The last article [Configuration of Nginx + PHP Environment under Linux] (https://blog.izgq.net/archives/895/) talked about so many complicated concepts, now let me talk about how to use it in practice.
Recently, I also want to reinstall the VPS again, which coincides with the release of the latest PHP 7.2.0 version (December 14, 2017) of PHP, so just install the latest version of PHP directly.
Go directly to the official website of PHP: php.net to find the download link of the latest version
Find a folder on the server and use wget to download the source code package of PHP:
wget http://am1.php.net/get/php-7.2.0.tar.gz/from/this/mirror -O php-7.2.0.tar.gz
Unzip and spare:
tar -zxvf php-7.2.0.tar.gz
Generally speaking, for this kind of software that requires source code to compile and install, you need to prepare the compilation environment and libraries that the program needs to rely on before installation. The following are the most critical practical experience.
First, we prepare the compilation environment. In Ubuntu 16.04 LTS, there is no built-in C and C++ build environment by default. We can install a package called build-essential. In addition, PHP also needs bison re2c and pkg-config can be installed, we can install them directly via apt:
sudo apt install build-essential bison re2c pkg-config -y
Next, you need to prepare the dependency packages of PHP-7.2.0, most of which can be installed through apt. The only thing to note is that the libzip version of the Ubuntu 16.04 LTS mirror source is too old , We need to manually release a new version to enable the zip extension of PHP to support the operation of encrypted zip files.
Install dependent commands:
sudo apt install build-essential bison re2c pkg-config libxml2-dev libbz2-dev libssl-dev libcurl4-openssl-dev libjpeg-dev libpng12-dev libfreetype6-dev libgmp-dev libreadline6-dev libxslt1-dev libzip-dev
If you don’t use PHP to handle the need for encrypted zip, you can also use the default libzip package of apt directly. The command just now has been brought. If you want to support it perfectly, we need to go to libzip The next one on the official website, specify separately when compiling:
wget https://libzip.org/download/libzip-1.3.2.tar.gz
tar -zxvf libzip-1.3.2.tar.gz
The directory structure at this time is like this, suppose I just performed the operation just described in the ~ directory:
~ /libzip-1.3.2/~/php-7.2.0/
The next step is to run ./configure to generate makefile. Not to mention, just follow the routine I adjusted. If you have not downloaded the source code, please replace --with-libzip=../libzip-1.3.2 \ with --with-libzip \ (note that there must be a space before \!)
. /configure \
- - prefix=/usr/local/php \
- - with-config-file-path=/etc \
- - enable-fpm \
- - enable-inline-optimization \
- - disable-debug \
- - disable-rpath \
- - enable-shared \
- - with-libxml-dir \
- - with-xmlrpc \
- - with-mhash \
- - with-pcre-regex \
- - with-sqlite3 \
- - with-zlib \
- - with-libzip=../libzip-1.3.2 \
- - enable-bcmath \
- - with-iconv \
- - with-bz2 \
- - with-openssl \
- - enable-calendar \
- - with-curl \
- - with-cdb \
- - enable-dom \
- - enable-exif \
- - enable-fileinfo \
- - enable-filter \
- - with-pcre-dir \
- - enable-ftp \
- - with-gd \
- - with-openssl-dir \
- - with-jpeg-dir \
- - with-png-dir \
- - with-zlib-dir \
- - with-freetype-dir \
- - enable-gd-jis-conv \
- - with-gettext \
- - with-gmp \
- - with-mhash \
- - enable-json \
- - enable-mbstring \
- - enable-mbregex \
- - enable-mbregex-backtrack \
- - with-libmbfl \
- - with-onig \
- - enable-pdo \
- - with-mysqli=mysqlnd \
- - with-pdo-mysql=mysqlnd \
- - with-pdo-sqlite \
- - with-readline \
- - enable-session \
- - enable-shmop \
- - enable-simplexml \
- - enable-sockets \
- - enable-sysvmsg \
- - enable-sysvsem \
- - enable-sysvshm \
- - enable-wddx \
- - with-libxml-dir \
- - with-xsl \
- - enable-zip \
- - enable-mysqlnd-compression-support \
- - with-pear \
- - enable-opcache
When you see the following information, it means that you can compile at this time. If there are other errors, you need to check one by one:
Generating files
configure: creating ./config.status
creating main/internal_functions.c
creating main/internal_functions_cli.c
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +| License:|| This software is subject to the PHP License, available inthis|| distribution in the file LICENSE. By continuing this installation || process, you are bound by the terms ofthis license agreement.|| If you do not agree with the terms ofthis license, you must abort || the installation process at this point.|+--------------------------------------------------------------------+
Thank you for using PHP.
config.status: creating php7.spec
config.status: creating main/build-defs.h
config.status: creating scripts/phpize
config.status: creating scripts/man1/phpize.1
config.status: creating scripts/php-config
config.status: creating scripts/man1/php-config.1
config.status: creating sapi/cli/php.1
config.status: creating sapi/fpm/php-fpm.conf
config.status: creating sapi/fpm/www.conf
config.status: creating sapi/fpm/init.d.php-fpm
config.status: creating sapi/fpm/php-fpm.service
config.status: creating sapi/fpm/php-fpm.8
config.status: creating sapi/fpm/status.html
config.status: creating sapi/cgi/php-cgi.1
config.status: creating ext/phar/phar.1
config.status: creating ext/phar/phar.phar.1
config.status: creating main/php_config.h
config.status: executing default commands
First enter the PHP source code directory, and then a one-line command, simple and rude:
cd php-7.2.0/
make && sudo make install
After success, you can see the following information:
Installing shared extensions:/usr/local/php/lib/php/extensions/no-debug-non-zts-20170718/
Installing PHP CLI binary:/usr/local/php/bin/
Installing PHP CLI man page:/usr/local/php/php/man/man1/
Installing PHP FPM binary:/usr/local/php/sbin/
Installing PHP FPM defconfig:/usr/local/php/etc/
Installing PHP FPM man page:/usr/local/php/php/man/man8/
Installing PHP FPM status page:/usr/local/php/php/php/fpm/
Installing phpdbg binary:/usr/local/php/bin/
Installing phpdbg man page:/usr/local/php/php/man/man1/
Installing PHP CGI binary:/usr/local/php/bin/
Installing PHP CGI man page:/usr/local/php/php/man/man1/
Installing build environment:/usr/local/php/lib/php/build/
Installing header files:/usr/local/php/include/php/
Installing helper programs:/usr/local/php/bin/
program: phpize
program: php-config
Installing man pages:/usr/local/php/php/man/man1/
page: phpize.1
page: php-config.1
Installing PEAR environment:/usr/local/php/lib/php/[PEAR] Archive_Tar - installed:1.4.3[PEAR] Console_Getopt - installed:1.4.1[PEAR] Structures_Graph- installed:1.1.1[PEAR] XML_Util - installed:1.4.2[PEAR] PEAR - installed:1.10.5
Wrote PEAR system config file at:/usr/local/php/etc/pear.conf
You may want to add:/usr/local/php/lib/php to your php.ini include_path
/root/php-7.2.0/build/shtool install -c ext/phar/phar.phar /usr/local/php/bin
ln -s -f phar.phar /usr/local/php/bin/phar
Installing PDO headers:/usr/local/php/include/php/ext/pdo/
At this point, PHP has been installed on your server.
To run php directly from the command line via commands such as php, we need to add the bin directory to the system environment variables by:
vim /etc/profile
Add at the end of the file:
PATH=$PATH:/usr/local/php/bin
export PATH
After saving, execute source /etc/profile to make the environment variable take effect.
have a test:
php -v
If the configuration is correct, we can get this output
PHP 7.2.0(cli)(built: Dec 4201717:09:34)( NTS )Copyright(c)1997-2017 The PHP Group
Zend Engine v3.2.0,Copyright(c)1998-2017 Zend Technologies
Add php-fpm command:
cp sapi/fpm/init.d.php-fpm /usr/local/bin/php-fpm
chmod +x /usr/local/bin/php-fpm
First copy the default configuration:
cp php.ini-production /etc/php.ini
cp /usr/local/php/etc/php-fpm.conf.default/usr/local/php/etc/php-fpm.conf
The authority control of the website is also a very important thing. Although the probability of the problem is very small, it is difficult for us to guarantee that our program will not be overturned by someone getshell. Therefore, we need to ensure that PHP-FPM can only operate files on its own website, and cannot access other places, so as to minimize the harm caused by the website in case of hacking.
A safer strategy here is that all programs related to the website are run in the website group, the nginx user is used to run nginx, and different users are configured in PHP-FPM to run different websites. It is recommended to configure this in a production environment.
| Program | group | user |
|---|---|---|
| Nginx server | website | nginx |
| Typecho Blog | website | site-1 |
| Another PHP website | website | site-2 |
| ... | website | site-n |
Of course, if you are lazy, you can only configure users and configurations for one site, and then it is also possible for each site to share a pool, depending on your pursuit of security.
First, we have to have this website user group, which is created here with groupadd website.
Then create the corresponding user and disable the shell for this user to log in:
useradd -s /sbin/nologin -g website site-1
Then change the owner and group of the website directory you uploaded to the server to website:site-1, assuming the website is located in /var/www/site-1, then run:
chown -R website:site-1/var/www/site-1
Then change the file permissions to 0755, which is an octal number, which is rwxr-xr-x, which can only be written by itself, and other users have only read and execute permissions:
chmod -R 0755/var/www/site-1
We need to create a new pool (also called process pool) configuration of php-fpm. Every time we add a new website, we can copy a new one from the default configuration, for example, we copy here site-1.conf.
cp /usr/local/php/etc/php-fpm.d/www.conf.default/usr/local/php/etc/php-fpm.d/site-1.conf
Then open a text editor to edit:
vim /usr/local/php/etc/php-fpm.d/site1.conf
Ignore those comments at the beginning of ;, in fact, we only need to change these lines
; Start a newpool named 'www'.; the variable $pool can be used in any directive and will be replaced by the
; pool name('www' here)[www]
user = nobody
group = nobody
listen =127.0.0.1:9000
We change pool name to a name, and the names of different sites cannot be the same. For example, we can change it to site-1 and then modify the port of listen to ensure that different pool monitor connections No conflict, here is an example:
[ site-1]
user = site-1
group = website
listen =127.0.0.1:9000
After saving, run php-fpm start to start the website service. When the configuration changes, we call php-fpm reload to make the new configuration take effect.
Ubuntu 16.04 LTS manages services through systemd, so the services can be set as follows:
vim /etc/systemd/system/php-fpm.service
The content we write:
[ Unit]
Description=The PHP FastCGI Process Manager
After=syslog.target network.target
[ Service]
Type=forking
ExecStart=/usr/local/bin/php-fpm start
ExecReload=/usr/local/bin/php-fpm reload
ExecStop=/usr/local/bin/php-fpm stop
[ Install]
WantedBy=multi-user.target
After saving, set the startup to start automatically:
systemctl enable php-fpm.service
There are many ways to install Nginx. Generally, Nginx installed with sudo apt install nginx can meet the requirements.
First modify nginx.conf to change the running user and user group of nginx to
user nginx website;
Then modify the server configuration, assuming that the original website configuration is as follows:
server {
listen 80;
server_name izgq.net;
root /var/www/site-1;}
First configure index and add the default index.php:
index index.html index.php;
Then, in the previous article [Configuration of Nginx + PHP Environment under Linux] (https://blog.izgq.net/archives/895/), select a suitable configuration and paste it.
one example:
server {
listen 80;
server_name izgq.net;
root /var/www/site-1;
index index.html index.php;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
include fastcgi.conf;}}
After saving, don't forget to let nginx reload the configuration:
sudo service nginx reload
After performing this operation, your website has been deployed~
Reference article:
[ CentOS7 reinstallation road-PHP7 installation and use articles · Mai Mai Xiaojia](https://blog.micblo.com/2017/01/24/CentOS7%E9%87%8D%E8%A3%85%E4%B9 %8B%E8%B7%AF-PHP7%E5%AE%89%E8%A3%85%E4%BD%BF%E7%94%A8%E7%AF%87/)
Recommended Posts