Otu esi etinye Nginx, MariaDB 10, PHP 7 (LEMP Stack) na 16.10/16.04
Ihe ngwugwu LEMP bụ mkpọokwu nke na-anọchi anya bụ otu ngwugwu (Linux OS, Nginx sava web, MySQL\ MariaDB database na PHP server-side dynamic programming language) nke a na-eji na-ebuga ngwa weebụ dị ike na ibe weebụ.
Nkuzi a ga-eduzi gị ka esi etinye nchịkọta LEMP na MariaDB 10, PHP 7 na HTTP 2.0 Nkwado maka Nginx na Ubuntu 16.10 na Ubuntu 16.04 nkesa/desktọọpụ.
- Nwụnye Ubuntu 16.04 Server Edition [ntụziaka na-arụkwa ọrụ na Ubuntu 16.10]
Kwụpụ 1: Wụnye sava weebụ Nginx
1. Nginx bụ sava weebụ nke ọgbara ọhụrụ na akụrụngwa eji egosipụta ibe weebụ nye ndị ọbịa na ịntanetị. Anyị ga-amalite site na ịwụnye sava weebụ Nginx site na ebe nchekwa ọrụ Ubuntu site na iji ahịrị iwu dabara adaba.
$ sudo apt-get install nginx
2. Na-esote, nye iwu systemctl iji gosi ma Nginx amalitere ma jikọta na ọdụ ụgbọ mmiri 80.
$ netstat -tlpn
$ sudo systemctl status nginx.service
Ozugbo ị nwetara nkwenye na ihe nkesa amalitela ị nwere ike imepe ihe nchọgharị wee gaa na adreesị IP nkesa gị ma ọ bụ ndekọ DNS site na iji protocol HTTP iji gaa na ibe weebụ Nginx.
http://IP-Address
Kwụpụ 2: Kwado Nginx HTTP/2.0 Protocol
3. The HTTP/2.0 protocol nke a na-ewu na ndabara na ntọhapụ ọhụrụ nke Nginx binaries na Ubuntu 16.04 na-arụ ọrụ nanị na njikọ SSL na-ekwe nkwa nnukwu ọsọ ọsọ na loading web SSL ibe weebụ.
Iji mee ka protocol dị na Nginx dị na Ubuntu 16.04, buru ụzọ gaa na Nginx faịlụ nhazi saịtị dị na ndabere faịlụ nhazi nke ndabara site na ịnye iwu dị n'okpuru.
$ cd /etc/nginx/sites-available/ $ sudo mv default default.backup
4. Mgbe ahụ, iji editọ ederede mepụta ibe ndabere ọhụrụ yana ntuziaka ndị a:
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /var/www/html;
index index.html index.htm index.php;
server_name 192.168.1.13;
location / {
try_files $uri $uri/ =404;
}
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
resolver 8.8.8.8 8.8.4.4;
add_header Strict-Transport-Security "max-age=31536000;
#includeSubDomains" always;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 80;
listen [::]:80;
server_name 192.168.1.13;
return 301 https://$server_name$request_uri;
}
Nhazi snippet a dị n'elu na-enyere iji HTTP/2.0 eme ihe site n'ịgbakwunye http2 paramita na ntuziaka ntị SSL niile.
Ọzọkwa, a na-eji akụkụ ikpeazụ nke akụkụ nke agbakwunyere na ntuziaka nkesa na-emegharị okporo ụzọ niile na-abụghị SSL na onye nnabata SSL/TLS. Ọzọkwa, dochie iwu server_name ka ọ dabara adreesị IP nke gị ma ọ bụ ndekọ DNS (FQDN ọkachamma).
5. Ozugbo ịmechara faịlụ nhazi Nginx ndabere na ntọala ndị dị n'elu, mepụta ma depụta faịlụ SSL akwụkwọ na igodo site na ịme iwu ndị a.
Mejupụta akwụkwọ ahụ na ntọala omenala nke gị ma ṅaa ntị na ntọala aha nkịtị ka ọ dakọtara ndekọ FQDN DNS gị ma ọ bụ adreesị IP nke ihe nkesa gị nke a ga-eji nweta ibe weebụ.
$ sudo mkdir /etc/nginx/ssl $ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt $ ls /etc/nginx/ssl/
6. Ọzọkwa, mepụta DH cypher siri ike, nke gbanwere na faịlụ nhazi dị n'elu na ssl_dhparam akara ntụziaka, site n'inye iwu dị n'okpuru:
$ sudo openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
7. Ozugbo emechara igodo Diffie-Hellman, nyochaa ma ọ bụrụ na edebere faịlụ nhazi Nginx nke ọma ma nwee ike tinye ya na sava weebụ Nginx wee malitegharịa daemon iji gosipụta mgbanwe site na ịme iwu ndị dị n'okpuru.
$ sudo nginx -t $ sudo systemctl restart nginx.service
8. Iji nwalee ma Nginx na-eji HTTP/2.0 protocol nyere iwu dị n'okpuru. Ọnụnọ nke h2 protocol mgbasa ozi na-akwado na ahaziri Nginx nke ọma ka ọ jiri protocol HTTP/2.0. Ihe nchọgharị niile nke ọgbara ọhụrụ kwesịrị ịkwado ụkpụrụ a na ndabara.
$ openssl s_client -connect localhost:443 -nextprotoneg ''
Kwụpụ 3: Wụnye onye ntụgharị okwu PHP 7
Enwere ike iji Nginx na onye ntụgharị asụsụ PHP ike iji mepụta ọdịnaya webụ dị ike site n'enyemaka nke onye njikwa usoro FastCGI nwetara site na ịwụnye ngwugwu ọnụọgụ abụọ php-fpm sitere na ụlọ ọrụ gọọmentị Ubuntu.
9. Iji jide PHP7.0 na ngwugwu ndị ọzọ ga-ekwe ka PHP nwee ike ịkparịta ụka na sava weebụ Nginx nyere iwu dị n'okpuru na njikwa ihe nkesa gị:
$ sudo apt install php7.0 php7.0-fpm
10. Ozugbo arụnyere onye ntụgharị PHP7.0 nke ọma na igwe gị, malite ma lelee php7.0-fpm daemon site n'inye iwu dị n'okpuru:
$ sudo systemctl start php7.0-fpm $ sudo systemctl status php7.0-fpm
11. A na-ahazi faịlụ nhazi ugbu a nke Nginx ka ọ jiri PHP FastCGI usoro njikwa iji mee ka ihe nkesa dị ike.
A na-egosiputa ihe nkesa nke na-enyere Nginx aka iji onye ntụgharị PHP mee ihe na ntinye dị n'okpuru ebe a, yabụ na ọ dịghị mgbanwe ọzọ nke faịlụ nhazi Nginx adịghị achọ.
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
N'okpuru ebe a bụ nseta ihuenyo nke ntuziaka ị ga-achọ ka ị nwetaghachi ma gbanwee bụ ihe mbụ faịlụ nhazi Nginx mbụ.
12. Iji nwalee Nginx sava weebụ njikọ na PHP FastCGI usoro njikwa mepụta PHP info.phpule nhazi faịlụ site n'inye iwu dị n'okpuru ma chọpụta ntọala site na ịga na faịlụ nhazi a site na iji adreesị dị n'okpuru:
$ sudo su -c 'echo "<?php phpinfo(); ?>" |tee /var/www/html/info.php'
Lelee ma ọ bụrụ na ihe nkesa na-akpọsa protocol HTTP/2.0 site na ịchọta ahịrị $_SERVER['SERVER_PROTOCOL'] na PHP Variables ngọngọ dị ka e gosiri na nseta ihuenyo dị n'okpuru.
13. Iji tinye mgbakwunye PHP7.0 modul jiri iwu apt search php7.0 chọta modul PHP wee wụnye ya.
Ọzọkwa, gbalịa ịwụnye modul PHP ndị a nke nwere ike ịba uru ma ọ bụrụ na ị na-eme atụmatụ ịwụnye WordPress ma ọ bụ CMS ọzọ.
$ sudo apt install php7.0-mcrypt php7.0-mbstring
14. Ka ịdebanye aha na PHP mmezi modul dị nnọọ Malitegharịa ekwentị PHP-FPM daemon site n'inye n'okpuru iwu.
$ sudo systemctl restart php7.0-fpm.service
Kwụpụ 4: Wụnye ọdụ data MariaDB
15. N'ikpeazụ, iji mezue nchịkọta LEMP anyị, anyị chọrọ akụkụ nchekwa data MariaDB iji chekwaa na jikwaa data weebụsaịtị.
Wụnye sistemu njikwa nchekwa data MariaDB site n'ịgba iwu dị n'okpuru wee malitegharịa ọrụ PHP-FPM ka iji MySQL modul nweta nchekwa data.
$ sudo apt install mariadb-server mariadb-client php7.0-mysql $ sudo systemctl restart php7.0-fpm.service
16. Iji chekwaa nrụnye MariaDB, na-agba ọsọ script nchekwa nyere site na ọnụọgụ ọnụọgụ abụọ sitere na ebe nchekwa Ubuntu nke ga-ajụ gị ịtọ paswọọdụ mgbọrọgwụ, wepụ ndị ọrụ na-amaghị aha, gbanyụọ nbanye mgbọrọgwụ n'ime ime ma wepụ nchekwa data ule.
Gbaa edemede ahụ site n'inye iwu dị n'okpuru wee zaa ajụjụ niile na ee. Jiri nseta ihuenyo dị n'okpuru dịka ntuziaka.
$ sudo mysql_secure_installation
17. Iji hazie MariaDB ka ndị ọrụ nkịtị nwee ike ịnweta nchekwa data na-enweghị usoro sudo privileges, gaa na MySQL iwu ahịrị interface na ikike mgbọrọgwụ wee mee iwu ndị dị n'okpuru na onye ntụgharị MySQL:
$ sudo mysql MariaDB> use mysql; MariaDB> update user set plugin=’‘ where User=’root’; MariaDB> flush privileges; MariaDB> exit
N'ikpeazụ, banye na nchekwa data MariaDB wee mee iwu aka ike na-enweghị ikike mgbọrọgwụ site na ịme iwu dị n'okpuru:
$ mysql -u root -p -e 'show databases'
Nke ahụ niile! Ugbu a ị nwere nchịkọta LEMP ahaziri na Ubuntu 16.10 na Ubuntu 16.04 nkesa na-enye gị ohere ibuga ngwa weebụ siri ike nke nwere ike ịmekọrịta na ọdụ data.