基本上是翻譯這篇:
http://www.if-not-true-then-false.com/2011/install-nginx-php-fpm-on-fedora-centos-red-hat-rhel/
加上一些我個人實裝記錄
此篇以CentOS 7 為主要OS
安裝
首先先安裝第三方Repo
## Remi Dependency on CentOS 7 and Red Hat (RHEL) 7 ##
rpm -Uvh http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm
## CentOS 7 and Red Hat (RHEL) 7 ##
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
並編輯(產生) /etc/yum.repo.d/nginx.repo
內容如下:
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
|
之後就下指令安裝nginx, php-fpm, php
yum --enablerepo=remi,remi-php55 install nginx php-fpm php-common
然後再安裝PHP會用到的module
yum --enablerepo=remi,remi-php55 install php-opcache php-pecl-apcu php-cli php-pear php-pdo php-mysqlnd php-pgsql php-pecl-mongo php-sqlite php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml
|
我有再另外增加 php-intl
在CentOS 7
啟動service的方式已經不同
之前都是 /etc/init.d/xxx start
來啟動
現在變成要透過 systemctl 的指令
#systemctl start nginx.service
#systemctl start php-fpm.service
手動啟動nginx與php-fpm之後
應該就可以在瀏覽器看到nginx歡迎頁面了
ps. 本機IP為 127.0.0.1 或使用 ifconfig 查看當前 ip
若無法瀏覽可使用 #systemctl status nginx.service 查看啟動狀態
或是 #netstat -nulpt 指令查看是否有開啟80 port
若都正常可嘗試暫時清除iptable的規則 #iptables -F
或是暫時關閉 SELinux ,#setenforce 0
成功後就可以加入開機自動啟動了
systemctl enable nginx.service
systemctl enable php-fpm.service
|
Nginx設定
接下來就沒有完全依照網站上的步驟
但都大致相同
首先要先設定Nginx的Virtual Host
建立多網站資料夾
#mkdir /srv/www
#mkdir /srv/www/sites
#mkdir /srv/www/sites/test
#mkdir /srv/www/logs
#mkdir /srv/www/logs/test
修改權限
#chown -R apache:apache /srv/www
#chown -R nginx:nginx /srv/www/logs
這邊要注意的是,我把www整個資料夾擁有者指定給apache
是因為php-fpm預設使用apache的user & group解析(執行)php
如果要指定成別的user:group 就要記得修改 /etc/php-fpm.d/www.conf
最後也另外指定logs資料夾給nginx
之後在/etc/nginx新增兩個資料夾
#mkdir /etc/nginx/sites-available
#mkdir /etc/nginx/sites-enabled
修改 /etc/nginx/nginx.conf
在
include /etc/nginx/conf.d/*.conf;
下面增加
## Load virtual host conf files. ##
include /etc/nginx/sites-enabled/*;
|
並且在sites-available新增一個Virtual Host config
#vim /etc/nginx/sites-available/test_site
內容為
server {
server_name YOUR_SERVER_NAME;
access_log /srv/www/logs/test/access.log;
error_log /srv/www/logs/test/error.log;
root /srv/www/sites/test;
location / {
index index.html index.htm index.php;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /srv/www/sites/test$fastcgi_script_name;
}
}
|
之後在 sites-enabled 資料夾產生 soft link
cd /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/test_site
|
並且重新啟動 nginx
#systemctl restart nginx.service
最後在根目錄下產生一個測試的php檔案
vim /srv/www/sites/test/index.php
內容為
這時再重新整理
應該就可以看見phpinfo的內容
如果出現Error 403
那要設定一下SELinux
chcon -R -t httpd_sys_content_t /srv/www/sites/test
## Or some apps might need httpd_sys_rw_content_t ##
chcon -R -t httpd_sys_rw_content_t /srv/www/sites/test
|
設定 iptables
在 CentOS 7 已經無法像之前一樣
直接修改 /etc/sysconfig/iptables
真是不太方便
而且要用一個沒用過的指令
firewall-cmd
firewall-cmd --permanent --zone=public --add-service=http
## OR ##
firewall-cmd --permanent --zone=public --add --port=80/tcp
|
我是用
#firewall-cmd --permanent --zone=public --add-port=80/tcp
之後再重新啟動 iptable
#systemctl restart firewalld.service
這樣就大功告成摟!
安裝 MariaDB
安裝
#yum install mariadb mariadb-server
啟動
#systemctl start mariadb.service
開機啟動
#systemctl enable mariadb.service
執行MySQL安全設定script
#/usr/bin/mysql_secure_installation
過程如下所示
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we\'ll need the current
password for the root user. If you\'ve just installed MariaDB, and
you haven\'t set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from \'localhost\'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named \'test\' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you\'ve completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
|
另一個重點是
程式用的帳號都要另外創建
而且權限只能使用某個DB
除非有用cluster或要跟其他DB sync
才要設定 Listen port 3306 on Internet
不然就都 Listen localhost