ubuntu:nginx_webserver
Dies ist eine alte Version des Dokuments!
Inhaltsverzeichnis
Ubuntu 18.04: Nginx
Installation
Immer neuste (stabile) Version über PPA
# add-apt-repository ppa:nginx/stable # apt-get update # aptitude install nginx
Version aus der Distribution
# apt-get update # aptitude install nginx
Prüfung
# service nginx status
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2019-04-06 14:50:15 CEST; 9min ago
Docs: man:nginx(8)
Process: 8408 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 8826 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 8820 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 8828 (nginx)
Tasks: 2 (limit: 2319)
CGroup: /system.slice/nginx.service
├─8828 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─8830 nginx: worker process
Apr 06 14:50:15 xxx systemd[1]: Starting A high performance web server and a reverse proxy server...
Apr 06 14:50:15 xxx systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
Apr 06 14:50:15 xxx systemd[1]: Started A high performance web server and a reverse proxy server.
# netstat -anptu Aktive Internetverbindungen (Server und stehende Verbindungen) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8828/nginx: master tcp6 0 0 :::80 :::* LISTEN 8828/nginx: master
Konfiguration
Serverweite Konfigurationen werden an folgender Datei vorgenommen:
- nginx.conf
[...] server_tokens off; [...]
Bei Nginx heißen die „virtual hosts“ innerhalb der Konfiguration „server“. Unter Ubuntu ist eine Dateistruktur ähnlich der von Apache vorhanden - gemeint sind die Ordner sites-available sowie sites-enabled.
/etc/nginx# ll total 72 drwxr-xr-x 8 root root 4096 Apr 7 18:32 ./ drwxr-xr-x 112 root root 4096 Apr 12 21:13 ../ drwxr-xr-x 2 root root 4096 Nov 6 19:54 conf.d/ -rw-r--r-- 1 root root 1077 Apr 6 2018 fastcgi.conf -rw-r--r-- 1 root root 1007 Apr 6 2018 fastcgi_params -rw-r--r-- 1 root root 2837 Apr 6 2018 koi-utf -rw-r--r-- 1 root root 2223 Apr 6 2018 koi-win -rw-r--r-- 1 root root 3957 Apr 6 2018 mime.types drwxr-xr-x 2 root root 4096 Nov 6 19:54 modules-available/ drwxr-xr-x 2 root root 4096 Apr 7 14:07 modules-enabled/ -rw-r--r-- 1 root root 1515 Apr 7 16:22 nginx.conf -rw-r--r-- 1 root root 180 Apr 6 2018 proxy_params -rw-r--r-- 1 root root 636 Apr 6 2018 scgi_params drwxr-xr-x 2 root root 4096 Apr 7 22:05 sites-available/ drwxr-xr-x 2 root root 4096 Apr 7 20:31 sites-enabled/ drwxr-xr-x 2 root root 4096 Apr 7 14:07 snippets/ -rw-r--r-- 1 root root 664 Apr 6 2018 uwsgi_params -rw-r--r-- 1 root root 3071 Apr 6 2018 win-utf
Nach Änderung der Konfiguration kann mit folgendem Befehl geprüft werden, ob die Konfiguration Fehler enthält:
# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
HTTPS mit Let's Encrypt
Certbot installieren
Als root ausführen:
# apt-get update # apt-get install software-properties-common # add-apt-repository universe # add-apt-repository ppa:certbot/certbot # apt-get update # apt-get install python3-certbot-nginx
Cerbot: Zertifikate anfordern und Webserver anpassen
certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email example@domain.de --domain example-website.de
Cronjob zur Erneuerung der Zertifikate
# whereis certbot certbot: /usr/bin/certbot /usr/share/man/man1/certbot.1.gz # crontab -e
In die Crontab kommt dann beispielsweise folgendes rein:
# m h dom mon dow command 30 4 * * * /usr/bin/certbot renew >> /var/log/le-renew.log
Dann lassen wir noch unser Logfile rotieren:
- /etc/logrotate.d/le-renew
/var/log/le-renew.log { rotate 12 weekly compress missingok }
PHP
Installation
PHP im CGI-Modus mit einigen Modulen:
# aptitude install php7.2-bz2 php7.2-cli php7.2-common php7.2-curl php7.2-fpm php7.2-gd php7.2-intl php7.2-json php7.2-mbstring php7.2-mysql php7.2-opcache php7.2-readline php7.2-xml php7.2-zip
Läuft?
# service php7.2-fpm status
● php7.2-fpm.service - The PHP 7.2 FastCGI Process Manager
Loaded: loaded (/lib/systemd/system/php7.2-fpm.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2019-04-13 17:24:28 CEST; 3min 27s ago
Docs: man:php-fpm7.2(8)
Main PID: 943 (php-fpm7.2)
Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec"
Tasks: 3 (limit: 2319)
CGroup: /system.slice/php7.2-fpm.service
├─943 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf)
├─964 php-fpm: pool www
└─965 php-fpm: pool www
Apr 13 17:24:28 xxx systemd[1]: Starting The PHP 7.2 FastCGI Process Manager...
Apr 13 17:24:28 xxx systemd[1]: Started The PHP 7.2 FastCGI Process Manager.
PHP.ini
Folgende Zeilen dürfen nicht auskommentiert bleiben:
- /etc/php/7.2/fpm/pool.d/www.conf
[...] env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp [...]
- /etc/php/7.2/fpm/php.ini
[...] short_open_tag = On [...] open_basedir = /var/www/:/tmp/:/dev/urandom [...] expose_php = Off [...]
- /etc/php/7.2/cli/php.ini
[...] short_open_tag = On [...] open_basedir = /var/www/:/tmp/:/dev/urandom [...] expose_php = Off [...]
ubuntu/nginx_webserver.1555186330.txt.gz · Zuletzt geändert: von Sebastian Hetzel