Installing NGINX with PHP-FPM on RHEL with OCI8

Prenotes:

We will be installing the latest versions of the stack (LEMP). We will assume you have a blank RHEL 6 VM. We will also be only using https and redirect all http traffic to https using NGINX config.

1. SSHing in

To log in to the web server, we will be using the following ssh command:

ssh webadmin@123.456.78.90
# Note: webadmin is our user and 123.456.78.90 is our ip

The web server then will request your password:

webadmin@123.456.78.90's password:

Enter your web server password.

2. Creating site directory

We will begin by navigating to the root directory.

cd /
ls

list result:

bin     dev   lib    lost+found  mnt  proc  selinux  tmp  var
boot    etc   lib64  media       net  root  srv      u01
cgroup  home  local  misc        opt  sbin  sys      usr

We will be creating our site directory in the home directory

sudo mkdir -p home/sites/mysitename/{backup,includes,log,public,ssl}

Note: replace mysitename with your site name.

The above command will create the following directory structure:

home
  |
  -sites
    |
    -mysitename
      |
      -backup
      -includes
      -log
      -public
      -ssl

3. Create a test .html file:###

Create empty html file

sudo vim /home/sites/mysitename/public/index.html
i # This key will take you to vim insert mode

Place the following inside the file index.php

<h1>Nginx and HTML are working!!</h1>

Save and quit

ESC # press the escape key #
:wq # Write and Quit the file #

4. Create a test .php file:

Create empty php file

sudo vim /home/sites/mysitename/public/test.php
i # This key will take you to vim insert mode

Place the following inside the file:
test.php

<?php
    echo 'php-fpm and php are working!!';
    phpinfo();
?>

Save and quit

ESC # press the escape key #
:wq # Write and Quit the file #

5. Generate a CSR file and sign a Key file

Go to the ssl folder:

cd /home/sites/mysitename/ssl

Create the server.key and server.csr files.

sudo openssl req -new -newkey rsa:2048 -nodes -out server.csr -keyout server.key -subj "/C=US/ST=CA/L=City/O=/OU=Organization/CN=localhost"

Using the server.key and the server.csr files, generate server.crt

sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Go back to root

cd /

6. Adding nginx to yum repository

sudo vim /etc/yum.repos.d/nginx.repo
i # This key will take you to vim insert mode

Add the following text into the file:
nginx.repo

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/6/$basearch/
gpgcheck=0
enabled=1

Save and quit

ESC # press the escape key #
:wq # Write and Quit the file #

7.  Installing nginx using yum

Use yum to install nginx

sudo yum install nginx

You will then receive the following message:

=======================================================================
 Package      Arch          Version                 Repository    Size
=======================================================================
Installing:
 nginx        x86_64        1.6.2-1.el6.ngx         nginx        336 k
 
Transaction Summary
=======================================================================
Install       1 Package(s)
 
Total download size: 336 k
Installed size: 828 k
Is this ok [y/N]:

Note: you might have a different version number

Respond with y

y

Which should give you a success message:

Installed:
  nginx.x86_64 0:1.6.2-1.el6.ngx                                       
 
Complete!

8. Config nginx

Navigate to the config file:

cd /etc/nginx/conf.d/

Move the default old file:

sudo mv default.conf default.old_conf
sudo mv example_ssl.conf example_ssl.old_conf

Create a new default file:

sudo vim default.conf
i # This key will take you to vim insert mode

Place the following code inside the file: default.conf

server {
    listen       80;
     
    server_name  mysite.com;
    
    return 301 https://mysite.com$request_uri;
}
 
server {
    listen      443;
 
    ssl                         on;
    ssl_certificate             /home/sites/mysitename/ssl/server.crt;
    ssl_certificate_key         /home/sites/mysitename/ssl/server.key;
 
    server_name mysite.com;
     
 
    #charset koi8-r;
    access_log /home/sites/mysitename/log/access  main;
    error_log /home/sites/mysitename/log/error;
 
    location / {
        root /home/sites/mysitename/public;
        index index.php index.html index.htm;
    }
 
    error_page  403              /403.html;
    location = /403.html{
        root /home/sites/mysitename/public/403;
    }
 
    error_page  404              /404.html;
    location = /404.html {
        root /home/sites/mysitename/public/404;
    }
 
 
    # redirect server error pages to the static page /50x.html
 
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root /home/sites/mysitename/public/500;
        #root   /usr/share/nginx/html;
    }
 
    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}
 
    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
 
    location ~ \.php$ {
        root           /home/sites/mysitename/public;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $request_filename;
        include        fastcgi_params;
    }
     
    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
 
    location ~ /\.ht {
        deny  all;
    }
}

Save and close vim:

ESC # press the escape key #
:wq # Write and Quit the file #

Then go back to root

cd /

9. Start nginx

sudo service nginx start

If you see this error message it means that you copied and pasted the spaces as special characters. Make sure the spaces are actual spaces.

Starting nginx: nginx: [emerg] unknown directive "    listen      " in /etc/nginx/conf.d/default.conf:2
                                                           [FAILED]

Otherwise it should show:

Starting nginx:                                            [  OK  ]

10. Add nginx to autostart list

sudo chkconfig --add nginx
sudo chkconfig --levels 235 nginx on

11. Change firewall settings

Open up the iptables file

sudo vim /etc/sysconfig/iptables
i # This key will take you to vim insert mode

Add these commands anywhere:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
# if you prefer to use a different filter command 
# that opens up 80 and 443, you may!

Save and quit

ESC # press the escape key #
:wq # Write and Quit the file #

Restart the iptables firewall

sudo service iptables restart

12. Test to see if the index.html works

Let's test it on CURL first

curl -k https://123.456.78.90 
# -k is needed because it's a self signed SSL Cert

Note: You may substitute the https://123.456.78.90 with https://mysite.com

You should get a response:

<h1>Nginx and HTML are working!!</h1>

Then open a browser and navigate to the same URL

https://123.456.78.90

# or #

https://mysite.com

You should see the following:

Nginx and HTML are working!!

If your site shows up in CURL and not in the browser, it's most likely a firewall issue.

13. Installing PHP-FPM

Add remi repository for PHP

## Remi Dependency on CentOS 6 and Red Hat (RHEL) 6 ##
sudo rpm -ivh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

## CentOS 6 and Red Hat (RHEL) 6 ##
sudo rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

Install php-fpm and dependencies

sudo yum --enablerepo=remi,remi-php56 install php-fpm

Server should respond with

====================================================================================
 Package                      Arch      Version                Repository      Size
====================================================================================
Installing:
 php-fpm                      x86_64    5.6.0-1.el6.remi.2     remi-php56     1.3 M
Installing for dependencies:
 php-cli                      x86_64    5.6.0-1.el6.remi.2     remi-php56     3.7 M
 php-common                   x86_64    5.6.0-1.el6.remi.2     remi-php56     1.0 M
 php-pear                     noarch    1:1.9.5-3.el6.remi     remi           375 k
 php-pecl-jsonc               x86_64    1.3.6-1.el6.remi.5.6.1 remi-php56      47 k
 php-pecl-zip                 x86_64    1.12.4-2.el6.remi.5.6  remi-php56     269 k
 php-process                  x86_64    5.6.0-1.el6.remi.2     remi-php56      56 k
 php-xml                      x86_64    5.6.0-1.el6.remi.2     remi-php56     208 k
 
Transaction Summary
====================================================================================
Install       8 Package(s)
 
Total download size: 7.0 M
Installed size: 26 M
Is this ok [y/N]:

Respond with y

y

Retrieve public key

warning: rpmts_HdrFromFdno: Header V3 DSA/SHA1 Signature, key ID 00f97f56: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi
Importing GPG key 0x00F97F56:
 Userid : Remi Collet <RPMS@FamilleCollet.com>
 Package: remi-release-6.5-1.el6.remi.noarch (installed)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-remi
Is this ok [y/N]:

Respond with y

y

14. Install MySQL (php-mysqlnd) Module

sudo yum --enablerepo=remi,remi-php56 install php-mysqlnd

Server responds with

Total download size: 381 k
Installed size: 1.3 M
Is this ok [y/N]: y

Respond with y

y

15. Install oci8 module

Note: If you don't need oci8 module, you can skip to step 17.

# go to the following website #
http://www.oracle.com/technetwork/topics/linuxx86-64soft-092277.html
 
# Download the basic version #
Download oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm
 
# Download the sdk version #
Download oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm

Move files from your local computer to web server.

# I am on a mac, so I did it this way
# if you are using a different OS other methods
# may be required
 
scp /Users/myusername/Downloads/oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm webadmin@123.456.78.90:/local/users/webadmin/
 
scp /Users/myusername/Downloads/oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm webadmin@123.456.78.90:/local/users/webadmin/

Make sure you do a cksum, to see if the files were damaged during the transfer.

cd ~  # /local/users/webadmin/
cksum *
2840691603 62587782 oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm
2599726994 634803 oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm

Should match these values:

(cksum - 2840691603)
(cksum - 2599726994)

Let's now install the oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm and oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm

sudo rpm -ivh oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm
 
# It should respond with:
 
Preparing...                ########################################### [100%]
   1:oracle-instantclient12.##################                          ( 42%)
    
sudo rpm -ivh oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm
 
# It should respond with:
 
Preparing...                ########################################### [100%]
   1:oracle-instantclient12.########################################### [100%]

We then need to install the php-devel package.

sudo yum --enablerepo=remi,remi-php56 install php-devel
y

We will also need the Development Tools group.

sudo yum groupinstall 'Development Tools'
y

Note: The following steps are for if you don't have dtrace enabled, remi automatically enables it.

Before we can continue we need to change a php-config

sudo vim /usr/include/php/main/php_config.h
:1221 # Then hit the return key and it will take you to line 1221 in vim
i     # This key will take you to vim insert mode

Comment out the following line (#2)

/* Defined to 1 if PHP OCI8 DTrace support was enabled during configuration */
#define HAVE_OCI8_DTRACE 1

So the end result should look like this

/* Defined to 1 if PHP OCI8 DTrace support was enabled during configuration */
/* #define HAVE_OCI8_DTRACE 1 */

Save and quit

ESC # press the escape key #
:wq # Write and Quit the file #

Now download oci8 using pear

cd ~ # make sure you are in your home directory
pear download pecl/oci8

The command prompt should show the following:

downloading oci8-2.0.8.tgz ...
Starting to download oci8-2.0.8.tgz (190,854 bytes)
.........................................done: 190,854 bytes
File /local/users/webadmin/oci8-2.0.8.tgz downloaded

Now let's unzip the downloaded file

sudo tar xvzf oci8-2.0.8.tgz

Go into the newly created folder

cd oci8-2.0.8/

Now let's phpize while inside the oci8-2.0.8 folder.

sudo phpize
 
# once you run above command it should respond with:
 
Configuring for:
PHP Api Version:         20131106
Zend Module Api No:      20131226
Zend Extension Api No:   220131226

Now let's configure the extension

sudo ./configure --with-oci8=shared,instantclient,/usr/lib/oracle/12.1/client64/lib/

Compile and install

sudo make
sudo make install
cd / # go back to root

16. Add the oci8 extension to the php.ini

sudo vim /etc/php.ini
/OCI8] # It should take you to line 1208
i      # This key will take you to vim insert mode

Then we want to add the following under [oci8] so it looks like this:

[OCI8]
extension=oci8.so

Save and quit

ESC # press the escape key #
:wq # Write and Quit the file #

17. Start php-fpm

sudo service php-fpm start

responses:

Starting php-fpm:                                          [  OK  ]

18. Add php-fpm to autostart list

sudo chkconfig --add php-fpm
sudo chkconfig --levels 235 php-fpm on

19. Test the php

Open a browser and go to the following website

https://123.456.78.90/test.php

# or #

https://mysite.com/test.php

It should present you with the following:
php_working

20. Setting up the logs correctly

sudo vim /etc/php-fpm.conf
/error_log  # Use this command to search for error_log
i           # This key will take you to vim insert mode

Set error log to the following:

error_log = /home/sites/mysitename/log/php-fpm.log

Save and quit

ESC # press the escape key #
:wq # Write and Quit the file #

Let's set the www.conf error_log as well

sudo vim /etc/php-fpm.d/www.conf
/slowlog    # Use this command to search for slow_log
i           # This key will take you to vim insert mode

Uncomment out the following and set it to 15 (or any number you desire)

# dont forget to remove the `;`
request_slowlog_timeout = 15

Then change the slowlog destination.

slowlog = /home/sites/mysitename/log/www-slow.log

Now exit insert mode and search for www-error.log

ESC            # press the escape key #
/www-error.log # Use this command to search for error_log
i              # This key will take you to vim insert mode

Set the php_admin_value[error_log] to the following:

php_admin_value[error_log] = /home/sites/mysitename/log/www-error.log

Save and quit

ESC # press the escape key #
:wq # Write and Quit the file #

Restart the php-fpm service

sudo service php-fpm restart

21. Cleaning up the files

Clean up the files from oci8 installation

cd ~
 
#####
 
sudo rm -rf oci8-2.0.8/ oci8-2.0.8.tgz oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm package.xml
 
# or #
 
sudo rm -rf oci8-2.0.8/
sudo rm oci8-2.0.8.tgz
sudo rm oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm
sudo rm oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm
sudo rm package.xml
 
#####
 
# go back to root #
cd /

22. Reboot the machine

sudo reboot
 
Broadcast message from webadmin@machinename
    (/dev/pts/1) at 17:27 ...
 
The system is going down for reboot NOW!

Congrats, you are done!!