Help us understand the problem. What is going on with this article?

PHP7.3 for Amazon Linux 2018.03.0

・旧
WordPress(PHP7+nginx) for Amazon Linux AMI 2016.09

EC2

$ sudo su -l
$ passwd ec2-user

#ローカルタイム変更
$ cp -rp /etc/localtime /etc/localtime.org
$ cp -rp /usr/share/zoneinfo/Japan /etc/localtime
/etc/sysconfig/clock
#yum updateなどでUTCにもどるのを防ぐ
-ZONE="UTC"
-UTC=true
+ZONE="Asia/Tokyo"
+UTC=false
/etc/sysconfig/i18n
-LANG=en_US.UTF-8
+LANG=ja_JP.UTF-8

PHP7.3

$ yum install -y php73 php73-fpm php73-gd php73-mbstring php73-mcrypt php73-mysqlnd php73-zip php73-opcache php73-devel

#yum list available | grep php73
#yum list installed | grep php

Imagick

$ yum install gcc
$ yum install -y ImageMagick*
$ yum install php7-pear
$ pecl7 channel-update pecl.php.net
$ pecl7 install imagick
/etc/php-fpm-7.3.d/www.conf
-user = apache
+user = nginx
-group = apache
+group = nginx
/etc/php.ini
+date.timezone = "Asia/Tokyo"
-memory_limit = 128M
+memory_limit = 256M

#X-Powered-Byヘッダを送らない
-expose_php = On
+expose_php = Off

upload_max_filesize = 2M
post_max_size = 8M

#3 days
session.gc_maxlifetime = 259200

[imagick]
extension=imagick.so

GitHub

$ yum install -y git

$ git config --global user.email "[GitHubメールアドレス]"
$ git config --global user.name "[GitHubユーザー名]"

# GitHub クローン
$ cd /var/www/
$ mv /var/www/html /var/www/_html
$ git clone https://github.com/[path_to_git].git html

# 以降はpullで
$ cd /var/www/html
$ git pull origin master
$ chown -R nginx:nginx /var/www/html

phpMyAdmin

最新版

$ cd /var/www/
$ wget https://files.phpmyadmin.net/phpMyAdmin/4.9.5/phpMyAdmin-4.9.5-all-languages.tar.gz
$ tar zxvf phpMyAdmin-4.9.5-all-languages.tar.gz
$ rm phpMyAdmin-4.9.5-all-languages.tar.gz
$ mv phpMyAdmin-4.9.5-all-languages phpmyadmin
$ cd /var/www/phpmyadmin/
$ cp config.sample.inc.php config.inc.php
/var/www/phpmyadmin/config.inc.php
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';//BASIC認証

/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';

nginx

$ yum install -y nginx
$ nginx -v
# nginx version: nginx/1.16.1
$ cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.org

# Perfect Forward Security
$ cd /etc/nginx/ssl
$ openssl dhparam 2048 -out dhparam.pem
/etc/nginx/nginx.conf
worker_rlimit_nofile 100000; #要確認

events {
    worker_connections 4096; #要確認
}

http {
    index   index.php index.html index.htm;
    charset UTF-8;
    server_tokens off;

    #Fastcgi_cache
    fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=FCKZ:32m inactive=3d max_size=128m;
    fastcgi_cache_use_stale error timeout invalid_header http_500;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  localhost;
        return 301 https://$host$request_uri;
     }

    server {
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  _;
        root         /var/www/html;

        client_max_body_size 4M;
        ssl_certificate     "/etc/nginx/ssl/[証明書]";
        ssl_certificate_key "/etc/nginx/ssl/[秘密鍵]";
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:60m;
        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
        ssl_prefer_server_ciphers on;

        #include /etc/nginx/default.d/*.conf;

        #Fastcgi_cache Settings
        set $do_not_cache 0;
        if ($request_method !~ ^(GET)$) {
            set $do_not_cache 1;
        }
        if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
            set $do_not_cache 1;
        }
        if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
            set $do_not_cache 1;
        }

        set $mobilef '';
        if ($http_user_agent ~* '(Mobile|Android|Silk|Kindle|BlackBerry|Opera Mini|Opera Mobi)') {
            set $mobilef 'mobile.';
        }

        fastcgi_cache_key "$mobilef$scheme://$host$request_uri";

        location / {
            try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass php-fpm;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_script_name;
            include fastcgi_params;

            fastcgi_cache_bypass $do_not_cache;
            fastcgi_no_cache $do_not_cache;
            fastcgi_cache FCKZ;
            fastcgi_cache_valid  200 5m;
            fastcgi_cache_valid  any 10m;
            fastcgi_pass_header X-Accel-Expires;
            fastcgi_ignore_headers Cache-Control Expires;
            add_header x-cache $upstream_cache_status;
        }

        location ^~ /phpmyadmin {
            #allow 0.0.0.0;#IP制限
            deny all;

            alias /var/www/phpmyadmin;
            index index.php;

            location ~ \.php$  {
                #fastcgi_pass    127.0.0.1:9000;
                fastcgi_pass    php-fpm;
                fastcgi_index   index.php;
                fastcgi_split_path_info ^/phpmyadmin(.+\.php)(.*)$;
                fastcgi_param   SCRIPT_FILENAME /var/www/phpmyadmin$fastcgi_script_name;
                include         /etc/nginx/fastcgi_params;
            }
        }

        location ~* ^.+.(jp?g|gif|png|css|js|flv|swf|ico|xml|txt|eot|svg|ttf|woff|woff2)$ {
            access_log  off;
            log_not_found off;
            expires 30d;
        }

        location ~ /(\.ht|\.user.ini|\.git|\.hg|\.bzr|\.svn) {
            deny  all;
        }

     }

}

worker_rlimit_nofileとworker_connectionsについては

(参考)worker_connectionsとworker_rlimit_nofileの値は何がいいのか?

FastCGIcache

WordpressでNginx(FastCGIcache)の設定

Let’s Encrypt

Let’s Encrypt for Amazon Linux + Nginx

SSL確認

$ openssl s_client -connect [ドメイン]:443 -showcerts

起動

$ chown -R nginx:nginx /var/lib/php/7.3/session
$ chown -R nginx:nginx /var/www/html

$ service nginx start
$ service php-fpm-7.3 start

$ chkconfig nginx on
$ chkconfig php-fpm-7.3 on

ブラウザで確認

/var/www/html/phpinfo.php
<?php echo phpinfo();?>

セキュリティ評価

Qualys SSL Report

BASIC認証

$ yum install -y httpd-tools
$ cd /etc/nginx
$ htpasswd -c .htpasswd [ユーザー名]
/etc/nginx/nginx.conf
server {
    location / {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }
}
ki6ool
絶対ワードプレス使うマン
https://6oolab.com/
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした