servers:bsd:freenginx_php_php-fpm
This is an old revision of the document!
Table of Contents
Information
- freenginx 1)
- PHP
- PHP-FPM
Prerequisites
Dependencies
su -
pkg install freenginx-devel php85
Information
nginx -v
php -m
Firewall
- TODO
Services
Enable
su -
sysrc nginx_enable="YES"
sysrc php_fpm_enable="YES"
Start
su -
service start 'nginx' 'php_fpm'
service stop 'nginx' 'php_fpm'
Disable Defaults
freenginx
su -
mv -v '/usr/local/etc/freenginx/nginx.conf' '/usr/local/etc/freenginx/nginx.conf~'
PHP-FPM
su -
mv -v '/usr/local/etc/php-fpm.d/www.conf' '/usr/local/etc/php-fpm.d/www.conf~'
Check Defaults
nginx
ee '/usr/local/etc/freenginx/nginx.conf~'
PHP
- TODO: Other paths
ee '/usr/local/etc/php-fpm.d/www.conf~'
nano '/etc/php8/fpm/php-fpm.conf'
nano '/etc/php8/fpm/php.ini'
nano '/etc/php8/cli/php.ini'
nginx Settings
Notes
conf.dcontains server-wide modular configuration filesdefault.dcontains site-specific modular configuration filesvhosts.dcontains enabled websites
Folders
su -
mkdir -p -m '0644' '/usr/local/etc/freenginx/conf.d' '/usr/local/etc/freenginx/default.d' '/usr/local/etc/freenginx/vhosts.d'
HTTPS Redirect
- This automatically redirects non-HTTPS site links to HTTPS
su -
ee '/usr/local/etc/freenginx/conf.d/http-redirect.conf'
server {
listen '80' 'default_server';
listen '[::]:80' 'default_server';
return '301' 'https://$host$request_uri';
}
# End
Non-existent 404
- This prevents unconfigured subdomains from loading assets from other sites 2)
su -
ee '/usr/local/etc/freenginx/conf.d/non-existent.conf'
server {
listen '443' 'ssl' 'default_server';
http2 'on';
server_name '_';
return '404';
}
# End
Headers
su -
ee '/usr/local/etc/freenginx/default.d/headers.conf'
add_header 'Strict-Transport-Security' 'max-age=63072000; includeSubdomains; preload' 'always'; add_header 'X-Content-Type-Options' 'nosniff' 'always'; add_header 'X-Frame-Options' 'sameorigin' 'always'; add_header 'X-XSS-Protection' '1; mode=block' 'always'; add_header 'Cache-Control' 'no-store, no-transform, public' 'always'; add_header 'Referrer-Policy' 'same-origin' 'always'; add_header 'Expect-CT' 'max-age=0' 'always'; add_header 'Permissions-Policy' 'geolocation=(), microphone=(), payment=(), usb=(), vr=(), magnetometer=(), midi=(), camera=(), ambient-light-sensor=(), accelerometer=()' 'always'; # End
nginx
su -
ee '/usr/local/etc/freenginx/nginx.conf'
worker_processes 1;
#error_log /var/log/nginx/error.log;
events {
worker_connections 1024;
}
http {
# Logging
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
access_log '/dev/null';
# Includes
include '/usr/local/etc/freenginx/conf.d/*.conf';
include '/usr/local/etc/freenginx/vhosts.d/*.conf';
include '/usr/local/etc/freenginx/mime.types';
default_type 'application/octet-stream';
# Config
sendfile 'on';
tcp_nopush 'on';
tcp_nodelay 'on';
keepalive_timeout '65';
types_hash_max_size '4096';
# gzip
gzip 'on';
gzip_vary 'on';
gzip_proxied 'any';
gzip_comp_level '9';
gzip_types '*';
}
# End
SSL Certs
Let's Encrypt
- See Let's Encrypt/Certbot for further set-up
su -
ee '/usr/local/etc/freenginx/conf.d/ssl.conf'
ssl_certificate '/usr/local/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem'; ssl_trusted_certificate '/usr/local/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem'; ssl_certificate_key '/usr/local/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem'; ssl_session_timeout '10m'; ssl_session_cache 'shared:SSL:10m'; ssl_session_tickets 'off'; ssl_buffer_size '4k'; ssl_protocols 'TLSv1.2' 'TLSv1.3'; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM'; ssl_prefer_server_ciphers 'on'; ssl_ecdh_curve 'secp384r1'; # End
Resources
/usr/local/www/wiki/data/attic/servers/bsd/freenginx_php_php-fpm.1767772486.txt.gz · Last modified: by Sean Rhone