• Welcome to FlorianJensen.com

    Welcome to FlorianJensen.com

I recently visited my parents and realised that it would be great to continue to easily access my network at home. Sadly, as a Virgin Media customer, the upload speed is poor, so using the VPN I set up isn’t the answer, as all traffic would always be routed to my home.

Looking around the internet I found the answer to my problem. Even better, it was already available on Tomato Firmware, which I use on my routers. The solution was tinc.

What is tinc

tinc describes themselves as a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. It has a few nifty features, such as encryption, compression, mesh routing and a super simple configuration.

My setup

I am in the fortunate position that both my networks have a Asus RT-N66U, the Asus RT-AC66U is the successor, which both run Tomato Firmware by Shibby. This made the configuration very straightforward. Please make sure that you have the AIO builds, that include tinc as not all builds include it.

Router SetupThe networks were configured with the following IP ranges – for this example we will only look at IPv4, not IPv6:

  • London (LDN):
  • Luxembourg (LUX):

As neither side have static IPs, I also have DynDNS hostnames set up for both.

Now that the basics are there, let’s configure tinc.

Configuring tinc on Tomato Firmware

Log in to your first router, we’ll start with LDN, and head to VPN Tunneling -> Tinc Daemon.

I recommend running Tinc in ‘tun’ mode. For tun, each node must use a different subnet. These subnets must fit with the ‘VPN Netmask’ found in the config tab. In our example, as we’re using 10.X.X.X IP addresses for our networks, we can use the full space, meaning the netmask value would be Tomato by default uses a /24 netmask for it’s networks. You can then add subnets starting from – and everything in between.

Once you set the interface type to tun and set your VPN Netmask, you can set the name for your node. We’ll set this to ldn for our first router, and lux for our second one.

Next we’ll go to the Generate Keys tab and press Generate Keys at the bottom. You should end up with a set of keys like the following:

tinc generated keysStarting with tinc1.1pre11, only Ed25519 keys are required. RSA keys are only needed for backwards comparability in order to connect to tinc1.0 nodes.

Copy both Ed25519 Private Key and RSA Private Key (if you want to support tinc 1.0) into the Config tab.

Next we’ll head to the Hosts tab. We must create an entry for the node itself in the Hosts section. This information will be shared with other nodes to create connections. As such, on the router ldn, you would create a host ldn with the keys from the Generate Keys tab for that router. Copy the public keys into the fields.

For the address, use your static public IP address if you have one, or a DynDNS hostname. In the subnet column, enter the network IP range that you want that host to share. In the case of LDN, it would be, LUX would be

Once you have done this on both routers, you need to add them to each other and select the ConnectTo checkbox. The nodes share the hosts’ information to help them connect to each other. As such, it isn’t necessary to define every node in every router. If Node A and Node B are connected, and Node A and Node C are connected, then Node B and Node C will learn about each other through Node A. Node B and Node C should then be able to communicate directly to each other.

The hosts table should look like something like this:

tinc hosts

Now you just need to hit Save and Start on both routers.

The Status area is active when tinc is running, and will give you some information about the mesh.

tinc status

‘Edges’ and ‘Connections’ show nodes for which ConnectTo was defined in one or both Nodes. If you don’t see a connection between two particular nodes, this doesn’t mean they aren’t communicating directly to each other. It means that neither had ConnectTo defined for the other, which is fine. The ‘info’ button will give you more detailed information about a particular node. Sometime it says “Reachability: unknown” if neither of those nodes have attempted communicating to each other yet.

There must be some path of ConnectTo’s among the network so all nodes can learn of each other.

The ‘Scripts’ tab allow you to define scripts to run whenever a subnet or host becomes available or unavailable.

That’s it. Enjoy your connected network.

Read more

If you browse back through my blog, you’ll see that I’ve been a long time fan of Nokia phones. However, after Nokia switching to Windows Phone, and killing a, in my opinion, superb device with the Nokia N9, I decided to switch to Android. So, May 2012 I got myself the Galaxy S3, which I’m still using today.

I quickly realized I wanted more power as well, such as full access to the filesystem, so I rooted my phone and flashed a custom ROM.

Why root your Android?

Looking back over the last 18 months, I still don’t know why I needed my phone to be rooted. I maybe used it once or twice, for stuff like screen sharing in Airdroid, but there wasn’t really any day to day benefit.

Many people will say that they root it to specific applications that require rooting, backing up of your phone, remove carrier stock applications, etc… but to be honest, I’ve never had the need to. Vodafone kept the bloatware to a minimum and it didn’t really stand in my way.

Custom ROM Galaxy S3 detailsCustom ROM?

So, this is the main reason why I had to root my phone. Wanting to improve performance of my Galaxy S3 and increase battery life, I had a look around to see which custom ROMs would be a good fit. Following a recommendation of a friend of mine, I then went with Android Revolution HD. This ROM kept the Samsung specific apps, such as the Camera app, S Voice, AllShare Cast, etc. It basically was exactly the same interface (TouchWiz) but with a lot of tweaks under the hood. My phone instantly became a lot more responsive and battery life increased as well. Great!

However, there are some risks that come with flashing: You void your warranty with most ROMs. And you may encouter some strange issues down the line. In my case, this happened about 1 year after flashing the custom ROM, my phone got stuck in a reboot loop. Some application seems to have broken my phone. So, there were a few options: I could re-flash the same firmware, and potentially encounter the same issue down the line, or I could try something new.

Following another recommendation by a friend of mine, I decided to try an AOSP (Android Open Source Project) ROM. These run none of the Samsung code, and are generally a lot lighter. I took a look around, and not wanting to stick with 4.1.2 (latest version available for the Galaxy S3 supported by Samsung), I went with a ROM that was based on Android 4.3, CarbonROM.

After struggling a bit to install it (note: you’ll have to manually install all Google Apps!), I finally got it running.

All I could say was: Wow. It’s like having a new phone.

The phone was a lot more responsive. Truly worlds apart. I felt like I just bought a Galaxy S4, but it was free, only costing me an hour of tinkering around — if done right the first time, it’ll take you 10 minutes.

So what did I loose by going with a AOSP ROM?

Well, the Samsung apps. The only app I miss is the Camera app, as the stock Android one takes a bit of getting used to. Besides that, I didn’t notice anything that I’m missing. S Voice, well, I use Google Now which is a lot nicer anyway. And the speed boost makes it worth it. Battery life is similar, if not slightly better compared to the custom ROM I had before. Did I mention it’s a lot faster?

My Galaxy S3 homescreenHaving run CarbonROM for the last 3 weeks, there is no way I’m going back to the original Samsung ROM. It took a bit of customizing but it now looks great and I’m back up and running at full speed. There are a few bugs I’ve encountered, but these are mainly related to Android 4.3 itself and are getting fixed on a daily basis.

All in all, if you’re willing to take the risk of rooting your phone, then going with a AOSP Rom like Carbon Nightlies (the 4.3 branch) is definitely worth a try. But be aware that if something goes wrong, the warranty won’t cover it. I may write a small post with some instructions on how to flash CarbonROM onto your phone in the near future.

Read more

Having spent the last 24 hours trying to get Proxmox to play nice with the new VRack 1.5, it looks like it works perfectly, including online live migration of venet based OpenVZ containers, which didn’t work in VRack 1.0.

The configuration makes eth1 the default card for traffic from vmbr0, however allows eth0 to function alongside it so that you don’t loose out on monitoring features. We also route IPv6 traffic through the VRack on vmbr0 and add additional IP ranges for your VM use to vmbr0.

All the configuration that’s needed is done in: /etc/network/interfaces.

Here is my resulting configuration:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# for Routing
auto vmbr1
iface vmbr1 inet manual
    post-up /etc/pve/kvm-networking.sh
    bridge_ports dummy0
    bridge_stp off
    bridge_fd 0

# vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static
    address 94.23.XXX.10
    network 94.23.XXX.0
    broadcast 94.23.XXX.255
    gateway 94.23.XXX.254
    bridge_ports eth1
    bridge_stp off
    bridge_fd 0
# A secondary IP subnet used for VMs
    up /sbin/ip route add 178.XXX.YYY.128/26 dev vmbr0
        up /sbin/ip route flush cache

#VRack IPv6
iface vmbr0 inet6 static
        address 2001:41d0:XXXX:6810::10
        netmask 56
        post-up /sbin/ip -f inet6 route add 2001:41d0:XXXX:68ff:ffff:ffff:ffff:ff7f dev vmbr0
        post-up /sbin/ip -f inet6 route add default via 2001:41d0:XXXX:68ff:ffff:ffff:ffff:ff7f
        pre-down /sbin/ip -f inet6 route del default via 2001:41d0:XXXX:68ff:ffff:ffff:ffff:ff7f
        pre-down /sbin/ip -f inet6 route del 2001:41d0:XXXX:68ff:ffff:ffff:ffff:ff7f dev vmbr0

auto eth0
iface eth0 inet static
    address 5.XXX.YYY.25
    broadcast 5.XXX.YYY.255
    #Setting up the routing
    up /sbin/ip route flush table 80
    up /sbin/ip route add table 80 to 5.XXX.YYY.0/24 dev eth0
    up /sbin/ip route add table 80 to default via 5.XXX.YYY.254 dev eth0
    up /sbin/ip rule add from 5.XXX.YYY.0/24 table 80 priority 80
    up /sbin/ip route flush cache
    post-down /sbin/ip route flush table 80
Read more

I’ve been spending this morning optimizing the Flosoft.biz website in terms of load times in Browsers, and one key element of that is sending the correct expires headers to allow Browsers to cache the data.

Now, as of Plesk 11.5, you can edit nginx settings via the Control Panel, but this isn’t always straight forward, so I thought I’d write a small tutorial.

In the Control Panel:

  1. Select your Domain
  2. Click Web Server Settings
  3. Scroll down to nginx settings
  4. If you have “Serve static files directly by nginx” checked (which I recommend), you’ll need to remove the file extensions you’re going to use below, such as jpg,gif,…
  5. In the text box “Additional nginx directives” copy / paste the following configuration:

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control “public”;
try_files $uri @fallback;

That’s it. Just hit OK and enjoy a website that sends the correct headers for your static images and CSS.


Read more

One of the legacy systems we still use at Flosoft.biz is Plesk. Over the last few years it has slowly gotten better (don’t worry, it still completely breaks on every version upgrade) and nowadays comes with nginx.

However, I noticed that for some obscure reason, it doesn’t enable GZip compression for the webpages it serves? This is quite odd, having myself worked a lot with nginx over the last few years, it’s a default configuration!

Don’t worry, it’s quite easy to enable it though:

Just edit the following file as root: /etc/nginx/conf.d/gzip.conf

gzip on;
gzip_proxied any;
gzip_types text/plain text/xml text/css application/x-javascript;
gzip_vary on;
gzip_disable “msie6”;

Then run nginx -t to test the configuration and if that’s all ok, restart nginx by running /etc/init.d/nginx restart.

That’s it. Your webserver will now be serving your pages with GZip compression.

Read more

Hello, and welcome to Floian Jensen's personal blog! I hope you like the different articles I like putting on my site; today, I will focus primarily on the ever curious face of design. In this short article, we will use some good examples of web design – and also how some such principles are used by casinos to help them empty your pockets!

The Web Design Tips

Website is the face of our online business and we put hours andWeb design requires quite an effort and an eye for detail hours of hard work to design and develop it. But for our visitors its just a matter of few seconds, to be precise less than 5 seconds to decide if your website is worth their time or not. A website gets just 2-3 seconds to impress visitors and grow interest in them.

Attracting a potential customer is hard enough. Grabbing their interest and retaining them is even more difficult. It’s important to design your site so that user frustration is kept to a minimum, thereby maximizing customer retention. White space – the empty space in between elements – is an often ignored principle of web design. We have so much to fit into our pages that elements get cramped and confused. Since links are the currency of the internet, it stands to reason that you should make them look important. Your links need to be readable, prominent, and in keeping with the style.

How Do Casinos Do It?

If you've ever been to a casino, you know there's a lot going on. Between the sounds, the lights, and the drinks, it's practically an after-hours theme park. An expensive after-hours theme park. They hide the progression of time – making gamblers lose track of time, such as by not having clocks on the walls, or windows to the outside world of sunsets and sunrises.

A casino is a cacophony of wonderful and alluring stimulation: bells ringing, siren-like lights flashing, change clanging, slot wheels whirring, digital sounds beeping – it’s all captivating. Why is it captivating? Because it’s non-verbal communication saying, “Win! Win! Win!” It gives the impression that everyone is indeed winning when, in reality, most are losing.  It’s such a happy place, how can I lose?!

Many of us realize that at a casino, they stack the deck against you. That's why you avoid gambling. If you're staying at a hotel or event near a casino, you might just "dabble." Even if you don't usually gamble, the bells and whistles of a slot machine might draw you in—but that's where casinos make their money.

The biggest proponent of casino design that we think of as being "classic" comes from former gambling addict Bill Friedman, who became a professor teaching about casino management at the University of Nevada Las Vegas, a casino executive, and a casino consultant. In order to revamp the hotels that he had taken over, he studied over eighty Nevada casinos.

The design of a casino floor is a vital tool in getting people to stay inside a casino. Walking into a casino for the first time can be daunting and overwhelming with tables and machines covering almost every inch of the floor. This is not an accident. This crowded layout is used intentionally so that players will find it more difficult to leave the casino. 

As you can see, casinos are out to get you. The good news? They can't influence you if you're not in casono itself. That is why we recommend that, if you want to gamble but want to be immune to the cheap tricks of casino layout, you go to an online casino games for real money, in the safety of your own home. That is definitely the best way Save and send to approvalto go.

Read more

Lured by the enticing aromas, colors, and bustle of a busy Indian kitchen, as a child, Nalini would often be found perched at the kitchen counter by her mother, enjoying the cook's delightful treats. A vegetarian herself, complemented by her belief in Ayurveda and Ayurvedic cooking, Nalini views food and the cooking process as a means to nurturing the soul. Me, Florian Jansen, am about to embark on a journey of taste. In this short article, we will see some of the India’s most iconic dishes – as well as see how you can use locks to your advantage whenever you’re visiting abroad!

The Indian Dishes You Simply Must Add to Your Bucket List!

Rogan Josh. The literal translation for the name of this dish from KIndian cuisine is very spicy, and for a good reason!ashmir is 'red lamb'. The color comes from the Kashmiri dry red chilies used in it. The name may sound fiery but the dish's heat is toned down by the cream that is added at the end.

Butter Chicken – chicken marinated overnight in yoghurt and spices mixture, cooked with a special Makhani sauce made of Butter, tomato puree and various spices that gives the dish its unique and delicious flavor. It is one of the most popular dishes among non-vegetarians throughout the world. It is the pride of Punjabi cuisine.

Tea is a staple beverage throughout India, since the country is one of the largest producers of tea in the world. The most popular varieties of tea grown in India include Assam tea, Darjeeling tea and Nilgiri tea. It is prepared by boiling the tea leaves in a mix of water, milk, and spices such as cardamom, cloves, cinnamon, and ginger.

Locks to the Rescue During Travel

A luggage lock is a lock used to prevent luggage from opening by accident, usually with little or no security in mind, although they may serve as a deterrent to potential thieves. They may be built into luggage, or may be external locks such as padlocks or lockable straps. They are typically relatively simple low security locks.

Screening officers are not allowed to break locks: they can, however, use special tools to open and re-secure recognized and accepted travel locks. These locks are widely used in the U.S. and other countries and can be purchased at travel stores, airports and retailers in Canada and abroad.

Locking luggage protects your belongings, keeps bThis is luggage safety 101ags closed securely and gives travelers peace of mind. Since the onset of baggage screening at airports, many travelers believe that they are not permitted to lock checked bags. Although you can lock your bags, passengers need to be aware of the regulations enforced by the Transportation Security Administration (TSA).

The bottom line is that TSA luggage locks keep both your belongings save from theft and your bag from damage caused by security inspection when flying, though airline baggage handlers can of course damage your bags, which is another matt

If your luggage needs to be physically inspected, a non-TSA-approved lock will be ripped off your bag at security — it's that simple. Purchase one that's been okayed by the TSA (which means that security officers can open it with a master key); the lock should be advertised as such on the label.

Remember that your lock can be damaged during its stay at the airport. Baggage handling systems (conveyor belts and other automated systems) and manual handling all take a toll on your baggage and your lock. The airlines are responsible for damage that exceeds the definition of "normal wear and tear". File a claim with your airline without delay.

Zip ties (also called cable locks) are something that can be used at the airport. They are long plastic ties that lock. They can't be opened unless cut with a scissor or nail clipper, which are allowed to be packed in a carry-on bag. The ends of the plastic ties fit through the zipper pull tabs. They come in all sorts of sizes.

Remember, always, that in the case of a lock emergency, you’re probably better off at getting a locksmith then trying to fix the issue by yourself. So if the emergency strikes, https://www.247locksmithservice.org/mobile-locksmith is a good place to go for some lock-related first aid.

Read more

I never thought I would write this post. I am truly amazed.

A few weeks ago, we decided to port our main phone line after 35 years from Belgacom to OVH VoIP service.

Now, the tricky thing was, the Internet line we have with EDPnet in the house is run via the same phone line. This worried me, thinking that I’d end up with my parents losing internet and phone and with me far away. But hey… let’s try it.

Just to make sure though, I called up Belgacom to ask them how these things normally go. After being on hold for 38 minutes in a seemingly endless queue, I decided to call OVH. A few seconds later, I was talking to someone explaining me the process, however with the disclaimer that the information is based on french operators. So I decided to give my internet provider, EDPnet, a call. There I was told that it will ‘just work’, Belgacom would terminate the line automatically, and they’ll step in with a ‘raw copper’ service. Sounds great!

So I scheduled the number port for the 21st of January. Letters arrived from OVH and Belgacom, verifying that I wanted to go ahead with this, and the 21st of January came closer.

Emails from OVH confirming the Number Port

Emails from OVH confirming the Number Port

On the day, I got 3 emails from OVH confirming every step of the number port. The phone service just switched over. Even internet didn’t disconnect. Everything went smoothly. Unbelievable right?

Next, I got a nice email from EDPnet confirming that they heard about the number port, and that they’ll provide the raw copper service on the same line without interruption.

Screen Shot 2013-01-21 at 22.24.57Great! To be honest, I did NOT expect this to go smoothly at all. Given my past experiences with major telephony operators and complex setups like this (with 3 operators involved), I expected to loose my number, loose internet connectivity for at least a few months etc. But no. It all works. So I’d like to thank OVH, EDPnet and even Belgacom for making this a very smooth transition. Awesome work guys!


Read more

One of the main bottlenecks when running high performance virtualization systems is the harddisk. Now, you could of course switch your entire system over to SSDs, but that is costly and you’ll end up with a lot less storage, or a massive RAID array.

Modern filesystems like ZFS have solved this problem by allowing for ‘hybrid’ systems. These use the traditional harddisks for persistent storage, and use SSD drives in front of them to cache the read and write queries. This way you get the best of both worlds. Nearly SSD performance and the storage size of a traditional drive.

At Flosoft.biz we use Proxmox to power our VPS offers, which uses LVM and EXT4 for it’s filesystem which doesn’t have a ‘SSD caching’ method built into it. Facebook seems to have had a similar issue, so they created FlashCache. Flashcache is a kernel module that allows you to add a block caching partition in front of any other partition of your system, resulting in an amazing speedup of your system.

After having spent a night or two on getting this to work on Proxmox 2, I decided to write a small tutorial here. I’d also like to thank @toxicnaan for his l33t hax0r skillz.


Updating your system

Get your system up to date and make sure you’ve got the latest Kernel.

apt-get update
apt-get dist-upgrade
apt-get install dkms build-essential git


Kernel Headers

You will now need to install the Kernel Headers for your Kernel so that you can compile the module. Make sure you install the correct version of the headers. These need to be the same as the Kernel you’re running.

uname -a # to get your kernel version
apt-get install pve-headers-2.6.32-17-pve # to install the headers for version 2.6.32-17


Get FlashCache

Now that we’ve got the Kernel tools, we can get FlashCache and build it.

git clone git://github.com/facebook/flashcache.git
cd flashcache/

make -f Makefile.dkms boot_conf
make install


Load FlashCache

Next we need to load FlashCache into our running Kernel and make sure it’s loaded upon boot.

modprobe flashcache
echo flashcache >> /etc/modules


Re-purposing the SSD drives

Now it’s time to find a new use for our SSD drives, namely as cache. You can skip this step if your server doesn’t have the SSD drives mounted as /var/lib/vz

umount /var/lib/vz
vgremove pve
pvremove /dev/md2


Re-purposing the 2 HDD drives

Now let’s prepare the 2 HDD drives to be used as the storage for /var/lib/vz.

umount /data
pvcreate /dev/md0
lvcreate -l 100%VG -n storage pve
mkfs.ext4 /dev/mapper/pve-storage


Creating the FlashCache partition

Now let’s create the FlashCache partition on the SSD drives & mount it.

flashcache_create -p back pvec-storage /dev/md2 /dev/mapper/pve-storage
mount /dev/mapper/pvec-storage /var/lib/vz
echo 1 > /proc/sys/dev/flashcache/md2+pve-storage/fast_remove


Editing /etc/fstab

Next step is to edit /etc/fstab and remove the /data and /var/lib/vz mounts. If you forget to do this (as I did for quite a while), your server will struggle to boot on it’s own, and you’ll end up with the datacenter techs thinking you’re an idiot 🙂

vi /etc/fstab


The init.d file

This next step is important. We need to add an init.d file to do some operations, like mounting the filesystem and cleaning it up. It will also unmount the drive before shutting down, as if you don’t do this, your kernel will freeze on shutdown. Make sure you edit your file according to your needs.


# Start or stop Flashcache

# Provides:          flashcache
# Required-Start:
# Required-Stop:     $remote_fs $network pvedaemon
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Flashcache SSD caching
# Description:       Flashcache SSD caching


flashcache_start() {
if df -h | grep /var/lib/vz > /dev/null
echo "Flashcache allready running"
flashcache_load /dev/md2
mount /dev/mapper/pvec-storage /var/lib/vz
#mount /dev/mapper/pve-backup /mnt/backup
echo 1 > /proc/sys/dev/flashcache/md2+pve-storage/fast_remove
echo "Flashcache started"

flashcache_stop() {
if df -h | grep /var/lib/vz > /dev/null
#umount /mnt/backup
umount /var/lib/vz
dmsetup remove pvec-storage
echo "Flashcache stopped"
echo "Flashcache not running"

case "$1" in


        $0 stop
        $0 start

exit 0


Enabling the init.d file.

Now we need to make the file executable and make sure it’s run on boot.

chmod +x /etc/init.d/flashcache
update-rc.d flashcache defaults


Give it a spin

Right, that should do it. Reboot your machine and see if it comes back.


If all went well, your drive should be mounted with FlashCache in between.

root@vh43:~# df -h
Filesystem            Size  Used Avail Use% Mounted on
none                   32G  256K   32G   1% /dev
/dev/md1               10G  1.3G  8.2G  14% /
tmpfs                  32G     0   32G   0% /lib/init/rw
tmpfs                  32G     0   32G   0% /dev/shm
/dev/fuse              30M   12K   30M   1% /etc/pve
                      1.8T  196M  1.7T   1% /var/lib/vz

You can also see the statistics of FlashCache by running:

cat /proc/flashcache/md2+pve-storage/flashcache_stats

That’s it! Your Proxmox system should now have it’s VMs on the FlashCache drive.

If you have any questions or feedback, just leave them below.


Read more

This guide will guide you through the process of setting up PHP-FPM and nginx on your Mac OSX 10.8 Mountain Lion using MacPorts.

Installing XCode

For starters, you need MacPorts installed. This requires XCode and XCode’s Command Line tools. You can get XCode off the Apple Store. Once installed, go to preferences and install the Command Line tools.

Next install MacPorts. Just go to this page and download the pkg for your version of OSX.

Once that’s done, we’re ready to start.

Installing PHP-FPM

First, let’s install PHP-FPM:

sudo port install php54-fpm

Now we’ll also need to copy the config file:

sudo cp /opt/local/etc/php54/php-fpm.conf.default /opt/local/etc/php54/php-fpm.confsudo cp /opt/local/etc/php54/php.ini-development /opt/local/etc/php54/php.ini

That’s PHP sorted. If you want to install any PHP extensions, just use port install php54-EXTENSION.

Installing nginx

Next, we install nginx and copy the config files into the right place.

sudo port install nginx
 sudo cp -p /opt/local/etc/nginx/fastcgi.conf.example /opt/local/etc/nginx/fastcgi.conf
 sudo cp /opt/local/etc/nginx/fastcgi_params.example /opt/local/etc/nginx/fastcgi_params
 sudo cp /opt/local/etc/nginx/mime.types.example /opt/local/etc/nginx/mime.types
 sudo cp /opt/local/etc/nginx/nginx.conf.example /opt/local/etc/nginx/nginx.conf
 sudo mkdir /opt/local/etc/nginx/conf.d


That’s it. Now you can go ahead and configure nginx to your liking by editing the file:


I have also changed some configuration files to make PHP work properly off my ~/Sites/ folder.

Edit /opt/local/etc/php54/php.ini:


This will help with the nginx config.

Edit the fastcgi_params file:

sudo vi /opt/local/etc/nginx/fastcgi_params

It should look like this:

fastcgi_param   QUERY_STRING            $query_string;
fastcgi_param   REQUEST_METHOD          $request_method;
fastcgi_param   CONTENT_TYPE            $content_type;
fastcgi_param   CONTENT_LENGTH          $content_length;

fastcgi_param   SCRIPT_FILENAME         $request_filename;
fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
fastcgi_param   REQUEST_URI             $request_uri;
fastcgi_param   DOCUMENT_URI            $document_uri;
fastcgi_param   DOCUMENT_ROOT           $document_root;
fastcgi_param   SERVER_PROTOCOL         $server_protocol;

fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;

fastcgi_param   REMOTE_ADDR             $remote_addr;
fastcgi_param   REMOTE_PORT             $remote_port;
fastcgi_param   SERVER_ADDR             $server_addr;
fastcgi_param   SERVER_PORT             $server_port;
fastcgi_param   SERVER_NAME             $server_name;

fastcgi_param   HTTPS                   $https;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param   REDIRECT_STATUS         200;

And finally, add a location to your nginx configuration for PHP:

sudo vi /opt/local/etc/nginx/nginx.conf

Here’s my config:

        location ~ \.php$ {
            root   /Users/florian/Sites;
            fastcgi_index  index.php;
            include        fastcgi_params;

That’s it for the configuration.

Tweaking .bash_profile

Lastly, we’ll add some lines to your .bash_profile to make it easier to start and stop nginx and php_fpm.

vi ~/.bash_profile

And then add the following:

# nginx
 alias nginx_start='sudo launchctl load -w /Library/LaunchDaemons/org.macports.nginx.plist'
 alias nginx_stop='sudo launchctl unload -w /Library/LaunchDaemons/org.macports.nginx.plist'
 alias nginx_restart='nginx_stop; nginx_start;'
alias fpm_start=’sudo launchctl load -w /Library/LaunchDaemons/org.macports.php54-fpm.plist’
 alias fpm_stop=’sudo launchctl unload -w /Library/LaunchDaemons/org.macports.php54-fpm.plist’
 alias fpm_restart=’fpm_stop; fpm_start’
Boom! That’s it. You’ve now got nginx and php-fpm running on your Mac.
Read more