dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
- on RHEL 8 it is required to also enable the codeready-builder-for-rhel-8-*-rpms repository since EPEL packages may depend on packages from it:
subscription-manager repos --enable "codeready-builder-for-rhel-8-$(arch)-rpms"
sudo dnf install nginx
sudo systemctl enable nginx
sudo systemctl start nginx
Installing MariaDB Server 10.4
o deploy MariaDB Community Server 10.4 on RHEL 8 or CentOS 8, first download and use the mariadb_repo_setup script to configure the MariaDB repositories for YUM:
$ sudo dnf install wget $ wget https://downloads.mariadb.com/MariaDB/mariadb_repo_setup $ chmod +x mariadb_repo_setup $ sudo ./mariadb_repo_setup
To install MariaDB Community Server and dependencies:
$ sudo dnf install MariaDB-server
Configuring and Securing MariaDB Server
Start the systemd service for MariaDB Server 5.5 or 10.4 using systemctl:
$ sudo systemctl enable mariadb.service
$ sudo systemctl start mariadb.service
Specific security practices should always follow any business-specific requirements and governance. Some basic steps should be taken to help harden the MariaDB Community Server 5.5 or 10.4 deployment:
$ sudo mariadb-secure-installation
Installing PHP
To install the Remi repository for RHEL/CentOS 8, run:
dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf install yum-utils
dnf module reset php
dnf module install php:remi-8.0
dnf install curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel
dnf install php php-mysqlnd php-fpm
dnf install php-{cli,devel,gd,ldap,mysql,odbc,mcrypt,snmp,soap,pspell,tidy,xmlrpc,imagick,pear,cgi,common,curl,mbstring,gd,gettext,bcmath,json,xml,intl,zip,imap}
php -v
PHP 8.0.12 (cli) (built: Oct 19 2021 10:34:32) ( NTS gcc x86_64 )
Copyright (c) The PHP Group
Zend Engine v4.0.12, Copyright (c) Zend Technologies
we need to make a few adjustments to the default configuration
sudo vi /etc/php-fpm.d/www.conf/etc/php-fpm.d/www.conf
…
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
user = apache
; RPM: Keep a group allowed to write in log dir.
group = apache
…You’ll notice that both the user and group variables are set to apache. We need to change these to nginx:/etc/php-fpm.d/www.conf
…
; RPM: apache user chosen to provide access to the same directories as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
…Next, locate the listen directive. By default, php-fpm will listen on a specific host and port over TCP. We want to change this setting so it listens on a local socket file, since this improves the overall performance of the server.
Change the line containing the listen directive to the following:/etc/php-fpm.d/www.conf
listen = /var/run/php-fpm/php-fpm.sock;Finally, we’ll need to change the owner and group settings for the socket file we just defined within the listen directive. Locate the listen.owner, listen.group and listen.mode directives. These lines are commented out by default. Uncomment them by removing the preceding ; sign at the beginning of the line. Then, change the owner and group to nginx:/etc/php-fpm.d/www.conf
listen.owner = nginx
listen.group = nginx
listen.mode = 0660Save and close the file when you’re done editing. If you are using nano, do so by pressing CTRL + X, then Y and ENTER.
To enable and start the php-fpm service, run:
sudo systemctl enable php-fpm
sudo systemctl start php-fpm
Change the owner of the directory /var/lib/php/session to nginx
chown nginx:nginx /var/lib/php/session
hange the owner of the directory to nginx
Configuring Nginx to Process PHP Pages
mkdir /etc/nginx/sites-available
mkdir /etc/nginx/sites-enabled
we need to make a few adjustments to the default configuration
vi /etc/nginx/nginx.conf
Now look for :
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
Add the following line:
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
change directory
cd /etc/nginx/sites-available
Copy the following PHP server definition block to your configuration file, and don’t forget to replace the server_name directive so that it points to your server’s domain name or IP address:/etc/nginx/sites-avaible/00default.conf
server {
listen 80;
server_name server_domain_or_IP;
root /usr/share/nginx/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}Enabling your Server Blocks and Restart Nginx
sudo ln -s /etc/nginx/sites-available/00default.conf /etc/nginx/sites-enabled/00default.conf
Test configuration and restart Nginx to apply the changes:
nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
sudo systemctl restart nginx
Your web server is now fully set up. In the next step, we’ll test the PHP integration to Nginx.
Step 5 — Testing PHP Processing on your Web Server
Now that your web server is set up, we can create a test PHP script to make sure Nginx is correctly handling .php scripts with the help of php-fpm.
Before creating our script, we’ll make a change to the default ownership settings on Nginx’s document root, so that our regular sudo user is able to create files in that location.
The following command will change the ownership of the default Nginx document root to a user and group called sammy, so be sure to replace the highlighted username and group in this command to reflect your system’s username and group.
sudo chown -R sammy.sammy /usr/share/nginx/html/
Copy
We’ll now create a test PHP page to make sure the web server works as expected.
Create a new PHP file called info.php at the /usr/share/nginx/html directory:
nano /usr/share/nginx/html/info.php
Copy
The following PHP code will display information about the current PHP environment running on the server:/usr/share/nginx/html/info.php
<?php
phpinfo();Copy
When you are finished, save and close the file.
Now we can test whether our web server can correctly display content generated by a PHP script. Go to your browser and access your server hostname or IP address, followed by /info.php:
http://server_host_or_IP/info.php
To set file permissions for the Apache web server
- Add the
ec2-useruser to theapachegroup.sudo usermod -a -G apache ec2-user - Log out to refresh your permissions and include the new
apachegroup.exit - Log back in again and verify that the
apachegroup exists with thegroupscommand.groupsYour output looks similar to the following:ec2-user adm wheel apache systemd-journal - Change the group ownership of the
/var/wwwdirectory and its contents to theapachegroup.sudo chown -R ec2-user:apache /var/www - Change the directory permissions of
/var/wwwand its subdirectories to add group write permissions and set the group ID on subdirectories created in the future.sudo chmod 2775 /var/wwwfind /var/www -type d -exec sudo chmod 2775 {} \; - Recursively change the permissions for files in the
/var/wwwdirectory and its subdirectories to add group write permissions.find /var/www -type f -exec sudo chmod 0664 {} \;
Now, ec2-user (and any future members of the apache group) can add, delete, and edit files in the Apache document root, enabling you to add content, such as a static website or a PHP application.