Install nginx php7 and config firewalld in CentOS 7.6

1. 服务器环境

系统:CentOS 7.6
防火墙:firewalld

1.1. 防火墙配置

此防火墙为 CentOS 7.6 自带自启动,默认没有任何通路出去,你只能从外面ping的通,ssh连接,其他什么也做不了。

下面我们开放两个端口,一个是 80/TCP ,一个是自定义的ssh连接端口 123/TCP.

Run:

$ firewall-cmd --permanent --add-port=80/tcp
$ firewall-cmd --permanent --add-port=123/tcp

  1. firewall-cmd:是Linux提供的操作firewall的一个工具;
  2. –permanent:表示设置为持久;
  3. –add-port:标识添加的端口;
  4. –zone=public:指定的zone为public(不加此参数默认都是添加到这里).

默认的,通过命令行添加的规则会添加到文件: /etc/firewalld/zones/public.xml .

添加完毕上面的规则后,样子看起来如下:

<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="dhcpv6-client"/>
<service name="ssh"/>
<port protocol="tcp" port="80"/>
<port protocol="tcp" port="61744"/>
</zone>

1.2. firewall常用命令

重启、关闭、开启firewalld.service服务:

service firewalld restart 重启
service firewalld start 开启
service firewalld stop 关闭

查看firewall服务状态:

systemctl status firewall

查看firewall的状态:

firewall-cmd --state

查看防火墙规则:

firewall-cmd --list-all

关闭firewall:

service firewalld stop
systemctl disable firewalld.service #禁止firewall开机启动


2. Docker 安装和配置

Quick reference:

主要依赖帮助页操作的,下面的是我操作过程中的命令:

2.1.Uninstall old versions

$ sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine

2.2. Install using the repository

$ sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2

$ sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

$ sudo yum-config-manager --enable docker-ce-edge

$ sudo yum-config-manager --enable docker-ce-test

$ sudo yum install docker-ce

2.3. Uninstall Docker CE

Uninstall the Docker package:

$ sudo yum remove docker-ce

Images, containers, volumes, or customized configuration files on your host are not automatically removed. To delete all images, containers, and volumes:

$ sudo rm -rf /var/lib/docker


3. Nginx 安装和配置

3.1. Install by docker

https://hub.docker.com/_/nginx?tab=description

再三考虑,Docker用于生产环境心里没底,主要是两个方面:

  1. 成本问题,总之还是需要更成熟稳定的东西
  2. 安全问题,服务器安装的东西越少,漏洞越少,越安全。

3.2. Install from source

Download from http://nginx.org/en/download.html

Then:

$ tar zxf nginx....tar.gz

$ cd nginx....

Download and unzip required packages:

wget "https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.gz";
wget "https://www.openssl.org/source/openssl-1.0.1j.tar.gz";
wget "http://zlib.net/zlib-1.2.11.tar.gz";
tar zxf openssl-1.0.1j.tar.gz;
tar zxf pcre-8.42.tar.gz;
tar zxf zlib-1.2.11.tar.gz

Prepare user for nginx:

$ sudo groupadd -r nginx

$ sudo useradd -s /sbin/nologin -g nginx -r nginx

Generate config string throw http://nginx.org/en/docs/configure.html

./configure \
--sbin-path=/usr/local/nginx/nginx \
--conf-path=/usr/local/nginx/nginx.conf \
--pid-path=/usr/local/nginx/nginx.pid \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_sub_module \
--with-pcre=../pcre-8.42 \
--with-zlib=../zlib-1.2.11 \
--with-openssl=../openssl-1.0.1j

After above result blow:

Configuration summary
+ using PCRE library: ../pcre-8.42
+ using OpenSSL library: ../openssl-1.0.1j
+ using zlib library: ../zlib-1.2.11

nginx path prefix: "/usr/local/nginx"
nginx binary file: "/usr/local/nginx/nginx"
nginx modules path: "/usr/local/nginx/modules"
nginx configuration prefix: "/usr/local/nginx"
nginx configuration file: "/usr/local/nginx/nginx.conf"
nginx pid file: "/usr/local/nginx/nginx.pid"
nginx error log file: "/usr/local/nginx/logs/error.log"
nginx http access log file: "/usr/local/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"

Install:

$ make && make install

Control Nginx by systemctl:

Reference:
https://blog.csdn.net/qq_17054659/article/details/77186249

Create nginx.service:

sudo touch /usr/lib/systemd/system/nginx.service

And edit:

sudo vim /usr/lib/systemd/system/nginx.service

As:

[Unit] 
Description=nginx - high performance web server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
ExecStartPre=/usr/local/nginx/nginx -t -c /usr/local/nginx/nginx.conf
ExecStart=/usr/local/nginx/nginx -c /usr/local/nginx/nginx.conf
ExecReload=/usr/local/nginx/nginx -s reload
ExecStop=/usr/local/nginx/nginx -s stop
ExecQuit=/usr/local/nginx/nginx -s quit
PrivateTmp=true

[Install]
WantedBy=multi-user.target

Change mode:

sudo chmod 754 /usr/lib/systemd/system/nginx.service

Make it become effective:

sudo systemctl daemon-reload

Now,systemctl start/stop/reload/quit nginx.service can be use for control nginx convenient.


4. Install PHP 7 On CentOS 7.6

Reference:
http://php.net/manual/zh/install.unix.nginx.php

4.1. Prepare for install

Download php:

$ wget http://php.net/distributions/php-7.3.1.tar.gz
$ tar zxf php-7.3.1.tar.gz
$ cd php-7.3.1

sudo yum install libxml2-devel

Prepare user for php-fpm:

$ sudo groupadd -r www-data

$ sudo useradd -s /sbin/nologin -g www-data -r www-data

4.2. Install PHP 7

Go to PHP folder which we just un ziped.

./configure --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data

make && sudo make install

Then, the end return lines like:

Wrote PEAR system config file at: /usr/local/etc/pear.conf
You may want to add: /usr/local/lib/php to your php.ini include_path
/home/vagrant/php-7.0.6/build/shtool install -c ext/phar/phar.phar /usr/local/bin
ln -s -f phar.phar /usr/local/bin/phar
Installing PDO headers: /usr/local/include/php/ext/pdo/

Run:

sudo /home/vagrant/php-7.0.6/build/shtool install -c ext/phar/phar.phar /usr/local/bin
sudo ln -s -f phar.phar /usr/local/bin/phar

Copy ini and execute file(All of these files are in php folder we unziped.):

cp php.ini-production /usr/local/php/php.ini
cp /usr/local/etc/php-fpm.conf.default /usr/local/etc/php-fpm.conf
cp sapi/fpm/php-fpm /usr/local/bin

Fix bug:

$ sudo /usr/local/bin/php-fpm
[12-May-2016 04:39:05] ERROR: Unable to globalize '/usr/local/NONE/etc/php-fpm.d/*.conf' (ret=2) from /usr/local/etc/php-fpm.conf at line 125.
[12-May-2016 04:39:05] ERROR: failed to load configuration file '/usr/local/etc/php-fpm.conf'
[12-May-2016 04:39:05] ERROR: FPM initialization failed

Modify /usr/local/etc/php-fpm.conf the last line:

/NONE/etc/php-fpm.d/*.conf

as:

etc/php-fpm.d/*.conf

copy default conf file:

cp /usr/local/etc/php-fpm.d/www.conf.default /usr/local/etc/php-fpm.d/www.conf

Modify user and group as:

user = www-data
group = www-data

All right! Run php-fpm

/usr/local/bin/php-fpm

以上,如何让 PHP 和 NginX 协同工作,请参考:

http://huifeng.me/2016/05/18/LEMP-step-to-step/