Setting up CentOS, nginX & PHP

This is the base config I start with when building a CentOS 7 Server for development testing.

(You might want to pick a better ‘password’, just saying)

I’ll assume you have set up your server and have ssh access.

On all the CentOS Servers I have inherited, no one ever sets the Timezone!
So lets fix that straight away. (and use the CLI to inject our SUDO passwd)

echo "password" | sudo -S timedatectl set-timezone America/Chicago

Now that we are elevated lets increase our users SUDO timeout to 30 min.

echo 'Defaults:admin timestamp_timeout=30' | sudo tee -a /etc/sudoers

Now this doesn’t apply to our current session.
So lets kill it and re-elevate with a YUM Update.
That will take awhile so we re-elevate and run YUM Upgrade / Clean.

sudo -k
echo "password" | sudo -S yum -y update
echo "password" | sudo -S yum -y upgrade && sudo yum clean all

Lets insure the basics are installed

sudo yum install -y sudo selinux-policy firewalld openssh openssh-server 

Test to insure things are in working order

systemctl status sshd.service
systemctl status firewalld
getenforce

Now we’ll add somethings “I need to function” (besides coffee)

sudo yum install -y wget curl gcc unzip net-tools NetworkManager-tui
sudo yum install -y epel-release

Security should be the basis for everything we do.

sudo yum install -y rkhunter

---

Now lets build a basic web server

sudo yum install -y nginx httpd-tools

Now we start it up

sudo systemctl enable nginx
sudo systemctl restart nginx
systemctl status nginx
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --add-service=https --permanent
sudo firewall-cmd --reload

You can now access your server at http://[IPAddress]

---

We are going to use PHP 7.3

sudo rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum install -y php73 php73-php-fpm

Always make a backup of files you plan to edit

sudo cp /etc/opt/remi/php73/php.ini /etc/opt/remi/php73/php.ini.origional
sudo cp /etc/opt/remi/php73/php-fpm.d/www.conf /etc/opt/remi/php73/php-fpm.d/www.conf.origional

Now lets fix the Timezone

sudo sed -i '/date.timezone =/c\date.timezone = CST6CDT' /etc/opt/remi/php73/php.ini

And we will get the php.ini and php-fpm setup

sudo sed -i '/;cgi.fix_pathinfo=1/c\cgi.fix_pathinfo=0' /etc/opt/remi/php73/php.ini
sudo sed -i '/listen = 127.0.0.1:9000/c\listen = /var/run/php73-fpm/php73-fpm.sock' /etc/opt/remi/php73/php-fpm.d/www.conf
sudo sed -i '/listen.owner = nobody/c\listen.owner = nginx' /etc/opt/remi/php73/php-fpm.d/www.conf
sudo sed -i '/listen.group = nobody/c\listen.group = nginx' /etc/opt/remi/php73/php-fpm.d/www.conf
sudo sed -i '/user = apache/c\user = nginx' /etc/opt/remi/php73/php-fpm.d/www.conf
sudo sed -i '/group = apache/c\group = nginx' /etc/opt/remi/php73/php-fpm.d/www.conf
sudo sed -i '/listen.mode = 0660/c\listen.mode = 0660' /etc/opt/remi/php73/php-fpm.d/www.conf
mkdir /var/run/php73-fpm

Make a backup of the files you are going to edit

sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.origional

We are going to split up the base nginX configuration file
(leave the blank line between the commands, it insures the first one finished)

sudo sed '/^    server {$/,$ d' /etc/nginx/nginx.conf | sudo tee /etc/nginx/nginx.conf

echo '}' | sudo tee -a /etc/nginx/nginx.conf

Now we will put the root www server in its own file

echo 'server {
  listen 80;
  server_name www.example.com example.com;
  root /usr/share/nginx/html;
  index index.php index.html index.htm;
  
  location / {
    try_files $uri $uri/ /index.php$query_string;
  }
  
  error_page 404 /404.html;
  error_page 500 502 503 504 /50x.html;
  location = /50x.htm {
    root /usr/share/nginx/html;
  }
  
  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass unix:/var/run/php73-fpm/php73-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }
}' | sudo tee /etc/nginx/conf.d/example.com.conf

We will create a basic php test file

echo '<?php
phpinfo();
?>' | sudo tee /usr/share/nginx/html/index.php

Make the directory for the FPM Socket, set permissions & Fire it up!

sudo mkdir /var/run/php73-fpm
chown -R nginx:nginx /var/opt/remi/php73/lib/php/session
sudo systemctl enable php73-php-fpm
sudo systemctl restart php73-php-fpm
systemctl status php73-php-fpm
sudo systemctl restart nginx
systemctl status nginx

Head over to http://www.example.com/index.php and see the php.info data