What performs better on a RasPi: Apache, Lighttpd or Nginx?

Improving WordPress performance

Immediately after Nginx installation, my server response time increased to more than 8 seconds. I was able to solve this problem by removing several widgets and all plugins for WordPress optimization which were installed previously. Next, I installed the W3 total cache plugin and enabled most of it’s default features, except CDN, Reverse Proxy, Monitoring, Debug and everything that’s found under Miscellaneous settings. Make sure to have zlib_compression disabled in /etc/php5/fpm/php.ini.

zlib.output_compression = Off

The W3 total cache plugin generates a configuration file (nginx.conf) within the server’s root directory (/var/www). I copied all settings between the lines reading #BEGIN W3TC Minify cache and #END W3TC Minify core into the server{} block of my /etc/nginx/sites-enabled/default file. As a result, the server response dropped to 0.5 to 2 seconds which is a tremendous improvement. All content is delivered as “static” pages and doesn’t need to be prepared each time by running a bunch of php scripts, consuming precious RAM and CPU time on the Pi.

Other Tweaks

By browsing my log files, I noticed frequent login attempts trying to guess user names and passwords. Therefore, you should block all queries for author names on your server such as:

http://localhost/wordpress/?author=1

Queries can be filtered by placing some regular expressions into the server{} block of /etc/nginx/sites-available/default:

if ($query_string ~ ^/?author=([0-9]*)) {
                return 444;
}

I observed that these attempts frequently come from specific IP adressess. Although you may want to install an IP-filter to block them, you can add an additional layer of security by blocking specific browser languages:

if ( $http_accept_language ~ ^(..) ) {
        set $lang $1;
}

# replace xx, yy, zz with the country code you want to block 
if ($lang ~* (xx|yy|zz)) {
                return 444;
}

A list of two-character country codes can be found on this page. To add an additional layer of security, you should also restrict access to the WordPress backend by protecting the wp-admin folder with a password. To store encrypted passwords in an htpasswd file, you must first apt-get install apache2-utils. Passwords can be stored with:

$ htpasswd -c /etc/nginx/htpasswd

At best, create a user name that doesn’t exist on your RasPi or WordPress installation. Furthermore, place the following lines into the server{} block of /etc/nginx/sites-available/default and sudo service reload nginx.

location ~* /wp-login.php {
                auth_basic "Restricted Area: Admin";
                auth_basic_user_file /etc/nginx/htpasswd;
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
}

Conclusion

Nginx turned out to be the right choice for the Raspberry Pi. It’s easy to configure and performs well in combination with the W3 total cache plugin.

Leave a Reply

  Subscribe  
Notify of