[Debian] 安裝最新的 nginx + MariaDB + PHP7.4
安裝 nginx 1
Debian 環境安裝新版 nginx
在 Debian 系統中,我們可以通過 apt-get 安裝系統自帶的 nginx,這樣安裝的 nginx 版本略舊。Nginx 官網提供了一些編輯繹好的 deb 安裝包,
我們只需更新安裝源,就可以通過 apt-get 來安裝最新的穩定版 Nginx 了。
$ echo deb http://nginx.org/packages/debian/ stretch nginx | sudo tee /etc/apt/sources.list.d/nginx.list
$ wget http://nginx.org/keys/nginx_signing.key && sudo apt-key add nginx_signing.key
$ sudo apt update && apt install nginx -y
需要注意的是,這一步安裝的 Nginx 和系統自帶的 nginx 的配置目錄略有區別,可以用一下幾個簡單的命令修正:
讓設定習慣不用改變
sudo mkdir /etc/nginx/{sites-available,sites-enabled}
sudo mv /etc/nginx/conf.d/* /etc/nginx/sites-available
sudo rmdir -f /etc/nginx/conf.d/
sudo perl -pi -e 's/conf.d/sites-enabled/g' /etc/nginx/nginx.conf
要設定一下設定檔連結
ln -s /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/
mkdir -p /var/www/html
chown -R nginx:nginx /var/www/html
Step 1: Update system apt index
sudo apt -y update
sudo apt -y install software-properties-common gnupg2
sudo apt -y upgrade
sudo reboot
Step 2: Import MariaDB gpg key and add repository.
sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xF1656F24C74CD1D8
sudo add-apt-repository 'deb [arch=amd64] http://mariadb.mirror.liquidtelecom.com/repo/10.4/debian buster main'
Step 3: Install MariaDB 10.4 on Debian 10 (Buster)
sudo apt update
sudo apt install mariadb-server mariadb-client
Step 4: Secure MariaDB server
$ sudo mysql_secure_installation
檢查版本
MariaDB [(none)]> SELECT VERSION();
+----------------------------------------+
| VERSION() |
+----------------------------------------+
| 10.4.12-MariaDB-1:10.4.12+maria~buster |
+----------------------------------------+
1 row in set (0.000 sec)
MariaDB [(none)]>
############ 安裝 php 7.4 #######################################
apt-get install -y apt-transport-https lsb-release ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
apt-get update
apt-get upgrade
安裝新版 php7.4
apt-get install php7.4 php7.4-cli php7.4-cgi php7.4-fpm php7.4-gd php7.4-mysql php7.4-imap php7.4-curl \
php7.4-intl php7.4-pspell php7.4-sqlite3 php7.4-tidy php7.4-xmlrpc php7.4-xsl php7.4-zip php7.4-mbstring \
php7.4-soap php7.4-opcache libonig5 php7.4-common php7.4-json php7.4-readline php7.4-xml
pecl install mcrypt-1.0.3
# Install PHP mcrypt on Debian 10/PHP 7.4
#
# Install pre-requisites
apt-get install php-dev libmcrypt-dev php-pear
# Install mcrypt PHP module
pecl channel-update pecl.php.net
pecl install channel://pecl.php.net/mcrypt-1.0.3
###########################################################
Build process completed successfully
Installing '/usr/lib/php/20190902/mcrypt.so'
install ok: channel://pecl.php.net/mcrypt-1.0.3
configuration option "php_ini" is not set to php.ini location
You should add "extension=mcrypt.so" to php.ini
Add mcrypt.so to the php.ini file
vi /etc/php/7.3/cli/php.ini
For Nginx, use this:
vi /etc/php/7.3/fpm/php.ini
For Apache
vi /etc/php/7.3/apache2/php.ini
修改 php.ini 設定
file_uploads = On
allow_url_fopen = On
memory_limit = 256M
upload_max_filesize = 100M
cgi.fix_pathinfo = 0
max_execution_time = 360
date.timezone = Asia/Taipei
#########
#########
修改run php
# php-fpm
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location / {
#root /usr/share/nginx/html/BookStack/public;
#index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
#
## 如果使用 nginx 1.18 最新版需修改 www.conf
修改 /etc/php/7.4/fpm/pool.d/www.conf 設定檔,改變執行者及群組
# vi /etc/php/7.4/fpm/pool.d/www.conf
user = nginx
group = nginx
listen = /var/run/php-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0666
systemctl restart php7.4-fpm.service
systemctl status php* | grep fpm.service
<?php
phpinfo();
?>
5
#
建立資料庫及給設定使用者權限
CREATE DATABASE labstack;
CREATE USER 'labstackuser'@'localhost' IDENTIFIED BY 'new_password_here';
GRANT ALL ON labstack.* TO 'labstackuser'@'localhost' IDENTIFIED BY 'user_password_here' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;
#
cd /etc/ssl
sudo mkdir example
cd example
sudo openssl genrsa -out example.key 2048
sudo openssl req -new -key example.key -out example.csr
sudo openssl x509 -req -days 365 -in example.csr -signkey example.key -out example.crt
##
server {
# Not listening for port 80 traffic,
# we expect all traffic to come from our load balancer
# which will send over port 443
listen 443 ssl default_server;
# Configuration taken from H5BP Nginx Server configs for SSL traffic
ssl on;
ssl_certificate /etc/ssl/example/example.crt;
ssl_certificate_key /etc/ssl/example/example.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions
ssl_session_timeout 24h;
keepalive_timeout 300; # up from 75 secs default
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}
##
#
#
沒有留言:
張貼留言