Differences

This shows you the differences between two versions of the page.

--- servers:nginx_php_php-fpm [2024/02/07 14:29] – [Headers] Sean Rhone
+++ servers:nginx_php_php-fpm [2024/02/07 16:00] – old revision restored (2024/02/01 06:44) Sean Rhone
@@ Line 8: / Line 8: @@
 ===== Prerequisites =====
-  * [[distros:ubuntu_server|Ubuntu Server]]
+  * [[distros:fedora_server|Fedora Server]]
-  * [[servers:nginx_php_php-fpm?rev=1706787894|Previous Fedora Server revision]]
 ===== Resources =====
@@ Line 28: / Line 26: @@
 ****
-  sudo apt install git nginx-core php-fpm
+  sudo dnf install git nginx php-fpm php-cli
 ===== PHP Extensions =====
@@ Line 42: / Line 40: @@
   * 80/tcp is HTTP
   * 443/tcp is HTTPS
-  * ''Nginx Full'' covers ''80,443/tcp'' ([[notes:ufw|ufw notes]])
-  sudo ufw allow 'Nginx Full'
+  sudo firewall-cmd --add-service='http' --permanent && sudo firewall-cmd --add-service='https' --permanent && sudo firewall-cmd --reload
+====== SELinux ======
+===== DokuWiki =====
+  * 2023/09/12
+  sudo setsebool -P 'httpd_graceful_shutdown' '1'
+  sudo setsebool -P 'nis_enabled' '1'
+  sudo setsebool -P 'httpd_can_network_connect' '1'
+  sudo setsebool -P 'httpd_can_network_relay' '1'
 ====== Services ======
@@ Line 52: / Line 63: @@
 ****
-  sudo systemctl enable 'nginx' 'php8.2-fpm' --now
+  sudo systemctl enable 'nginx' 'php-fpm' --now
 ====== Permissions ======
-  * :!: TODO: Adapt for Ubuntu if needed
+****
   sudo chown --recursive 'nginx':'nginx' '/var/lib/php/opcache' '/var/lib/php/session' '/var/lib/php/wsdlcache' '/var/lib/php/peclxml'
@@ Line 64: / Line 75: @@
 ===== Backup =====
-  sudo mv '/etc/php/8.2/fpm/pool.d/www.conf' '/etc/php/8.2/fpm/pool.d/www.conf~'
+  sudo mv '/etc/nginx/default.d/php.conf' '/etc/nginx/default.d/php.conf~'
-  sudo mv '/etc/nginx/nginx.conf' '/etc/nginx/nginx.conf~'
+  sudo mv '/etc/nginx/conf.d/php-fpm.conf' '/etc/nginx/conf.d/php-fpm.conf~'
-  sudo unlink '/etc/nginx/sites-enabled/default'
+  sudo mv '/etc/php-fpm.d/www.conf' '/etc/php-fpm.d/www.conf~'
+  sudo mv '/etc/nginx/nginx.conf' '/etc/nginx/nginx.conf~'
 ===== View =====
-  nano '/etc/php/8.2/fpm/pool.d/www.conf~'
+  nano '/etc/nginx/default.d/php.conf~'
-  nano '/etc/nginx/nginx.conf~'
+  nano '/etc/nginx/conf.d/php-fpm.conf~'
-  nano '/etc/nginx/sites-available/default'
+  nano '/etc/php-fpm.d/www.conf~'
-  nano '/etc/php/8.2/fpm/php.ini'
+  nano '/etc/nginx/nginx.conf~'
-  nano '/etc/php/8.2/fpm/php-fpm.conf'
+  nano '/etc/php.ini'
 ====== nginx Settings ======
@@ Line 86: / Line 99: @@
 ===== Notes =====
-  * ''conf.d'' contains **server-wide** modular configuration files ((HTTPS redirect, SSL))
+  * ''conf.d'' contains **server-wide** modular configuration files
-  * ''snippets'' contains **site-specific** modular configuration files ((CSPs))
+  * ''default.d'' contains **site-specific** modular configuration files
-  * ''sites-available'' contains site's main configuration files
+  * ''vhosts.d'' contains enabled websites ((this folder needs created))
-  * ''sites-enabled'' contains enabled websites symlinked from ''sites-available''
+===== Defaults =====
+==== vhosts.d ====
+****
+  sudo mkdir -p '/etc/nginx/vhosts.d'
 ===== HTTPS Redirect =====
@@ Line 98: / Line 118: @@
 <code>
-# HTTPS Redirect
 server {
     listen 80 default_server;
@@ Line 105: / Line 123: @@
     return 301 https://$host$request_uri;
-}
+}</code>
-# End</code>
 ===== Non-existent 404 =====
@@ Line 116: / Line 132: @@
 <code>
-# Non-existent 404
 server {
     listen '443' 'ssl' 'http2' default_server;
@@ Line 123: / Line 137: @@
     return '404';
-}
+}</code>
-# End</code>
 ===== Headers =====
-  * Last updated: 2022/12/16
+  * :!: Last updated: 2022/12/16
-  * Add to individual site configs as an ''include''
+  * :!: Add on site-by-site basis as an ''include''
-  sudo -e '/etc/nginx/snippets/headers.conf'
+  sudo -e '/etc/nginx/default.d/headers.conf'
 <code>
-# Headers
 add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
 add_header X-Content-Type-Options "nosniff" always;
@@ Line 145: / Line 155: @@
 add_header Expect-CT "max-age=0" always;
 add_header Feature-Policy "geolocation none; microphone none; payment none; usb none; vr none; magnetometer none; midi none; camera none; ambient-light-sensor none; accelerometer none" always;
-add_header Permissions-Policy "geolocation=(), microphone=(), payment=(), usb=(), vr=(), magnetometer=(), midi=(), camera=(), ambient-light-sensor=(), accelerometer=()" always;
+add_header Permissions-Policy "geolocation=(), microphone=(), payment=(), usb=(), vr=(), magnetometer=(), midi=(), camera=(), ambient-light-sensor=(), accelerometer=()" always;</code>
-# End</code>
 ===== nginx =====
-  * Last updated: 2024/02/07
+  * :!: Last updated: 2023/09/12
   sudo -e '/etc/nginx/nginx.conf'
 <code>
-user www-data;
+user nginx;
 worker_processes auto;
-error_log /var/log/nginx/error.log;
+error_log /var/log/nginx/error.log notice;
 pid /run/nginx.pid;
+include /usr/share/nginx/modules/*.conf;
 events {
@@ Line 168: / Line 178: @@
     # Logging
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
     access_log  /var/log/nginx/access.log  main;
     # Includes
     include /etc/nginx/conf.d/*.conf;
-    include /etc/nginx/sites-enabled/*.conf;
+    include /etc/nginx/vhosts.d/*.conf;
     include /etc/nginx/mime.types;
     default_type application/octet-stream;
@@ Line 228: / Line 242: @@
 ssl_stapling 'on';
 ssl_stapling_verify 'on';
-resolver '1.1.1.2' '1.0.0.2' '2606:4700:4700::1112' '2606:4700:4700::1002' 'valid=300s';
+resolver '127.0.0.1' '9.9.9.9' '149.112.112.112' '[::1]' '[2620:fe::fe]' '[2620:fe::9]' 'valid=300s';
 resolver_timeout '5s';