LoginSignup
0

PHP7.4+Nginx for Amazon Linux 2

Last updated at Posted at 2021-05-21

Amazon Linuxがいつの間にかなくなったんで書き直し。
多少違う。
PHP7.3 for Amazon Linux 2018.03.0
WordPress(PHP7+nginx) for Amazon Linux AMI 2016.09

EC2

$ sudo su -l
$ passwd ec2-user

$ timedatectl set-timezone Asia/Tokyo
$ cp -rp /etc/sysconfig/clock /etc/sysconfig/clock.org
/etc/sysconfig/clock
-ZONE="UTC"
-UTC=true
+ZONE="Asia/Tokyo"
+UTC=false
/etc/sysconfig/i18n
-LANG=en_US.UTF-8
+LANG=ja_JP.UTF-8

PHP7.4

$ amazon-linux-extras enable php7.4
$ yum clean metadata
$ yum install php-cli php-pdo php-fpm php-json php-mysqlnd php-gd php-mbstring php-opcache php-devel php-xml php-pecl-memcache php-intl php-bcmath

#yum list available | grep php
#yum list installed | grep php

ImageMagick

$ yum install gcc
$ yum install -y ImageMagick*
$ yum install php-pear
$ pecl channel-update pecl.php.net
$ convert --version
#Version: ImageMagick 6.9.10-68 Q16 x86_64 2021-02-02 https://imagemagick.org
#7系が最新だがWordPressのサイトヘルス用なんでまあこれで。というか7系入れようとすると依存で死ぬ

php.ini

/etc/php.ini
date.timezone = "Asia/Tokyo"
memory_limit = 256M
expose_php = Off
post_max_size = 8M
upload_max_filesize = 4M

#memory_limit > post_max_size > upload_max_filesize

#3 days
session.gc_maxlifetime = 259200
#7 days
#session.gc_maxlifetime = 604800

#session.name = PHPSESSID
#session.cookie_lifetime = 0

[mbstring]
mbstring.language = Japanese
mbstring.internal_encoding = UTF-8
mbstring.http_input = auto
mbstring.http_output = UTF-8
#mbstring.encoding_translation = On
mbstring.encoding_translation = Off
mbstring.detect_order = auto

[imagick]
extension=imagick.so

Nginx

$ amazon-linux-extras install nginx1
$ nginx -v
# nginx version: nginx/1.18.0
$ cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.org

# Perfect Forward Security
$ cd /etc/nginx
$ openssl dhparam 2048 -out dhparam.pem
/etc/php-fpm.d/www.conf
-user = apache
+user = nginx
-group = apache
+group = nginx

GitHub

$ yum install -y git

# GitHub クローン
$ cd /var/www/
$ git clone https://github.com/[path_to_git].git html

phpMyAdmin

最新版

$ cd /var/www/
$ wget https://files.phpmyadmin.net/phpMyAdmin/5.1.0/phpMyAdmin-5.1.0-all-languages.tar.gz
$ tar zxvf phpMyAdmin-5.1.0-all-languages.tar.gz
$ rm phpMyAdmin-5.1.0-all-languages.tar.gz
$ mv phpMyAdmin-5.1.0-all-languages phpmyadmin
$ cd /var/www/phpmyadmin/
$ cp config.sample.inc.php config.inc.php
/var/www/phpmyadmin/config.inc.php
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';//BASIC認証

/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';

nginx.conf

諸々合わせて書いてるので適宜

/etc/nginx/nginx.conf

#worker_rlimit_nofile 40000;

events {
    #worker_connections 2048;
}

http {
    index   index.php;
    charset UTF-8;
    server_tokens off;

    #FastCGI CACHE
    fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=FCKZ:32m inactive=1d max_size=128m;
    fastcgi_cache_use_stale error timeout invalid_header http_500;

    #ELB経由
    server {
        listen       80;
        listen       [::]:80;
        server_name  _;
        root         /var/www/html;
        #root        /usr/share/nginx/html;
        client_max_body_size 4m;

        #include /etc/nginx/default.d/*.conf;

        #ELB
        if ($http_x_forwarded_proto = 'http') {
            return 301 https://$host$request_uri;
        }
        set_real_ip_from 0.0.0.0/0;
        real_ip_header X-Forwarded-For;
        real_ip_recursive on;

        #FastCGI CACHE
        set $do_not_cache 0;
        if ($request_method !~ ^(GET)$) {
            set $do_not_cache 1;
        }
        if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
            set $do_not_cache 1;
        }
        if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
            set $do_not_cache 1;
        }
        fastcgi_cache_key "$scheme://$host$request_uri";

        # For WordPress
        location / {
            try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass php-fpm;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_script_name;
            include fastcgi_params;

            fastcgi_cache_bypass $do_not_cache;
            fastcgi_no_cache $do_not_cache;
            fastcgi_cache FCKZ;
            fastcgi_cache_valid  200 5m;
            fastcgi_cache_valid  any 10m;
            fastcgi_pass_header X-Accel-Expires;
            fastcgi_ignore_headers Cache-Control Expires;
            add_header x-cache $upstream_cache_status;
        }

        location ~* ^.+.(jp?g|gif|png|css|js|flv|swf|ico|xml|txt|eot|svg|ttf|woff|woff2)$ {
            access_log  off;
            log_not_found off;
            expires 30d;
        }

        location ~ /(\.ht|\.user.ini|\.git|\.hg|\.bzr|\.svn) {
            deny  all;
        }

        location ~* ^.+.(git|pem)$ {
            deny  all;
        }

    }

    #通常
    server {
        listen       80;
        listen       [::]:80;
        server_name  _;
        root         /var/www/html;
        return 301 https://$host$request_uri;
     }

    server {
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  _;
        root         /var/www/html;
        client_max_body_size 4m;

        ssl_certificate     "/etc/nginx/ssl/[証明書]";
        ssl_certificate_key "/etc/nginx/ssl/[秘密鍵]";
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:60m;
        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
        ssl_prefer_server_ciphers on;

        #include /etc/nginx/default.d/*.conf;

        location / {
            try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass php-fpm;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_script_name;
            include fastcgi_params;
        }

        location ^~ /phpmyadmin {
            #allow 0.0.0.0;#IP制限
            deny all;

            alias /var/www/phpmyadmin;
            index index.php;

            location ~ \.php$  {
                fastcgi_pass    php-fpm;
                fastcgi_index   index.php;
                fastcgi_split_path_info ^/phpmyadmin(.+\.php)(.*)$;
                fastcgi_param   SCRIPT_FILENAME /var/www/phpmyadmin$fastcgi_script_name;
                include         /etc/nginx/fastcgi_params;
            }
        }

        location ~* ^.+.(jp?g|gif|png|css|js|flv|swf|ico|xml|txt|eot|svg|ttf|woff|woff2)$ {
            access_log  off;
            log_not_found off;
            expires 30d;
        }

        location ~ /(\.ht|\.user.ini|\.git|\.hg|\.bzr|\.svn) {
            deny  all;
        }
    }

    #SSLリダイレクト
    server {
        if ($host = example.com) {
            return 301 https://$host$request_uri;
        }
        listen       80;
        listen       [::]:80;
        server_name  example.com;
        return 404;
    }

}

FastCGIcache

WordpressでNginx(FastCGIcache)の設定

worker_rlimit_nofile

$ cat /proc/sys/fs/file-max
# 379002
# 10%前後
# 40000 etc..

worker_connections

# worker_rlimit_nofile / 4 くらい
# 2048 or 4096 etc..
$ chown -R nginx:nginx /var/lib/php/session
$ chown -R nginx:nginx /var/www/html

$ service nginx start
# Redirecting to /bin/systemctl start nginx.service

$ service php-fpm start
# Redirecting to /bin/systemctl start php-fpm.service

$ chkconfig nginx on
# systemctl enable nginx.service
$ chkconfig php-fpm on
# systemctl enable php-fpm.service

###PHP動作確認

/usr/share/nginx/html/phpinfo.php
<?php 
//ドキュメントルート適宜変更
phpinfo();

BASIC認証

$ yum install -y httpd-tools
$ cd /etc/nginx
$ htpasswd -c .htpasswd ユーザー名
/etc/nginx/nginx.conf
server {
    location / {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }
}

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0