Skip to content

Instantly share code, notes, and snippets.

@tidus2102
Created November 10, 2017 09:52
Show Gist options
  • Save tidus2102/d752910155ba77e7ff56f375122de73e to your computer and use it in GitHub Desktop.
Save tidus2102/d752910155ba77e7ff56f375122de73e to your computer and use it in GitHub Desktop.
CentOS 7 PHP Deployment
0.
yum -y install epel-release yum-utils
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
yum-config-manager --enable remi
yum-config-manager --enable remi-php71
yum clean all
yum -y update
nano /etc/selinux/config
==============================
#SELINUX=enforcing
SELINUX=disabled
==============================
reboot
1. Clone source
yum -y install bash-completion gcc nano git zip unzip wget
mkdir /var/www
cd /var/www
git clone ...
cp config
cp nsms.conf
cp nginx.conf
cp opache
cp renew_ssl
Disable git compression
git config --global gc.auto 0
1. Update gzip
wget https://ftp.gnu.org/gnu/gzip/gzip-1.8.tar.xz
tar xvf gzip-1.8.tar.xz
cd gzip-1.8
./configure --prefix=/usr
make
make check
make install
# mv -v /usr/bin/gzip /bin
2. Install NGINX - https://www.nginx.com/resources/wiki/start/topics/tutorials/install/
nano /etc/yum.repos.d/nginx.repo
================================================
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
================================================
yum -y install nginx
systemctl start nginx
systemctl enable nginx
nano /etc/nginx/conf.d/php-fpm.conf
================================================
upstream php-fpm {
#server 127.0.0.1:9000;
server unix:/run/php-fpm/www.sock;
}
================================================
Disable firewall
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload
3. Install PHP - https://www.digitalocean.com/community/tutorials/how-to-upgrade-to-php-7-on-centos-7
https://dl.iuscommunity.org/pub/ius/stable/CentOS/7/x86_64/
yum -y install php-fpm php-common php-gd php-mysqlnd php-xml php-mbstring php-mcrypt php-opcache php-cli redis
yum -y install ImageMagick ImageMagick-devel php-devel php-pear
pecl install imagick
#pecl config-set php_ini /etc/php.ini
systemctl start php-fpm
systemctl enable php-fpm
systemctl start redis
systemctl enable redis
nano /etc/php-fpm.d/www.conf
================================================
;listen = 127.0.0.1:9000
listen = /run/php-fpm/www.sock
listen.acl_users = nginx
================================================
nano /etc/php.ini
================================================
short_open_tag = On
date.timezone=UTC
extension=imagick.so
================================================
4. Install MariaDB - https://downloads.mariadb.org/mariadb/repositories
nano /etc/yum.repos.d/mariadb.repo
================================================
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
================================================
yum -y install MariaDB-server MariaDB-client
systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation
mysql -u root -pPASSWORD
SET time_zone = '+00:00';
SET GLOBAL time_zone = '+00:00';
Allow remote access
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
https://cloud.google.com/solutions/mysql-remote-access
nano /etc/my.cnf.d/server.cnf
================================================
character-set-client-handshake = false
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
innodb_file_format = barracuda
innodb_file_per_table = 1
innodb_large_prefix = 1
================================================
systemctl restart mysql
systemctl restart mariadb
5. NodeJS
curl --silent --location https://rpm.nodesource.com/setup_8.x | sudo bash -
yum -y install nodejs
npm -g install npm
npm -g install yarn
yarn global add bower
6.SSL: https://serversforhackers.com/video/letsencrypt-for-free-easy-ssl-certificates
cd /opt
git clone git@github.com:certbot/certbot.git
cd /opt/certbot
./certbot-auto certonly --webroot -w /var/www/html -d mysportcorner.com,www.mysportcorner.com --non-interactive --agree-tos --email tidus2102@gmail.com
mkdir /etc/nginx/cert
cd /etc/nginx/cert
touch dhparam.pem
openssl dhparam 2048 -out /etc/nginx/cert/dhparam.pem
Auto Renew Cronjob
nano /etc/cron.monthly/renew_ssl
================================================
#!/usr/bin/env bash
cd /opt/certbot
./certbot-auto renew --webroot --noninteractive -w /var/www/nsms --post-hook "systemctl restart nginx"
================================================
chmod u=rwx,go=rx /etc/cron.monthly/renew_ssl
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment