ก๊วนซอฟท์แวร์ </softganz> SoftGang (Gang Software)

Web &amp; Software Developer Gang.

nginx - ถึงเวลาซะที

by Little Bear @22 ธ.ค. 66 14:19 ( IP : 171...124 ) | Tags : nginx , PHP

Update OS

sudo apt update
sudo apt upgrade



Mount harddisk

Using /dev/disk/by-uuid/:

  • Open a terminal.
  • Type blkid or ls -l /dev/disk/by-uuid/ and press Enter.
  • This will display a list of symlinks, where the filename is the UUID and the target is the device it points to (e.g., lrwxrwxrwx 1 root root 10 Jul 12 12:00 1234-5678 -> ../../sda1).
  • Identify the UUID you need and then use the corresponding device path (e.g., /dev/sda1) in other commands if needed.

Edit file /etc/fstab 

/dev/disk/by-uuid/50046676-d3fb-6183-54e4-7d65cd58e8ad /mount_name ext4 defaults 0 1

Then update new fstab with command ???

Check harddisk problem

Check with 

fsck /dev/sdax
Repair with 
fsck /dev/sdax -y

Create new user

Ubuntu create user account commands 
sudo adduser <username>

Make user to sudoer

sudo adduser <username> sudo

Make user ssh

Setup ssh to login with password

How to change the SSH port

nano etc/ssh/sshdconfig or nano /etc/ssh/sshdconfig.d/60-cloudimg-settings.conf

Change value to yes 

Port 22
...
PasswordAuthentication yes


sudo ufw allow 22/tcp
sudo ufw reload
sudo service ssh restart
sudo systemctl status sshd
ss -tuln | grep [new_port_number]

Generate an SSH Key

Run command in local 

ssh-keygen -t ed25519
ssh-copy-id -p 22 username@yourserverip
ssh username@yourserverip

Check current services running 

sudo service --status-all

Step 1 – Installing the Nginx Web Server

Install nginx lastest version from nginx server

nginx: Linux packages 
sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring

Import an official nginx signing key so apt could verify the packages authenticity. Fetch the key:

curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null

Verify that the downloaded file contains the proper key:

gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg

The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as follows:

 [expires: 2027-05-24]
      573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid                      nginx signing key <signing-key@nginx.com>

Note that the output can contain other keys used to sign the packages.

To set up the apt repository for stable nginx packages, run the following command:

echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

If you would like to use mainline nginx packages, run the following command instead:

echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

Set up repository pinning to prefer our packages over distribution-provided ones:

echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | sudo tee /etc/apt/preferences.d/99nginx

To install nginx, run the following commands:

sudo apt update
sudo apt install nginx

nginx -version

sudo service nginx start
sudo ufw allow 80

Install nginx current version from Ubuntu repo

sudo apt install nginx
Test nginx config 
sudo nginx -t
###Restart nginx 
sudo systemctl restart nginx
sudo systemctl reload nginx
sudo service nginx restart
sudo service nginx reload

Enable HTTP/2 in Nginx on Ubuntu

sudo nano /etc/nginx/sites-available/your_domain
http2 on;
listen 443 ssl;
listen [::]:443 ssl ipv6only=on;

Step 2 – Installing MariaDB to Manage Site Data

sudo apt install mariadb-server
sudo mysql_secure_installation
    Switch to unix_socket authentication [Y/n] n
sudo mysql
mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysqlnativepassword BY 'password';
mysql> FLUSH PRIVILEGES;

ปรับแต่ง config

nano /etc/mysql/mariadb.conf.d/50-server.cnf


[mysqld]
log_slow_query_file    = /var/log/mysql/mariadb-slow.log
log_slow_query_time    = 2
...
innodb_buffer_pool_size = 256M
innodb_log_file_size = 128M

ตรวจสอบตารางว่า crash หรือไม่

mariadb-check -u user -p -c database

Step 3 – Installing PHP and Configuring Nginx to Use the PHP Processor => รายละเอียด

ถ้าต้องการถอด php ออก ด้วย 

sudo apt-get purge php7.*
sudo apt purge php8.*
sudo apt-get autoclean
sudo apt-get autoremove

Install php 8.3

sudo add-apt-repository ppa:ondrej/nginx
sudo apt update && sudo apt-get install ca-certificates apt-transport-https software-properties-common
sudo apt install php8.3-fpm
php -v
php --modules
apt install -y php8.3-common php8.3-fpm php8.3-mysql php8.3-redis php8.3-mongodb php8.3-zip php8.3-gd php8.3-mbstring php8.3-cli php8.3-curl php8.3-xml php8.3-bcmath

Install php 8.5

sudo add-apt-repository ppa:ondrej/nginx
sudo add-apt-repository ppa:ondrej/php
sudo apt update && sudo apt-get install ca-certificates apt-transport-https software-properties-common
sudo apt install php8.5-fpm
php -v
php --modules
apt install -y php8.5-common php8.5-fpm php8.5-mysql php8.5-zip php8.5-gd php8.5-mbstring php8.5-cli php8.5-curl php8.5-xml php8.5-bcmath

หากเกิด error permission denied โดยดูจาก nginx error.log

sudo tail -30 /var/log/nginx/error.log
connect() to unix:/run/php/php8.5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: 171.7.216.140, server: softgang.app, request: "GET /info.php HTTP/2.0", upstream: "fastcgi://unix:/run/php/php8.5-fpm.sock:", host: "softgang.app"
วิธีแก้ปัญา

The socket permissions look correct, but still failing. Let's diagnose further:

  1. Check what user nginx runs as: 

    ps aux | grep nginx
    If it's nginx user (not www-data), that's the problem. Add nginx to www-data group: 
    sudo usermod -a -G www-data nginx
sudo systemctl restart nginx
    The issue was the nginx user didn't have permissions to access the socket owned by www-data. Adding nginx to the www-data group solved it.
    This is a common gotcha when nginx and PHP-FPM run as different users. Your PHP app should now be working properly!

  2. Verify PHP-FPM is actually listening: 

    sudo lsof | grep php8.5-fpm.sock
    Should show it's listening. If not, restart it: 
    sudo systemctl restart php8.5-fpm
sudo systemctl status php8.5-fpm

  3. Check for SELinux/AppArmor issues: 

    sudo aa-status  # Check AppArmor
getenforce      # Check SELinux
    If SELinux is enabled: 
    sudo semanage fcontext -a -t httpdvarrun_t "/run/php/php8.5-fpm.sock"
sudo restorecon -v /run/php/php8.5-fpm.sock

  4. Double-check nginx error log again: 

    sudo tail -20 /var/log/nginx/error.log

  5. Test PHP-FPM directly: 

    sudo -u www-data php -v

  6. Also verify your nginx upstream is correct in config: 

    grep -A2 "upstream" /etc/nginx/sites-enabled/your-site.conf
    Should be exactly: server unix:/run/php/php8.5-fpm.sock;

ปรับ config PHP

เปลี่ยนค่า session.gc_probability, date.timezone, postmaxsize, upload_max_filesize

nano /etc/php/8.3/fpm/php.ini

session.gc_probability = 1
date.timezone = Asia/Bangkok
post_max_size = 64M
upload_max_filesize = 64M

แก้ไขค่า php pool

nano /etc/php/8.3/fpm/pool.d/www.conf

pm.max_children = 30
pm.start_servers = 5
pm.min_spare_servers = 3
pm.max_spare_servers = 5

Enabling PHP8.3 on Nginx server 

sudo nano /etc/nginx/sites-available/default


index index.php index.html
...
location ~ \.php$ {
        include snippets/fastcgi-php.conf
        # With php-fpm (or other unix sockets):
        fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
        # With php-cgi (or other tcp sockets):
        <a class="hashtag" href="/tags/fastcgi">#fastcgi</a>_pass 127.0.0.1:9000;
}

Restart php 

sudo service php8.3-fpm restart

Restart nginx 

sudo systemctl restart nginx.service

Install phpmyadmin

apt install phpmyadmin
sudo ln -s /usr/share/phpmyadmin /var/www/your_domain/phpmyadmin

Create site config

cd /etc/nginx/sites-available
nano domain.conf
cd /etc/nginx/sites-enabled
ln -s ../sites-available/domain.conf domain.conf

Step 4 - How To Secure Nginx with Let's Encrypt on Ubuntu 22.04

sudo apt remove certbot
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot

ติดตั้ง SSL Certificate Filde วิธีการติดตั้ง SSL Certificate บน Nginx Server

Step 5 – ขั้นตอนสุดทัาย - Check List

1. Create new user

config PHP

Change timezone to Asia/Bangkok 
sudo nano /etc/php/8.3/fpm/php.ini
Then change 
date.timezone = Asia/Bangkok
Then restart php 
sudo service php8.3-fpm restart
เปลี่ยนขนาดอัพโหลดไฟล์
It sets the maximum allowed size of the client request body, specified in the “Content-Length” request header field. Here’s an example of increasing the limit to 50MB in /etc/nginx/nginx.conf file. Set in http block which affects all server blocks (virtual hosts). 
nano /etc/nginx/nginx.conf
http {
    ...
    client_max_body_size 50M;
}
In each domain config in site-a Set in server block, which affects a particular site/app 
nano /etc/nginx/sites-available/domain.conf
server {
    ...
    client_max_body_size 50M;
}
Set in location block, which affects a particular directory (uploads) under a site/app. 
location /uploads {
    ...
    client_max_body_size 50M;
}<br />
Save the file and restart Nginx web server to apply the recent changes using following command. 
systemctl restart nginx

Old version

ถอนการติดตั้ง

หากมีการติดตั้ง apache2 ไว้ก่อน สามารถถอนการติดตั้งด้วย 

apt-get purge apache2
apt-get autoremove

กรณีการอัพเกรดจาก Apache มีขั้นตอนของการตรวจสอบ และ ถอดโปรแกรม

uname -a
Linux alumni 5.4.0-167-generic <a class="hashtag" href="/tags/184">#184</a>-Ubuntu SMP Tue Oct 31 09:21:49 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.1 LTS
Release:    20.04

apachectl -v
Server version: Apache/2.4.41 (Ubuntu)
Server built:   2023-10-26T13:54:09

php -v
PHP 7.4.3-4ubuntu2.20 (cli) (built: Feb 21 2024 13:54:34) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.3-4ubuntu2.20, Copyright (c), by Zend Technologies

mysql --version
mysql  Ver 15.1 Distrib 10.3.39-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

<a class="hashtag" href="/tags/apt">#apt</a> update
<a class="hashtag" href="/tags/apt">#apt</a> list --upgradable<br />
<br />
<br />
add-apt-repository ppa:ondrej/apache2
apt update
apt upgrade

do-release-upgrade

ssh recovery port 1022
ติดตั้ง ssl แบบ manual 
server {
    ...
    listen 443 ssl; # managed by manual
    ssl_certificate    /etc/ssl/certs/filename.crt;
    ssl_certificate_key    /etc/ssl/certs/filename.key;
    # ssl_certificate_chain /etc/ssl/filename.chain
}

sudo add-apt-repository universe
sudo apt install php-fpm php-mysql
sudo apt install php8.1-mbstring
sudo apt install php8.1-gd

php --version
which php
whereis php

sudo nano /etc/nginx/sites-available/your_domain

/etc/nginx/sites-available/yourdomain 

server {
        listen 80;
        root /var/www/html;
        index index.php index.html index.htm index.nginx-debian.html;
        servername your_domain;



    location / {
           try_files $uri $uri/ /index.php?$uri&amp;$args;
           # try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
    }

    location ~ /\.ht {
            deny all;
    }




}

Relate topics