Add the CentOS 7 EPEL repository, run the following command:
sudo yum install epel-release
sudo yum install nginx
sudo systemctl enable nginx
sudo systemctl start nginx
Installing MariaDB Server 10.4
o deploy MariaDB Community Server 10.4 on RHEL 7 or CentOS 7, first download and use the mariadb_repo_setup
script to configure the MariaDB repositories for YUM:
$ sudo yum install wget $ wget https://downloads.mariadb.com/MariaDB/mariadb_repo_setup $ chmod +x mariadb_repo_setup $ sudo ./mariadb_repo_setup
To install MariaDB Community Server and dependencies:
$ sudo yum install MariaDB-server
Configuring and Securing MariaDB Server
Start the systemd service for MariaDB Server 5.5 or 10.4 using systemctl:
$ sudo systemctl enable mariadb.service
$ sudo systemctl start mariadb.service
Specific security practices should always follow any business-specific requirements and governance. Some basic steps should be taken to help harden the MariaDB Community Server 5.5 or 10.4 deployment:
$ sudo mariadb-secure-installation
Installing PHP
To install the Remi repository for CentOS 7, run:
sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install yum-utils
yum-config-manager --enable remi-php80
yum install curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel
yum install php php-mysqlnd php-fpm
yum install php-{cli,devel,gd,ldap,mysql,odbc,mcrypt,mssql,snmp,soap,pspell,tidy,xmlrpc,imagick,pear,cgi,common,curl,mbstring,gd,gettext,bcmath,json,xml,intl,zip,imap}
php -v
PHP 8.0.12 (cli) (built: Oct 19 2021 10:34:32) ( NTS gcc x86_64 )
Copyright (c) The PHP Group
Zend Engine v4.0.12, Copyright (c) Zend Technologies
we need to make a few adjustments to the default configuration
sudo vi /etc/php-fpm.d/www.conf
/etc/php-fpm.d/www.conf
…
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
user = apache
; RPM: Keep a group allowed to write in log dir.
group = apache
…
You’ll notice that both the user
and group
variables are set to apache
. We need to change these to nginx
:/etc/php-fpm.d/www.conf
…
; RPM: apache user chosen to provide access to the same directories as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
…
Next, locate the listen
directive. By default, php-fpm
will listen on a specific host and port over TCP. We want to change this setting so it listens on a local socket file, since this improves the overall performance of the server.
Change the line containing the listen
directive to the following:/etc/php-fpm.d/www.conf
listen = /var/run/php-fpm/php-fpm.sock;
Finally, we’ll need to change the owner and group settings for the socket file we just defined within the listen
directive. Locate the listen.owner
, listen.group
and listen.mode
directives. These lines are commented out by default. Uncomment them by removing the preceding ;
sign at the beginning of the line. Then, change the owner and group to nginx
:/etc/php-fpm.d/www.conf
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
Save and close the file when you’re done editing. If you are using nano
, do so by pressing CTRL + X
, then Y
and ENTER
.
To enable and start the php-fpm
service, run:
sudo systemctl enable php-fpm
sudo systemctl start php-fpm
Change the owner of the directory /var/lib/php/session to nginx
chown nginx:nginx /var/lib/php/session
hange the owner of the directory to nginx
Configuring Nginx to Process PHP Pages
mkdir /etc/nginx/sites-available
mkdir /etc/nginx/sites-enabled
we need to make a few adjustments to the default configuration
vi /etc/nginx/nginx.conf
Now look for :
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
Add the following line:
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
change directory
cd /etc/nginx/sites-available
Copy the following PHP server definition block to your configuration file, and don’t forget to replace the server_name
directive so that it points to your server’s domain name or IP address:/etc/nginx/sites-avaible/00default.conf
server {
listen 80;
server_name server_domain_or_IP;
root /usr/share/nginx/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Enabling your Server Blocks and Restart Nginx
sudo ln -s /etc/nginx/sites-available/00default.conf /etc/nginx/sites-enabled/00default.conf
Test configuration and restart Nginx to apply the changes:
nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
sudo systemctl restart nginx
Your web server is now fully set up. In the next step, we’ll test the PHP integration to Nginx.
Step 5 — Testing PHP Processing on your Web Server
Now that your web server is set up, we can create a test PHP script to make sure Nginx is correctly handling .php
scripts with the help of php-fpm
.
Before creating our script, we’ll make a change to the default ownership settings on Nginx’s document root, so that our regular sudo user is able to create files in that location.
The following command will change the ownership of the default Nginx document root to a user and group called sammy, so be sure to replace the highlighted username and group in this command to reflect your system’s username and group.
sudo chown -R sammy.sammy /usr/share/nginx/html/
Copy
We’ll now create a test PHP page to make sure the web server works as expected.
Create a new PHP file called info.php
at the /usr/share/nginx/html
directory:
nano /usr/share/nginx/html/info.php
Copy
The following PHP code will display information about the current PHP environment running on the server:/usr/share/nginx/html/info.php
<?php
phpinfo();
Copy
When you are finished, save and close the file.
Now we can test whether our web server can correctly display content generated by a PHP script. Go to your browser and access your server hostname or IP address, followed by /info.php
:
http://server_host_or_IP/info.php
To set file permissions for the Apache web server
- Add the
ec2-user
user to theapache
group.sudo usermod -a -G apache ec2-user
- Log out to refresh your permissions and include the new
apache
group.exit
- Log back in again and verify that the
apache
group exists with thegroups
command.groups
Your output looks similar to the following:ec2-user adm wheel apache systemd-journal
- Change the group ownership of the
/var/www
directory and its contents to theapache
group.sudo chown -R ec2-user:apache /var/www
- Change the directory permissions of
/var/www
and its subdirectories to add group write permissions and set the group ID on subdirectories created in the future.sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} \;
- Recursively change the permissions for files in the
/var/www
directory and its subdirectories to add group write permissions.find /var/www -type f -exec sudo chmod 0664 {} \;
Now, ec2-user
(and any future members of the apache
group) can add, delete, and edit files in the Apache document root, enabling you to add content, such as a static website or a PHP application.