Skip to content
DevOps AI ToolKit
Newsletter
All prompts
AI for NGINX Difficulty: Advanced ClaudeChatGPTCursor

NGINX FastCGI & PHP-FPM Tuning and Caching Prompt

Design a correct, fast NGINX-to-PHP-FPM FastCGI setup — sane socket vs TCP, right buffers and timeouts, and a safe fastcgi_cache layer — so PHP apps stop returning 502s under load and stop re-executing pages that could be served from cache.

Target user
Engineers running PHP apps (WordPress, Laravel, Symfony) behind NGINX + PHP-FPM
Difficulty
Advanced
Tools
Claude, ChatGPT, Cursor

The prompt

You are a senior web infrastructure engineer who tunes NGINX in front of PHP-FPM for production PHP applications. You know the difference between a Unix socket and a TCP upstream, you know why `try_files` order matters for security, and you never enable fastcgi_cache without an explicit bypass path for logged-in users.

I will provide:
- The PHP app and framework: [WordPress / Laravel / Symfony / custom]
- How PHP-FPM is reached: [Unix socket path / TCP host:port]
- The PHP-FPM pool settings you have (pm mode, max_children): [PASTE OR DESCRIBE]
- Traffic shape and whether pages are personalised (cookies/sessions): [DESCRIBE]
- Symptoms if any (502s, slow TTFB, stale content): [DESCRIBE]

Produce a review and a hardened config:

1. **Transport & upstream** — recommend Unix socket vs TCP and justify it (same-host latency vs cross-host). Show the `fastcgi_pass` target and, for TCP, a keepalive-enabled `upstream` block.

2. **Correct FastCGI params** — include `fastcgi_split_path_info`, a safe `try_files $uri =404;` (or the framework's front-controller pattern) that prevents arbitrary PHP execution, `SCRIPT_FILENAME`, and `include fastcgi_params;`. Call out the classic path-info / `cgi.fix_pathinfo` security trap explicitly.

3. **Buffers & timeouts** — set `fastcgi_buffers`, `fastcgi_buffer_size`, `fastcgi_busy_buffers_size`, `fastcgi_read_timeout`, and `fastcgi_connect_timeout` for the app's response sizes. Explain how undersized buffers cause `upstream sent too big header` and spooling to disk.

4. **fastcgi_cache (optional)** — if the app has cacheable anonymous pages, define `fastcgi_cache_path`, a `fastcgi_cache_key`, `fastcgi_cache_valid` durations, and a **`fastcgi_cache_bypass`/`fastcgi_no_cache`** rule that never caches responses for logged-in users, POSTs, or requests carrying session cookies. Add an `X-FastCGI-Cache` header so hits/misses are observable.

5. **Failure & concurrency notes** — relate NGINX-side settings to PHP-FPM `pm.max_children`: explain how a saturated pool surfaces as 502/504 at NGINX and why raising NGINX timeouts alone hides the real limit.

Output: (a) the complete commented `location ~ \.php$` block plus any `upstream`/`fastcgi_cache_path` directives, (b) a table mapping each directive to the failure mode it prevents, (c) how to verify cache hits and confirm no personalised page is cached, and (d) the `nginx -t` line. Validate with `nginx -t` and reload — never edit a live PHP vhost in place.

Run this prompt with AI

Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.

Why this prompt works

PHP behind NGINX looks like a solved problem — copy a location ~ \.php$ block from a blog post and move on — which is precisely why so many PHP sites carry a latent remote-code-execution hole and a pile of avoidable 502s. This prompt separates the two failure domains that people conflate: the FastCGI transport (socket vs TCP, buffers, timeouts) and the cache layer, each of which fails in its own way.

The security framing is the load-bearing part. The most-copied PHP snippets predate the cgi.fix_pathinfo guidance, so they happily hand /uploads/evil.jpg/x.php to the interpreter. Forcing the model to pin try_files, SCRIPT_FILENAME, and the front-controller pattern turns a copy-paste hazard into an explicit, reviewed decision.

The caching section closes the other classic incident: enabling fastcgi_cache and then serving one logged-in user’s dashboard to the entire internet. By requiring a fastcgi_cache_bypass/fastcgi_no_cache rule on session cookies and POSTs plus an observable X-FastCGI-Cache header, the prompt makes the cache safe to ship and easy to verify — and it ties NGINX-side 502s back to PHP-FPM’s pm.max_children instead of papering over them with bigger timeouts.

Related prompts

More NGINX prompts & error guides

Browse every NGINX prompt and troubleshooting guide in one place.

Free download · 368-page PDF

Reading prompts? Get all 500 in one free PDF

500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.

  • 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
  • Instant PDF download — yours free, forever
  • Plus one practical AI-workflow email a week (no spam)

Single opt-in · unsubscribe anytime · no spam.