Настройка VDS с нуля на Centos 7, Nginx, PHP-fpm без Apache

 Здесь собраны все необходимые процедуры для настройки сервера с нуля на основе Centos 7.x без использования Apache для экономии серверных ресурсов. Apache заменяет Nginx с модулем PHP-FPM 5.6. В качестве базы данных используется MariaDB.
1. Nginx
2. PHP 5.6
3. php.ini
4. PHP-FPM
5. Настроить конфиги php-fpm и nginx
6. Пользователей, кроме root, сменить пароль root
7. Firewall или iptables
8. Папки сайтов и логов
9. MariaDB
Очистка старого SSH ключа на локальной машине
ssh-keygen -R *ip_address_or_hostname*
cat /etc/centos-release — проверка версии centos
Апдейт
yum clean all
yum update
yum autoremove
Package 1:nginx-1.10.2-1.el7.x86_64 already installed and latest version
Package php-fpm-5.6.30-1.el7.remi.x86_64 already installed and latest version
Package php-mysql-5.4.45-13.el7.remi.x86_64 is obsoleted by php-mysqlnd-5.6.30-1.el7.remi.x86_64 which is already installed
Package 1:mariadb-server-5.5.52-1.el7.x86_64 already installed and latest version
Package unzip-6.0-16.el7.x86_64 already installed and latest version

Firewall

systemctl status firewalld — проверка статуса файрволла
firewall-cmd —list-ports
Меняем порт SSH
$ sudo firewall-cmd —zone=public —add-port=974/tcp —permanent
$ sudo firewall-cmd —reload
firewall-cmd —zone=public —remove-port=22/tcp
systemctl restart firewalld.service
nano /etc/ssh/sshd_config
Port ХХХХ
systemctl restart sshd.service
nano /etc/sysconfig/selinux — проверить disable

Устанавливаем NGINX

yum install epel-release
yum install nginx
systemctl start nginx
systemctl status nginx
If you are running a firewall, run the following commands to allow HTTP and HTTPS traffic:
sudo firewall-cmd —permanent —zone=public —add-service=http
sudo firewall-cmd —permanent —zone=public —add-service=https
nginx -V
check
http://server_domain_name_or_IP/ проверить IP — ip addr
You should now put your content in a location of your choice and edit the root configuration directive in the nginx configuration file /etc/nginx/nginx.conf.
Start every boot
systemctl enable nginx
Default Server Root
The default server root directory is /usr/share/nginx/html. Files that are placed in there will be served on your web server. This location is specified in the default server block configuration file that ships with Nginx, which is located at /etc/nginx/nginx.conf.
Server Block Configuration
Any additional server blocks, known as Virtual Hosts in Apache, can be added by creating new configuration files in /etc/nginx/conf.d. Files that end with .conf in that directory will be loaded when Nginx is started.
Nginx Global Configuration
The main Nginx configuration file is located at /etc/nginx/nginx.conf. This is where you can change settings like the user that runs the Nginx daemon processes, and the number of worker processes that get spawned when Nginx is running, among other things.
Версия PHP
php -v
Обновление до PHP 5.6
# wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm
# rpm -Uvh remi-release-7*.rpm
В CentOS php.ini лежит в /etc, прямо в корне.
We will change both of these conditions by uncommenting the line and setting it to «0» like this:
/etc/php.ini excerpt
cgi.fix_pathinfo=0

Установка PHP-FPM

sudo nano /etc/yum.repos.d/remi.repo
удаляем 5.5 и ставим enabled=1 для remi и remi-php56
Теперь обновляем php 5.4 до php 5.6:
# yum —enablerepo=remi,remi-php56 install php php-common php-mysql php-mbstring php-mcrypt php-devel php-xml php-gd php-fpm
Запускаем
systemctl start php-fpm
systemctl enable php-fpm
Создаём конфиг php-fpm
nano /etc/nginx/default.d/php-fpm.conf
And add the following content to it:
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root           /usr/share/nginx/html;
fastcgi_pass   127.0.0.1:9000;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
include        fastcgi_params;
}
Next, open the php-fpm configuration file www.conf:
sudo vi /etc/php-fpm.d/www.conf
Find the line that specifies the listen parameter, and change it so it looks like the following:
127.0.0.1 заменить на
listen = /var/run/php-fpm/php-fpm.sock
Next, find the lines that set the listen.owner and listen.group and uncomment them. They should look like this:
listen.owner = nobody
listen.group = nobody
Lastly, find the lines that set the user and group and change their values from «apache» to «nginx»:
user = nginx
group = nginx
Then save and quit.
Now, we just need to start our PHP processor by typing:
sudo systemctl start php-fpm
This will implement the change that we made.
Next, enable php-fpm to start on boot:
sudo systemctl enable php-fpm
systemctl restart php-fpm
systemctl restart nginx
Узнать версию MySql
rpm -qa | grep mysql
Пакеты MySql
Пакеты MySql
yum list installed | grep mysql
Просмотр установленных пакетов
yum list installed

Установка MariaDB

yum install -y mariadb mariadb-server
Добавляем mariadb в автозапуск:
# systemctl enable mariadb.service
Запускаем mariadb:
# systemctl start mariadb
Перезапуск mariadb/mysql в CentOS 7:
# systemctl restart mariadb
Проверяем, запустилась или нет:
# netstat -tulnp | grep mysqld
Теперь запускаем стандартный скрипт настройки безопасности:
# /usr/bin/mysql_secure_installation

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *