Hello

Install nginx, php-fpm with oracle on Debian Wheezy

First of all, download those both files from the official Oracle website:

• oracle-instantclient11.2-basic-11.2.0.3.0-1.x86_64.rpm library files later extracted in /usr/lib/oracle/11.2/client/
• oracle-instantclient11.2-devel-11.2.0.3.0-1.x86_64.rpm headers files extracted in /usr/include/oracle/11.2/client

Put them on your server, and convert them to .deb files with alien for example and install :

apt-get install alien  # Converting to deb alien -d oracle-instantclient11.2-basic-11.2.0.3.0-1.x86_64.rpm alien -d oracle-instantclient11.2-devel-11.2.0.3.0-1.x86_64.rpm  # Installing  dpkg -i oracle-instantclient11.2-devel_11.2.0.4.0-2_i386.deb dpkg -i oracle-instantclient11.2-basic_11.2.0.4.0-2_i386.deb 

It will take care of linking the specific includes files and copy them to /usr/include/oracle//client .

11.2 might differ according to your instantclient version. Also, if you’re on an amd64 debian the client is in the client64 instead of the client directory.

Now we will build some oracle profile file that will be required later. Write in /etc/profile.d/oracle.sh :

#!/bin/bash  #This is the lib path were the instantclient is installed ORACLE_HOME=/usr/lib/oracle/11.2/client64 #This locates C headers from your instantclient C_INCLUDE_PATH=/usr/include/oracle/11.2/client64 #I've never had trouble with that but it might save you a couple debugging hours LD_LIBRARY_PATH=$ORACLE_HOME/lib #This is really important as that php-fpm does not set this variable comparing to apache that does (1) NLS_LANG=FRENCH_FRANCE.UTF8  export ORACLE_HOME LD_LIBRARY_PATH NLS_LANG 

Now add this to your own ~/.profile :

Compile php

First thing to do is to get the proper dependencies that goes with your later configure options. Those are the dependencies I use from my other post on the subject :

• oci requires libaio1
• bz2 requires libbz2-dev source
• gd requires libpng-dev or libpng12-dev
• imap requires libc-client-dev (also for a utf8 error)
• mcrypt requires libmcrypt-dev
• libxml requires libxml2-dev
• xsl requires libxslt1-dev or libxslt-dev
• openssl requires libcurl4-openssl-dev *
• curl requires libcurl4-gnutls-dev *

• libcurl-dev contains both

Download the wanted php version, extract it and configure. My configure options are (you can list them all with ./configure —help ):

./configure --enable-fpm --with-oci8 --with-pdo-oci #non-relevent part to remember:  --enable-bcmath --with-bz2 --enable-calendar --with-curl --enable-dba --enable-exif --enable-ftp --with-gd --with-gettext --with-kerberos --enable-mbstring --with-mcrypt --with-openssl --enable-shmop --enable-soap --enable-sockets --enable-sysvmsg --enable-wddx --enable-zip --with-zlib --with-xsl --with-mysql --with-mysqli --with-pgsql --with-pdo-mysql --with-pdo-pgsql 

Then make and sudo make install .

PHP-FPM

After the compilation, php-fpm should be installed. I had not the init.d script in the right directory (check first) but it’s available in PATH_TO_COMPILED_PHP/sapi/fpm/init.d.php-fpm .

After moving it to /etc/init.d/php-fpm , edit it and add:

Now we can add the execute rights and start it on boot:

sudo chmod +x /etc/init.d/php-fpm sudo update-rc.d php-fpm defaults 

Install nginx

This is only a very basic apt-get install nginx .

Here comes the configuration for php-fpm, first of all you’ll need to add a pool in /etc/php5/fpm/pool.d/mypool.conf (2):

[mypool] user = www-data group = www-data listen = /var/run/php5-fpm.sock listen.owner = www-data listen.group = www-data listen.mode = 0660 

(2) this path can be configured at the end of the /usr/local/etc/php-fpm.conf

Then, do your own nginx virtual host or edit the default to have it look like this:

server   listen 80; ## listen for ipv4; this line is default and implied   root /usr/share/nginx/www;  index index.html index.htm index.php;   server_name localhost;   location /   try_files $uri $uri/ index.php;  >   location ~ \.php$   try_files $uri =404;  fastcgi_pass unix:/var/run/php5-fpm.sock;  fastcgi_index index.php;  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;  include fastcgi_params;  > > 

That’s it. Start service start nginx and service start php-fpm and test a basic phpinfo(); file!

Share

Related topics

About

I’m soyuka, yet another web architect ! I have a bachelor in computer science and am giving most of my free time to open source software.

Today, I’m one of the core contributors on API Platform (php) enjoying contributions on many other projects notably my own packages! I maintain these on npm or packagist, most-downloaded are: pidusage and fclone.

Lately I’ve spent time hacking on dat-related software.

• XMR: 4AeE1Q2W5TQ8dazPiHzZzdh41opd1pcr1bjsYNXtpgRW2okiy1BHNaiNtkQ4RcK2c9A4PX3xP6WiqMRgrjLJQQGy6NgwpRH
• XRP: rLHzPsX6oXkzU2qL12kHCH8G8cnZv1rBJh (918771776)
• Chat on Keybase

Источник

Install the NGINX Web Server and Proxy on Oracle Linux

This tutorial provides instructions for installing the NGINX web server and enabling it on Oracle Linux 8 or later.

Background

NGINX is a lightweight HTTP/S server that is capable of higher performance and lower memory use than a typical Apache web server deployment. However, this performance gain comes at the cost of some functionality and flexibility. NGINX has also gained in popularity as a powerful proxy service that is capable of functioning as a direct HTTP proxy, a reverse proxy with caching, an SMTP, POP3 or IMAP proxy or as a generic TCP/UDP proxy. NGINX also provides load balancing services with fault tolerance.

On earlier Oracle Linux versions, the NGINX web server was provided as part of a software collection package. The web server package is now directly available from the Oracle Linux 8 Application Streams repository and therefore simpler to deploy and configure.

What Do You Need?

Install and enable NGINX

Note: When using the free lab environment, see Oracle Linux Lab Basics for connection and other usage instructions.

Install the NGINX package

The following command installs the NGINX package and all of its dependencies:

Enable and start the NGINX service

To enable and start the NGINX service for immediate access and make the service start automatically after a reboot, run the following command:

sudo systemctl enable --now nginx.service 

The service starts a web server that listens on TCP port 80 by default. To check the status of the service, run this command:

sudo systemctl status nginx 

Configure firewall rules (Optional)

If you are using a custom firewall profile or an Oracle Cloud Infrastructure instance, open the firewall port for the NGINX web service (80).

These commands enable the firewall port for the NGINX web service and reload the default firewall service:

sudo firewall-cmd --add-service=http --permanent sudo firewall-cmd --reload 

Note that in the demonstration environment, the instance has a public facing IP address and no network security is applied. Depending on your production environment, you may need to configure additional security list rules or update your network security group configuration.

Test your deployment

With your web browser, go to the domain name or IP address of the compute instance. This is the same IP address that you used to SSH into the instance.

The NGINX web server opens the default test page /usr/share/nginx/html/index.html .

Create a custom NGINX configuration

To change the root path for your web server, do not edit the /etc/nginx/nginx.conf file directly. Instead, as a preferred method, create a site-specific configuration in the /etc/nginx/conf.d directory. For example, create the file /etc/nginx/conf.d/default.conf and populate it with a configuration for your site.

The following steps can be used to set up a dedicated site configuration:

Create a directory to host a new site

cat  EOF | sudo tee /srv/website/index.html    
Hello World!
  EOF 

sudo chown -R nginx:nginx /srv/website sudo chcon -Rt httpd_sys_content_t /srv/website 

cat EOF | sudo tee /etc/nginx/conf.d/default.conf server < server_name ; root /srv/website; index index.html; > EOF 

Replace the value with the public IP address for the instance.

Restart the NGINX web service to load the new configuration.

sudo systemctl restart nginx 

sudo tail -f /var/log/nginx/access.log -f /var/log/nginx/error.log 

Configure HTTPS to secure your service

As a best practice, secure all communications between a web browser and your NGINX server by using HTTPS. For a secure setup, a TLS certificate is required.

Configure your TLS/SSL certificates

Oracle strongly recommends using a TLS certificate that has been signed by an external Certificate Authority (CA). See https://docs.oracle.com/en/operating-systems/oracle-linux/certmanage/ for more information.

For the purpose of this demonstration, you can use a self-signed certificate. To create the certificate and key, run the following command:

openssl req -new -x509 -days 30 -nodes -newkey rsa:2048 -keyout server.key\ -out server.crt -subj "/C=US/ST=Ca/L=Sunnydale/CN=" 

sudo mkdir -p /etc/pki/nginx/private 

sudo cp server.crt /etc/pki/nginx/ sudo cp server.key /etc/pki/nginx/private 

Update the NGINX configuration

1. Replace the /etc/nginx/conf.d/default.conf file to include a configuration for a TLS enabled web site and include a 301 redirect for HTTP traffic to be referred to the HTTPS site.

cat 'EOF' | sudo tee /etc/nginx/conf.d/default.conf server < server_name ; return 301 https://$host$request_uri; > server < listen 443 ssl http2; listen [::]:443 ssl http2; server_name ; root /srv/website; index index.html; ssl_certificate "/etc/pki/nginx/server.crt"; ssl_certificate_key "/etc/pki/nginx/private/server.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers PROFILE=SYSTEM; ssl_prefer_server_ciphers on; > EOF 

sudo systemctl restart nginx 

Configure the firewall (optional)

Enable the firewall port (443) for the NGINX HTTPS web service and reload the default firewall service.

sudo firewall-cmd --add-service=https --permanent sudo firewall-cmd --reload 

Confirm that HTTPS is working correctly

Open a browser and navigate to http:/// . The browser should redirect to https:/// .

Most browsers display a security risk warning when accessing a site that uses a self-signed certificate. You can accept the risk warning in this case to confirm that the site is working as expected.

The warning is not displayed if you use a CA signed certificate.

Additional Information

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

Install the NGINX Web Server and Proxy on Oracle Linux

Copyright © 2021, Oracle and/or its affiliates.

Источник