HKNOIT

在NAT VPS架設Nginx + PHP

Ken -

最近買了一個128MB ram的nat vps來試試,之前用的VPS都有獨立IP,就記錄一下在這台VPS上架設Nginx + PHP。

域名

更新DNS

  1. 在solusvm控制台找到IPv6地址

2.在Cloudflare設置AAAA記錄

VPS

更新apt

apt-get update
apt-get upgrade

安裝nginx

apt-get install nginx

安裝php和php-fpm

apt install php7.3 php7.3-fpm

設置Nginx

新增nginx server block
nano /etc/nginx/sites-available/example.com

ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

server {
        #https settings
		listen 443;
		listen [::]:443;
		ssl on;
		ssl_certificate /etc/nginx/ssl/ssl.pem;
		ssl_certificate_key /etc/nginx/ssl/ssl.key;
		ssl_session_timeout  5m;
		#ssl_protocols  SSLv2 SSLv3 TLSv1;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        
        #basic web settings
        root /var/www/example.com/html;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name example.com www.example.com;
		
		location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
			
			fastcgi_split_path_info ^(.+\.php)(/.+)$;
			include fastcgi_params;
			fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
        }
        
		#grav settings
		location / {
			try_files $uri $uri/ /index.php?_url=$uri&$query_string;
		}

		location ~* ^/(\.git|cache|bin|logs|backup|tests)/.*$ {
			return 403;
		}

		location ~* ^/(\.git|cache|bin|logs|backup|tests)/.*$ {
			return 403;
		}

		location ~* ^/(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ {
			return 403;
		}

		location ~* ^/user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ {
			return 403;
		}

		location ~ ^/(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) {
			return 403;
		}
}

server {
    #http redirects
    listen 80;
	listen [::]:80;
    server_name server_name example.com www.example.com;
    return 301 https://example.com$request_uri;
}

HTTPS

到Cloudflare - SSL/TLS - Origin Server - Create Certificate 取得 certificate和 private key,儲存為ssl.key和ssl.pem,再上傳到/etc/nginx/ssl/中(需與nginx server block 設置匹配)。

設置nginx配置
nano /etc/nginx/nginx.conf

worker_connection = 128

變更html directory擁有者
chown -R www-data: /var/www/example.com/html

Grav CMS

安裝Grav所需php extension
sudo apt install php-fpm php-gd php-curl php-zip php-mbstring php-xml