Does Nginx need to have access to php files

If using nginx + php-fpm, does nginx need to have access to the php files?

Context: building a kuberentes pod, with two containers: nginx and php-fpm, we can built the php code into php-fpm container. It's possible to share the php files with volumes, but is it really needed?

Please correct my understanding: nginx will just forward a pre-processed request to php-fpm (using fast-cgi protocol) which will execute the script. So php-fpm needs to read php files. However I don't see the reason why would nginx need to, apart from checking if script is found or not. It could send the script name to php-fpm without accessing the php file.

Thanks


Solution 1:

No, it doesn't need access to the files unless you use try_files. You can safely use a remote socket as upstream without needing to populate the files on the nginx container. php-fpm uses the fcgi protocol which passes the path of the file to process as the SCRIPT_NAME and SCRIPT_FILENAME fcgi parameters.

Solution 2:

In the standard nginx and php-fpm design try_files checks for the existence of a file and then sends the file path to php-fpm over a TCP/IP or unix socket for execution so nginx needs to be able to see the file - nginx is the file server whether the file is a static html file or a script, and php-fpm is the processor in this case.