Host Multiple Websites Securely With Nginx And Php7.0-fpm On Debian Jessie

Note : Example website is site1

Create User and User Group
# groupadd site1
# useradd -g site1 site1

If you need to provide someone with direct access to the files of this site, then you should create a password for this user with the command:
# passwd site1

Create a new php-fpm pool
# nano /etc/php/7.0/fpm/pool.d/site1.conf

This file should contain:
[site1]
user = site1
group = site1
listen = /run/php/php7.0-fpm-site1.sock
listen.owner = www-data
listen.group = www-data
php_admin_value[disable_functions] = exec,passthru,shell_exec,system
php_admin_flag[allow_url_fopen] = off
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /

In addition, we'll disable the default php caching provided by opcache.
# nano /etc/php/7.0/mods-available/opcache.ini

Add to the last line
opcache.enable=0

Restart php-fpm
# service php7.0-fpm restart

Verify that the new pool is properly running by searching for its processes like this:
# ps aux |grep site1

If you have followed the exact instructions up to here you should see output similar to:
site1   14042  0.0  0.8 133620  4208 ?        S    14:45   0:00 php-fpm: pool site1
site1   14043  0.0  1.1 133760  5892 ?        S    14:45   0:00 php-fpm: pool site1

Creating nginx virtualhost
# nano /etc/nginx/sites-available/site1

This file should contain:
server {
    listen 80;

    root /home/site1/public_html;
    index index.php index.html index.htm;

    server_name site1.example.org;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.0-fpm-site1.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

Create a symlink for enabling site1 virtualhost:
# ln -s /etc/nginx/sites-available/site1 /etc/nginx/sites-enabled/site1

Restart nginx
# service nginx restart

Posted under Webserver