Skip to content

Instantly share code, notes, and snippets.

@lesstif lesstif/serve-php.sh

Last active May 5, 2020
Embed
What would you like to do?
nginx php-fpm virtual host serve script for RHEL/CentOS, Ubuntu distro. Run "curl -o serve-php.sh https://gist.githubusercontent.com/lesstif/82c107282241c7a52ad9/raw && sudo mv serve-php.sh /usr/local/bin/ && sudo chmod +x /usr/local/bin/serve-php.sh "
#!/usr/bin/env bash
## Installation
## curl -o /usr/local/bin/serve-php.sh https://gist.githubusercontent.com/lesstif/82c107282241c7a52ad9/raw
## chmod +x /usr/local/bin/serve-php.sh
SA="/etc/nginx/sites-available/"
SE="/etc/nginx/sites-enabled/"
test=0
if [ "$EUID" -ne 0 ];then
echo -e "Your are running $0 in the user mode.!\n nginx config file does not modifiying.\n\n";
SA="./sites-available/"
SE="./sites-enabled/"
test=1
fi
if [ ! "$#" -eq 2 ]; then
echo "Error: missing required parameters.";
echo "Usage: ";
echo " serve domain path";
exit 1;
fi
HOST=$1
ROOT=$2
PHP_VERSIONS="5.6 7.0 7.1 7.2 7.3 7.4"
function find_fpm() {
d="/etc/init.d/"
found=0;
for v in ${PHP_VERSIONS};do
FPM="php${v}-fpm";
FULL_PATH=${d}"php${v}-fpm";
if [ -f "${FULL_PATH}" ]; then
echo "${FPM} script found in the '${FULL_PATH}'";
found=1;
break;
fi;
done
if [ ${found} == 0 ];then
if [ -f "/usr/lib/systemd/system/php-fpm.service" ];then ## RHEL 7
FPM="php-fpm";
echo "${FPM} script found in the '${FULL_PATH}'";
else
echo "php-fpm not found. exiting...";
exit 1;
fi;
fi;
}
FPMSOCK=""
function find_fpm_socket() {
d="/var/run/php/"
if [ ! -d "${d}" ];then
d="/var/run/php-fpm/"
fi
## FILE exists and is a socket
found=0
for v in ${PHP_VERSIONS}; do
FSOCK="php${v}-fpm.sock";
if [ -S "${FSOCK}" ]; then
echo "FPM Socket found in the '${FSOCK}'";
found=1;
break;
fi;
done;
if [ ${found} == 1 ];then
PROTO="unix:"
FPMSOCK="${FSOCK}"
echo "php-fpm ${FPMSOCK}...";
else
if [ -S "/run/php-fpm/www.sock" ];then ## CentOS 8 - remi
PROTO="unix:"
FPMSOCK="/run/php-fpm/www.sock"
echo "php-fpm ${FPMSOCK}...";
else
# fastcgi_pass 127.0.0.1:9000;
## assume local port on 9000
PROTO=""
FPMSOCK="127.0.0.1:9000"
echo "php-fpm unix socket not found. using ${FPMSOCK}...";
fi;
fi;
}
## for RHEL derived distro
if [ ! -d "${SA}" ];then
mkdir ${SA}
fi
if [ ! -d "${SE}" ];then
mkdir ${SE}
fi
### generate self-signed certification for HTTPS
# mkdir /etc/nginx/ssl 2>/dev/null
#
# PATH_SSL="/etc/nginx/ssl"
# PATH_KEY="${PATH_SSL}/${1}.key"
# PATH_CSR="${PATH_SSL}/${1}.csr"
# PATH_CRT="${PATH_SSL}/${1}.crt"
#
# if [ ! -f $PATH_KEY ] || [ ! -f $PATH_CSR ] || [ ! -f $PATH_CRT ]
# then
# openssl genrsa -out "$PATH_KEY" 2048 2>/dev/null
# openssl req -new -key "$PATH_KEY" -out "$PATH_CSR" -subj "/CN=$1/O=Vagrant/C=UK" 2>/dev/null
# openssl x509 -req -days 365 -in "$PATH_CSR" -signkey "$PATH_KEY" -out "$PATH_CRT" 2>/dev/null
# fi
###
find_fpm
find_fpm_socket
block="##server {
## listen 80;
## server_name $1;
## force redirect to https
## location / {
## return 301 https://\$server_name\$request_uri;
## }
##}
server {
listen 80;
listen 443 ssl;
server_name $1;
root \"$2\";
server_tokens off;
fastcgi_hide_header X-Powered-By;
index index.php index.html index.htm;
charset utf-8;
location / {
try_files \$uri \$uri/ /index.php?\$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
##access_log off;
access_log /var/log/nginx/$1-access.log combined;
error_log /var/log/nginx/$1-error.log error;
sendfile off;
client_max_body_size 100m;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
# Remove the Connection header if the client sends it,
# it could be "close" to close a keepalive connection
proxy_set_header Connection \"\";
location ~ \.php$ {
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY \"\";
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass ${PROTO}${FPMSOCK};
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
}
location ~ /\.ht {
deny all;
}
### ssl on was deprecated. use listen 443 ssl;
### ssl on;
# ssl_certificate /etc/nginx/ssl/$1.crt;
# ssl_certificate_key /etc/nginx/ssl/$1.key;
### RHEL/CentOS derived distro.
# ssl_certificate /etc/pki/tls/certs/$1.crt;
# ssl_certificate_key /etc/pki/tls/private/$1.key;
### Dropping SSLv3, ref: POODLE
# ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1;
# ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
### HSTS(HTTP Strict Transport Security)
# add_header Strict-Transport-Security \"max-age=86400; includeSubdomains; preload\";
}"
echo "$block" > "${SA}/$1"
ln -fs "${SA}/$1" "${SE}/$1"
if [ $test -ne 1 ];then
systemctl restart nginx
systemctl restart ${FPM}
fi
## check include sites-enabled directive
RED='\033[0;31m'
NC='\033[0m' # No Color
DUMMY=$(grep sites-enabled /etc/nginx/nginx.conf)
is_include=$?
if [ ${is_include} != 0 ];then
printf "\n\nyou need to append \"${RED}include /etc/nginx/sites-enabled/*;\"${NC} into the nginx.conf http { } block. \n\n"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.