====== Ubuntu 18.04 und 22.04: Nginx ======
===== Installation =====
==== Immer neuste (stabile) Version über PPA ====
> https://launchpad.net/~nginx
# add-apt-repository ppa:nginx/stable
# apt-get update
# aptitude install nginx
==== Version aus der Distribution ====
# apt-get update
# aptitude install nginx
==== Prüfung ====
# service nginx status
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2019-04-06 14:50:15 CEST; 9min ago
Docs: man:nginx(8)
Process: 8408 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 8826 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 8820 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 8828 (nginx)
Tasks: 2 (limit: 2319)
CGroup: /system.slice/nginx.service
├─8828 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─8830 nginx: worker process
Apr 06 14:50:15 xxx systemd[1]: Starting A high performance web server and a reverse proxy server...
Apr 06 14:50:15 xxx systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
Apr 06 14:50:15 xxx systemd[1]: Started A high performance web server and a reverse proxy server.
# netstat -anptu
Aktive Internetverbindungen (Server und stehende Verbindungen)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8828/nginx: master
tcp6 0 0 :::80 :::* LISTEN 8828/nginx: master
===== Konfiguration =====
Serverweite Konfigurationen werden an folgender Datei vorgenommen:
[...]
server_tokens off;
[...]
Bei Nginx heißen die "virtual hosts" innerhalb der Konfiguration "server". Unter Ubuntu ist eine Dateistruktur ähnlich der von Apache vorhanden - gemeint sind die Ordner **sites-available** sowie **sites-enabled**.
/etc/nginx# ll
total 72
drwxr-xr-x 8 root root 4096 Apr 7 18:32 ./
drwxr-xr-x 112 root root 4096 Apr 12 21:13 ../
drwxr-xr-x 2 root root 4096 Nov 6 19:54 conf.d/
-rw-r--r-- 1 root root 1077 Apr 6 2018 fastcgi.conf
-rw-r--r-- 1 root root 1007 Apr 6 2018 fastcgi_params
-rw-r--r-- 1 root root 2837 Apr 6 2018 koi-utf
-rw-r--r-- 1 root root 2223 Apr 6 2018 koi-win
-rw-r--r-- 1 root root 3957 Apr 6 2018 mime.types
drwxr-xr-x 2 root root 4096 Nov 6 19:54 modules-available/
drwxr-xr-x 2 root root 4096 Apr 7 14:07 modules-enabled/
-rw-r--r-- 1 root root 1515 Apr 7 16:22 nginx.conf
-rw-r--r-- 1 root root 180 Apr 6 2018 proxy_params
-rw-r--r-- 1 root root 636 Apr 6 2018 scgi_params
drwxr-xr-x 2 root root 4096 Apr 7 22:05 sites-available/
drwxr-xr-x 2 root root 4096 Apr 7 20:31 sites-enabled/
drwxr-xr-x 2 root root 4096 Apr 7 14:07 snippets/
-rw-r--r-- 1 root root 664 Apr 6 2018 uwsgi_params
-rw-r--r-- 1 root root 3071 Apr 6 2018 win-utf
Nach Änderung der Konfiguration kann mit folgendem Befehl geprüft werden, ob die Konfiguration Fehler enthält:
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
===== HTTPS mit Let's Encrypt =====
==== Certbot installieren ====
Als root ausführen:
# apt-get update
# apt-get install software-properties-common
# add-apt-repository universe
# add-apt-repository ppa:certbot/certbot
# apt-get update
# apt-get install python3-certbot-nginx
==== Cerbot: Zertifikate anfordern und Webserver anpassen ====
certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email example@domain.de --domain example-website.de
==== Cronjob zur Erneuerung der Zertifikate ====
# whereis certbot
certbot: /usr/bin/certbot /usr/share/man/man1/certbot.1.gz
# crontab -e
In die Crontab kommt dann beispielsweise folgendes rein:
# m h dom mon dow command
30 4 * * * /usr/bin/certbot renew >> /var/log/le-renew.log
Dann lassen wir noch unser Logfile rotieren:
/var/log/le-renew.log
{
rotate 12
weekly
compress
missingok
}
===== PHP =====
==== Installation ====
PHP im CGI-Modus mit einigen Modulen:
# aptitude install php7.2-bz2 php7.2-cli php7.2-common php7.2-curl php7.2-fpm php7.2-gd php7.2-intl php7.2-json php7.2-mbstring php7.2-mysql php7.2-opcache php7.2-readline php7.2-xml php7.2-zip
Läuft?
# service php7.2-fpm status
● php7.2-fpm.service - The PHP 7.2 FastCGI Process Manager
Loaded: loaded (/lib/systemd/system/php7.2-fpm.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2019-04-13 17:24:28 CEST; 3min 27s ago
Docs: man:php-fpm7.2(8)
Main PID: 943 (php-fpm7.2)
Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec"
Tasks: 3 (limit: 2319)
CGroup: /system.slice/php7.2-fpm.service
├─943 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf)
├─964 php-fpm: pool www
└─965 php-fpm: pool www
Apr 13 17:24:28 xxx systemd[1]: Starting The PHP 7.2 FastCGI Process Manager...
Apr 13 17:24:28 xxx systemd[1]: Started The PHP 7.2 FastCGI Process Manager.
=== PHP.ini ===
Folgende Zeilen dürfen nicht auskommentiert bleiben:
[...]
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
[...]
[...]
short_open_tag = On
[...]
open_basedir = /var/www/:/tmp/:/dev/urandom
[...]
expose_php = Off
[...]
[...]
short_open_tag = On
[...]
open_basedir = /var/www/:/tmp/:/dev/urandom
[...]
expose_php = Off
[...]
==== Tuning und Fehlerbehebung ====
=== server reached pm.max_children setting, consider raising it ===
Logfile (PHP-FPM):
[23-Apr-2019 19:37:52] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it
[23-Apr-2019 21:08:16] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it
[23-Apr-2019 21:10:12] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 8
# service php7.2-fpm restart
===== Nginx: Handling =====
==== Konfiguration prüfen vor Neustart des Dienstes ====
# service nginx configtest
* Testing nginx configuration [fail]
Was sagt das Errorlog?
> **/var/log/nginx/error.log**
2019/12/07 17:06:07 [emerg] 14795#14795: "fastcgi_split_path_info" directive is not allowed here in /etc/nginx/snippets/fastcgi-php.conf:2
2019/12/07 17:07:07 [emerg] 14859#14859: "fastcgi_split_path_info" directive is not allowed here in /etc/nginx/snippets/fastcgi-php.conf:2
===== Reverse-Proxy =====
==== Virtual Host anlegen ====
server {
listen 80;
listen [::]:80;
server_name your_domain www.your_domain;
location / {
proxy_pass app_server_address;
include proxy_params;
}
}
==== Proxyparameter festlegen ====
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;