Prenotes:
We will be installing the latest versions of the stack (LEMP). We will assume you have a blank RHEL 6 VM. We will also be only using https and redirect all http traffic to https using NGINX config.
1. SSHing in
To log in to the web server, we will be using the following ssh command:
ssh webadmin@123.456.78.90
# Note: webadmin is our user and 123.456.78.90 is our ip
The web server then will request your password:
webadmin@123.456.78.90's password:
Enter your web server password.
2. Creating site directory
We will begin by navigating to the root directory.
cd /
ls
list result:
bin dev lib lost+found mnt proc selinux tmp var
boot etc lib64 media net root srv u01
cgroup home local misc opt sbin sys usr
We will be creating our site directory in the home directory
sudo mkdir -p home/sites/mysitename/{backup,includes,log,public,ssl}
Note: replace mysitename with your site name.
The above command will create the following directory structure:
home
|
-sites
|
-mysitename
|
-backup
-includes
-log
-public
-ssl
3. Create a test .html file:###
Create empty html file
sudo vim /home/sites/mysitename/public/index.html
i # This key will take you to vim insert mode
Place the following inside the file index.php
<h1>Nginx and HTML are working!!</h1>
Save and quit
ESC # press the escape key #
:wq # Write and Quit the file #
4. Create a test .php file:
Create empty php file
sudo vim /home/sites/mysitename/public/test.php
i # This key will take you to vim insert mode
Place the following inside the file:
test.php
<?php
echo 'php-fpm and php are working!!';
phpinfo();
?>
Save and quit
ESC # press the escape key #
:wq # Write and Quit the file #
5. Generate a CSR file and sign a Key file
Go to the ssl folder:
cd /home/sites/mysitename/ssl
Create the server.key and server.csr files.
sudo openssl req -new -newkey rsa:2048 -nodes -out server.csr -keyout server.key -subj "/C=US/ST=CA/L=City/O=/OU=Organization/CN=localhost"
Using the server.key and the server.csr files, generate server.crt
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Go back to root
cd /
6. Adding nginx to yum repository
sudo vim /etc/yum.repos.d/nginx.repo
i # This key will take you to vim insert mode
Add the following text into the file:
nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/6/$basearch/
gpgcheck=0
enabled=1
Save and quit
ESC # press the escape key #
:wq # Write and Quit the file #
7. Installing nginx using yum
Use yum to install nginx
sudo yum install nginx
You will then receive the following message:
=======================================================================
Package Arch Version Repository Size
=======================================================================
Installing:
nginx x86_64 1.6.2-1.el6.ngx nginx 336 k
Transaction Summary
=======================================================================
Install 1 Package(s)
Total download size: 336 k
Installed size: 828 k
Is this ok [y/N]:
Note: you might have a different version number
Respond with y
y
Which should give you a success message:
Installed:
nginx.x86_64 0:1.6.2-1.el6.ngx
Complete!
8. Config nginx
Navigate to the config file:
cd /etc/nginx/conf.d/
Move the default old file:
sudo mv default.conf default.old_conf
sudo mv example_ssl.conf example_ssl.old_conf
Create a new default file:
sudo vim default.conf
i # This key will take you to vim insert mode
Place the following code inside the file: default.conf
server {
listen 80;
server_name mysite.com;
return 301 https://mysite.com$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /home/sites/mysitename/ssl/server.crt;
ssl_certificate_key /home/sites/mysitename/ssl/server.key;
server_name mysite.com;
#charset koi8-r;
access_log /home/sites/mysitename/log/access main;
error_log /home/sites/mysitename/log/error;
location / {
root /home/sites/mysitename/public;
index index.php index.html index.htm;
}
error_page 403 /403.html;
location = /403.html{
root /home/sites/mysitename/public/403;
}
error_page 404 /404.html;
location = /404.html {
root /home/sites/mysitename/public/404;
}
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /home/sites/mysitename/public/500;
#root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
root /home/sites/mysitename/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
}
Save and close vim:
ESC # press the escape key #
:wq # Write and Quit the file #
Then go back to root
cd /
9. Start nginx
sudo service nginx start
If you see this error message it means that you copied and pasted the spaces as special characters. Make sure the spaces are actual spaces.
Starting nginx: nginx: [emerg] unknown directive " listen " in /etc/nginx/conf.d/default.conf:2
[FAILED]
Otherwise it should show:
Starting nginx: [ OK ]
10. Add nginx to autostart list
sudo chkconfig --add nginx
sudo chkconfig --levels 235 nginx on
11. Change firewall settings
Open up the iptables file
sudo vim /etc/sysconfig/iptables
i # This key will take you to vim insert mode
Add these commands anywhere:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
# if you prefer to use a different filter command
# that opens up 80 and 443, you may!
Save and quit
ESC # press the escape key #
:wq # Write and Quit the file #
Restart the iptables firewall
sudo service iptables restart
12. Test to see if the index.html works
Let's test it on CURL first
curl -k https://123.456.78.90
# -k is needed because it's a self signed SSL Cert
Note: You may substitute the https://123.456.78.90 with https://mysite.com
You should get a response:
<h1>Nginx and HTML are working!!</h1>
Then open a browser and navigate to the same URL
https://123.456.78.90
# or #
https://mysite.com
You should see the following:
Nginx and HTML are working!!
If your site shows up in CURL and not in the browser, it's most likely a firewall issue.
13. Installing PHP-FPM
Add remi repository for PHP
## Remi Dependency on CentOS 6 and Red Hat (RHEL) 6 ##
sudo rpm -ivh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
## CentOS 6 and Red Hat (RHEL) 6 ##
sudo rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
Install php-fpm and dependencies
sudo yum --enablerepo=remi,remi-php56 install php-fpm
Server should respond with
====================================================================================
Package Arch Version Repository Size
====================================================================================
Installing:
php-fpm x86_64 5.6.0-1.el6.remi.2 remi-php56 1.3 M
Installing for dependencies:
php-cli x86_64 5.6.0-1.el6.remi.2 remi-php56 3.7 M
php-common x86_64 5.6.0-1.el6.remi.2 remi-php56 1.0 M
php-pear noarch 1:1.9.5-3.el6.remi remi 375 k
php-pecl-jsonc x86_64 1.3.6-1.el6.remi.5.6.1 remi-php56 47 k
php-pecl-zip x86_64 1.12.4-2.el6.remi.5.6 remi-php56 269 k
php-process x86_64 5.6.0-1.el6.remi.2 remi-php56 56 k
php-xml x86_64 5.6.0-1.el6.remi.2 remi-php56 208 k
Transaction Summary
====================================================================================
Install 8 Package(s)
Total download size: 7.0 M
Installed size: 26 M
Is this ok [y/N]:
Respond with y
y
Retrieve public key
warning: rpmts_HdrFromFdno: Header V3 DSA/SHA1 Signature, key ID 00f97f56: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi
Importing GPG key 0x00F97F56:
Userid : Remi Collet <RPMS@FamilleCollet.com>
Package: remi-release-6.5-1.el6.remi.noarch (installed)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-remi
Is this ok [y/N]:
Respond with y
y
14. Install MySQL (php-mysqlnd) Module
sudo yum --enablerepo=remi,remi-php56 install php-mysqlnd
Server responds with
Total download size: 381 k
Installed size: 1.3 M
Is this ok [y/N]: y
Respond with y
y
15. Install oci8 module
Note: If you don't need oci8 module, you can skip to step 17.
# go to the following website #
http://www.oracle.com/technetwork/topics/linuxx86-64soft-092277.html
# Download the basic version #
Download oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm
# Download the sdk version #
Download oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm
Move files from your local computer to web server.
# I am on a mac, so I did it this way
# if you are using a different OS other methods
# may be required
scp /Users/myusername/Downloads/oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm webadmin@123.456.78.90:/local/users/webadmin/
scp /Users/myusername/Downloads/oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm webadmin@123.456.78.90:/local/users/webadmin/
Make sure you do a cksum, to see if the files were damaged during the transfer.
cd ~ # /local/users/webadmin/
cksum *
2840691603 62587782 oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm
2599726994 634803 oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm
Should match these values:
(cksum - 2840691603)
(cksum - 2599726994)
Let's now install the oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm and oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm
sudo rpm -ivh oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm
# It should respond with:
Preparing... ########################################### [100%]
1:oracle-instantclient12.################## ( 42%)
sudo rpm -ivh oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm
# It should respond with:
Preparing... ########################################### [100%]
1:oracle-instantclient12.########################################### [100%]
We then need to install the php-devel package.
sudo yum --enablerepo=remi,remi-php56 install php-devel
y
We will also need the Development Tools group.
sudo yum groupinstall 'Development Tools'
y
Note: The following steps are for if you don't have dtrace enabled, remi automatically enables it.
Before we can continue we need to change a php-config
sudo vim /usr/include/php/main/php_config.h
:1221 # Then hit the return key and it will take you to line 1221 in vim
i # This key will take you to vim insert mode
Comment out the following line (#2)
/* Defined to 1 if PHP OCI8 DTrace support was enabled during configuration */
#define HAVE_OCI8_DTRACE 1
So the end result should look like this
/* Defined to 1 if PHP OCI8 DTrace support was enabled during configuration */
/* #define HAVE_OCI8_DTRACE 1 */
Save and quit
ESC # press the escape key #
:wq # Write and Quit the file #
Now download oci8 using pear
cd ~ # make sure you are in your home directory
pear download pecl/oci8
The command prompt should show the following:
downloading oci8-2.0.8.tgz ...
Starting to download oci8-2.0.8.tgz (190,854 bytes)
.........................................done: 190,854 bytes
File /local/users/webadmin/oci8-2.0.8.tgz downloaded
Now let's unzip the downloaded file
sudo tar xvzf oci8-2.0.8.tgz
Go into the newly created folder
cd oci8-2.0.8/
Now let's phpize while inside the oci8-2.0.8 folder.
sudo phpize
# once you run above command it should respond with:
Configuring for:
PHP Api Version: 20131106
Zend Module Api No: 20131226
Zend Extension Api No: 220131226
Now let's configure the extension
sudo ./configure --with-oci8=shared,instantclient,/usr/lib/oracle/12.1/client64/lib/
Compile and install
sudo make
sudo make install
cd / # go back to root
16. Add the oci8 extension to the php.ini
sudo vim /etc/php.ini
/OCI8] # It should take you to line 1208
i # This key will take you to vim insert mode
Then we want to add the following under [oci8] so it looks like this:
[OCI8]
extension=oci8.so
Save and quit
ESC # press the escape key #
:wq # Write and Quit the file #
17. Start php-fpm
sudo service php-fpm start
responses:
Starting php-fpm: [ OK ]
18. Add php-fpm to autostart list
sudo chkconfig --add php-fpm
sudo chkconfig --levels 235 php-fpm on
19. Test the php
Open a browser and go to the following website
https://123.456.78.90/test.php
# or #
https://mysite.com/test.php
It should present you with the following:
20. Setting up the logs correctly
sudo vim /etc/php-fpm.conf
/error_log # Use this command to search for error_log
i # This key will take you to vim insert mode
Set error log to the following:
error_log = /home/sites/mysitename/log/php-fpm.log
Save and quit
ESC # press the escape key #
:wq # Write and Quit the file #
Let's set the www.conf error_log as well
sudo vim /etc/php-fpm.d/www.conf
/slowlog # Use this command to search for slow_log
i # This key will take you to vim insert mode
Uncomment out the following and set it to 15 (or any number you desire)
# dont forget to remove the `;`
request_slowlog_timeout = 15
Then change the slowlog destination.
slowlog = /home/sites/mysitename/log/www-slow.log
Now exit insert mode and search for www-error.log
ESC # press the escape key #
/www-error.log # Use this command to search for error_log
i # This key will take you to vim insert mode
Set the php_admin_value[error_log] to the following:
php_admin_value[error_log] = /home/sites/mysitename/log/www-error.log
Save and quit
ESC # press the escape key #
:wq # Write and Quit the file #
Restart the php-fpm service
sudo service php-fpm restart
21. Cleaning up the files
Clean up the files from oci8 installation
cd ~
#####
sudo rm -rf oci8-2.0.8/ oci8-2.0.8.tgz oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm package.xml
# or #
sudo rm -rf oci8-2.0.8/
sudo rm oci8-2.0.8.tgz
sudo rm oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm
sudo rm oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm
sudo rm package.xml
#####
# go back to root #
cd /
22. Reboot the machine
sudo reboot
Broadcast message from webadmin@machinename
(/dev/pts/1) at 17:27 ...
The system is going down for reboot NOW!