centos下nginx搭建drupal 8

孙华斌 發表於 2020-4-18 21:07:00

环境：centos 7.6，nginx 1.5.18，php 7.3，drupal 8.8.5
drupal 8版本系统要求：
php 7.2以上
数据库要求：MySQL 5.5.3/MariaDB 5.5.20/Percona Server 5.5.8 以上版本并且使用InnoDB数据库引擎, 和 PDO 数据库扩展.
web服务器：apache、nginx、IIS等支持php的服务都可以。
一、nginx
1.nginx安装和配置
<div class="cnblogs_code">
<pre># yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm　　//安装最新版epel软件源 # yum install -y yum-utils　　//安装yum工具 # yum install -y nginx # setenforce 0 　　//设置selinux模式，最好再修改配置文件/etc/selinux/config，把enforcing改为permissive</pre>
</div>
<div class="cnblogs_code">
<pre># firewall-cmd --add-service=http --permanent　　//开放http服务
# firewall-cmd --reload　　//更新防火墙策略</pre>
</div>
 启动nginx：
<div class="cnblogs_code">
<pre># systemctl enable nginx
# systemctl start nginx</pre>
</div>
2.验证nginx
浏览器访问服务器地址
二、php
1.php7.3安装
由于centos软件仓库的php版本太低，所以需要第三方仓库安装高版本的php，这里使用remirepo.net提供的仓库。
<div class="cnblogs_code">
<pre># yum install -y https://mirrors.tuna.tsinghua.edu.cn/remi/enterprise/remi-release-7.rpm //使用清华大学的镜像源安装</pre>
</div>
由于remi网站是外国站点，访问不稳定，建议更改仓库的地址使用清华镜像。
修改<code class="highlighter-rouge">/etc/yum.repos.d/remi-safe.repo和remi-php73.repo</code>，将<code class="highlighter-rouge">mirrorlist</code>的行注释掉。
接下来，取消注释文件里<code class="highlighter-rouge">baseurl</code>开头的行，并将其中的<code class="highlighter-rouge">http://rpms.remirepo.net</code>替换成<code class="highlighter-rouge">https://mirrors.tuna.tsinghua.edu.cn/remi</code>
也可以用如下命令自动替换：
<div class="cnblogs_code">
<pre># sed -e 's!^mirrorlist=!#mirrorlist=!g' \
-e 's!^#baseurl=!baseurl=!g' \
-e 's!http://rpms\.remirepo\.net!https://mirrors.tuna.tsinghua.edu.cn/remi!g' \
-i /etc/yum.repos.d/remi-safe.repo /etc/yum.repos.d/remi-php73.repo</pre>
</div>
启用php 7.3版本的remi源
<div class="cnblogs_code">
<pre># yum-config-manager --enable remi-php73</pre>
</div>
安装php 7.3和相关扩展
<div class="cnblogs_code">
<pre># yum install php php-pdo php-opcache php-mbstring php-fpm php-gd php-xml php-pdo php-pecl-mcrypt php-mysqlnd</pre>
</div>
修改fpm的配置文件/etc/php-fpm.d/www.conf
<div class="cnblogs_code">
<pre>;listen = 127.0.0.1:9000 //注释掉该行
listen = /var/run/php-fpm/php-fpm.sock //设置socket

;listen.owner = nobody //原设置默认就是注释掉的
;listen.group = nobody //原设置默认就是注释掉的
;listen.mode = 0660 //原设置默认就是注释掉的
listen.owner = nginx //增加该行
listen.group = nginx //增加该行</pre>
</div>
启动php-fpm
<div class="cnblogs_code">
<pre># systemctl enable php-fpm
# systemctl start php-fpm</pre>
</div>
配置nginx，修改/etc/nginx/nginx.conf文件：
<div class="cnblogs_code">
<pre>user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}

http {
access_log/var/log/nginx/access.log;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;

include /etc/nginx/conf.d/*.conf;

server {
 listen 80;
 root /var/www/html;

 location / {
 try_files $uri /index.php;
 }

 location ~ '\.php$|^/update.php' {
 fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
 # Ensure the php file exists. Mitigates CVE-2019-11043
 try_files $fastcgi_script_name =404;
 include fastcgi_params;
 # Block httpoxy attacks. See https://httpoxy.org/.
 fastcgi_param HTTP_PROXY "";
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param PATH_INFO $fastcgi_path_info;
 fastcgi_param QUERY_STRING $query_string;
 fastcgi_intercept_errors on;
 # PHP 7 socket location.
 fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
}

}
}</pre>
</div>
增加php测试文件：
<div class="cnblogs_code">
<pre># vi /var/www/html/index.php</pre>
</div>
在里面写入：
<div class="cnblogs_code">
<pre><?php
echo phpinfo();
?></pre>
</div>
重启nginx服务：
<div class="cnblogs_code">
<pre># systemctl restart nginx</pre>
</div>
2.验证php
 浏览器访问服务器地址，显示出php的基础信息
<img src="https://img2020.cnblogs.com/blog/1955452/202004/1955452-20200418171452417-1732182954.png">
 
 
 
三、mariadb数据库
1.安装数据库
<div class="cnblogs_code">
<pre># yum install -y mariadb-server
# systemctl start mariadb
# systemctl enable mariadb</pre>
</div>
 2.配置数据库
数据库初始安全配置（请牢记设置的root密码）：
<div class="cnblogs_code">
<pre># mysql_secure_installation</pre>
</div>
<img src="https://img2020.cnblogs.com/blog/1955452/202004/1955452-20200418172950296-2115502018.png">
 
<img src="https://img2020.cnblogs.com/blog/1955452/202004/1955452-20200418173151428-348072698.png">
 
 配置drupal网站的数据库：
<div class="cnblogs_code">
<pre># mysql -u root -p //登录mysql，会要求输入root密码</pre>
</div>
 接着操作：
<div class="cnblogs_code">
<pre>MariaDB [(none)]> create database drupal; //新建数据库drupal
MariaDB [(none)]> GRANT ALL PRIVILEGES ON drupal.* TO db_user@localhost IDENTIFIED BY 'pass123'; //设置用户和权限，本地用户为db_user，密码为pass123
MariaDB [(none)]> FLUSH PRIVILEGES; //更新权限
MariaDB [(none)]> exit //退出mysql命令行</pre>
</div>
 
四、部署drupal网站
使用ssh工具把网站压缩包drupal-8.8.5.zip上传到服务器/var/www/中
<div class="cnblogs_code">
<pre># cd /var/www/　　//切换到www目录中
# yum install -y unzip　　//安装unzip软件包
# unzip drupal-8.8.5.zip　　//把压缩文件解压到当前目录</pre>
</div>
修改nginx配置文件/etc/nginx/nginx.conf，以：
<div class="cnblogs_code">
<pre># For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}

http {
log_formatmain'$remote_addr - $remote_user [$time_local] "$request" '
 '$status $body_bytes_sent "$http_referer" '
 '"$http_user_agent" "$http_x_forwarded_for"';

access_log/var/log/nginx/access.logmain;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 20m;
include /etc/nginx/mime.types;
default_type application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;

server {
# server_name example.com;
listen 80;
root /var/www/drupal-8.8.5; ## <-- Your only path reference.
location = /favicon.ico {
 log_not_found off;
 access_log off;
}

location = /robots.txt {
 allow all;
 log_not_found off;
 access_log off;
}

# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ {
 allow 192.168.0.0/16;
 deny all;
}

location ~ \..*/.*\.php$ {
 return 403;
}

location ~ ^/sites/.*/private/ {
 return 403;
}

# Block access to scripts in site files directory
location ~ ^/sites/[^/]+/files/.*\.php$ {
 deny all;
}

# Allow "Well-Known URIs" as per RFC 5785
location ~* ^/.well-known/ {
 allow all;
}

# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
 return 403;
}

location / {
 # try_files $uri @rewrite; # For Drupal <= 6
 try_files $uri /index.php?$query_string; # For Drupal >= 7
}

location @rewrite {
 rewrite ^/(.*)$ /index.php?q=$1;
}

# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
 deny all;
 return 404;
}

# Protect files and directories from prying eyes.
location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw|\.bak|\.orig|\.save)$ {
 deny all;
 return 404;
}

# In Drupal 8, we must also match new paths where the '.php' appears in
# the middle, such as update.php/selection. The rule we use is strict,
# and only allows this pattern with the update.php front controller.
# This allows legacy path aliases in the form of
# blog/index.php/legacy-path to continue to route to Drupal nodes. If
# you do not have any paths like that, then you might prefer to use a
# laxer rule, such as:
# location ~ \.php(/|$) {
# The laxer rule will continue to work if Drupal uses this new URL
# pattern with front controllers other than update.php in a future
# release.
location ~ '\.php$|^/update.php' {
 fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
 # Ensure the php file exists. Mitigates CVE-2019-11043
 try_files $fastcgi_script_name =404;
 # Security note: If you're running a version of PHP older than the
 # latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini.
 # See http://serverfault.com/q/627903/94922 for details.
 include fastcgi_params;
 # Block httpoxy attacks. See https://httpoxy.org/.
 fastcgi_param HTTP_PROXY "";
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param PATH_INFO $fastcgi_path_info;
 fastcgi_param QUERY_STRING $query_string;
 fastcgi_intercept_errors on;
 # PHP 5 socket location.
 #fastcgi_pass unix:/var/run/php5-fpm.sock;
 # PHP 7 socket location.
 fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
}

# Fighting with Styles? This little gem is amazing.
# location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
 try_files $uri @rewrite;
}

# Handle private files through Drupal. Private file's path can come
 # with a language prefix.
location ~ ^(/+)?/system/files/ { # For Drupal >= 7
 try_files $uri /index.php?$query_string;
}

location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
 try_files $uri @rewrite;
 expires max;
 log_not_found off;
}
# Enforce clean URLs
# Removes index.php from urls like www.example.com/index.php/my-page --> www.example.com/my-page
# Could be done with 301 for permanent or other redirect codes.
if ($request_uri ~* "^(.*/)index\.php(.*)") {
 return 307 $1$2;
}
}
}</pre>
</div>
重启nginx服务：
<div class="cnblogs_code">
<pre># systemctl restart nginx</pre>
</div>
网站部署过程中，会自动写入一些文件，需要先开启写入权限（部署完成后关闭写入权限）：
<div class="cnblogs_code">
<pre># chmod o+w /var/www/drupal-8.8.5/sites/default/ # cp /var/www/drupal-8.8.5/sites/default/default.settings.php /var/www/drupal-8.8.5/sites/default/settings.php 　　　//复制settings.php文件 # chmod o+w /var/www/drupal-8.8.5/sites/default/settings.php 　　//设置配置文件权限</pre>
</div>
浏览器访问服务器地址，自动开始网站的初始化部署
<img src="https://img2020.cnblogs.com/blog/1955452/202004/1955452-20200418180515237-1424591883.png">
 
 
 <img src="https://img2020.cnblogs.com/blog/1955452/202004/1955452-20200418181203180-916449680.png">
 
 
 配置数据库连接信息，使用之前创建的数据库、用户和密码：
<img src="https://img2020.cnblogs.com/blog/1955452/202004/1955452-20200418183209171-752458637.png">
 
 <img src="https://img2020.cnblogs.com/blog/1955452/202004/1955452-20200418183246208-964332081.png">
 
 配置网站基本信息，包括创建管理员帐号
<img src="https://img2020.cnblogs.com/blog/1955452/202004/1955452-20200418183833687-792163353.png">
 
 <img src="https://img2020.cnblogs.com/blog/1955452/202004/1955452-20200418183852037-1212489115.png">
 
 安装完毕后，自动访问网站：<img src="https://img2020.cnblogs.com/blog/1955452/202004/1955452-20200418184014622-1134769039.png">
 
安全考虑，移除之前设置的写入权限：
<div class="cnblogs_code">
<pre># chmod o-w /var/www/drupal-8.8.5/sites/default/settings.php
# chmod o-w /var/www/drupal-8.8.5/sites/default</pre>
</div>
  
来源：https://www.cnblogs.com/learn2teach/p/12721315.html

頁: [1]

琼殿技术论坛's Archiver

centos下nginx搭建drupal 8