Outils pour utilisateurs

Outils du site


Action disabled: revisions
install:nginx-php72-fpm

Installer Nginx/Apache + PHP7-FPM

<note important> La procédure traitée sur cette page est à exploiter sur un système sur lequel aucune solution LAMP n'a encore été installée*. </note>

Cette procédure installera sur votre machine :

  • Varnish
  • Nginx
  • PHP7.2-FPM
  • MariaDB

* Récupération des mises à jour des paquets :

apt-get update

* Installation de Nginx en front pour le statique, PHP-7.2 FPM en back pour le dynamique, MariaDB et VIM (édition)

apt-get install varnish nginx nginx-extras mariadb-server php7.2 php7.2-fpm php7.2-mysql php7.2-curl php7.2-bcmath php7.2-intl php7.2-json php7.2-gd php7.2-mbstring php7.2-xml php7.2-zip php-imagick vim

* La configuration de PHP utilisé en ligne de commande est stockée dans /etc/php/7.2/fpm/php.ini. Voici quelques suggestions de modifications :

max_execution_time = 300 
max_input_time = 300 
memory_limit = 256M 
upload_max_filesize = 100M

* Configurer nginx :

vi /etc/nginx/nginx.conf
worker_rlimit_nofile 8192;

events {
        worker_connections 1024;
        multi_accept on;
}

http {
        fastcgi_index  index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_param REQUEST_METHOD $request_method;
        fastcgi_param CONTENT_TYPE $content_type;
        fastcgi_param CONTENT_LENGTH $content_length;
        fastcgi_param REMOTE_ADDR $remote_addr;
        fastcgi_intercept_errors on;
        fastcgi_ignore_client_abort off;
        fastcgi_connect_timeout 60;
        fastcgi_send_timeout 180;
        fastcgi_read_timeout 180;
        fastcgi_buffers 4 256k;
        fastcgi_buffer_size 128k;
        fastcgi_busy_buffers_size 256k;
        fastcgi_temp_file_write_size 256k;
        
        gzip on;

        gzip_vary on;
        gzip_comp_level 9;
        gzip_http_version 1.1;
        gzip_static on;
        gzip_min_length 1400;
        gzip_types  text/plain text/css image/gif application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript video/x-flv video/mp4 video/ogg video/webm;
}
vi /etc/nginx/sites-available/default
server {
	listen 8080;
        listen [::]:8080;

        # Hostname
        server_name linkuff.com;

        # Fichiers log
        access_log      /var/log/linkuff.com/www/access.log;
        error_log       /var/log/linkuff.com/www/error.log;
        log_not_found off;

        # Répertoire
        root /var/site/linkuff.com/www;

        # Fichier par défaut
        index index.php index.html;

        include /etc/nginx/global/*.conf;

        location / {
                #try_files $uri $uri/ =404;
                try_files $uri $uri/ /index.php?$args;
        }

        if (!-e $request_filename) {
                rewrite /wp-admin$ $scheme://$host$uri/ permanent;
                rewrite ^(/[^/]+)?(/wp-.*) $2 last;
                rewrite ^(/[^/]+)?(/.*\.php) $2 last;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                include fastcgi_params;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }
}
vi /etc/nginx/global/cache.conf
location ~* ^.+\.(txt|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
        access_log off;
        expires max;
}
vi /etc/nginx/global/security.conf
location = /favicon.ico {
        log_not_found off;
        access_log off;
}       

location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
}       

location ~ /(\.|wp-config.php|readme.html|license.txt) {
        return 404;
}       

location ~ /\. { 
        deny all;
        access_log off;
        log_not_found off;
}       

location ~* /(?:uploads|files)/.*\.php$ {
        deny all;
}
vi /etc/nginx/sites-available/default
location /nginx_status {
        stub_status on;
        access_log   off;
        allow 127.0.0.1;
        deny all;
}
service nginx restart

* Configurer varnish :

vi /etc/default/varnish
DAEMON_OPTS="-a :80 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -s malloc,256m"
vi /etc/varnish/default.vcl
backend default {
    .host = "127.0.0.1";
    .port = "8080";
}
vi /lib/systemd/system/varnish.service
ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m
systemctl daemon-reload
service varnish restart

* Optimiser le TCP avec php-fpm :

echo "net.core.somaxconn=65335" >> /etc/sysctl.conf
sysctl -p
vi /etc/php/7.0/fpm/php-fpm.conf
listen.backlog = 65535

* Accès MySQL depuis l'extérieur :

mysql> CREATE USER 'user_ext'@'localhost' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'user_ext'@'localhost' WITH GRANT OPTION;
mysql> CREATE USER 'user_ext'@'%' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'user_ext'@'%' WITH GRANT OPTION;
install/nginx-php72-fpm.txt · Dernière modification: 2019/10/10 09:38 par linkuff