Afficher/cacher Sommaire
Compilation nginx Debian Stretch
Compilation de la version nginx stable (mainline) et des modules complémentaires lua ,etc…
Vérifier la version nginx “mainline” (nginx 1.13.5 au 05 Sep 2017)
)
Il faut modifier la constante ngxversion du fichier bash nginx-compil
ATTENTION!!!,Problème de compilation nginx avec Openssl 1.1
Il faut compiler avec la version 1.0 qui est toujours d’actualité.
Voir le site https://www.openssl.org/source/ ,Version OpenSSL_1_0_2l du 25 mai 2017
Passage en mode super utilisateur
sudo -s
Bash de compilation
Fichier bash pouvant être exécuté ,copier le contenu ci dessous dans une fenêtre terminal
cat > nginx-compil << EOF
#!/bin/bash
#
#version nginx http://nginx.org/en/download.html
ngxversion="nginx-1.13.5"
#Debian Stretch ,compilation Nginx+Lua
#répertoire de compilation
mkdir -p /usr/src/nginx-custom && cd /usr/src/nginx-custom
#logiciels pour compilation
apt install dpkg-dev build-essential zlib1g-dev libpcre3 libpcre3-dev unzip curl libcurl4-openssl-dev libossp-uuid-dev libssl-dev libxslt-dev libgd-dev libgeoip-dev libperl-dev libpam0g-dev libbz2-dev tar unzip curl git -y
# installation luajit ,dépendances Lua5.1 et lua-cjson
apt install luajit lua5.1 liblua5.1-0 liblua5.1-0-dev lua-cjson -y
#
cd /usr/src/nginx-custom
wget http://nginx.org/download/$ngxversion.tar.gz?_ga=1.52322729.1622108673.1451984988 -O $ngxversion.tar.gz
tar xvf $ngxversion.tar.gz
mv $ngxversion nginx-mainline
rm $ngxversion.tar.gz
#Création dossier modules
mkdir -p /usr/src/nginx-custom/nginx-mainline/modules
#Modules externes : https://www.nginx.com/resources/wiki/modules/
cd /usr/src/nginx-custom/nginx-mainline/modules/
#Clonage des modules externes avant compilation
# headers-more-nginx-module
git clone https://github.com/openresty/headers-more-nginx-module
# ngx_http_auth_pam_module
git clone https://github.com/stogh/ngx_http_auth_pam_module
#ngx_cache_purge
git clone https://github.com/FRiCKLE/ngx_cache_purge
#ngx_devel_kit
git clone https://github.com/simpl/ngx_devel_kit
#echo-nginx-module
git clone https://github.com/openresty/echo-nginx-module
#ngx-fancyindex
git clone https://github.com/aperezdc/ngx-fancyindex
# modification fancyindex pour avoir la ligne complète
#nginx-push-stream-module
git clone https://github.com/wandenberg/nginx-push-stream-module
#lua-nginx-module
git clone https://github.com/openresty/lua-nginx-module.git
#nginx-upload-progress-module
git clone https://github.com/masterzen/nginx-upload-progress-module
#ngx_http_substitutions_filter_module
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module
#Chiffrement déchiffrement pour les variables nginx
git clone https://github.com/openresty/encrypted-session-nginx-module.git
#Capacité d'échappement,“déséchappement”,encodage et décodage hexa,MD5,SHA1,Base32,Base64 ,etc…
git clone https://github.com/openresty/set-misc-nginx-module
#nginx-upstream-fair (problème de compilation)
#--add-module=/usr/src/nginx-custom/nginx-mainline/modules/nginx-upstream-fair
#git clone https://github.com/gnosek/nginx-upstream-fair
#SSL 1.0
wget https://github.com/openssl/openssl/archive/OpenSSL_1_0_2l.tar.gz
tar xvf OpenSSL_1_0_2l.tar.gz
#
cd /usr/src/nginx-custom/nginx-mainline
#Configuration , compilation et installation nginx
./configure \
--with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' \
--with-ld-opt=-Wl,-z,relro \
--prefix=/usr/share/nginx \
--conf-path=/etc/nginx/nginx.conf \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--lock-path=/var/lock/nginx.lock \
--pid-path=/run/nginx.pid \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--with-debug \
--with-pcre-jit \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_auth_request_module \
--with-http_addition_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_geoip_module \
--with-http_gzip_static_module \
--with-http_image_filter_module \
--with-http_mp4_module \
--with-http_perl_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_sub_module \
--with-http_xslt_module \
--with-mail \
--with-mail_ssl_module \
--with-openssl=/usr/src/nginx-custom/nginx-mainline/modules/openssl-OpenSSL_1_0_2l \
--add-module=/usr/src/nginx-custom/nginx-mainline/modules/headers-more-nginx-module \
--add-module=/usr/src/nginx-custom/nginx-mainline/modules/ngx_http_auth_pam_module \
--add-module=/usr/src/nginx-custom/nginx-mainline/modules/ngx_cache_purge \
--add-module=/usr/src/nginx-custom/nginx-mainline/modules/ngx_devel_kit \
--add-module=/usr/src/nginx-custom/nginx-mainline/modules/echo-nginx-module \
--add-module=/usr/src/nginx-custom/nginx-mainline/modules/ngx-fancyindex \
--add-module=/usr/src/nginx-custom/nginx-mainline/modules/nginx-push-stream-module \
--add-module=/usr/src/nginx-custom/nginx-mainline/modules/lua-nginx-module \
--add-module=/usr/src/nginx-custom/nginx-mainline/modules/nginx-upload-progress-module \
--add-module=/usr/src/nginx-custom/nginx-mainline/modules/ngx_http_substitutions_filter_module \
--add-module=/usr/src/nginx-custom/nginx-mainline/modules/encrypted-session-nginx-module \
--add-module=/usr/src/nginx-custom/nginx-mainline/modules/set-misc-nginx-module
#compilation
make
#installation
make install
#Copier le binaire pour le PATH
cp /usr/share/nginx/sbin/nginx /usr/sbin/
#Effacement compilation
make clean
#Dossier temporaire
mkdir -p /var/lib/nginx
#Dossier config
mkdir -p /etc/nginx/conf.d/
#dossier vhost
mkdir -p /var/www
EOF
Le rendre exécutable
chmod +x nginx-compil
Exécution
./nginx-compil
Vérification
nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Créer le script d’initialisation (service)
fichier /etc/init.d/nginx
touch /etc/init.d/nginx
chmod u+x /etc/init.d/nginx
Le fichier d’intialisation
nano /etc/init.d/nginx
#!/bin/sh
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $local_fs $remote_fs $network $syslog $named
# Required-Stop: $local_fs $remote_fs $network $syslog $named
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server
# Description: starts nginx using start-stop-daemon
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/nginx
NAME=nginx
DESC=nginx
# Include nginx defaults if available
if [ -r /etc/default/nginx ]; then
. /etc/default/nginx
fi
STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}"
test -x $DAEMON || exit 0
. /lib/init/vars.sh
. /lib/lsb/init-functions
# Try to extract nginx pidfile
PID=$(cat /etc/nginx/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1)
if [ -z "$PID" ]
then
PID=/run/nginx.pid
fi
# Check if the ULIMIT is set in /etc/default/nginx
if [ -n "$ULIMIT" ]; then
# Set the ulimits
ulimit $ULIMIT
fi
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON -- \
$DAEMON_OPTS 2>/dev/null \
|| return 2
}
test_nginx_config() {
$DAEMON -t $DAEMON_OPTS >/dev/null 2>&1
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME
RETVAL="$?"
sleep 1
return "$RETVAL"
}
#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME
return 0
}
#
# Rotate log files
#
do_rotate() {
start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME
return 0
}
#
# Online upgrade nginx executable
#
# "Upgrading Executable on the Fly"
# http://nginx.org/en/docs/control.html
#
do_upgrade() {
# Return
# 0 if nginx has been successfully upgraded
# 1 if nginx is not running
# 2 if the pid files were not created on time
# 3 if the old master could not be killed
if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then
# Wait for both old and new master to write their pid file
while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do
cnt=`expr $cnt + 1`
if [ $cnt -gt 10 ]; then
return 2
fi
sleep 1
done
# Everything is ready, gracefully stop the old master
if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then
return 0
else
return 3
fi
else
return 1
fi
}
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
restart)
log_daemon_msg "Restarting $DESC" "$NAME"
# Check configuration before stopping nginx
if ! test_nginx_config; then
log_end_msg 1 # Configuration error
exit 0
fi
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
reload|force-reload)
log_daemon_msg "Reloading $DESC configuration" "$NAME"
# Check configuration before reload nginx
#
# This is not entirely correct since the on-disk nginx binary
# may differ from the in-memory one, but that's not common.
# We prefer to check the configuration and return an error
# to the administrator.
if ! test_nginx_config; then
log_end_msg 1 # Configuration error
exit 0
fi
do_reload
log_end_msg $?
;;
configtest|testconfig)
log_daemon_msg "Testing $DESC configuration"
test_nginx_config
log_end_msg $?
;;
status)
status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $?
;;
upgrade)
log_daemon_msg "Upgrading binary" "$NAME"
do_upgrade
log_end_msg 0
;;
rotate)
log_daemon_msg "Re-opening $DESC log files" "$NAME"
do_rotate
log_end_msg $?
;;
*)
echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2
exit 3
;;
esac
:
Fichier de configuration nginx
Effacement puis création
rm /etc/nginx/nginx.conf
nano /etc/nginx/nginx.conf
Copier le contenu ci dessous dans une fenêtre terminal pour créer le fichier /etc/nginx/nginx.conf
cat > /etc/nginx/nginx.conf << EOF
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
}
EOF
Vérification
nginx -t
Création systemd nginx.service
nginx est compilé et installé , binaire sur /usr/sbin/nginx
Création du fichier /etc/systemd/system/nginx.service
Copier le contenu ci dessous dans une fenêtre terminal
cat > /etc/systemd/system/nginx.service << EOF
[Unit]
Description=A high performance web server and a reverse proxy server
After=network.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
TimeoutStopSec=5
KillMode=mixed
[Install]
WantedBy=multi-user.target
EOF
Réinitialiser
systemctl daemon-reload
Lancer le service
systemctl start nginx
Vérifier le “status”
systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/etc/systemd/system/nginx.service; disabled; vendor preset:
Active: active (running) since Tue 2017-09-12 18:13:56 CEST; 16s ago
Process: 5680 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (co
Process: 5677 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_proces
Main PID: 5681 (nginx)
Tasks: 5 (limit: 4915)
CGroup: /system.slice/nginx.service
├─5681 nginx: master process /usr/sbin/nginx -g daemon on; master_p
├─5682 nginx: worker process
├─5683 nginx: worker process
├─5685 nginx: worker process
└─5686 nginx: worker process
sept. 12 18:13:56 cinay.pw systemd[1]: Starting A high performance web server
sept. 12 18:13:56 cinay.pw systemd[1]: Started A high performance web server a
web default.conf et index.html
Configuration vhost
Contenu fichier /etc/nginx/conf.d/default.conf
cat > /etc/nginx/conf.d/default.conf << EOF
server {
listen 80;
listen [::]:80;
root /var/www/ ;
}
EOF
Création fichier html
Contenu fichier /var/www/index.html
cat > /var/www/index.html << EOF
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx on Debian!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx on Debian!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working on Debian. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a></p>
<p>
Please use the <tt>reportbug</tt> tool to report bugs in the
nginx package with Debian. However, check <a
href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;src=nginx;repeatmerged=0">existing
bug reports</a> before reporting a new bug.
</p>
<p><em>Thank you for using debian and nginx.</em></p>
</body>
</html>
EOF
Relancer le serveur
systemctl restart nginx
Vous vérifier la page html sur le lien http://adresse_IP ,ex: http://192.168.0.43 (remplacer par votre IP ou domaine http://cinay.pw)
Après ces tests et vérifications ,valider nginx pour un démarrage auto
systemctl enable nginx
PHP5 , PHP7.0 et PHP7.1
PHP5
Installation
sudo apt-get install php5-fpm
PHP7.0 (debian 9)
PHP7.0 est dans les dépôts stretch
sudo apt install php7.0 php7.0-fpm php7.0-mysql php7.0-curl php7.0-json php7.0-gd php7.0-mcrypt php7.0-tidy php7.0-intl php7.0-imagick php7.0-xml php7.0-mbstring php7.0-zip -y
Le fichier de configuration
$ php -i | grep "Loaded Configuration File"
Loaded Configuration File => /etc/php/7.0/cli/php.ini
PHP7.0/i686 via dotdeb (debian 7-8)
PHP 7 ne sera pas disponible dans les dépôts de Debian avant Debian 9, puisqu’elle n’accepte que les correctifs pour la version en cours.
A - Ajout du dépot Dotdeb
Ajout liste
sudo -s
echo "deb http://packages.dotdeb.org jessie all" > /etc/apt/sources.list.d/php7.list
wget --no-check-certificate -O- https://www.dotdeb.org/dotdeb.gpg | apt-key add -
apt update && apt -yy upgrade
B - Si PHP 5 est installé , il faut le supprimer
systemctl stop php5-fpm
apt-get autoremove --purge php5*
C - Installation de PHP7.0/i686
avec quelques dépendances (valables pour installer nextcloud)
apt install php7.0 php7.0-fpm php7.0-mysql php7.0-curl php7.0-json php7.0-gd php7.0-mcrypt php7.0-tidy php7.0-intl php7.0-imagick php7.0-xml php7.0-mbstring php7.0-zip
On peut vérifier la version installée avec php -v
PHP7.1
Vous pouvez commencer par désinstaller PHP 7.0 en utilisant la commande suivante
apt-get purge 'php7*'
A - Configuration du dépot
Ondřej Surý met à disposition un dépôt permettant de télécharger et d’installer facilement cette nouvelle version de php. Pour cela il vous suffit de rentrer les commandes suivantes
apt install apt-transport-https lsb-release ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php7.list
apt update
B - Installer PHP 7.1/NGinx
une commande pour installer PHP 7.1 avec les éléments nécessaires à l’installation de nextcloud
apt install php7.1 php7.1-fpm php7.1-mysql php7.1-curl php7.1-json php7.1-gd php7.1-mcrypt php7.1-tidy php7.1-intl php7.1-imagick php7.1-xml php7.1-mbstring php7.1-zip
une commande pour installer PHP 7.1 ainsi que quelques dépendances qui pourraient vous être utiles
apt install --no-install-recommends php7.1 php7.1-fpm php7.1-mysql php7.1-curl php7.1-json php7.1-gd php7.1-mcrypt php7.1-msgpack php7.1-memcached php7.1-intl php7.1-sqlite3 php7.1-gmp php7.1-geoip php7.1-mbstring php7.1-redis php7.1-xml php7.1-zip
N’oubliez pas de modifier la configuration de vos sites afin de mettre à jour le socket d’écoute de PHP-FPM
/run/php/php7.1-fpm.sock
Configuration et test php 5 ou 7
Choisir l’une des 2 configurations suivantes pour créer le fichier test PHP, fonction du mode d’installation de nginx
1. NGINX installé AVEC DEB (pas développé dans ce tuto)
sudo -s
echo "<?php phpinfo(); ?>" > /var/www/html/info.php
nano /etc/nginx/sites-enabled/default
2. NGINX compilé
sudo -s
echo "<?php phpinfo(); ?>" > /var/www/info.php
nano /etc/nginx/conf.d/default.conf
Configurer Nginx pour rediriger les fichiers PHP vers fpm.
Ajouter les lignes suivantes dans la section “server” ,avant le “}” final
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass unix:/var/run/php5-fpm.sock; # PHP5
fastcgi_pass unix:/run/php/php7.0-fpm.sock; # PHP7.0
# fastcgi_pass unix:/run/php/php7.1-fpm.sock # PHP7.1
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
Redémarrer php fpm suivant votre version installée
systemctl restart php5-fpm #PHP5
systemctl restart php7.0-fpm #PHP7.0
systemctl restart php7.1-fpm #PHP7.1
Recharger Nginx
systemctl restart nginx
Test sur le http://192.168.0.43/info.php (remplacer par votre IP ou domaine http://cinay.pw/info.php)
PRÉCÉDENTclavier-razer-blackwindow-ultimate
SUIVANTcompilation-nginx-php-ssl1.1