Love My Love

Install nginx php7 and config firewalld in CentOS 7.6

2019.01.16

1. 服务器环境

系统:CentOS 7.6 防火墙:firewalld

1.1. 防火墙配置

此防火墙为 CentOS 7.6 自带自启动,默认没有任何通路出去,你只能从外面ping的通,ssh连接,其他什么也做不了。

下面我们开放两个端口,一个是 80/TCP ,一个是自定义的ssh连接端口 123/TCP.

Run:

$ firewall-cmd --permanent --add-port=80/tcp
$ firewall-cmd --permanent --add-port=123/tcp
  1. firewall-cmd:是Linux提供的操作firewall的一个工具;
  2. –permanent:表示设置为持久;
  3. –add-port:标识添加的端口;
  4. –zone=public:指定的zone为public(不加此参数默认都是添加到这里).

默认的,通过命令行添加的规则会添加到文件: /etc/firewalld/zones/public.xml .

添加完毕上面的规则后,样子看起来如下:

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="dhcpv6-client"/>
  <service name="ssh"/>
  <port protocol="tcp" port="80"/>
  <port protocol="tcp" port="61744"/>
</zone>

1.2. firewall常用命令

重启、关闭、开启firewalld.service服务:

service firewalld restart 重启
service firewalld start 开启
service firewalld stop 关闭

查看firewall服务状态:

systemctl status firewall 

查看firewall的状态:

firewall-cmd --state

查看防火墙规则:

firewall-cmd --list-all 

关闭firewall:

service firewalld stop
systemctl disable firewalld.service #禁止firewall开机启动

2. Docker 安装和配置

Quick reference:

主要依赖帮助页操作的,下面的是我操作过程中的命令:

2.1.Uninstall old versions

$ sudo yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-selinux \
                  docker-engine-selinux \
                  docker-engine

2.2. Install using the repository

$ sudo yum install -y yum-utils \
  device-mapper-persistent-data \
  lvm2

$ sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

$ sudo yum-config-manager --enable docker-ce-edge

$ sudo yum-config-manager --enable docker-ce-test

$ sudo yum install docker-ce

2.3. Uninstall Docker CE

Uninstall the Docker package:

$ sudo yum remove docker-ce

Images, containers, volumes, or customized configuration files on your host are not automatically removed. To delete all images, containers, and volumes:

$ sudo rm -rf /var/lib/docker

3. Nginx 安装和配置

3.1. Install by docker

https://hub.docker.com/_/nginx?tab=description

再三考虑,Docker用于生产环境心里没底,主要是两个方面:

  1. 成本问题,总之还是需要更成熟稳定的东西
  2. 安全问题,服务器安装的东西越少,漏洞越少,越安全。

3.2. Install from source

Download from http://nginx.org/en/download.html

Then:

$ tar zxf nginx....tar.gz

$ cd nginx....

Download and unzip required packages:

wget "https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.gz";
wget "https://www.openssl.org/source/openssl-1.0.1j.tar.gz";
wget "http://zlib.net/zlib-1.2.11.tar.gz";
tar zxf openssl-1.0.1j.tar.gz;
tar zxf pcre-8.42.tar.gz;
tar zxf zlib-1.2.11.tar.gz

Prepare user for nginx:

$ sudo groupadd -r nginx

$ sudo useradd -s /sbin/nologin -g nginx -r nginx

Generate config string throw http://nginx.org/en/docs/configure.html

./configure \
    --sbin-path=/usr/local/nginx/nginx \
    --conf-path=/usr/local/nginx/nginx.conf \
    --pid-path=/usr/local/nginx/nginx.pid \
    --user=nginx \
    --group=nginx \
    --with-http_ssl_module \
    --with-http_sub_module \
    --with-pcre=../pcre-8.42 \
    --with-zlib=../zlib-1.2.11 \
    --with-openssl=../openssl-1.0.1j

After above result blow:

Configuration summary
  + using PCRE library: ../pcre-8.42
  + using OpenSSL library: ../openssl-1.0.1j
  + using zlib library: ../zlib-1.2.11

  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/local/nginx/nginx"
  nginx modules path: "/usr/local/nginx/modules"
  nginx configuration prefix: "/usr/local/nginx"
  nginx configuration file: "/usr/local/nginx/nginx.conf"
  nginx pid file: "/usr/local/nginx/nginx.pid"
  nginx error log file: "/usr/local/nginx/logs/error.log"
  nginx http access log file: "/usr/local/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"

Install:

$ make && make install

Control Nginx by systemctl:

Reference: https://blog.csdn.net/qq_17054659/article/details/77186249

Create nginx.service:

sudo touch /usr/lib/systemd/system/nginx.service

And edit:

sudo vim /usr/lib/systemd/system/nginx.service

As:

[Unit] 
Description=nginx - high performance web server 
After=network.target remote-fs.target nss-lookup.target

[Service] 
Type=forking
ExecStartPre=/usr/local/nginx/nginx -t -c /usr/local/nginx/nginx.conf 
ExecStart=/usr/local/nginx/nginx -c /usr/local/nginx/nginx.conf 
ExecReload=/usr/local/nginx/nginx -s reload 
ExecStop=/usr/local/nginx/nginx -s stop 
ExecQuit=/usr/local/nginx/nginx -s quit 
PrivateTmp=true

[Install] 
WantedBy=multi-user.target

Change mode:

sudo chmod 754 /usr/lib/systemd/system/nginx.service

Make it become effective:

sudo systemctl daemon-reload

Now,systemctl start/stop/reload/quit nginx.service can be use for control nginx convenient.


4. Install PHP 7 On CentOS 7.6

Reference: http://php.net/manual/zh/install.unix.nginx.php

4.1. Prepare for install

Download php:

$ wget http://php.net/distributions/php-7.3.1.tar.gz
$ tar zxf php-7.3.1.tar.gz
$ cd php-7.3.1
sudo yum install libxml2-devel

Prepare user for php-fpm:

$ sudo groupadd -r www-data

$ sudo useradd -s /sbin/nologin -g www-data -r www-data

4.2. Install PHP 7

Go to PHP folder which we just un ziped.

./configure --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data
make && sudo make install

Then, the end return lines like:

Wrote PEAR system config file at: /usr/local/etc/pear.conf
You may want to add: /usr/local/lib/php to your php.ini include_path
/home/vagrant/php-7.0.6/build/shtool install -c ext/phar/phar.phar /usr/local/bin
ln -s -f phar.phar /usr/local/bin/phar
Installing PDO headers:           /usr/local/include/php/ext/pdo/

Run:

sudo /home/vagrant/php-7.0.6/build/shtool install -c ext/phar/phar.phar /usr/local/bin
sudo ln -s -f phar.phar /usr/local/bin/phar

Copy ini and execute file(All of these files are in php folder we unziped.):

cp php.ini-production /usr/local/php/php.ini
cp /usr/local/etc/php-fpm.conf.default /usr/local/etc/php-fpm.conf
cp sapi/fpm/php-fpm /usr/local/bin

Fix bug:

$ sudo /usr/local/bin/php-fpm
[12-May-2016 04:39:05] ERROR: Unable to globalize '/usr/local/NONE/etc/php-fpm.d/*.conf' (ret=2) from /usr/local/etc/php-fpm.conf at line 125.
[12-May-2016 04:39:05] ERROR: failed to load configuration file '/usr/local/etc/php-fpm.conf'
[12-May-2016 04:39:05] ERROR: FPM initialization failed

Modify /usr/local/etc/php-fpm.conf the last line:

/NONE/etc/php-fpm.d/*.conf

as:

etc/php-fpm.d/*.conf

copy default conf file:

cp /usr/local/etc/php-fpm.d/www.conf.default /usr/local/etc/php-fpm.d/www.conf

Modify user and group as:

user = www-data
group = www-data

All right! Run php-fpm

/usr/local/bin/php-fpm

以上,如何让 PHP 和 NginX 协同工作,请参考:

http://huifeng.me/2016/05/18/LEMP-step-to-step/

发表评论