Warning: preg_match(): Unknown modifier '-' in /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php on line 783

Warning: preg_match(): Unknown modifier '-' in /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php on line 783

Warning: preg_match(): Unknown modifier '-' in /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php on line 783

Warning: preg_match(): Unknown modifier '-' in /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php on line 783

Warning: preg_match(): Unknown modifier '-' in /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php on line 783

Warning: preg_match(): Unknown modifier '-' in /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php on line 783

Warning: preg_match(): Unknown modifier '-' in /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php on line 783

Warning: preg_match(): Unknown modifier '-' in /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php on line 783

Warning: Cannot modify header information - headers already sent by (output started at /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php:783) in /home/akl1986/public_html/support/wp-includes/feed-rss2.php on line 8
PHP-FPM – AKLWEB HOST LLC Support Center https://support.aklwebhost.com Thu, 09 Jan 2020 21:18:23 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.4 Setup NGINX, PHP-FPM, and MariaDB on Debian 8 https://support.aklwebhost.com/knowledgebase/setup-nginx-php-fpm-and-mariadb-on-debian-8/ https://support.aklwebhost.com/knowledgebase/setup-nginx-php-fpm-and-mariadb-on-debian-8/#respond Thu, 09 Jan 2020 21:18:23 +0000 https://support.aklwebhost.com/?post_type=manual_kb&p=3004 This guide will show you how to correctly install and configure an “alternative” LAMP stack on Debian 8 utilizing NGINX, PHP Fast Process Manager, and MariaDB.

NGINX

NGINX is a “reverse proxy first, web server second”. It is a popular and growing alternative to Apache, offering greater flexibility and better performance in many instances. In this tutorial, we will be using it as our web server.

Fire up your favorite SSH client and login to your server. For Windows users, “PuTTY” is a free and lightweight SSH client. Linux and Mac users can use the terminal included by default with their operating system. For this tutorial, we will assume that you are logged in to your server as the “root” user.

For starters, let’s just make sure everything is up to date. Type the following to check for and then install updates.

apt-get update && apt-get upgrade

We’ll be editing our configuration files in vim. Vim is not installed by default, so let’s install it!

apt-get install vim

Now it’s time to install NGINX. We’ll want to install the latest version of NGINX from the official NGINX Debian repository.

wget http://nginx.org/keys/nginx_signing.key
apt-key add nginx_signing.key
echo 'deb http://nginx.org/packages/debian/ jessie nginx' >> /etc/apt/sources.list
echo 'deb-src http://nginx.org/packages/debian/ jessie nginx' >> /etc/apt/sources.list
apt-get update && apt-get install nginx

Now we need to tweak the NGINX configuration some. Navigate to the configuration directory.

cd /etc/nginx

A quick vim lesson

Use the arrow keys to navigate the text document. To begin making edits, press the “insert” button on your keyboard. If your keyboard doesn’t have an insert button, then press the “i” key. Towards the bottom of vim you’ll notice it now says “INSERT”. Insert mode will let you delete via backspace or insert new characters by typing them.

Let’s open up our nginx.conf and poke around:

vi nginx.conf

Let’s change the default user, check the number of worker processes, and turn off the access log.

The directives “user” and “worker_processes” are near the top. Try the values below:

Note that you’ll want to set “worker_processes” to the number of CPU cores available on your server. In this example, we have 1, which is the NGINX default.

user www-data;
worker_processes 1;

We’ll also want to disable the access log, for sake of improving I/O performance. Navigate downwards with the arrow keys until you find “access_log”. Modify it to the following:

access_log off;

And lastly, we’ll set the “client_max_body_size” to correspond with some changes made to PHP later on. Let’s save the trouble and do it now. Add just below “access_log”:

client_max_body_size 12m;

When you’ve finished up editing, press “Esc” on your keyboard. Vim will no longer say “INSERT” towards the bottom of the file.

To save our changes and quit vim, press the following key sequence:

SHIFT :(colon)
wq
Press "Enter"

The above vim kung fu will write your changes to disk and exit vim, dropping you back into the bash shell.

Now, we need to make a site-specific configuration for our example! We’ll also delete the other example configurations. Try the following:

cd conf.d
rm example_ssl.conf default.conf
vi my_site.conf

We’ll make a short and simple www.conf based loosely on the default NGINX configuration, but with a few tweaks. Press insert and you can copy/paste the below example.

Don’t forget to edit the “root” directive to point to the root directory of your website, and “server_name” to correspond to your domain.

server {
    listen 80;

    root /path/to/your/website;
    index index.php index.html index.htm;

    server_name mydomainname.com www.mydomainname.com;

    location / {
            try_files $uri $uri/ /index.php;
    }

    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
    }
}

Now we’re done with the NGINX configuration section of this tutorial. We’ll restart NGINX in a little bit, right after we install PHP.

PHP-FPM

PHP-FPM is the PHP Fast Process Manager. It’s required when using NGINX, because unlike Apache, NGINX doesn’t run PHP as a module. This was done to reduce NGINX’s memory footprint. Remember that part about NGINX being a reverse proxy first and foremost? Here’s where that comes into play; PHP requests sent to NGINX are fed to PHP-FPM to do the heavy lifting.

Let’s install PHP-FPM.

apt-get install php5-fpm php5-mysqlnd

Note that depending on what your PHP scripts require, you may have to install other PHP modules not included by default. Popular ones are php5-gd and php5-mcrypt. You can install these with the following command.

apt-get install php5-module_name_here

Now that we’ve got PHP-FPM installed, we’ll want to make a few quick edits to enhance security and functionality.

cd /etc/php5/fpm
vi php.ini

Time for another quick vim lesson! The php.ini file is absolutely huge. Looking for a few key values will take all day. So since we know what we’re looking for, we’ll search. Type the following:

/upload_max_filesize

This, by default, is set to 2 megabytes. If you want to allow users to upload files to your PHP applications greater than 2 megabytes, you will need to change this. 10M is probably a safe bet for now, but higher values are also acceptable. This setting will vary among configurations. For sake of tutorial:

upload_max_filesize = 10M

One more glaring security flaw. Scroll down a little further or search. We need to turn “allow_url_fopen” to “Off”. This will prevent PHP from running PHP files hosted REMOTELY, otherwise known as RFI (Remote File Inclusion). Many servers are hacked this way.

allow_url_fopen = Off

And because we changed “upload_max_filesize”, we now have to change “post_max_size”. This value should be a little bigger than “upload_max_filesize”, because we have to take into account the overhead associated with our requests processed by PHP.

Let’s search one more time with “/post_max_size”.

post_max_size = 12M

Note that you’ll have to go back to your NGINX configuration and edit “client_max_body_size” if you decide to go with larger values than these examples for your PHP file sizes.

That’s about it for now. Make sure you aren’t in edit mode by pressing “Esc”. Save and exit vim.

SHIFT :(colon)
wq
Press 'Enter'

PHP-FPM setup is complete.

MariaDB

Even in a world continuously moving towards NoSQL or MongoDB, some of us still find it easier to just stick with MySQL. This is especially true for many web applications. Fortunately, there now exist a number of “drop-in” replacements for Oracle MySQL. Debian 8 now includes the ever popular MariaDB. MariaDB is a fork of Oracle MySQL based on version 5.5. MariaDB, for all intents and purposes, calls this MariaDB 10. It is considered a FULL replacement for Oracle MySQL. Think of it as MySQL at heart, sans the Oracle branding, and some new features.

apt-get install mariadb-server

IMPORTANT: You absolutely, positively, need to pick a strong root password for MariaDB. Save it somewhere secure. You’ll need to enter it twice during the MariaDB installation.

Let’s tweak the MariaDB configuration slightly. We’re going to disable MariaDB listening via the network interface. Instead, as with PHP-FPM earlier, we’ll stick only to a UNIX socket. Most PHP applications should support connecting to the database server via a UNIX socket instead of the local loopback interface.

cd /etc/mysql
vi my.cnf

Look for “bind-address = 127.0.0.1”. Comment that line out. Above or below it add “skip-networking”.

#bind-address = 127.0.0.1
skip-networking

We’re done with MariaDB! Eventually, you may want to tweak your MariaDB configuration depending on if you’ll be using primarily the MyISAM or InnoDB storage engines, but also for the number of CPU cores and RAM available to your server. The defaults will get us up and running in the mean time.

Let’s restart each of the services for which configuration files were modified in this tutorial.

systemctl restart nginx.service
systemctl restart php5-fpm.service
systemctl restart mysql.service

That’s it – we’re all done. At this point, you have a fully functional LNMP ( LEMP ) server online!

This guide was to serve as a general rule of thumb for getting started with with the above services with minimal tweaking. For further information, read the documentation for the above packages. While this example setup should work well right “out of the box”, adjustments can, and most likely will need to be made to better suit your needs.

Recommended areas to research:

  • Utilizing and modifying NGINX’s cache control.
  • PHP-FPM “static”, “dynamic”, or “ondemand” task manager settings.
  • MariaDB performance tuning to get the most out of your database server.
]]>
https://support.aklwebhost.com/knowledgebase/setup-nginx-php-fpm-and-mariadb-on-debian-8/feed/ 0
Install ownCloud 7 on CentOS 6 with Nginx w/ SSL, PHP-FPM, and PGSQL (Automated Startup Script) https://support.aklwebhost.com/knowledgebase/install-owncloud-7-on-centos-6-with-nginx-w-ssl-php-fpm-and-pgsql-automated-startup-script/ https://support.aklwebhost.com/knowledgebase/install-owncloud-7-on-centos-6-with-nginx-w-ssl-php-fpm-and-pgsql-automated-startup-script/#respond Fri, 06 Dec 2019 18:59:27 +0000 https://support.aklwebhost.com/?post_type=manual_kb&p=2623 You can copy and paste the following bash script into the startup script area of the AKLWEB HOST Control Panel.

This startup script will install the current version of ownCloud, including all necessary packages to run the server upon deployment.

#/bin/sh
#####Generate Database Credentials
db_name="oc`date +%s`"
sleep 1
db_user="oc`date +%s`"
sleep 1
db_password=`date |md5sum |cut -c '1-12'`
ip_addr=$(ifconfig | grep -v '127.0.0.1' | sed -n 's/.*inet addr:\([0-9.]\+\)\s.*//p')
##### Open firewall for http and SSL
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
/etc/init.d/iptables save
/etc/init.d/iptables restart
#### Remove any installed versions on mysql and enable proper php repo
yum -y remove mysql* mysql-server mysql-devel mysql-libs
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm -ivh http://yum.postgresql.org/9.3/redhat/rhel-6-i386/pgdg-centos93-9.3-1.noarch.rpm
sed -i '/\[remi\]/,/^ *\[/ s/enabled=0/enabled=1/' /etc/yum.repos.d/remi.repo
sed -i '/\[remi-php56\]/,/^ *\[/ s/enabled=0/enabled=1/' /etc/yum.repos.d/remi.repo
#### Enable latest nginx repo
touch /etc/yum.repos.d/nginx.repo
cat <<EOF > /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/"$releasever"/"$basearch"/
gpgcheck=0
enabled=1
EOF
#### Install Nginx and pgsql
yum -y update
yum -y install nginx postgresql93 postgresql93-libs postgresql93-server wget php-fpm php-gd php-ldap     php-pear php-xml php-xmlrpc php-magickwand php-magpierss php-mbstring php-mcrypt php-shout php-snmp php-soap php-tidy php-pgsql php-pdo
service postgresql-9.3 initdb
service postgresql-9.3 start
chkconfig postgresql-9.3 on
/etc/init.d/nginx start
chkconfig nginx on
/etc/init.d/nginx stop
#### Set Database Credentials and Create Database
su - -c "psql" postgres << EOF
CREATE USER $db_user WITH PASSWORD '$db_password';
CREATE DATABASE $db_name OWNER $db_user ENCODING 'UTF8';
GRANT ALL PRIVILEGES ON DATABASE $db_name TO $db_user;
EOF
#### Apply PHP settings
sed -i '/post_max_size/c\post_max_size = 2G' /etc/php.ini
sed -i '/cgi.fix_pathinfo/c\cgi.fix_pathinfo = 0' /etc/php.ini
sed -i '/upload_max_filesize/c\upload_max_filesize = 2G' /etc/php.ini
sed -i '/date.timezone/c\date.timezone = "UTC"' /etc/php.ini
#### Set NGINX and PGSQL settings
chkconfig php-fpm on
/etc/init.d/php-fpm start
sed -i '0,/ident/! {0,/ident/ s/ident/md5/}' /var/lib/pgsql/9.3/data/pg_hba.conf
sed -i '0,/ident/! {0,/ident/ s/ident/md5/}' /var/lib/pgsql/9.3/data/pg_hba.conf
cd /etc/nginx
mkdir -p cert
cd conf.d
touch oc.conf
cat <<EOF >oc.conf
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}
server {
listen 80;
server_name $ip_addr;
return 301 https://$server_name$request_uri; # enforce https
}
server {
listen 443 ssl;
server_name $ip_addr;
ssl_certificate /etc/nginx/cert/server.crt;
ssl_certificate_key /etc/nginx/cert/server.key;
# Path to the root of your installation
root /var/www/owncloud/;
client_max_body_size 10G; # set max upload size
fastcgi_buffers 64 4K;
rewrite ^/caldav(.*)$ /remote.php/caldav\ redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav\ redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav\ redirect;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
deny all;
}
location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ \/index.html;
try_files $uri $uri/ index.php;
}
location ~ ^(.+?\.php)(/.*)?$ {
try_files \ = 404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root\;
fastcgi_param PATH_INFO \;
fastcgi_param HTTPS on;
fastcgi_pass php-handler;
}
# Optional: set long EXPIRES header on static assets
location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
# Optional: Do not log access to assets
access_log off;
}
}
EOF
####Generate Self-signed SSl cert
cd ..
cd cert
openssl req -x509 -nodes -sha384 -days 3650 -newkey rsa:4096 -keyout server.key -out server.crt -subj "/"
chmod 600 server.key
chmod 600 server.crt
####Download and extract ownCloud software
cd /var/www
wget --no-check-certificate https://download.owncloud.org/community/owncloud-7.0.2.tar.bz2
tar xjf owncloud-7.0.2.tar.bz2
mkdir -p owncloud/data
touch owncloud/config/autoconfig.php
cat << EOF >> owncloud/config/autoconfig.php
<?php
$AUTOCONFIG = array(
"dbtype" => "pgsql",
"dbname" => "$db_name",
"dbuser" => "$db_user",
"dbpass" => "$db_password",
"dbhost" => "localhost",
"dbtableprefix" => "",
"directory" => "/var/www/owncloud/data",
);
EOF
chmod 770 owncloud/data
chmod 777 owncloud/config/
chown -R root:apache owncloud
rm -rf owncloud-7.0.2.tar.bz2
/etc/init.d/postgresql-9.3 restart
/etc/init.d/nginx start
######Display generated passwords to log file.
echo "Database Name: " $db_name
echo "Database User: " $db_user
echo "Database Password: " $db_password
echo "Visit your ownCloud at https://"$ip_addr

After running the script, you will be able to access your ownCloud and create your admin account at https://youripaddress. The initial page will say you are using SQLite, but the server is already configured to properly use PGSQL. This is tested and working on a VM with 512MB of RAM, but you may want something slightly bigger or create a swap file for slightly better performance. The SSL certificate is self-signed, but can be replaced if you are so inclined. Do not forget to retrieve your database credentials ( tail /tmp/firstboot.log ) and to remove that file once you have deployed.

]]>
https://support.aklwebhost.com/knowledgebase/install-owncloud-7-on-centos-6-with-nginx-w-ssl-php-fpm-and-pgsql-automated-startup-script/feed/ 0