In the future, using the website cloudhosting.lv, you agree to the rules of using Cookies. Read more. I agree
CentOS 7.5 - NGINX (Mainline), PHP 7.3, LetsEncrypt SSL - Installation & Configuration
NGINX is superior to most other web server in regards to performance, potential to mitigate attacks, and resource usage. But many people have a hard time getting everything working properly, and with good reason. Many installation scripts that manage Nginx for you or other guides may give you steps on how to install an outdated version, which may be lacking critical security update or performance changes, or a PHP configuration that renders server errors in browsers. We've tested ours and guarantee it works in this environment.
Install PHP 7.3 from Remi repository
Install yum-utils for the yum-config-manager tool
yum install -y yum-utils
Install Epel and Remi repositories
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum install -y http://rpms.remirepo.net/enterprise/remi-release-7.rpm
Enable Remi repository
yum-config-manager --enable remi-php73
Note: You can change "php73" to "php72" (or other versions) throughout this guide to use a different PHP version if the one here doesn't support modules needed by you.
Run update then install the PHP packages
yum update -y yum install -y php73 php73-php-fpm
We need to edit the php.ini config for this PHP installation (you can use any text editor, we prefer nano, we're cooler than vim'ers)
nano /etc/opt/remi/php73/php.ini
Replace:
;cgi.fix_pathinfo=1
With:
cgi.fix_pathinfo=0
(Remove semicolon, change 1 to 0)
Now we need to edit the configuration for PHP-FPM
nano /etc/opt/remi/php73/php-fpm.d/www.conf
Replace:
listen = 127.0.0.1:9000
With:
listen = /var/run/php73-fpm/php73-fpm.sock
Now edit the same file, lower in the configuration you will need to change the following nano /etc/opt/remi/php73/php-fpm.d/www.conf
Replace:
;listen.owner = nobody ;listen.group = nobody
With:
listen.owner = nginx listen.group = nginx
(Remove semicolons and change 'nobody' to 'nginx')
Now edit the same file again, near the top of the configuration you will need to change the following nano /etc/opt/remi/php73/php-fpm.d/www.conf
Replace:
user = apache group = apache
With:
user = nginx group = nginx
Now create the directory for the socket file
mkdir /var/run/php73-fpm
Change file permissions of the sessions directory so PHP sessions work properly
chown -R nginx:nginx /var/opt/remi/php73/lib/php/session
After installing NGINX we can start PHP-FPM, if we try now it will give an error since the "nginx" system user is not created yet
systemctl restart php73-php-fpm systemctl enable php73-php-fpm
Note: You will need to install Nginx below first before starting PHP-FPM.
Install NGINX Mainline from Nginx repository
First we must add the NGINX PGP key to verify integrity and confirm the origin of the packages
wget http://nginx.org/keys/nginx_signing.key rpm --import nginx_signing.key && rm -rf nginx_signing.key
Lets add the NGINX repo now, create a new file
nano /etc/yum.repos.d/nginx.repo
Add the following contents and save:
[nginx] name=nginx baseurl=http://nginx.org/packages/mainline/centos/7/x86_64/ gpgcheck=1 enabled=1
Now we can install NGINX Mainline
yum update -y yum install -y nginx
Start NGINX and enable at boot
systemctl start nginx systemctl enable nginx
Check the NGINX version and status to confirm
systemctl status nginx && nginx -v
Now we can create a new virtual host config for our domain. Make sure to replace all occurrences of "example.com" with your own domain
nano /etc/nginx/conf.d/example.com.conf
Paste the following contents:
server {
listen 80;
server_name www.example.com example.com;
root /usr/share/nginx/example.com;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php$query_string;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.htm {
root /usr/share/nginx/example.com;
}
location ~ .php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php73-fpm/php73-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Now restart NGINX, also restart PHP-FPM since the nginx user has been created now
systemctl restart nginx systemctl restart php73-php-fpm
Lets make the web directory for the virtual host now and create an index file and a PHP info file to confirm PHP processing is working
mkdir /usr/share/nginx/example.com echo "test index" >> /usr/share/nginx/example.com/index.html echo "" >> /usr/share/nginx/example.com/info.php
Visit your domain in your web browser now to confirm all is working. You can go to your domain /info.php to check PHP modules and parameters
To update NGINX in the future to new mainline builds, just run the following
yum update nginx -y systemctl restart nginx
If you are using a firewall, make sure to allow both web ports firewalld:
firewall-cmd --permanent --add-port=443/tcp firewall-cmd --permanent --add-port=80/tcp firewall-cmd --reload
iptables:
iptables -I INPUT -p tcp --dport 443 -j ACCEPT iptables -I INPUT -p tcp --dport 80 -j ACCEPT
Install LetsEncrypt SSL and enable HTTPS and HTTP/2 for virtual host
Now install LetsEncrypt certbot
yum install -y certbot-nginx
Run certbot now, it will ask for the webroot directory and your e-mail. The "certbot-nginx" that we installed should modify your Nginx virtual host config automatically, so no manual changes should be needed.
certbot --authenticator webroot --installer nginx
Create a crontab entry to renew the certificate automatically each month
crontab -e
Add:
35 4 * * 1 certbot renew >> /var/log/certbot-renew.log
All done!