Amazon Linux2023 > PHP8.4 + nginx

EC2

$ sudo su -l
$ passwd ec2-user

$ timedatectl set-timezone Asia/Tokyo
$ cp -rp /etc/sysconfig/clock /etc/sysconfig/clock.org

/etc/sysconfig/clock

-ZONE="UTC"
-UTC=true
+ZONE="Asia/Tokyo"
+UTC=false

/etc/sysconfig/i18n

-LANG=en_US.UTF-8
+LANG=ja_JP.UTF-8

$ dnf update

#cron
$ dnf install -y cronie

#rsyslog
$ dnf install -y rsyslog

#nginx
$ dnf install -y nginx
$ nginx -v
#nginx version: nginx/1.28.0
$ cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.org

#php8.4
# dnf list --available php8.4*
$ dnf install -y php8.4 php8.4-fpm php8.4-bcmath php8.4-common php8.4-cli php8.4-pdo php8.4-mysqlnd php8.4-gd php8.4-mbstring php8.4-opcache php8.4-devel php8.4-xml php8.4-intl php8.4-zip
$ php -v
#PHP 8.4.13 (cli)

$ systemctl start php-fpm
$ systemctl enable php-fpm.service

#imagick
$ dnf install -y ImageMagick-devel php-pear
$ dnf install -y php-pear
$ pecl install imagick

PHP

/etc/php.ini

date.timezone = "Asia/Tokyo"
memory_limit = 256M
expose_php = Off
post_max_size = 8M
upload_max_filesize = 4M

#memory_limit > post_max_size > upload_max_filesize

#3 days
session.gc_maxlifetime = 259200
#7 days
#session.gc_maxlifetime = 604800

#session.name = PHPSESSID
#session.cookie_lifetime = 0

[mbstring]
mbstring.language = Japanese

[imagick]
extension=imagick.so

/etc/php-fpm.d/www.conf

-user = apache
+user = nginx
-group = apache
+group = nginx

phpMyAdmin

最新版

$ cd /var/www/
$ wget https://files.phpmyadmin.net/phpMyAdmin/5.2.1/phpMyAdmin-5.2.1-all-languages.tar.gz
$ tar zxvf phpMyAdmin-5.2.1-all-languages.tar.gz
$ rm phpMyAdmin-5.2.1-all-languages.tar.gz
$ mv phpMyAdmin-5.2.1-all-languages phpmyadmin
$ cd /var/www/phpmyadmin/
$ cp config.sample.inc.php config.inc.php

/var/www/phpmyadmin/config.inc.php

/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';//BASIC認証

/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';

Nginx

適宜

/etc/nginx/nginx.conf

events {
    worker_connections 1024;
}

http {
    index   index.php;
    charset UTF-8;
    server_tokens off;

    #FastCGI CACHE
    fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=FCKZ:32m inactive=1d max_size=128m;
    fastcgi_cache_use_stale error timeout invalid_header http_500;


    server {
        listen       80;
        listen       [::]:80;
        server_name  example.com;
        #server_name  _;
        root         /usr/share/nginx/html;
        #root        /var/www/html;

        #include /etc/nginx/default.d/*.conf;

        #FastCGI CACHE
        set $do_not_cache 0;
        if ($request_method !~ ^(GET)$) {
            set $do_not_cache 1;
        }
        if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
            set $do_not_cache 1;
        }
        if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
            set $do_not_cache 1;
        }
        fastcgi_cache_key "$scheme://$host$request_uri";
        
        location / {
            try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass php-fpm;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_script_name;
            include fastcgi_params;

            fastcgi_cache_bypass $do_not_cache;
            fastcgi_no_cache $do_not_cache;
            fastcgi_cache FCKZ;
            fastcgi_cache_valid  200 5m;
            fastcgi_cache_valid  any 10m;
            fastcgi_pass_header X-Accel-Expires;
            fastcgi_ignore_headers Cache-Control Expires;
            add_header x-cache $upstream_cache_status;
        }

        location ~* ^.+.(jp?g|gif|png|css|js|flv|swf|ico|xml|txt|eot|svg|ttf|woff|woff2)$ {
            access_log  off;
            log_not_found off;
            expires 30d;
        }

        location ~ /(\.ht|\.user.ini|\.git|\.hg|\.bzr|\.svn) {
            deny  all;
        }
        
     }

    # 443は後述のLet's Encryptがやってくれるんで追記するやつがあれば
    server {
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  _;

        location ^~ /phpmyadmin {
            #allow 0.0.0.0;#IP制限
            deny all;

            alias /var/www/phpmyadmin;
            index index.php;

            location ~ \.php$  {
                fastcgi_pass    php-fpm;
                fastcgi_index   index.php;
                fastcgi_split_path_info ^/phpmyadmin(.+\.php)(.*)$;
                fastcgi_param   SCRIPT_FILENAME /var/www/phpmyadmin$fastcgi_script_name;
                include         /etc/nginx/fastcgi_params;
            }
        }
        
    }

}

$ systemctl start nginx
$ systemctl enable nginx.service

再起動設定

/lib/systemd/system/nginx.service

[Service]
+Restart=always
+RestartSec=5s

$ systemctl daemon-reload
$ systemctl restart nginx
$ systemctl show nginx | grep Restart

Git

$ dnf install -y git
#GitHub
$ cd /var/www/
$ git clone https://github.com/[path_to_git].git html

$ chown -R nginx:nginx /var/lib/php/session
$ chown -R nginx:nginx /var/www/html

確認

/usr/share/nginx/html/phpinfo.php

<?php 
phpinfo();

Let's Encrypt

$ dnf install -y certbot
$ dnf install -y python3-certbot-nginx
$ certbot --nginx --agree-tos --register-unsafely-without-email

crontab

# At 02:00 on day-of-month 5
0 2 5 * * certbot renew && systemctl restart nginx

Hostname

$ hostnamectl set-hostname [example]