Yadda ake Sanya Nginx, MariaDB 10, PHP 7 (LEMP Stack) a cikin 16.10/16.04
Tarin LEMP taƙaitaccen bayani ne wanda ke wakiltar rukuni ne na fakiti (Linux OS, sabar gidan yanar gizon Nginx, bayanan MySQL MariaDB da harshen shirye-shirye mai ƙarfi na uwar garken PHP) waɗanda ake amfani da su don tura aikace-aikacen yanar gizo masu ƙarfi da shafukan yanar gizo.
Wannan koyawa za ta jagorance ku kan yadda ake shigar da tarin LEMP tare da MariaDB 10, PHP 7 da HTTP 2.0 Support don Nginx akan Ubuntu 16.10 da Ubuntu 16.04 uwar garken/bugu na tebur.
- Shigar Ubuntu 16.04 Server Edition [umarni kuma suna aiki akan Ubuntu 16.10]
Mataki 1: Shigar da Nginx Web Server
1. Nginx sabar gidan yanar gizo ce ta zamani da ingantaccen albarkatu da ake amfani da ita don nuna shafukan yanar gizo ga baƙi akan intanit. Za mu fara ta hanyar shigar da sabar gidan yanar gizo na Nginx daga wuraren ajiyar kayan aikin Ubuntu ta amfani da layin umarni da ya dace.
$ sudo apt-get install nginx
2. Na gaba, ba da umarnin systemctl don tabbatar da idan an fara Nginx kuma yana ɗaure akan tashar jiragen ruwa 80.
$ netstat -tlpn
$ sudo systemctl status nginx.service
Da zarar kun sami tabbacin cewa an fara uwar garken za ku iya buɗe mai bincike kuma ku kewaya zuwa adireshin IP na uwar garkenku ko rikodin DNS ta amfani da ka'idar HTTP don ziyartar shafin yanar gizon tsoho na Nginx.
http://IP-Address
Mataki 2: Kunna Nginx HTTP/2.0 Protocol
3. Tsarin HTTP/2.0 wanda aka gina ta tsohuwa a cikin sabon sakin Nginx binaries akan Ubuntu 16.04 yana aiki ne kawai tare da SSL kuma yayi alƙawarin ci gaba mai girma a cikin loda shafukan yanar gizo na SSL.
Don kunna yarjejeniya a cikin Nginx akan Ubuntu 16.04, fara fara kewayawa zuwa Nginx da ke akwai fayilolin sanyi na rukunin yanar gizo da adana tsoffin fayil ɗin sanyi ta hanyar ba da umarnin da ke ƙasa.
$ cd /etc/nginx/sites-available/ $ sudo mv default default.backup
4. Sannan, ta amfani da editan rubutu ƙirƙiri sabon shafin tsoho tare da umarnin da ke ƙasa:
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /var/www/html;
index index.html index.htm index.php;
server_name 192.168.1.13;
location / {
try_files $uri $uri/ =404;
}
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
resolver 8.8.8.8 8.8.4.4;
add_header Strict-Transport-Security "max-age=31536000;
#includeSubDomains" always;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 80;
listen [::]:80;
server_name 192.168.1.13;
return 301 https://$server_name$request_uri;
}
Snippet ɗin da ke sama yana ba da damar amfani da HTTP/2.0 ta ƙara ma'aunin http2 zuwa duk umarnin sauraron SSL.
Har ila yau, ana amfani da ɓangaren ƙarshe na bayanin da ke tattare a cikin umarnin uwar garken don tura duk zirga-zirgar da ba SSL ba zuwa SSL/TLS tsoho mai masaukin baki. Hakanan, maye gurbin umarnin sunan uwar garke don dacewa da adireshin IP ɗin ku ko rikodin DNS (FQDN zai fi dacewa).
5. Da zarar kun gama gyara Nginx tsoho fayil ɗin sanyi tare da saitunan da ke sama, ƙirƙira da jera fayil ɗin takardar shaidar SSL da maɓallin ta aiwatar da umarnin da ke ƙasa.
Cika takaddun shaida tare da saitunan al'ada na ku kuma kula da saitin Suna gama gari don dacewa da rikodin FQDN ɗinku na DNS ko adireshin IP na uwar garken da za a yi amfani da shi don shiga shafin yanar gizon.
$ sudo mkdir /etc/nginx/ssl $ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt $ ls /etc/nginx/ssl/
6. Har ila yau, ƙirƙirar DH cypher mai ƙarfi, wanda aka canza akan fayil ɗin sanyi na sama akan layin umarni ssl_dhparam, ta hanyar ba da umarnin da ke ƙasa:
$ sudo openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
7. Da zarar an ƙirƙiri maɓallin Diffie-Hellman, tabbatar da idan an rubuta fayil ɗin sanyi na Nginx daidai kuma ana iya amfani da sabar gidan yanar gizon Nginx kuma ta sake kunna daemon don nuna canje-canje ta hanyar aiwatar da umarnin da ke ƙasa.
$ sudo nginx -t $ sudo systemctl restart nginx.service
8. Don gwada idan Nginx yana amfani da HTTP/2.0 yarjejeniya ta ba da umarnin da ke ƙasa. Kasancewar ka'idar h2 da aka tallata ya tabbatar da cewa an yi nasarar daidaita Nginx don amfani da ka'idar HTTP/2.0. Duk masu bincike na zamani ya kamata su goyi bayan wannan yarjejeniya ta tsohuwa.
$ openssl s_client -connect localhost:443 -nextprotoneg ''
Mataki 3: Sanya Mai Tafsirin PHP 7
Ana iya amfani da Nginx tare da fassarar harshe mai ƙarfi na PHP don samar da abun ciki na yanar gizo mai ƙarfi tare da taimakon mai sarrafa tsarin FastCGI da aka samu ta shigar da fakitin binary na php-fpm daga ma'ajiyar hukuma ta Ubuntu.
9. Domin kama PHP7.0 da ƙarin fakitin da za su ba da damar PHP don sadarwa tare da sabar gidan yanar gizon Nginx ta ba da umarnin da ke ƙasa akan na'uran sabar ku:
$ sudo apt install php7.0 php7.0-fpm
10. Da zarar an yi nasarar shigar da fassarar PHP7.0 akan injin ku, fara kuma duba php7.0-fpm daemon ta hanyar ba da umarnin da ke ƙasa:
$ sudo systemctl start php7.0-fpm $ sudo systemctl status php7.0-fpm
11. An riga an saita fayil ɗin sanyi na yanzu na Nginx don amfani da mai sarrafa tsari na PHP FastCGI don sabar abun ciki mai ƙarfi.
Katangar uwar garken da ke ba Nginx damar yin amfani da fassarar PHP an gabatar da shi akan abin da ke ƙasa, don haka ba a buƙatar ƙarin gyare-gyare na tsohowar fayil ɗin Nginx.
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
A ƙasa akwai hoton sikirin na waɗanne umarnin da kuke buƙatar rashin fahimta da gyara shine yanayin ainihin fayil ɗin Nginx na asali.
12. Don gwada Nginx uwar garken gidan yanar gizo tare da mai sarrafa tsari na PHP FastCGI ƙirƙiri PHP info.php gwada fayil ɗin sanyi ta hanyar ba da umarnin da ke ƙasa kuma tabbatar da saitunan ta ziyartar wannan fayil ɗin sanyi ta amfani da adireshin da ke ƙasa: >http://IP_ko yankin/info.php.
$ sudo su -c 'echo "<?php phpinfo(); ?>" |tee /var/www/html/info.php'
Hakanan duba idan uwar garken ta tallata ka'idar HTTP/2.0 ta hanyar gano layin $_SERVER['SERVER_PROTOCOL'] akan katange PHP Variables kamar yadda aka kwatanta a hoton da ke ƙasa.
13. Domin shigar da ƙarin PHP7.0 modules yi amfani da apt search php7.0 umarni don nemo module PHP kuma shigar da shi.
Hakanan, gwada shigar da waɗannan nau'ikan PHP masu zuwa waɗanda za su iya zuwa da amfani idan kuna shirin shigar da WordPress ko wani CMS.
$ sudo apt install php7.0-mcrypt php7.0-mbstring
14. Don yin rajistar ƙarin modules na PHP kawai sake farawa PHP-FPM daemon ta hanyar ba da umarnin da ke ƙasa.
$ sudo systemctl restart php7.0-fpm.service
Mataki 4: Sanya MariaDB Database
15. A ƙarshe, don kammala tarin LEMP ɗinmu muna buƙatar ɓangaren bayanan MariaDB don adanawa da sarrafa bayanan gidan yanar gizon.
Shigar da tsarin sarrafa bayanai na MariaDB ta hanyar gudanar da umarnin da ke ƙasa kuma sake kunna sabis na PHP-FPM don amfani da tsarin MySQL don samun damar bayanai.
$ sudo apt install mariadb-server mariadb-client php7.0-mysql $ sudo systemctl restart php7.0-fpm.service
16. Don tabbatar da shigarwar MariaDB, gudanar da rubutun tsaro da aka bayar ta kunshin binary daga ɗakunan ajiya na Ubuntu wanda zai tambaye ku saita kalmar sirri, cire masu amfani da ba a san su ba, kashe tushen shiga daga nesa kuma cire bayanan gwaji.
Gudanar da rubutun ta hanyar ba da umarnin da ke ƙasa kuma ku amsa duk tambayoyin da e. Yi amfani da hoton allo na ƙasa azaman jagora.
$ sudo mysql_secure_installation
17. Don saita MariaDB don masu amfani na yau da kullun su sami damar shiga bayanan ba tare da gata na sudo ba, je zuwa layin umarni na MySQL tare da tushen gata kuma gudanar da umarnin da ke ƙasa akan mai fassarar MySQL:
$ sudo mysql MariaDB> use mysql; MariaDB> update user set plugin=’‘ where User=’root’; MariaDB> flush privileges; MariaDB> exit
A ƙarshe, shiga cikin bayanan MariaDB kuma gudanar da umarni na sabani ba tare da tushen gata ba ta aiwatar da umarnin da ke ƙasa:
$ mysql -u root -p -e 'show databases'
Wannan duka! Yanzu kuna da tarin LEMP da aka saita akan Ubuntu 16.10 da uwar garken Ubuntu 16.04 wanda ke ba ku damar tura aikace-aikacen yanar gizo masu ƙarfi masu ƙarfi waɗanda zasu iya hulɗa tare da bayanan bayanai.