NGINX + PHP FastCGI
Установка модуля SSL:
# yum install mod_sslУстановка PHP 7.3-7.4 с rpms.remirepo.net на Centos 7
Открыть порты 80 и 433:
# firewall-cmd --zone=public --add-port=80/tcp --permanent
# firewall-cmd --zone=public --add-port=443/tcp --permanent
# firewall-cmd --reloadОткрыть файл /etc/php.ini и привети параметры к данным:
date.timezone = "Europe/Moscow"
short_open_tag = On
upload_max_filesize = 128M // Максимальный размер загружаемого файла
post_max_size = 128M // Максимальный размер POST
max_input_vars = 1000000
session.gc_maxlifetime = 86400
memory_limit = // ОЗУСоздать для PHP FastCGI настройки для сайта (/etc/php-fpm.d/www.conf):
[www]
user = nginx
group = nginx
listen = 127.0.0.1:9000
listen.owner = nginx
listen.group = nginx
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.process_idle_timeout = 10s;
;pm.max_requests = 500
;pm.status_path = /status
;ping.path = /ping
;ping.response = pong
;access.log = log/$pool.access.log
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
slowlog = /var/www/logs/slow.log
;request_slowlog_timeout = 0
;request_slowlog_trace_depth = 20
;request_terminate_timeout = 0
;rlimit_files = 1024
;rlimit_core = 0
;chroot =
chdir = /var/www/html
;catch_workers_output = yes
;clear_env = no
;security.limit_extensions = .php .php3 .php4 .php5 .php7
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
php_admin_value[error_log] = /var/www/logs/error.log
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 128M
php_value[session.save_handler] = files
php_value[session.save_path] = /var/www/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
;php_value[opcache.file_cache] = /var/lib/php/opcacheЗапустить и поместить в автозапуск:
# systemctl start php-fpm
# systemctl enable php-fpmФайл настроек NGINX (/etc/nginx/nginx.conf):
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}Файл настроек NGINX (/etc/nginx/conf.d/default.conf):
server {
listen 80 default_server;
server_name _;
access_log /var/www/logs/host.access.log main;
location / {
location / {
return 301 https://$host$request_uri;
}
}
}
server {
listen 443 default_server http2 ssl;
server_name _;
root /var/www/html;
index index.php;
charset utf-8;
access_log /var/www/logs/host.access.ssl.log main;
ssl on;
ssl_certificate "/var/www/cloud.disweb.ru/certificate.pem";
ssl_certificate_key "/var/www/cloud.disweb.ru/private.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!SSLv2:!SSLv3;
ssl_prefer_server_ciphers on;
gzip on;
location ~ \.php$ {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
}
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}Запуск и добавление в автозагрузку:
# systemctl start nginx
# systemctl enable nginx