LoginSignup
0

posted at

updated at

PHP7.4+Nginx for Amazon Linux 2

Amazon Linuxがいつの間にかなくなったんで書き直し。
多少違う。
PHP7.3 for Amazon Linux 2018.03.0
WordPress(PHP7+nginx) for Amazon Linux AMI 2016.09

EC2

$ sudo su -l
$ passwd ec2-user

$ timedatectl set-timezone Asia/Tokyo
$ cp -rp /etc/sysconfig/clock /etc/sysconfig/clock.org
/etc/sysconfig/clock
-ZONE="UTC"
-UTC=true
+ZONE="Asia/Tokyo"
+UTC=false
/etc/sysconfig/i18n
-LANG=en_US.UTF-8
+LANG=ja_JP.UTF-8

PHP7.4

$ amazon-linux-extras enable php7.4
$ yum clean metadata
$ yum install php-cli php-pdo php-fpm php-json php-mysqlnd php-gd php-mbstring php-opcache php-devel php-xml php-pecl-memcache php-intl

#yum list available | grep php
#yum list installed | grep php

ImageMagick

$ yum install gcc
$ yum install -y ImageMagick*
$ yum install php-pear
$ pecl channel-update pecl.php.net
$ convert --version
#Version: ImageMagick 6.9.10-68 Q16 x86_64 2021-02-02 https://imagemagick.org
#7系が最新だがWordPressのサイトヘルス用なんでまあこれで。というか7系入れようとすると依存で死ぬ

php.ini

/etc/php.ini
date.timezone = "Asia/Tokyo"
memory_limit = 256M
expose_php = Off
post_max_size = 8M
upload_max_filesize = 4M

#memory_limit > post_max_size > upload_max_filesize

#3 days
session.gc_maxlifetime = 259200
#7 days
#session.gc_maxlifetime = 604800

#session.name = PHPSESSID
#session.cookie_lifetime = 0

[mbstring]
mbstring.language = Japanese
mbstring.internal_encoding = UTF-8
mbstring.http_input = auto
mbstring.http_output = UTF-8
#mbstring.encoding_translation = On
mbstring.encoding_translation = Off
mbstring.detect_order = auto

[imagick]
extension=imagick.so

Nginx

$ amazon-linux-extras install nginx1
$ nginx -v
# nginx version: nginx/1.18.0
$ cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.org

# Perfect Forward Security
$ cd /etc/nginx
$ openssl dhparam 2048 -out dhparam.pem
/etc/php-fpm.d/www.conf
-user = apache
+user = nginx
-group = apache
+group = nginx

GitHub

$ yum install -y git

# GitHub クローン
$ cd /var/www/
$ git clone https://github.com/[path_to_git].git html

phpMyAdmin

最新版

$ cd /var/www/
$ wget https://files.phpmyadmin.net/phpMyAdmin/5.1.0/phpMyAdmin-5.1.0-all-languages.tar.gz
$ tar zxvf phpMyAdmin-5.1.0-all-languages.tar.gz
$ rm phpMyAdmin-5.1.0-all-languages.tar.gz
$ mv phpMyAdmin-5.1.0-all-languages phpmyadmin
$ cd /var/www/phpmyadmin/
$ cp config.sample.inc.php config.inc.php
/var/www/phpmyadmin/config.inc.php
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';//BASIC認証

/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';

nginx.conf

諸々合わせて書いてるので適宜

/etc/nginx/nginx.conf

#worker_rlimit_nofile 40000;

events {
    #worker_connections 2048;
}

http {
    index   index.php;
    charset UTF-8;
    server_tokens off;

    #FastCGI CACHE
    fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=FCKZ:32m inactive=1d max_size=128m;
    fastcgi_cache_use_stale error timeout invalid_header http_500;

    #ELB経由
    server {
        listen       80;
        listen       [::]:80;
        server_name  _;
        root         /var/www/html;
        #root        /usr/share/nginx/html;
        client_max_body_size 4m;

        #include /etc/nginx/default.d/*.conf;

        #ELB
        if ($http_x_forwarded_proto = 'http') {
            return 301 https://$host$request_uri;
        }
        set_real_ip_from 0.0.0.0/0;
        real_ip_header X-Forwarded-For;
        real_ip_recursive on;

        #FastCGI CACHE
        set $do_not_cache 0;
        if ($request_method !~ ^(GET)$) {
            set $do_not_cache 1;
        }
        if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
            set $do_not_cache 1;
        }
        if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
            set $do_not_cache 1;
        }
        fastcgi_cache_key "$scheme://$host$request_uri";

        # For WordPress
        location / {
            try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass php-fpm;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_script_name;
            include fastcgi_params;

            fastcgi_cache_bypass $do_not_cache;
            fastcgi_no_cache $do_not_cache;
            fastcgi_cache FCKZ;
            fastcgi_cache_valid  200 5m;
            fastcgi_cache_valid  any 10m;
            fastcgi_pass_header X-Accel-Expires;
            fastcgi_ignore_headers Cache-Control Expires;
            add_header x-cache $upstream_cache_status;
        }

        location ~* ^.+.(jp?g|gif|png|css|js|flv|swf|ico|xml|txt|eot|svg|ttf|woff|woff2)$ {
            access_log  off;
            log_not_found off;
            expires 30d;
        }

        location ~ /(\.ht|\.user.ini|\.git|\.hg|\.bzr|\.svn) {
            deny  all;
        }

        location ~* ^.+.(git|pem)$ {
            deny  all;
        }

    }

    #通常
    server {
        listen       80;
        listen       [::]:80;
        server_name  _;
        root         /var/www/html;
        return 301 https://$host$request_uri;
     }

    server {
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  _;
        root         /var/www/html;
        client_max_body_size 4m;

        ssl_certificate     "/etc/nginx/ssl/[証明書]";
        ssl_certificate_key "/etc/nginx/ssl/[秘密鍵]";
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:60m;
        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
        ssl_prefer_server_ciphers on;

        #include /etc/nginx/default.d/*.conf;

        location / {
            try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass php-fpm;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_script_name;
            include fastcgi_params;
        }

        location ^~ /phpmyadmin {
            #allow 0.0.0.0;#IP制限
            deny all;

            alias /var/www/phpmyadmin;
            index index.php;

            location ~ \.php$  {
                fastcgi_pass    php-fpm;
                fastcgi_index   index.php;
                fastcgi_split_path_info ^/phpmyadmin(.+\.php)(.*)$;
                fastcgi_param   SCRIPT_FILENAME /var/www/phpmyadmin$fastcgi_script_name;
                include         /etc/nginx/fastcgi_params;
            }
        }

        location ~* ^.+.(jp?g|gif|png|css|js|flv|swf|ico|xml|txt|eot|svg|ttf|woff|woff2)$ {
            access_log  off;
            log_not_found off;
            expires 30d;
        }

        location ~ /(\.ht|\.user.ini|\.git|\.hg|\.bzr|\.svn) {
            deny  all;
        }
    }

    #SSLリダイレクト
    server {
        if ($host = example.com) {
            return 301 https://$host$request_uri;
        }
        listen       80;
        listen       [::]:80;
        server_name  example.com;
        return 404;
    }

}

FastCGIcache

WordpressでNginx(FastCGIcache)の設定

worker_rlimit_nofile

$ cat /proc/sys/fs/file-max
# 379002
# 10%前後
# 40000 etc..

worker_connections

# worker_rlimit_nofile / 4 くらい
# 2048 or 4096 etc..
$ chown -R nginx:nginx /var/lib/php/session
$ chown -R nginx:nginx /var/www/html

$ service nginx start
# Redirecting to /bin/systemctl start nginx.service

$ service php-fpm start
# Redirecting to /bin/systemctl start php-fpm.service

$ chkconfig nginx on
# systemctl enable nginx.service
$ chkconfig php-fpm on
# systemctl enable php-fpm.service

###PHP動作確認

/usr/share/nginx/html/phpinfo.php
<?php 
//ドキュメントルート適宜変更
phpinfo();

BASIC認証

$ yum install -y httpd-tools
$ cd /etc/nginx
$ htpasswd -c .htpasswd ユーザー名
/etc/nginx/nginx.conf
server {
    location / {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }
}

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
What you can do with signing up
0