.7G   0% /sys/fs/cgroup
    /dev/sda1      ext4      151G   11G  134G   8% /
    /dev/sda14     vfat       64M  5.8M   59M  10% /boot/efi
    /dev/loop0     ext4      3.9G  3.5M  3.7G   1% /tmp
    tmpfs          tmpfs     750M     0  750M   0% /run/user/0
    

    Code (Text):
    free -mlt
                  total        used        free      shared  buff/cache   available
    Mem:           7495        1549        3853          75        2092        5576
    Low:           7495        3641        3853
    High:             0           0           0
    Swap:          4095           0        4095
    Total:        11591        1549        7949
    


    Code (Text):
    cat  /etc/centminmod/custom_config.inc
    
    CENTOS_ALPHATEST='y'
    NGINX_VERSION='1.25.3'
    NGINX_ONETWOTHREE_COMPAT='y'
    DEVTOOLSETTEN='n'
    DEVTOOLSETELEVEN='n'
    DEVTOOLSETTWELVE='y'
    SELFSIGNEDSSL_ECDSA='y'
    PHPFINFO='y'
    PHP_OVERWRITECONF='n'
    PYTHON_INSTALL_ALTERNATIVES='y'
    
    MARCH_TARGETNATIVE='n'
    MARCH_TARGETNATIVE='n'
    
    LETSENCRYPT_DETECT='y'
    VHOSTCTRL_CLOUDFLAREINC='y'
    NGINX_IPV='y'
    
    CF_DNSAPI_GLOBAL='y'
    CF_Token="mytokensd47fue78rhfh"
    CF_Account_ID="mycloudflare@mail.com"
    PHP_PGO='y'
    
    


    Code (Text):
    cat /usr/local/nginx/conf/conf.d/client.domain.com.ssl.conf
    
    #x# HTTPS-DEFAULT
     server {
       listen   80;
    #x#   listen   [::]:80;
       server_name client.domain.com www.client.domain.com;
       return 302 https://client.domain.com$request_uri;
       root /home/nginx/domains/client.domain.com/public;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    #      
    limit_req_zone $binary_remote_addr zone=client:15m rate=200r/m;
    
    server {
      listen 443 ssl;
      http2 on;
     
      server_name client.domain.com www.client.domain.com;
    
      ssl_certificate /usr/local/nginx/conf/ssl/client.domain.com/client.domain.com.crt;
      ssl_certificate_key /usr/local/nginx/conf/ssl/client.domain.com/client.domain.com.key;
    
      include /usr/local/nginx/conf/ssl/client.domain.com/client.domain.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/client.domain.com/origin.crt;
      ssl_verify_client on;
      #http2_max_field_size 16k;
      #http2_max_header_size 32k;
      #http2_max_requests 5000;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/client.domain.com/log/access.log combined buffer=256k flush=5m;
      #access_log /home/nginx/domains/client.domain.com/log/access.json main_json buffer=256k flush=5m;
      error_log /home/nginx/domains/client.domain.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/client.domain.com/autoprotect-client.domain.com.conf;
      root /home/nginx/domains/client.domain.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
    
      limit_req zone=client burst=600 nodelay;
    
      include /usr/local/nginx/conf/503include-only.conf;
      try_files $uri /index.php?$query_string;
    
      location ~ \..*/.*\.php$ {
          return 403;
        }
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
    
      include /usr/local/nginx/conf/php-clientexec.conf;
     
      include /usr/local/nginx/conf/pre-staticfiles-local-client.domain.com.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    


    Code (Text):
    cat /usr/local/nginx/conf/php-clientexec.conf
    
    location ~ [^/]\.php(/|$) {
      include /usr/local/nginx/conf/503include-only.conf;
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        if (!-f $document_root$fastcgi_script_name) {
            return 404;
        }
        #fastcgi_keep_conn on;
        fastcgi_pass dft_php;
        #fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/run/php-fpm/php-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;
    
    # might shave 200+ ms off PHP requests
    # which don't pass on a content length header
    # slightly faster page response time at the
    # expense of throughput / scalability
    #sendfile on;
    #tcp_nopush off;
    #keepalive_requests 0;
    
    fastcgi_connect_timeout 360s;
    fastcgi_send_timeout 360s;
    fastcgi_read_timeout 360s;
    fastcgi_buffer_size 32k;
    fastcgi_buffers 512 32k;
    fastcgi_busy_buffers_size 1m;
    fastcgi_temp_file_write_size 4m;
    fastcgi_max_temp_file_size 4m;
    fastcgi_intercept_errors off;
    
    # next 3 lines when uncommented / enabled
    # allow Nginx to handle uploads which then
    # passes back the completed upload to PHP
    #fastcgi_pass_request_body off;
    #client_body_in_file_only clean;
    #fastcgi_param  REQUEST_BODY_FILE  $request_body_file;
    
    #new .04+ map method
    fastcgi_param HTTPS $server_https;
    
    # comment out PATH_TRANSLATED line if /usr/local/lib/php.ini sets following:
    # cgi.fix_pathinfo=0
    # as of centminmod v1.2.3-eva2000.01 default is set to cgi.fix_pathinfo=1
    
    fastcgi_param  PATH_INFO          $fastcgi_path_info;
    fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
    
    fastcgi_param  QUERY_STRING       $query_string;
    fastcgi_param  REQUEST_METHOD     $request_method;
    fastcgi_param  CONTENT_TYPE       $content_type;
    fastcgi_param  CONTENT_LENGTH     $content_length;
    
    fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
    fastcgi_param  REQUEST_URI        $request_uri;
    fastcgi_param  DOCUMENT_URI       $document_uri;
    fastcgi_param  DOCUMENT_ROOT      $document_root;
    fastcgi_param  SERVER_PROTOCOL    $server_protocol;
    fastcgi_param  REQUEST_SCHEME     $scheme;
    fastcgi_param  HTTPS              $https if_not_empty;
    fastcgi_param  HTTP_PROXY         "";
    
    fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
    fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
    
    fastcgi_param  REMOTE_ADDR        $remote_addr;
    fastcgi_param  REMOTE_PORT        $remote_port;
    fastcgi_param  SERVER_ADDR        $server_addr;
    fastcgi_param  SERVER_PORT        $server_port;
    fastcgi_param  SERVER_NAME        $server_name;
    
    # Set php-fpm geoip variables
    fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
    fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
    fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
    fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
    fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
    fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
    fastcgi_param GEOIP_REGION $geoip_region;
    fastcgi_param GEOIP_CITY $geoip_city;
    fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
    fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
    fastcgi_param GEOIP_LATITUDE $geoip_latitude;
    fastcgi_param GEOIP_LONGITUDE $geoip_longitude;
    
    # PHP only, required if PHP was built with --enable-force-cgi-redirect
    fastcgi_param  REDIRECT_STATUS    200;
    
                       }
    
     
    Last edited: Nov 22, 2023
  2. Alexcroydon

    Alexcroydon New Member

    13
    3
    3
    Sep 10, 2022
    Croydon
    Ratings:
    +4
    Local Time:
    7:07 AM
    1.25.2
    10.4.31
    Was it correct for me to replace this with my Cloudflare origin certificate and private key?
    Code (Text):
    ssl_certificate /usr/local/nginx/conf/ssl/client.domain.com/client.domain.com.crt;
    ssl_certificate_key /usr/local/nginx/conf/ssl/client.domain.com/client.domain.com.key;

    Is it correct that this has been left untouched?
    Code (Text):
    include /usr/local/nginx/conf/ssl/client.domain.com/client.domain.com.crt.key.conf;
    ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/client.domain.com/origin.crt;
     
  3. Alexcroydon

    Alexcroydon New Member

    13
    3
    3
    Sep 10, 2022
    Croydon
    Ratings:
    +4
    Local Time:
    7:07 AM
    1.25.2
    10.4.31
    Before activating Cloudflare's SSL/TLS encryption set to Full (strict) Authenticated Origin Pulls, the ClientExec, which requires IonCube, was functioning somewhat faster. However, even before enabling it, there wasn't a significant speed improvement.

    Compared to Drupal, here is the centminmod virtual host configuration for Drupal 10, which is performing exceptionally fast.
    Code (Text):
    #x# HTTPS-DEFAULT
     server {
       listen   80;
    #x#   listen   [::]:80;
       server_name domain.com www.domain.com;
       return 302 https://domain.com$request_uri;
       root /home/nginx/domains/domain.com/public;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    #      
    limit_req_zone $binary_remote_addr zone=public:10m rate=200r/m;
    
    
    server {
      listen 443 ssl;
      http2 on;
     
      server_name domain.com www.domain.com;
    
      #ssl_dhparam /usr/local/nginx/conf/ssl/domain.com/dhparam.pem;
      ssl_certificate /usr/local/nginx/conf/ssl/domain.com/domain.com.crt;
      ssl_certificate_key /usr/local/nginx/conf/ssl/domain.com/domain.com.key;
     
      include /usr/local/nginx/conf/ssl/domain.com/domain.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
     
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/domain.com/origin.crt;
      ssl_verify_client on;
      #http2_max_field_size 16k;
      #http2_max_header_size 32k;
      #http2_max_requests 5000;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      # resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      # resolver_timeout 10s;
      # ssl_stapling on;
      # ssl_stapling_verify on;
      # ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain.com/domain.com-trusted.crt; 
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=5m;
      #access_log /home/nginx/domains/domain.com/log/access.json main_json buffer=256k flush=5m;
      error_log /home/nginx/domains/domain.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
      root /home/nginx/domains/domain.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
    
      limit_req zone=public burst=400 nodelay;
    
      include /usr/local/nginx/conf/503include-only.conf;
      try_files $uri /index.php?$query_string;
    
    
      location ~ \..*/.*\.php$ {
          return 403;
        }
    
      location ~ ^/sites/.*/private/ {
          return 403;
        }
    
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
        location @rewrite {
            rewrite ^/(.*)$ /index.php?q=$1;
      }
        # Fighting with Styles? This little gem is amazing.
        location ~ ^/sites/.*/files/styles/ {
            try_files $uri @rewrite;
      }
      
        location ~ ^/(index.php) {
            index index.php index.html index.htm;
            auth_basic "Private";
            auth_basic_user_file /usr/local/nginx/conf/htpasswd;
            include /usr/local/nginx/conf/php-drupal.conf;
            allow 11.222.33.444;
            #deny all;
      }
    
      include /usr/local/nginx/conf/php-drupal.conf;
     
      include /usr/local/nginx/conf/pre-staticfiles-local-domain.com.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
     
    Last edited: Nov 22, 2023
  4. eva2000

    eva2000 Administrator Staff Member

    51,983
    11,976
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,473
    Local Time:
    4:07 PM
    Nginx 1.25.x
    MariaDB 10.x
    No experience with ClientExec, but you really can't compare 2 different web apps as they may use different amounts of resources. But IonCube Loader probably has an impact? Might want to ask ClientExec developers
     
  5. Alexcroydon

    Alexcroydon New Member

    13
    3
    3
    Sep 10, 2022
    Croydon
    Ratings:
    +4
    Local Time:
    7:07 AM
    1.25.2
    10.4.31
    This is the most recent update of my centminmod vhost, which has notably enhanced the performance of ClientExec.
    Code (Text):
    cat /usr/local/nginx/conf/conf.d/client.domain.com.ssl.conf
    
    # HTTPS-DEFAULT
    server {
        listen 80;
        server_name client.domain.com www.client.domain.com;
        return 302 https://client.domain.com$request_uri;
        root /home/nginx/domains/client.domain.com/public;
        include /usr/local/nginx/conf/staticfiles.conf;
    }
    
    limit_req_zone $binary_remote_addr zone=client:15m rate=200r/m;
    
    server {
      listen 443 ssl;
      http2 on;
    
        server_name client.domain.com www.client.domain.com;
    
        ssl_certificate /usr/local/nginx/conf/ssl/client.domain.com/client.domain.com.crt;
        ssl_certificate_key /usr/local/nginx/conf/ssl/client.domain.com/client.domain.com.key;
    
        include /usr/local/nginx/conf/ssl_include.conf;
    
        # Cloudflare authenticated origin pull cert
        ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/client.domain.com/origin.crt;
        ssl_verify_client on;
    
        ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_buffer_size 8k;
    
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
    
        access_log /home/nginx/domains/client.domain.com/log/access.log combined buffer=256k flush=5m;
        error_log /home/nginx/domains/client.domain.com/log/error.log;
    
        include /usr/local/nginx/conf/autoprotect/client.domain.com/autoprotect-client.domain.com.conf;
        root /home/nginx/domains/client.domain.com/public;
        include /usr/local/nginx/conf/cloudflare.conf;
        include /usr/local/nginx/conf/503include-main.conf;
    
        location / {
            limit_req zone=client burst=600 nodelay;
            include /usr/local/nginx/conf/503include-only.conf;
            try_files $uri /index.php?$query_string;
        }
    
        location ~ \..*/.*\.php$ {
            return 403;
        }
    
        # Static files optimizations
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/drop.conf;
    
        # PHP-FPM configuration
        include /usr/local/nginx/conf/php-clientexec.conf;
    }
    

    Code (Text):
    cat /usr/local/nginx/conf/php-clientexec.conf
    location ~ [^/]\.php(/|$) {
      include /usr/local/nginx/conf/503include-only.conf;
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        if (!-f $document_root$fastcgi_script_name) {
            return 404;
        }
        #fastcgi_keep_conn on;
        fastcgi_pass dft_php;
        #fastcgi_pass   127.0.0.1:9000;
        #fastcgi_pass   unix:/run/php-fpm/php-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;
        #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;
    
    # might shave 200+ ms off PHP requests
    # which don't pass on a content length header
    # slightly faster page response time at the
    # expense of throughput / scalability
    #sendfile on;
    #tcp_nopush off;
    #keepalive_requests 0;
    
    fastcgi_connect_timeout 10s; # Decreased from 60s (adjust as needed)
    fastcgi_send_timeout 120s;   # Increased from 60s (adjust as needed)
    fastcgi_read_timeout 120s;   # Increased from 60s (adjust as needed)
    fastcgi_buffer_size 256k;   # Increased from 128k (adjust as needed)
    fastcgi_buffers 16 256k;    # Increased from 4 256k (adjust as needed)
    fastcgi_busy_buffers_size 256k; # Increased from 128k (adjust as needed)
    fastcgi_temp_file_write_size 8m; # Increased from 4m (adjust as needed)
    fastcgi_max_temp_file_size 8m;   # Increased from 4m (adjust as needed)
    fastcgi_intercept_errors off;
    
    # next 3 lines when uncommented / enabled
    # allow Nginx to handle uploads which then
    # passes back the completed upload to PHP
    #fastcgi_pass_request_body off;
    #client_body_in_file_only clean;
    #fastcgi_param  REQUEST_BODY_FILE  $request_body_file;
    
    #new .04+ map method
    fastcgi_param HTTPS $server_https;
    
    # comment out PATH_TRANSLATED line if /usr/local/lib/php.ini sets following:
    # cgi.fix_pathinfo=0
    # as of centminmod v1.2.3-eva2000.01 default is set to cgi.fix_pathinfo=1
    
    fastcgi_param  PATH_INFO          $fastcgi_path_info;
    fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
    
    fastcgi_param  QUERY_STRING       $query_string;
    fastcgi_param  REQUEST_METHOD     $request_method;
    fastcgi_param  CONTENT_TYPE       $content_type;
    fastcgi_param  CONTENT_LENGTH     $content_length;
    
    fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
    fastcgi_param  REQUEST_URI        $request_uri;
    fastcgi_param  DOCUMENT_URI       $document_uri;
    fastcgi_param  DOCUMENT_ROOT      $document_root;
    fastcgi_param  SERVER_PROTOCOL    $server_protocol;
    fastcgi_param  REQUEST_SCHEME     $scheme;
    fastcgi_param  HTTPS              $https if_not_empty;
    fastcgi_param  HTTP_PROXY         "";
    
    fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
    fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
    
    fastcgi_param  REMOTE_ADDR        $remote_addr;
    fastcgi_param  REMOTE_PORT        $remote_port;
    fastcgi_param  SERVER_ADDR        $server_addr;
    fastcgi_param  SERVER_PORT        $server_port;
    fastcgi_param  SERVER_NAME        $server_name;
    
    # Set php-fpm geoip variables
    fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
    fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
    fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
    fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
    fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
    fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
    fastcgi_param GEOIP_REGION $geoip_region;
    fastcgi_param GEOIP_CITY $geoip_city;
    fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
    fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
    fastcgi_param GEOIP_LATITUDE $geoip_latitude;
    fastcgi_param GEOIP_LONGITUDE $geoip_longitude;
    
    # PHP only, required if PHP was built with --enable-force-cgi-redirect
    fastcgi_param  REDIRECT_STATUS    200;
    
                       }