Love My Love

Install nginx php7 and config firewalld in CentOS 7.6


1. 服务器环境

系统:CentOS 7.6 防火墙:firewalld

1.1. 防火墙配置

此防火墙为 CentOS 7.6 自带自启动,默认没有任何通路出去,你只能从外面ping的通,ssh连接,其他什么也做不了。

下面我们开放两个端口,一个是 80/TCP ,一个是自定义的ssh连接端口 123/TCP.


$ firewall-cmd --permanent --add-port=80/tcp
$ firewall-cmd --permanent --add-port=123/tcp
  1. firewall-cmd:是Linux提供的操作firewall的一个工具;
  2. –permanent:表示设置为持久;
  3. –add-port:标识添加的端口;
  4. –zone=public:指定的zone为public(不加此参数默认都是添加到这里).

默认的,通过命令行添加的规则会添加到文件: /etc/firewalld/zones/public.xml .


<?xml version="1.0" encoding="utf-8"?>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="dhcpv6-client"/>
  <service name="ssh"/>
  <port protocol="tcp" port="80"/>
  <port protocol="tcp" port="61744"/>

1.2. firewall常用命令


service firewalld restart 重启
service firewalld start 开启
service firewalld stop 关闭


systemctl status firewall 


firewall-cmd --state


firewall-cmd --list-all 


service firewalld stop
systemctl disable firewalld.service #禁止firewall开机启动

2. Docker 安装和配置

Quick reference:


2.1.Uninstall old versions

$ sudo yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-selinux \
                  docker-engine-selinux \

2.2. Install using the repository

$ sudo yum install -y yum-utils \
  device-mapper-persistent-data \

$ sudo yum-config-manager \
    --add-repo \

$ sudo yum-config-manager --enable docker-ce-edge

$ sudo yum-config-manager --enable docker-ce-test

$ sudo yum install docker-ce

2.3. Uninstall Docker CE

Uninstall the Docker package:

$ sudo yum remove docker-ce

Images, containers, volumes, or customized configuration files on your host are not automatically removed. To delete all images, containers, and volumes:

$ sudo rm -rf /var/lib/docker

3. Nginx 安装和配置

3.1. Install by docker


  1. 成本问题,总之还是需要更成熟稳定的东西
  2. 安全问题,服务器安装的东西越少,漏洞越少,越安全。

3.2. Install from source

Download from


$ tar zxf nginx....tar.gz

$ cd nginx....

Download and unzip required packages:

wget "";
wget "";
wget "";
tar zxf openssl-1.0.1j.tar.gz;
tar zxf pcre-8.42.tar.gz;
tar zxf zlib-1.2.11.tar.gz

Prepare user for nginx:

$ sudo groupadd -r nginx

$ sudo useradd -s /sbin/nologin -g nginx -r nginx

Generate config string throw

./configure \
    --sbin-path=/usr/local/nginx/nginx \
    --conf-path=/usr/local/nginx/nginx.conf \
    --pid-path=/usr/local/nginx/ \
    --user=nginx \
    --group=nginx \
    --with-http_ssl_module \
    --with-http_sub_module \
    --with-pcre=../pcre-8.42 \
    --with-zlib=../zlib-1.2.11 \

After above result blow:

Configuration summary
  + using PCRE library: ../pcre-8.42
  + using OpenSSL library: ../openssl-1.0.1j
  + using zlib library: ../zlib-1.2.11

  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/local/nginx/nginx"
  nginx modules path: "/usr/local/nginx/modules"
  nginx configuration prefix: "/usr/local/nginx"
  nginx configuration file: "/usr/local/nginx/nginx.conf"
  nginx pid file: "/usr/local/nginx/"
  nginx error log file: "/usr/local/nginx/logs/error.log"
  nginx http access log file: "/usr/local/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"


$ make && make install

Control Nginx by systemctl:


Create nginx.service:

sudo touch /usr/lib/systemd/system/nginx.service

And edit:

sudo vim /usr/lib/systemd/system/nginx.service


Description=nginx - high performance web server

ExecStartPre=/usr/local/nginx/nginx -t -c /usr/local/nginx/nginx.conf 
ExecStart=/usr/local/nginx/nginx -c /usr/local/nginx/nginx.conf 
ExecReload=/usr/local/nginx/nginx -s reload 
ExecStop=/usr/local/nginx/nginx -s stop 
ExecQuit=/usr/local/nginx/nginx -s quit 


Change mode:

sudo chmod 754 /usr/lib/systemd/system/nginx.service

Make it become effective:

sudo systemctl daemon-reload

Now,systemctl start/stop/reload/quit nginx.service can be use for control nginx convenient.

4. Install PHP 7 On CentOS 7.6


4.1. Prepare for install

Download php:

$ wget
$ tar zxf php-7.3.1.tar.gz
$ cd php-7.3.1
sudo yum install libxml2-devel

Prepare user for php-fpm:

$ sudo groupadd -r www-data

$ sudo useradd -s /sbin/nologin -g www-data -r www-data

4.2. Install PHP 7

Go to PHP folder which we just un ziped.

./configure --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data
make && sudo make install

Then, the end return lines like:

Wrote PEAR system config file at: /usr/local/etc/pear.conf
You may want to add: /usr/local/lib/php to your php.ini include_path
/home/vagrant/php-7.0.6/build/shtool install -c ext/phar/phar.phar /usr/local/bin
ln -s -f phar.phar /usr/local/bin/phar
Installing PDO headers:           /usr/local/include/php/ext/pdo/


sudo /home/vagrant/php-7.0.6/build/shtool install -c ext/phar/phar.phar /usr/local/bin
sudo ln -s -f phar.phar /usr/local/bin/phar

Copy ini and execute file(All of these files are in php folder we unziped.):

cp php.ini-production /usr/local/php/php.ini
cp /usr/local/etc/php-fpm.conf.default /usr/local/etc/php-fpm.conf
cp sapi/fpm/php-fpm /usr/local/bin

Fix bug:

$ sudo /usr/local/bin/php-fpm
[12-May-2016 04:39:05] ERROR: Unable to globalize '/usr/local/NONE/etc/php-fpm.d/*.conf' (ret=2) from /usr/local/etc/php-fpm.conf at line 125.
[12-May-2016 04:39:05] ERROR: failed to load configuration file '/usr/local/etc/php-fpm.conf'
[12-May-2016 04:39:05] ERROR: FPM initialization failed

Modify /usr/local/etc/php-fpm.conf the last line:




copy default conf file:

cp /usr/local/etc/php-fpm.d/www.conf.default /usr/local/etc/php-fpm.d/www.conf

Modify user and group as:

user = www-data
group = www-data

All right! Run php-fpm


以上,如何让 PHP 和 NginX 协同工作,请参考: