Basic Server Setup
1 2 3 |
# update system sudo yum install epel-release -y sudo yum update -y |
1 2 |
# temporary switches off SELinux enforcing sudo setenforce 0 |
1 2 3 4 5 6 7 8 9 |
# setup timezone sudo rm /etc/localtime sudo ln -s /usr/share/zoneinfo/Hongkong /etc/localtime # setup ntp service sudo yum -y install ntp sudo ntpdate pool.ntp.org sudo systemctl enable ntpd sudo systemctl start ntpd |
Setup NGINX and PHP-FPM
1 2 3 4 |
# install NGINX and PHP with PHP-FPM sudo yum install -y vim nginx php php-fpm php-mbstring php-gd php-bcmath php-mcrypt php-tidy php-xml php-xmlrpc php-soap php-mysql php-pdo php-devel sudo systemctl enable nginx php-fpm sudo systemctl start nginx php-fpm |
Update Configuration
1 2 3 4 5 |
# update PHP configuration sudo vi /etc/php.ini :%s#;date.timezone =#date.timezone = Asia/Hong_Kong# :%s#expose_php = On#expose_php = Off# :wq |
1 2 3 4 |
# update php-fpm configuration sed -i 's/^user =.*$/user = nginx/g' /etc/php-fpm.d/www.conf sed -i 's/^group =.*$/group = nginx/g' /etc/php-fpm.d/www.conf cat /etc/php-fpm.d/www.conf |
1 2 3 4 5 6 |
# update NGINX configuration sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak sudo tac /etc/nginx/nginx.conf.bak | awk '!p && /}/{print "\n}\n include /etc/nginx/vhosts/*.conf;";p=1;next} 1' | tac \ | awk '!p && /server {/{print " index index.php index.html index.htm;\n";p=1} 1' \ | awk '!p && /root/{print " root /var/www/html;";p=1;next} 1' \ | sudo tee /etc/nginx/nginx.conf |
1 2 3 4 5 6 |
# create folders and update permission sudo mkdir -p /etc/nginx/vhosts/ sudo mkdir -p /var/www/html/ sudo mkdir -p /var/www/vhosts/ sudo chown nginx:nginx /var/www/html/ -R sudo chown nginx:nginx /var/www/vhosts/ -R |
Create Virtual Hosts
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# create dummy virtual host sudo cat > /etc/nginx/vhosts/example.com.conf <<- "EOF" # redirect to www ##server { ## listen 80; ## server_name example.com; ## return 301 http://www.example.com$request_uri; ##} server { listen 80; server_name www.example.com; root /var/www/vhosts/example.com/www; location / { try_files $uri $uri/ /index.php?$args; } location ~ .php$ { #fastcgi_pass unix:/var/run/php-fpm.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index /index.php; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_read_timeout 300; } } EOF |
1 2 3 4 5 |
# create ip vhost from dummy virtual host cat /etc/nginx/vhosts/example.com.conf | sed '/^#/ d' | sed "s/[www.]*example.com/10.0.6.29/" | sudo tee /etc/nginx/vhosts/10.0.6.29.conf sudo mkdir -p /var/www/vhosts/10.0.6.29/www/ echo "<?php phpinfo();" | sudo tee /var/www/vhosts/10.0.6.29/www/index.php sudo nginx -s reload |
1 2 3 4 5 |
# create www vhost from dummy virtual host cat /etc/nginx/vhosts/example.com.conf | sed "s/example.com/yctin.com/" | sed "s/##//" | sudo tee /etc/nginx/vhosts/yctin.com.conf sudo mkdir -p /var/www/vhosts/yctin.com/www/ echo "<?php phpinfo();" | sudo tee /var/www/vhosts/yctin.com/www/index.php sudo nginx -s reload |
1 2 3 4 5 |
# create subdomain vhost from dummy virtual host cat /etc/nginx/vhosts/example.com.conf | sed '/^#/ d' | sed "s/example.com/yctin.com/g" | sed "s/www\./demo\./g" | sed "s/www;/demo;/g" | sudo tee /etc/nginx/vhosts/yctin.com.conf sudo mkdir -p /var/www/vhosts/yctin.com/demo/ echo "<?php phpinfo();" | sudo tee /var/www/vhosts/yctin.com/demo/index.php sudo nginx -s reload |
Setup Firewall (Optional)
1 2 3 4 5 6 7 |
# setup firewall sudo yum install firewalld -y sudo systemctl enable firewalld sudo systemctl start firewalld sudo firewall-cmd --add-service=http --permanent sudo firewall-cmd --add-service=https --permanent sudo systemctl restart firewalld |
SELinux Settings (Optional for SELinux enabled)
1 2 3 4 5 6 7 8 9 10 |
# update selinux policy, required for selinux enabled (p.s. not best practice) sudo setsebool -P httpd_anon_write 1 sudo chcon -u system_u -t httpd_sys_rw_content_t /var/www/html -R sudo chcon -u system_u -t httpd_sys_rw_content_t /var/www/vhosts/ -R # Allow PHP connect network setsebool -P httpd_can_network_connect 1 # Allow PHP connect remote database setsebool -P httpd_can_network_connect_db 1 |
Reboot after Setup
1 |
sudo reboot |