【忘備録】Nginx, MariaDB, PHP7.2 on Ubuntu 18.04 LTS

LEMP構成 – HTTPとDATABASEサーバをインストール

Linuxサーバーの基本構成、nginx、MariaDB、PHPを導入する備忘録です。
参考になるか、ならないか不明ですが記録として残しておきます。

OSはUbuntu18.04LTSをサーバーにインストールしただけの状態です。

# パッケージ最新化
$ sudo apt update
$ sudo apt upgrade

# HTTPサーバーにnginxインストール
$ sudo apt install nginx

# パッケージをインストールすれば基本的に電源投入時に自動起動しますが、念の為イネーブルしておきます。
$ sudo systemctl enable nginx
$ sudo systemctl start nginx
$ systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2019-XX-XX 02:20:05 UTC; 2min 56s ago
     Docs: man:nginx(8)
 Main PID: 19851 (nginx)
    Tasks: 2 (limit: 2059)
   CGroup: /system.slice/nginx.service
           ├─19851 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           └─19853 nginx: worker process

# nginxのバージョンを確認
$ nginx -v
nginx version: nginx/1.14.0 (Ubuntu)

# お手持ちのブラウザでHTTPテスト表示を確認してください
# http://IPアドレス/

# ディレクトリの権限がrootになっているので、nginxに引き渡します
$ sudo chown www-data:www-data /usr/share/nginx/html -R
$ sudo chown www-data:www-data /var/www/html/ -R

# MariaDB Database Serverをインストール
$ sudo apt install mariadb-server mariadb-client
$ systemctl status mariadb
● mariadb.service - MariaDB 10.1.43 database server
   Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset:
   Active: active (running) since Sat 2019-XX-XX 00:28:43 UTC; 32s ago
     Docs: man:mysqld(8)
           https://mariadb.com/kb/en/library/systemd/
 Main PID: 3434 (mysqld)
   Status: "Taking your SQL requests now..."
    Tasks: 27 (limit: 1109)
   CGroup: /system.slice/mariadb.service
           mq3434 /usr/sbin/mysqld

# HTTPと同様にイネーブルを打っておきます
$ sudo systemctl enable mariadb

# MariaDBの初期設定
$ sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):<エンターキー>
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:<ルートパスワード入力>
Re-enter new password:<ルートパスワード再入力>
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n]<エンターキー>
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]<エンターキー>
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n]<エンターキー>
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n]<エンターキー>
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

# MariaDBのバージョンを確認
$ mariadb --version
mariadb  Ver 15.1 Distrib 10.1.43-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

# PHP7.2をインストール
$ sudo apt install php7.2 php7.2-fpm php7.2-mysql php-common php7.2-cli php7.2-common php7.2-json php7.2-opcache php7.2-readline php7.2-mbstring php7.2-xml php7.2-gd php7.2-curl php-ssh2

# 例によってイネーブル、ステータス確認
$ sudo systemctl enable php7.2-fpm
$ systemctl status php7.2-fpm
● php7.2-fpm.service - The PHP 7.2 FastCGI Process Manager
   Loaded: loaded (/lib/systemd/system/php7.2-fpm.service; enabled; vendor prese
   Active: active (running) since Sat 2019-XX-XX 00:45:53 UTC; 1min 50s ago
     Docs: man:php-fpm7.2(8)
 Main PID: 14301 (php-fpm7.2)
   Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/se
    Tasks: 3 (limit: 1109)
   CGroup: /system.slice/php7.2-fpm.service
           tq14301 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf)
           tq14318 php-fpm: pool www
           mq14319 php-fpm: pool www

# nginxにPHPの設定を追加します
# デフォルトの設定ファイルをcpを使ってデフォルト設定を退避、設定ファイルを変更します
# HTTPのディレクトリを /usr/share/nginx/html/ に変更します。
# PHP動作に必要な設定を追記します。
$ sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.old
$ sudo vi /etc/nginx/sites-available/default
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or WordPress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

# ここを変更
        root /usr/share/nginx/html/;

        # Add index.php to the list if you are using PHP
# ここを変更
        index index.php index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        # pass PHP scripts to FastCGI server
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
        #       fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        #}
# ここに追記
        location ~ \.php$ {
           fastcgi_pass unix:/run/php/php7.2-fpm.sock;
           fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
           include fastcgi_params;
           include snippets/fastcgi-php.conf;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#       listen 80;
#       listen [::]:80;
#
#       server_name example.com;
#
#       root /var/www/example.com;
#       index index.html;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}

# nginx設定の構文チェック&リロード
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ sudo nginx -s reload

# PHPの動作確認のためテストファイルを作成
$ sudo vi /usr/share/nginx/html/info.php
<?php phpinfo(); ?>

# お手持ちのブラウザで表示を確認してください
# http://IPアドレス/info.php

# 残しておくとセキュリティー的にまずいので、確認後に削除
$ sudo rm /usr/share/nginx/html/info.php

以上が設定になります、お疲れさまでした。

コメントを残す

メールアドレスが公開されることはありません。 * が付いている欄は必須項目です