ByteBard 發佈到 Nginx

Facebook Twitter LinkedIn LINE Skype EverNote GMail Yahoo Email

前言

This article demonstrates the whole process to deploy a Lightweight CMS site to a Nginx web server on GNU/Linux.

安裝必需套件

Ubuntu

Invoke this command to install a mininal Nginx and PHP combination:

$ sudo apt install nginx php php-fpm

Invoke this command to install packages for Composer:

$ sudo apt install php-xml php-mbstring php-zip unzip

If you utilize default theme of Lightweight CMS, invoke this command as well:

$ sudo apt install nodejs npm

CentOS

Run the following command to install a Nginx and PHP combo:

$ sudo dnf install nginx php php-fpm

Some CentOS still provides older PHP, which is incompatible with Lightweight CMS.

Run this command to install packages for Composer:

$ sudo dnf install php-json php-xml php-mbstring

Run this command as well if you utilize default theme of Lightweight CMS:

$ sudo dnf install nodejs npm

openSUSE

Run this command for a bare Nginx and PHP based solution:

$ sudo zypper install nginx php7 php7-fpm

Run the command to install packages for Composer:

$ sudo zypper install php7-phar php7-openssl php7-mbstring php7-zlib

Run the command if you use default theme of Lightweight CMS:

$ sudo zypper install nodejs14 npm14

設置 FastCGI 行程管理者的 PHP 池

Your package of FastCGI Process Manager (FPM) should set a default PHP pool on installation. Don't modify these configurations unless you know what you do. A wrongly configured FPM may result in a defunct service.

Check listen field of configuration of system PHP pool. You will see something like this:

listen = /run/php-fpm/www.sock

This is what you will set in your Nginx configuration.

On openSUSE, no active configuration is ready by default. Simply copy default configurations provided by php-fpm package from openSUSE:

$ sudo cp /etc/php7/fpm/php-fpm.conf.default /etc/php7/fpm/php-fpm.conf
$ sudo cp /etc/php7/fpm/php-fpm.d/www.conf.default /etc/php7/fpm/php-fpm.d/www.conf

設置 Nginx

Here we list a heavily-commented Nginx sample configuration:

# A sample Nginx configuration for Lightweight CMS based sites.
#
# Don't simply copy and paste the configuration here. Instead,
#  modify it according to your own situations.

server {
    # The port of your server.
    listen       443 ssl;

    # The domain name of your server.
    server_name  example.com;

    # If your Nginx serves a HTTPS site,
    #  SSL related configuration are mandatory.
    #
    # You may get a free SSL certificate at
    #   Let's Encrypt (https://letsencrypt.org/).
    #
    ssl_certificate     /path/to/site.crt;
    ssl_certificate_key /path/to/site.key;
    #ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    #ssl_ciphers         HIGH:!aNULL:!MD5;

    # Route to assets.
    #
    # You may require to set various expiration times
    #  for different assets. If the case, set
    #  separate assets in distinct `location` blocks.
    #
    location ~ \.(css|js|json|xml|txt|jpg|jpeg|png|gif|woff|woff2)$ {
        root  /var/www/lightweight-cms/public/;
    }

    # You should always prepare a HTTP 404 page
    #  to hide sensitive system information.
    #
    error_page   404              /404.html;

    # In a similiar fashion, you should prepare
    #  a HTTP 50x page as well.
    #
    error_page   500 502 503 504  /50x.html;

    # Route to static error pages.
    #
    # The page is prerendered by our custom script.
    #  Therefore, it is static.
    #
    location ~ /(404|50x).html {
        root  /var/www/lightweight-cms/public/;
    }

    # Route to all URLs except assets.
    location / {
        root  /var/www/lightweight-cms/www/;

        # Try local files first. If none is matched,
        #  rewrite the URL to our index script.
        try_files $uri $uri.php $uri.html $uri.htm @rewrite;
    }

    # Redirect all URLs to our index script.
    #
    # Currently, we don't handle URL parameters at all.
    #
    location @rewrite {
        rewrite ^(.+)$ /index.php;
    }

    # Pass PHP scripts to a FastCGI server.
    location ~ \.php$ {
        root           /var/www/lightweight-cms/www/;

        # Listen to a local server.
        #fastcgi_pass   127.0.0.1:9000;
        # Listen to a socket.
        fastcgi_pass   unix:/run/php-fpm/www.sock;

        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

        include        fastcgi_params;
    }

    # Disallow access to Apache configuration files.
    location ~ /\.ht {
        deny all;
    }
}

啟動相關服務

Assume your configurations are ready. Start system FPM service:

$ sudo systemctl start php-fpm

In a similar fashion, start a Nginx web server:

$ sudo systemctl start nginx

If any of your configuration is wrong, these services will fail to start. Trace those error messages and debug it accordingly.

設置防火牆

You have to open ports for web service to accept external network connections. Default port for HTTP is 80 while that for HTTPs is 443.

firewalld

Invoke the following commands to open related ports:

$ firewall-cmd --permanent --zone=public --add-port=80/tcp
$ firewall-cmd --permanent --zone=public --add-port=443/tcp

Reload firewalld to make your changes effective:

$ firewall-cmd --reload

iptables

Invoke the following commands to open related ports:

$ sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
$ sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Save current iptables rules persistently:

$ sudo iptables-save > /etc/iptables/rules.v4