install | source | nginx | advanced | analyze | php | redirect
install PHP and FPM-PHP from official repository
ver=8.1 ls -lF /etc/apt/trusted.gpg.d/php.gpg # no exist wget https://packages.sury.org/php/apt.gpg -O /etc/apt/trusted.gpg.d/php.gpg lsb_release -sc ls -lF /etc/apt/sources.list.d/php.list # no exist echo "deb https://packages.sury.org/php/ `lsb_release -sc` main" > /etc/apt/sources.list.d/php.list apt update apt search ^php[[:digit:]]\.[[:digit:]]-redis- apt search ^php[[:digit:]]\.[[:digit:]]-mongodb- apt install php$ver php$ver-{fpm,redis,mongodb} systemctl stop apache2 systemctl disable apache2 systemctl status php$ver-fpm # enabled
tune PHP
cp -pi /etc/php/$ver/fpm/php.ini /etc/php/$ver/fpm/php.ini.dist vi /etc/php/$ver/fpm/php.ini short_open_tag = On cgi.fix_pathinfo=0
harden FastCGI
cp -pi /etc/php/$ver/fpm/pool.d/www.conf /etc/php/$ver/fpm/pool.d/www.conf.dist vi /etc/php/$ver/fpm/pool.d/www.conf owner = ... group = ... listen.owner = ... listen.group = ... # default already security.limit_extensions = .php systemctl restart php$ver-fpm ls -lF /run/php/php*.sock
cat /etc/nginx/fastcgi_params vi /etc/nginx/conf.d/catch-all.conf server { listen 80 default_server; server_name _; root /var/www/html; index index.php index.html index.htm; access_log /var/log/nginx/catch-all.access.log; error_log /var/log/nginx/catch-all.error.log; location ~* \.php$ { fastcgi_pass unix:/run/php/php-fpm.sock; #fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } cd /var/www/html/ vi index.php <p><?php echo gethostname(); echo " says PHP hello for "; echo $_SERVER['SERVER_NAME']; echo "\n"; ?>
run every vhost with different user and fastcgi socket
Connecting NGINX to PHP FPM¶ https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/
Is the PHP option ‘cgi.fix_pathinfo’ really dangerous with Nginx + PHP-FPM? https://serverfault.com/questions/627903/is-the-php-option-cgi-fix-pathinfo-really-dangerous-with-nginx-php-fpm
How To Host Multiple Websites Securely With Nginx And Php-fpm On Ubuntu 14.04 https://www.digitalocean.com/community/tutorials/how-to-host-multiple-websites-securely-with-nginx-and-php-fpm-on-ubuntu-14-04