Amazon Linuxがいつの間にかなくなったんで書き直し。
多少違う。
PHP7.3 for Amazon Linux 2018.03.0
WordPress(PHP7+nginx) for Amazon Linux AMI 2016.09
EC2
$ sudo su -l
$ passwd ec2-user
$ timedatectl set-timezone Asia/Tokyo
$ cp -rp /etc/sysconfig/clock /etc/sysconfig/clock.org
/etc/sysconfig/clock
-ZONE="UTC"
-UTC=true
+ZONE="Asia/Tokyo"
+UTC=false
/etc/sysconfig/i18n
-LANG=en_US.UTF-8
+LANG=ja_JP.UTF-8
PHP7.4
$ amazon-linux-extras enable php7.4
$ yum clean metadata
$ yum install php-cli php-pdo php-fpm php-json php-mysqlnd php-gd php-mbstring php-opcache php-devel php-xml php-pecl-memcache php-intl php-bcmath
#yum list available | grep php
#yum list installed | grep php
ImageMagick
$ yum install gcc
$ yum install -y ImageMagick*
$ yum install php-pear
$ pecl channel-update pecl.php.net
$ convert --version
#Version: ImageMagick 6.9.10-68 Q16 x86_64 2021-02-02 https://imagemagick.org
#7系が最新だがWordPressのサイトヘルス用なんでまあこれで。というか7系入れようとすると依存で死ぬ
php.ini
/etc/php.ini
date.timezone = "Asia/Tokyo"
memory_limit = 256M
expose_php = Off
post_max_size = 8M
upload_max_filesize = 4M
#memory_limit > post_max_size > upload_max_filesize
#3 days
session.gc_maxlifetime = 259200
#7 days
#session.gc_maxlifetime = 604800
#session.name = PHPSESSID
#session.cookie_lifetime = 0
[mbstring]
mbstring.language = Japanese
mbstring.internal_encoding = UTF-8
mbstring.http_input = auto
mbstring.http_output = UTF-8
#mbstring.encoding_translation = On
mbstring.encoding_translation = Off
mbstring.detect_order = auto
[imagick]
extension=imagick.so
Nginx
$ amazon-linux-extras install nginx1
$ nginx -v
# nginx version: nginx/1.18.0
$ cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.org
# Perfect Forward Security
$ cd /etc/nginx
$ openssl dhparam 2048 -out dhparam.pem
/etc/php-fpm.d/www.conf
-user = apache
+user = nginx
-group = apache
+group = nginx
GitHub
$ yum install -y git
# GitHub クローン
$ cd /var/www/
$ git clone https://github.com/[path_to_git].git html
phpMyAdmin
$ cd /var/www/
$ wget https://files.phpmyadmin.net/phpMyAdmin/5.1.0/phpMyAdmin-5.1.0-all-languages.tar.gz
$ tar zxvf phpMyAdmin-5.1.0-all-languages.tar.gz
$ rm phpMyAdmin-5.1.0-all-languages.tar.gz
$ mv phpMyAdmin-5.1.0-all-languages phpmyadmin
$ cd /var/www/phpmyadmin/
$ cp config.sample.inc.php config.inc.php
/var/www/phpmyadmin/config.inc.php
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';//BASIC認証
/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';
nginx.conf
諸々合わせて書いてるので適宜
/etc/nginx/nginx.conf
#worker_rlimit_nofile 40000;
events {
#worker_connections 2048;
}
http {
index index.php;
charset UTF-8;
server_tokens off;
#FastCGI CACHE
fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=FCKZ:32m inactive=1d max_size=128m;
fastcgi_cache_use_stale error timeout invalid_header http_500;
#ELB経由
server {
listen 80;
listen [::]:80;
server_name _;
root /var/www/html;
#root /usr/share/nginx/html;
client_max_body_size 4m;
#include /etc/nginx/default.d/*.conf;
#ELB
if ($http_x_forwarded_proto = 'http') {
return 301 https://$host$request_uri;
}
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
#FastCGI CACHE
set $do_not_cache 0;
if ($request_method !~ ^(GET)$) {
set $do_not_cache 1;
}
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $do_not_cache 1;
}
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $do_not_cache 1;
}
fastcgi_cache_key "$scheme://$host$request_uri";
# For WordPress
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass php-fpm;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
include fastcgi_params;
fastcgi_cache_bypass $do_not_cache;
fastcgi_no_cache $do_not_cache;
fastcgi_cache FCKZ;
fastcgi_cache_valid 200 5m;
fastcgi_cache_valid any 10m;
fastcgi_pass_header X-Accel-Expires;
fastcgi_ignore_headers Cache-Control Expires;
add_header x-cache $upstream_cache_status;
}
location ~* ^.+.(jp?g|gif|png|css|js|flv|swf|ico|xml|txt|eot|svg|ttf|woff|woff2)$ {
access_log off;
log_not_found off;
expires 30d;
}
location ~ /(\.ht|\.user.ini|\.git|\.hg|\.bzr|\.svn) {
deny all;
}
location ~* ^.+.(git|pem)$ {
deny all;
}
}
#通常
server {
listen 80;
listen [::]:80;
server_name _;
root /var/www/html;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
root /var/www/html;
client_max_body_size 4m;
ssl_certificate "/etc/nginx/ssl/[証明書]";
ssl_certificate_key "/etc/nginx/ssl/[秘密鍵]";
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:60m;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
ssl_prefer_server_ciphers on;
#include /etc/nginx/default.d/*.conf;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass php-fpm;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
include fastcgi_params;
}
location ^~ /phpmyadmin {
#allow 0.0.0.0;#IP制限
deny all;
alias /var/www/phpmyadmin;
index index.php;
location ~ \.php$ {
fastcgi_pass php-fpm;
fastcgi_index index.php;
fastcgi_split_path_info ^/phpmyadmin(.+\.php)(.*)$;
fastcgi_param SCRIPT_FILENAME /var/www/phpmyadmin$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
location ~* ^.+.(jp?g|gif|png|css|js|flv|swf|ico|xml|txt|eot|svg|ttf|woff|woff2)$ {
access_log off;
log_not_found off;
expires 30d;
}
location ~ /(\.ht|\.user.ini|\.git|\.hg|\.bzr|\.svn) {
deny all;
}
}
#SSLリダイレクト
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
}
listen 80;
listen [::]:80;
server_name example.com;
return 404;
}
}
FastCGIcache
WordpressでNginx(FastCGIcache)の設定
worker_rlimit_nofile
$ cat /proc/sys/fs/file-max
# 379002
# 10%前後
# 40000 etc..
worker_connections
# worker_rlimit_nofile / 4 くらい
# 2048 or 4096 etc..
$ chown -R nginx:nginx /var/lib/php/session
$ chown -R nginx:nginx /var/www/html
$ service nginx start
# Redirecting to /bin/systemctl start nginx.service
$ service php-fpm start
# Redirecting to /bin/systemctl start php-fpm.service
$ chkconfig nginx on
# systemctl enable nginx.service
$ chkconfig php-fpm on
# systemctl enable php-fpm.service
###PHP動作確認
/usr/share/nginx/html/phpinfo.php
<?php
//ドキュメントルート適宜変更
phpinfo();
BASIC認証
$ yum install -y httpd-tools
$ cd /etc/nginx
$ htpasswd -c .htpasswd ユーザー名
/etc/nginx/nginx.conf
server {
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}