Install PHP-FPM (FastCGI) and NGINX
dnf install nginx php-fpm php php-mysqlnd php-curl php-gd php-xml php-mbstring php-zip php-intl php-bcmath
systemctl enable --now php-fpm nginx
Selinux
ausearch -c 'php-fpm' --raw | audit2allow -M my-phpfpm
semodule -i my-phpfpm.pp
setsebool -P httpd_unified 1
ausearch -c 'nginx' --raw | audit2allow -M my-nginx
semodule -i my-nginx.pp
systemctl restart nginx
setsebool -P nis_enabled 1 # allows access to network connection information
setsebool -P httpd_can_network_relay 1 # allows external connections
setsebool -P httpd_graceful_shutdown 1 # helps release resources before closing the process
setsebool -P httpd_can_network_connect 1 # allows network connections
setsebool -P httpd_read_user_content 1 # allow nginx/apache to read other users' logs
systemctl restart php-fpm nginx
Create new website:
New user and project
sudo useradd -g user01 -s /bin/false -c "Run with PHP-FPM" -d /home/users/user01 user01
mkdir -p /home/test-site
echo '<?php phpinfo(); >' > /home/domain.com/index.php
chown -R user01:nginx/home/domain.com/
chmod 755 /home/domain.com/
Create new php-fpm pool
New file: /etc/php-fpm.d/domain.com.conf:
[domain.com]
user = user01
group = user01
listen = /run/php-fpm/domain.com.sock
listen.acl_users = apache,nginx
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
Restart
systemctl restart php-fpm
Create Nginx config:
server {
listen 80;
server_name domain.com;
root /var/www/html/domain.com;
index index.php index.html index.htm;
access_log /var/log/nginx/domain.com-access.log;
error_log /var/log/nginx/domain.com-error.log error;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm/domain.com.sock; # same php-fpm pool
fastcgi_index index.php;
include fastcgi.conf;
}
}
Restart
nginx -s reload
Install SSL
Install certbot:
dnf install epel-release
dnf install certbot python3-certbot-nginx #require python
Create cert
certbot --nginx
Then update cert to nginx config with new server block for port 443 ssl with fastcgi_param HTTPS on; and declare cert & key.
Some command can be helpful
chcon -R nginx:nginx /home/domain.com
chcon -R -t httpd_sys_rw_content_t /home/domain.com
etsebool -P httpd_can_network_connect 1
Use cockpit may be helpful for debug selinux