Skip to content

Instantly share code, notes, and snippets.

@davidhoeck

davidhoeck/Setup Pimcore 5 with NGINX and PHP7.0 on Ubuntu 16.04.md

Last active February 26, 2020 22:42
Show Gist options
  • Save davidhoeck/d63ddfb0e19ddd7270ed76a70cb3ca82 to your computer and use it in GitHub Desktop.
Save davidhoeck/d63ddfb0e19ddd7270ed76a70cb3ca82 to your computer and use it in GitHub Desktop.
Download ZIP
Setup Pimcore 5 with NGINX and PHP7.0 on Ubuntu 16.04
Raw
Setup Pimcore 5 with NGINX and PHP7.0 on Ubuntu 16.04.md

Install NGINX

sudo apt-get update
sudo apt-get install nginx

Install PHP 7.0 and the PHP Packages

sudo apt-get install -y php7.0-common php7.0-zip php7.0-gd php7.0-intl php7.0-iconv php7.0-curl php7.0-json php7.0-soap php7.0-bz2

Install Pimcore in your project directory

  1. Fresh installation from Pimcore Resource
wget https://www.pimcore.org/download-5/pimcore-latest.zip -O pimcore-install.zip

You can use now the command-line installer with bin/install or go to <your-host>/install.php. Before using the webinstaller you might have to change the NGINX site config here:

# Use this location when the installer has to be run
# location ~ /(app|install)\.php(/|$) {
#
# Use this after initial install is done:
location ~ ^/app\.php(/|$) {
  1. Project via Git
git clone <project-repo>
cd <project-dir>
composer install 
composer dump-autoload -o

DB Setup

Use the ut8mb4 charset and the ut8b4_unicode_ci collation. If the DB runs on same server instance as the webserver use as host localhost

Setup an NGINX Site

  1. Create a config file
cd /etc/nginx/sites-available
touch <project-name>.conf
  1. Setup the nginx config file
# mime types are covered in nginx.conf by:
# http {
#   include       mime.types;
# }

upstream php-pimcore5 {
    server unix:/var/run/php/php7.0-fpm.sock; # Depending on the PHP FPM version your are running 
}

server {
    listen 80;
    
    root /var/www/<project-dir>/web;
    server_name <domain>; # e.g pimcore.davidhoeck.com
    index index.php;

    access_log  /var/log/access.log;
    error_log   /var/log/error.log error;

    # Pimcore Head-Link Cache-Busting
    rewrite ^/cache-buster-(?:\d+)/(.*) /$1 last;

    # Stay secure
    #
    # a) don't allow PHP in folders allowing file uploads
    location ~* /var/assets/*\.php(/|$) {
        return 404;
    }
    # b) Prevent clients from accessing hidden files (starting with a dot)
    # Access to `/.well-known/` is allowed.
    # https://www.mnot.net/blog/2010/04/07/well-known
    # https://tools.ietf.org/html/rfc5785
    location ~* /\.(?!well-known/) {
        deny all;
        log_not_found off;
        access_log off;
    }
    # c) Prevent clients from accessing to backup/config/source files
    location ~* (?:\.(?:bak|conf(ig)?|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
        deny all;
    }

    # Thumbnails
    location ~* .*/(image|video)-thumb__\d+__.* {
        try_files /var/tmp/$1-thumbnails$request_uri /app.php;
        expires 2w;
        access_log off;
        add_header Cache-Control "public";
    }

    # Assets
    # Still use a whitelist approach to prevent each and every missing asset to go through the PHP Engine.
    location ~* (.+?)\.((?:css|js)(?:\.map)?|jpe?g|gif|png|svgz?|eps|exe|gz|zip|mp\d|ogg|ogv|webm|pdf|docx?|xlsx?|pptx?)$ {
        try_files /var/assets$uri $uri =404;
        expires 2w;
        access_log off;
        log_not_found off;
        add_header Cache-Control "public";
    }

    # Installer
    # Remove this if you don't need the web installer (anymore)
    if (-f $document_root/install.php) {
        rewrite ^/install(/?.*) /install.php$1 last;
    }

    location / {
        error_page 404 /meta/404;
        add_header "X-UA-Compatible" "IE=edge";
        try_files $uri /app.php$is_args$args;
    }

    # Use this location when the installer has to be run
    # location ~ /(app|install)\.php(/|$) {
    #
    # Use this after initial install is done:
    location ~ ^/app\.php(/|$) {
        send_timeout 1800;
        fastcgi_read_timeout 1800;
        # regex to split $uri to $fastcgi_script_name and $fastcgi_path
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        # Check that the PHP script exists before passing it
        try_files $fastcgi_script_name =404;
        include fastcgi.conf;
        # Bypass the fact that try_files resets $fastcgi_path_info
        # see: http://trac.nginx.org/nginx/ticket/321
        set $path_info $fastcgi_path_info;
        fastcgi_param PATH_INFO $path_info;

        # Activate these, if using Symlinks and opcache
        # fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        # fastcgi_param DOCUMENT_ROOT $realpath_root;

        fastcgi_pass php-pimcore5;
        # Prevents URIs that include the front controller. This will 404:
        # http://domain.tld/app.php/some-path
        # Remove the internal directive to allow URIs like this
        internal;
    }

    # PHP-FPM Status and Ping
    location /fpm- {
        access_log off;
        include fastcgi_params;
        location /fpm-status {
            allow 127.0.0.1;
            # add additional IP's or Ranges
            deny all;
            fastcgi_pass php-pimcore5;
        }
        location /fpm-ping {
            fastcgi_pass php-pimcore5;
        }
    }
    # nginx Status
    # see: https://nginx.org/en/docs/http/ngx_http_stub_status_module.html
    location /nginx-status {
        allow 127.0.0.1;
        deny all;
        access_log off;
        stub_status;
    }
}
  1. Create symlink
ln -s /etc/nginx/sites-available/<project-name>.conf /etc/nginx/sites-enabled/
  1. Restart PHP-FPM and Nginx
sudo service nginx restart
sudo service php7.0-fpm restart

Install additional tools

  • APCu (Cache) and Imagick (Image Processing)
sudo apt-get install php7.0-apcu php-imagick -y

sudo apt-get install php-redis
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment