ArchLinux:Nginx: Difference between revisions
From Wiki³
(→NGINX) |
|||
| Line 13: | Line 13: | ||
Next create the environment for the web server. | Next create the environment for the web server. | ||
{{Console|1=sudo mkdir -p /nginx/conf.d /nginx/https /nginx/logs /nginx/sql /nginx/ssl /nginx/vhosts.d}} | {{Console|1=sudo mkdir -p /nginx/conf.d /nginx/https /nginx/logs /nginx/sql /nginx/ssl /nginx/vhosts.d}} | ||
{{margin}} | |||
{{Console|1=sudo chown -R http:http /nginx}} | |||
{{margin}} | {{margin}} | ||
{{Console|1=sudo chmod -R 770 /nginx}} | {{Console|1=sudo chmod -R 770 /nginx}} | ||
| Line 19: | Line 21: | ||
{{margin}} | {{margin}} | ||
{{Console|1=sudo gpasswd -a {{cyanBold|username}} http}} | {{Console|1=sudo gpasswd -a {{cyanBold|username}} http}} | ||
Set the default shell for {{mono|http}} to Bash. | |||
{{Console|1=sudo chsh http<br/>New shell [/usr/bin/nologin]: {{cyanBold|/bin/bash}}}} | |||
== {{Icon|notebook}} Database == | == {{Icon|notebook}} Database == | ||
=== PostgreSQL === | === PostgreSQL === | ||
| Line 64: | Line 68: | ||
{{Console|1=sudo mysql -u root -p}} | {{Console|1=sudo mysql -u root -p}} | ||
Add a new mysql user account. | Add a new mysql user account. | ||
{{Console|1=MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO '{{cyanBold|kyau}}'@'localhost' IDENTIFIED BY '{{cyanBold|user_password}}' WITH GRANT OPTION;}} | {{Console|1=MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO '{{cyanBold|kyau}}'@'localhost' {{greenBold|\}}<br/>  IDENTIFIED BY '{{cyanBold|user_password}}' WITH GRANT OPTION;}} | ||
== {{Icon|notebook}} PHP Configuration == | == {{Icon|notebook}} PHP Configuration == | ||
First remove the default pool. | First remove the default pool. | ||
| Line 72: | Line 76: | ||
{{margin}} | {{margin}} | ||
{{Console|title=/etc/php/php-fpm.d/defaults.inc|prompt=false|1=user {{=}} http<br/>group {{=}} http<br/>listen {{=}} /run/php-fpm/php-fpm-$pool.sock<br/>listen.owner {{=}} http<br/>listen.group {{=}} http<br/>{{blackBold|; process configuration}}<br/>pm {{=}} dynamic<br/>pm.max_children {{=}} 5<br/>pm.start_servers {{=}} 2<br/>pm.min_spare_servers {{=}} 1<br/>pm.max_spare_servers {{=}} 3<br/>{{blackBold|; php.ini changes}}<br/>php_admin_flag[expose_php] {{=}} off<br/>php_admin_flag[log_errors] {{=}} on<br/>php_admin_flag[short_open_tag] {{=}} on<br/>php_admin_value[date.timezone] {{=}} America/Los_Angeles<br/>php_admin_value[error_log] {{=}} /nginx/logs/$pool/php.log<br/>php_admin_value[memory_limit] {{=}} 256M<br/>php_admin_value[post_max_size] {{=}} 2048M<br/>php_admin_value[session.save_path] {{=}} /tmp<br/>php_admin_value[upload_max_filesize] {{=}} 2048M}} | {{Console|title=/etc/php/php-fpm.d/defaults.inc|prompt=false|1=user {{=}} http<br/>group {{=}} http<br/>listen {{=}} /run/php-fpm/php-fpm-$pool.sock<br/>listen.owner {{=}} http<br/>listen.group {{=}} http<br/>{{blackBold|; process configuration}}<br/>pm {{=}} dynamic<br/>pm.max_children {{=}} 5<br/>pm.start_servers {{=}} 2<br/>pm.min_spare_servers {{=}} 1<br/>pm.max_spare_servers {{=}} 3<br/>{{blackBold|; php.ini changes}}<br/>php_admin_flag[expose_php] {{=}} off<br/>php_admin_flag[log_errors] {{=}} on<br/>php_admin_flag[short_open_tag] {{=}} on<br/>php_admin_value[date.timezone] {{=}} America/Los_Angeles<br/>php_admin_value[error_log] {{=}} /nginx/logs/$pool/php.log<br/>php_admin_value[memory_limit] {{=}} 256M<br/>php_admin_value[post_max_size] {{=}} 2048M<br/>php_admin_value[session.save_path] {{=}} /tmp<br/>php_admin_value[upload_max_filesize] {{=}} 2048M}} | ||
Enable all third party PHP extensions that were installed. | |||
{{Console|1=sudo find . -type f -name '*.ini' -exec sed -i -e 's/^;extension/extension/g' {{greenBold|\}}<br/>  -e 's/^;zend_extension/zend_extension/g' -e 's/^;xdebug/xdebug/g' {} +}} | |||
Enable global PHP extensions. | Enable global PHP extensions. | ||
{{Console|1=sudoedit /etc/php/conf.d/defaults.ini}} | {{Console|1=sudoedit /etc/php/conf.d/defaults.ini}} | ||
| Line 82: | Line 88: | ||
Be sure to set the file permissions properly. | Be sure to set the file permissions properly. | ||
{{Console|1=sudo chmod 644 /etc/php/conf.d/defaults.ini /etc/php/php-fpm.d/*}} | {{Console|1=sudo chmod 644 /etc/php/conf.d/defaults.ini /etc/php/php-fpm.d/*}} | ||
Start and enable the {{mono|php-fpm}} service. | |||
{{Console|1=sudo systemctl enable --now php-fpm.service}} | |||
[[Category:Arch Linux]] | [[Category:Arch Linux]] | ||
Revision as of 13:56, 2 May 2021
Back to Category:Arch Linux
Introduction
Introduction NGINX
Beforehand be sure to determine weather the web server will be using MySQL (ie. MariaDB) or PostgreSQL.
Begin by installing NGINX, PHP and other required utilities.
| # pikaur -S apache-tools composer curl minify nginx php-fpm sassc wget |
Install all of the required PHP extensions.
| # pikaur -S php-gd php-geoip php-imagick php-intl php-memcache php-odbc php-sqlite php-sodium xdebug |
Next create the environment for the web server.
| # sudo mkdir -p /nginx/conf.d /nginx/https /nginx/logs /nginx/sql /nginx/ssl /nginx/vhosts.d |
| # sudo chown -R http:http /nginx |
| # sudo chmod -R 770 /nginx |
| # sudo chmod 750 /nginx/sql |
| # sudo gpasswd -a username http |
Set the default shell for http to Bash.
| # sudo chsh http New shell [/usr/bin/nologin]: /bin/bash |
Database
DatabasePostgreSQL
Using postgresql as a back-end will require the following setup and configuration.
| # pikaur -S postgresql php-pgsql |
| # sudo chown postgres:postgres /nginx/sql |
| # sudo gpasswd -a username postgres |
Swap over to the postgresql user account.
| # sudo -iu postgres |
Run the database initialization.
| # initdb --locale en_US.UTF-8 -E UTF8 -D '/nginx/sql/data' |
Return to the normal user account.
| # exit |
Modify the systemd service file to reflect the new data directory.
| # sudo systemctl edit postgresql.service |
filename: postgresql.service
| Environment=PGROOT=/nginx/sql PIDFile=/nginx/sql/postmaster.pid |
Start and enable the systemd service.
| # sudo systemctl enable --now postgresql.service |
Swap back over to the postgresql user account.
| # sudo -iu postgres |
Create a new postgres user account.
| # createuser -P --interactive Enter name of role to add: username Enter password for new role: ******** Enter it again: ******** Shall the new role be a superuser? (y/n) n Shall the new role be allowed to create databases? (y/n) y Shall the new role be allowed to create more new roles? (y/n) n |
MariaDB
Using mariadb as a back-end will require the following setup and configuration.
| # pikaur -S mariadb |
| # sudo chown mysql:mysql /nginx/sql |
Give the current logged in user access.
| # sudo gpasswd -a username mysql |
Create and initialize the data directory.
| # mariadb-install-db --user=mysql --basedir=/usr --datadir=/nginx/sql |
| # sudoedit /etc/my.cnf.d/server.cnf |
filename: /etc/my.cnf.d/server.cnf
| [mysqld] datadir=/nginx/sql |
Start and enable the MySQL service.
| # sudo systemctl enable --now mariadb.service |
Secure the installation and set the root password.
| # sudo mysql_secure_installation |
 | The default mysql root password is none |
Connect to mysql using the root account and the password you previously set.
| # sudo mysql -u root -p |
Add a new mysql user account.
| # MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'kyau'@'localhost' \ IDENTIFIED BY 'user_password' WITH GRANT OPTION; |
PHP Configuration
First remove the default pool.
| # sudo rm /etc/php/php-fpm.d/www.conf |
Create the defaults for all pools.
| # sudoedit /etc/php/php-fpm.d/defaults.inc |
filename: /etc/php/php-fpm.d/defaults.inc
| user = http group = http listen = /run/php-fpm/php-fpm-$pool.sock listen.owner = http listen.group = http ; process configuration pm = dynamic pm.max_children = 5 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 3 ; php.ini changes php_admin_flag[expose_php] = off php_admin_flag[log_errors] = on php_admin_flag[short_open_tag] = on php_admin_value[date.timezone] = America/Los_Angeles php_admin_value[error_log] = /nginx/logs/$pool/php.log php_admin_value[memory_limit] = 256M php_admin_value[post_max_size] = 2048M php_admin_value[session.save_path] = /tmp php_admin_value[upload_max_filesize] = 2048M |
Enable all third party PHP extensions that were installed.
| # sudo find . -type f -name '*.ini' -exec sed -i -e 's/^;extension/extension/g' \ -e 's/^;zend_extension/zend_extension/g' -e 's/^;xdebug/xdebug/g' {} + |
Enable global PHP extensions.
| # sudoedit /etc/php/conf.d/defaults.ini |
filename: /etc/php/conf.d/defaults.ini
| extension=bz2 extension=exif extension=gd extension=gettext extension=gmp extension=iconv extension=intl extension=sodium extension=mysqli extension=odbc extension=pdo_mysql extension=pdo_odbc extension=pdo_sqlite extension=sockets extension=sqlite3 ; opcache zend_extension=opcache opcache.enable = 1 opcache.interned_strings_buffer = 8 opcache.max_accelerated_files = 10000 opcache.memory_consumption = 128 opcache.save_comments = 1 opcache.revalidate_freq = 1 |
Create a php-fpm pool for the domain being setup (use a different pool for each domain).
| # sudoedit /etc/php/php-fpm.d/domain_com.conf |
filename: /etc/php/php-fpm.d/domain_com.conf
| ; $KYAULabs: domain_com.conf,v 1.0.0 2021/05/01 12:36:14 kyau Exp $ [domain_com] include = /etc/php/php-fpm.d/defaults.inc env[HOSTNAME] = domain.com env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp ; vim: ft=dosini sw=4 ts=4 noet: |
Be sure to set the file permissions properly.
| # sudo chmod 644 /etc/php/conf.d/defaults.ini /etc/php/php-fpm.d/* |
Start and enable the php-fpm service.
| # sudo systemctl enable --now php-fpm.service |
