centos下nginx搭建drupal 8

環境：centos 7.6，nginx 1.5.18，php 7.3，drupal 8.8.5

drupal 8版本系統要求：

php 7.2以上

數據庫要求：MySQL 5.5.3/MariaDB 5.5.20/Percona Server 5.5.8 以上版本並且使用InnoDB數據庫引擎, 和 PDO 數據庫擴展.

web服務器：apache、nginx、IIS等支持php的服務都可以。

一、nginx

1.nginx安裝和配置

# yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm　　//安裝最新版epel軟件源
# yum install -y yum-utils　　//安裝yum工具
# yum install -y nginx
# setenforce 0 　　//設置selinux模式，最好再修改配置文件/etc/selinux/config，把enforcing改為permissive

# firewall-cmd --add-service=http --permanent　　//開放http服務
# firewall-cmd --reload　　//更新防火牆策略

 啟動nginx：

# systemctl enable nginx
# systemctl start nginx

2.驗證nginx

瀏覽器訪問服務器地址

二、php

1.php7.3安裝

由於centos軟件倉庫的php版本太低，所以需要第三方倉庫安裝高版本的php，這里使用remirepo.net提供的倉庫。

# yum install -y https://mirrors.tuna.tsinghua.edu.cn/remi/enterprise/remi-release-7.rpm    //使用清華大學的鏡像源安裝

由於remi網站是外國站點，訪問不穩定，建議更改倉庫的地址使用清華鏡像。

修改/etc/yum.repos.d/remi-safe.repo和remi-php73.repo，將mirrorlist的行注釋掉。

接下來，取消注釋文件里baseurl開頭的行，並將其中的http://rpms.remirepo.net替換成https://mirrors.tuna.tsinghua.edu.cn/remi

也可以用如下命令自動替換：

# sed -e 's!^mirrorlist=!#mirrorlist=!g' \
     -e 's!^#baseurl=!baseurl=!g' \
     -e 's!http://rpms\.remirepo\.net!https://mirrors.tuna.tsinghua.edu.cn/remi!g' \
     -i /etc/yum.repos.d/remi-safe.repo /etc/yum.repos.d/remi-php73.repo

啟用php 7.3版本的remi源

# yum-config-manager --enable remi-php73

安裝php 7.3和相關擴展

# yum install php php-pdo php-opcache php-mbstring php-fpm php-gd php-xml php-pdo php-pecl-mcrypt php-mysqlnd

修改fpm的配置文件/etc/php-fpm.d/www.conf

;listen = 127.0.0.1:9000    //注釋掉該行
listen = /var/run/php-fpm/php-fpm.sock    //設置socket

;listen.owner = nobody    //原設置默認就是注釋掉的
;listen.group = nobody    //原設置默認就是注釋掉的
;listen.mode = 0660    //原設置默認就是注釋掉的
listen.owner = nginx    //增加該行
listen.group = nginx    //增加該行

啟動php-fpm

# systemctl enable php-fpm
# systemctl start php-fpm

配置nginx，修改/etc/nginx/nginx.conf文件：

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    access_log  /var/log/nginx/access.log;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80;
        root         /var/www/html;

        location / {
        try_files $uri /index.php;
        }

        location ~ '\.php$|^/update.php' {
        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
        # Ensure the php file exists. Mitigates CVE-2019-11043
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        # Block httpoxy attacks. See https://httpoxy.org/.
        fastcgi_param HTTP_PROXY "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;
        # PHP 7 socket location.
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
    }

    }
}

增加php測試文件：

# vi /var/www/html/index.php

在里面寫入：

<?php
echo phpinfo();
?>

重啟nginx服務：

# systemctl restart nginx

2.驗證php

 瀏覽器訪問服務器地址，顯示出php的基礎信息

 

 

 

三、mariadb數據庫

1.安裝數據庫

# yum install -y mariadb-server
# systemctl start mariadb
# systemctl enable mariadb

 2.配置數據庫

數據庫初始安全配置（請牢記設置的root密碼）：

# mysql_secure_installation

 

 

 配置drupal網站的數據庫：

# mysql -u root -p    //登錄mysql，會要求輸入root密碼

 接着操作：

MariaDB [(none)]> create database drupal;     //新建數據庫drupal
MariaDB [(none)]> GRANT ALL PRIVILEGES ON drupal.* TO db_user@localhost IDENTIFIED BY 'pass123';     //設置用戶和權限，本地用戶為db_user，密碼為pass123
MariaDB [(none)]> FLUSH PRIVILEGES;     //更新權限
MariaDB [(none)]> exit     //退出mysql命令行

 

四、部署drupal網站

使用ssh工具把網站壓縮包drupal-8.8.5.zip上傳到服務器/var/www/中

# cd /var/www/　　//切換到www目錄中
# yum install -y unzip　　//安裝unzip軟件包
# unzip drupal-8.8.5.zip　　//把壓縮文件解壓到當前目錄

修改nginx配置文件/etc/nginx/nginx.conf，以：

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/
 user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; client_max_body_size 20m; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; server { # server_name example.com; listen 80; root /var/www/drupal-8.8.5; ## <-- Your only path reference. location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; } location ~ \..*/.*\.php$ { return 403; } location ~ ^/sites/.*/private/ { return 403; } # Block access to scripts in site files directory location ~ ^/sites/[^/]+/files/.*\.php$ { deny all; } # Allow "Well-Known URIs" as per RFC 5785 location ~* ^/.well-known/ { allow all; } # Block access to "hidden" files and directories whose names begin with a # period. This includes directories used by version control systems such # as Subversion or Git to store control files. location ~ (^|/)\. { return 403; } location / { # try_files $uri @rewrite; # For Drupal <= 6 try_files $uri /index.php?$query_string; # For Drupal >= 7 } location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } # Don't allow direct access to PHP files in the vendor directory. location ~ /vendor/.*\.php$ { deny all; return 404; } # Protect files and directories from prying eyes. location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ { deny all; return 404; } # In Drupal 8, we must also match new paths where the '.php' appears in # the middle, such as update.php/selection. The rule we use is strict, # and only allows this pattern with the update.php front controller. # This allows legacy path aliases in the form of # blog/index.php/legacy-path to continue to route to Drupal nodes. If # you do not have any paths like that, then you might prefer to use a # laxer rule, such as: # location ~ \.php(/|$) { # The laxer rule will continue to work if Drupal uses this new URL # pattern with front controllers other than update.php in a future # release. location ~ '\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; # Ensure the php file exists. Mitigates CVE-2019-11043 try_files $fastcgi_script_name =404; # Security note: If you're running a version of PHP older than the # latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini. # See http://serverfault.com/q/627903/94922 for details.  include fastcgi_params; # Block httpoxy attacks. See https://httpoxy.org/. fastcgi_param HTTP_PROXY ""; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param QUERY_STRING $query_string; fastcgi_intercept_errors on; # PHP 5 socket location. #fastcgi_pass unix:/var/run/php5-fpm.sock; # PHP 7 socket location. fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; } # Fighting with Styles? This little gem is amazing. # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6 location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7 try_files $uri @rewrite; } # Handle private files through Drupal. Private file's path can come  # with a language prefix. location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7 try_files $uri /index.php?$query_string; } location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { try_files $uri @rewrite; expires max; log_not_found off; } # Enforce clean URLs # Removes index.php from urls like www.example.com/index.php/my-page --> www.example.com/my-page # Could be done with 301 for permanent or other redirect codes. if ($request_uri ~* "^(.*/)index\.php(.*)") { return 307 $1$2; } } }

重啟nginx服務：

# systemctl restart nginx

網站部署過程中，會自動寫入一些文件，需要先開啟寫入權限（部署完成后關閉寫入權限）：

# chmod o+w /var/www/drupal-8.8.5/sites/default/
# cp /var/www/drupal-8.8.5/sites/default/default.settings.php /var/www/drupal-8.8.5/sites/default/settings.php 　　　//復制settings.php文件
# chmod o+w /var/www/drupal-8.8.5/sites/default/settings.php 　　//設置配置文件權限

瀏覽器訪問服務器地址，自動開始網站的初始化部署

 

 

 

 

 

 配置數據庫連接信息，使用之前創建的數據庫、用戶和密碼：

 

 

 

 配置網站基本信息，包括創建管理員帳號

 

 

 

 安裝完畢后，自動訪問網站：

 

安全考慮，移除之前設置的寫入權限：

# chmod o-w /var/www/drupal-8.8.5/sites/default/settings.php
# chmod o-w /var/www/drupal-8.8.5/sites/default