Sebastians IT-Wiki

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Sie befinden sich hier: Sebastians IT-Wiki » Ubuntu Linux » Ubuntu 18.04 und 22.04: Nginx
Zuletzt angesehen: Ubuntu 18.04 und 22.04: Nginx
ubuntu:nginx_webserver

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen RevisionVorhergehende Überarbeitung
Nächste Überarbeitung		Vorhergehende Überarbeitung
ubuntu:nginx_webserver [2019/04/06 15:09] – [Konfiguration] HTTPS mit Let's Encrypt Sebastian Hetzelubuntu:nginx_webserver [2023/10/22 09:58] (aktuell) – [Ubuntu 18.04 + 22.04: Nginx] und Sebastian Hetzel
Zeile 1: Zeile 1:
-====== Ubuntu 18.04: Nginx ======+====== Ubuntu 18.04 und 22.04: Nginx ======
  
 ===== Installation ===== ===== Installation =====
Zeile 52: Zeile 52:
 ===== Konfiguration ===== ===== Konfiguration =====
  
 +Serverweite Konfigurationen werden an folgender Datei vorgenommen:
 +
 +<file | nginx.conf>
 +[...]
 +        server_tokens off;
 +[...]
 +</file>
 +
 +Bei Nginx heißen die "virtual hosts" innerhalb der Konfiguration "server". Unter Ubuntu ist eine Dateistruktur ähnlich der von Apache vorhanden - gemeint sind die Ordner **sites-available** sowie **sites-enabled**.
 +
 +<code>
 +/etc/nginx# ll
 +total 72
 +drwxr-xr-x   8 root root 4096 Apr  7 18:32 ./
 +drwxr-xr-x 112 root root 4096 Apr 12 21:13 ../
 +drwxr-xr-x   2 root root 4096 Nov  6 19:54 conf.d/
 +-rw-r--r--   1 root root 1077 Apr  6  2018 fastcgi.conf
 +-rw-r--r--   1 root root 1007 Apr  6  2018 fastcgi_params
 +-rw-r--r--   1 root root 2837 Apr  6  2018 koi-utf
 +-rw-r--r--   1 root root 2223 Apr  6  2018 koi-win
 +-rw-r--r--   1 root root 3957 Apr  6  2018 mime.types
 +drwxr-xr-x   2 root root 4096 Nov  6 19:54 modules-available/
 +drwxr-xr-x   2 root root 4096 Apr  7 14:07 modules-enabled/
 +-rw-r--r--   1 root root 1515 Apr  7 16:22 nginx.conf
 +-rw-r--r--   1 root root  180 Apr  6  2018 proxy_params
 +-rw-r--r--   1 root root  636 Apr  6  2018 scgi_params
 +drwxr-xr-x   2 root root 4096 Apr  7 22:05 sites-available/
 +drwxr-xr-x   2 root root 4096 Apr  7 20:31 sites-enabled/
 +drwxr-xr-x   2 root root 4096 Apr  7 14:07 snippets/
 +-rw-r--r--   1 root root  664 Apr  6  2018 uwsgi_params
 +-rw-r--r--   1 root root 3071 Apr  6  2018 win-utf
 +</code>
 +
 +
 +
 +Nach Änderung der Konfiguration kann mit folgendem Befehl geprüft werden, ob die Konfiguration Fehler enthält:
 +
 +<code>
 +# nginx -t
 +nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
 +nginx: configuration file /etc/nginx/nginx.conf test is successful
 +</code>
 ===== HTTPS mit Let's Encrypt ===== ===== HTTPS mit Let's Encrypt =====
  
Zeile 68: Zeile 110:
 ==== Cerbot: Zertifikate anfordern und Webserver anpassen ==== ==== Cerbot: Zertifikate anfordern und Webserver anpassen ====
  
-Folgt.+<code> 
 +certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email example@domain.de --domain example-website.de 
 +</code> 
 + 
 +==== Cronjob zur Erneuerung der Zertifikate ==== 
 + 
 +<code> 
 +# whereis certbot 
 +certbot: /usr/bin/certbot /usr/share/man/man1/certbot.1.gz 
 +# crontab -e 
 +</code> 
 + 
 +In die Crontab kommt dann beispielsweise folgendes rein: 
 + 
 +<file> 
 +# m h  dom mon dow   command 
 +30 4 * * * /usr/bin/certbot renew >> /var/log/le-renew.log 
 +</file> 
 + 
 +Dann lassen wir noch unser Logfile rotieren: 
 + 
 +<file | /etc/logrotate.d/le-renew > 
 +/var/log/le-renew.log 
 +
 +    rotate 12 
 +    weekly 
 +    compress 
 +    missingok 
 +
 +</file> 
 + 
 +===== PHP ===== 
 + 
 +==== Installation ==== 
 + 
 +PHP im CGI-Modus mit einigen Modulen: 
 + 
 +<code> 
 +# aptitude install php7.2-bz2 php7.2-cli php7.2-common php7.2-curl php7.2-fpm php7.2-gd php7.2-intl php7.2-json php7.2-mbstring php7.2-mysql php7.2-opcache php7.2-readline php7.2-xml php7.2-zip 
 +</code> 
 + 
 +Läuft? 
 + 
 +<code> 
 +# service php7.2-fpm status 
 +● php7.2-fpm.service - The PHP 7.2 FastCGI Process Manager 
 +   Loaded: loaded (/lib/systemd/system/php7.2-fpm.service; enabled; vendor preset: enabled) 
 +   Active: active (running) since Sat 2019-04-13 17:24:28 CEST; 3min 27s ago 
 +     Docs: man:php-fpm7.2(8) 
 + Main PID: 943 (php-fpm7.2) 
 +   Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec" 
 +    Tasks: 3 (limit: 2319) 
 +   CGroup: /system.slice/php7.2-fpm.service 
 +           ├─943 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf) 
 +           ├─964 php-fpm: pool www 
 +           └─965 php-fpm: pool www 
 + 
 +Apr 13 17:24:28 xxx systemd[1]: Starting The PHP 7.2 FastCGI Process Manager... 
 +Apr 13 17:24:28 xxx systemd[1]: Started The PHP 7.2 FastCGI Process Manager. 
 +</code> 
 + 
 +=== PHP.ini === 
 + 
 +Folgende Zeilen dürfen nicht auskommentiert bleiben: 
 + 
 +<file | /etc/php/7.2/fpm/pool.d/www.conf> 
 +[...] 
 +env[HOSTNAME] = $HOSTNAME 
 +env[PATH] = /usr/local/bin:/usr/bin:/bin 
 +env[TMP] = /tmp 
 +env[TMPDIR] = /tmp 
 +env[TEMP] = /tmp 
 +[...] 
 +</file> 
 + 
 + 
 +<file | /etc/php/7.2/fpm/php.ini> 
 +[...] 
 +short_open_tag = On 
 +[...] 
 +open_basedir = /var/www/:/tmp/:/dev/urandom 
 +[...] 
 +expose_php = Off 
 +[...] 
 +</file> 
 + 
 +<file | /etc/php/7.2/cli/php.ini> 
 +[...] 
 +short_open_tag = On 
 +[...] 
 +open_basedir = /var/www/:/tmp/:/dev/urandom 
 +[...] 
 +expose_php = Off 
 +[...] 
 +</file> 
 + 
 +==== Tuning und Fehlerbehebung ==== 
 + 
 +=== server reached pm.max_children setting, consider raising it === 
 + 
 +Logfile (PHP-FPM): 
 +<file> 
 +[23-Apr-2019 19:37:52] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it 
 +[23-Apr-2019 21:08:16] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it 
 +[23-Apr-2019 21:10:12] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it 
 +</file> 
 + 
 +<file | /etc/php/7.2/fpm/pool.d/www.conf> 
 +; The number of child processes to be created when pm is set to 'static' and the 
 +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'
 +; This value sets the limit on the number of simultaneous requests that will be 
 +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 
 +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 
 +; CGI. The below defaults are based on a server without much resources. Don'
 +; forget to tweak pm.* to fit your needs. 
 +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 
 +; Note: This value is mandatory. 
 +pm.max_children = 8 
 +</file> 
 + 
 +<code># service php7.2-fpm restart</code> 
 + 
 +===== Nginx: Handling ===== 
 + 
 +==== Konfiguration prüfen vor Neustart des Dienstes ==== 
 + 
 +<code> 
 +# service nginx configtest 
 + * Testing nginx configuration                 [fail] 
 +</code> 
 + 
 +Was sagt das Errorlog? 
 +> **/var/log/nginx/error.log** 
 + 
 +<file> 
 +2019/12/07 17:06:07 [emerg] 14795#14795: "fastcgi_split_path_info" directive is not allowed here in /etc/nginx/snippets/fastcgi-php.conf:
 +2019/12/07 17:07:07 [emerg] 14859#14859: "fastcgi_split_path_info" directive is not allowed here in /etc/nginx/snippets/fastcgi-php.conf:
 +</file> 
 + 
 +===== Reverse-Proxy ===== 
 + 
 +==== Virtual Host anlegen ==== 
 + 
 + 
 +<file | /etc/nginx/sites-available/your_domain> 
 +server { 
 +    listen 80; 
 +    listen [::]:80; 
 + 
 +    server_name your_domain www.your_domain; 
 +         
 +    location / { 
 +        proxy_pass app_server_address; 
 +        include proxy_params; 
 +    } 
 +
 +</file> 
 + 
 +==== Proxyparameter festlegen ==== 
 + 
 +<file | /etc/nginx/proxy_params> 
 +proxy_set_header Host $http_host; 
 +proxy_set_header X-Real-IP $remote_addr; 
 +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
 +proxy_set_header X-Forwarded-Proto $scheme; 
 +</file>
ubuntu/nginx_webserver.1554556188.txt.gz · Zuletzt geändert: von Sebastian Hetzel
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki