EL9 - Mariadb & Nginx & PHP-FPM

Mariadb

Install (EL9 has Mariadb 10.5 version):

# dnf install -y mariadb-server
# vim /etc/my.cnf.d/mariadb-server.cnf

[mysqld]
...
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci

innodb_file_format = Barracuda
innodb_file_per_table = on
innodb_default_row_format = dynamic
innodb_large_prefix = 1

# systemctl start mariadb.service && systemctl enable mariadb.service && systemctl status mariadb.service

# mysql_secure_installation
Enter current password for root (enter for none): <Enter>
Switch to unix_socket authentication [Y/n] <Enter>
Set root password? [Y/n] <Enter>
New password: <your_new_root_password>
Re-enter new password: <your_new_root_password>
Remove anonymous users? [Y/n] <Enter>
Disallow root login remotely? [Y/n] <Enter>
Remove test database and access to it? [Y/n] <Enter>
Reload privilege tables now? [Y/n] <Enter>

Note: root user has by default password-less access via socket, can be verified with:

# mysql -u root

> SHOW GRANTS FOR 'root'@'localhost';

Nginx

# dnf install -y nginx

# systemctl start nginx && systemctl enable nginx && systemctl status nginx

# vim /etc/nginx/nginx.conf

# vim /etc/nginx/nginx.conf
http {
...
        #if we want to support big image uploads, match php.ini ....
        client_max_body_size 10M;
        #it's good to put this default here
        index index.html index.htm index.php;
        #enable caching, most important lines are gzip on; and gzip_types;
        gzip on;
        gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
        gzip_disable "msie6";
        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 6;
        gzip_buffers 16 8k;
        gzip_http_version 1.1;

        server {
                # we might want to specify other default homepage of server so we dont give attacker any info
                #root         /usr/share/nginx/html;
                root         /var/www/html;
                
                location / {
                    index  index.html index.htm;
                }
        }
}

# mkdir -p /var/www/html
# echo "cd" > /var/www/html/index.html

# systemctl restart nginx && systemctl status nginx

Check in browser: http://<ip_address>

Virtual website / user

# useradd -m example
# passwd example
# usermod -a -G nginx example
# mkdir /home/example/html
# echo "<?php phpinfo(); ?>" > /home/example/html/index.php
# chown example.example -R /home/example/html
# chmod 755 /home/example

PHP

Install epel:

# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
# rpm -qa | grep epel

Install remi:

# dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm
# rpm -qa | grep remi

Make sure no php is installed:

# yum list installed | grep php
# yum remove --noautoremove php php-common ...

Switch php module to remi and install:

# dnf module list php
# dnf module reset php
# dnf module enable php:remi-7.4
# dnf install php php-fpm php-mysqlnd php-cli php-xml php-gd php-pecl-zip php-opcache php-intl php-process php-mbstring php-bcmath php-pecl-ds php-json php-gmp
# php -v

Set up php-fpm ...

# vim /etc/php.d/50-custom.ini

;optional tweak - performance in symfony app
realpath_cache_ttl = 600
;optional tweak - lot of times we need more memory
memory_limit = 256M
;optional tweak - error reporting adjust
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_NOTICE
;optional tweak
post_max_size = 12M
;optional tweak
upload_max_filesize = 10M
;set default PHP timezone
date.timezone = America/New_York
;for typical symfony app, default number is low
opcache.max_accelerated_files=20000

# cp /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.conf.default
# mv /etc/php-fpm.d/www.conf /etc/php-fpm.d/example.conf
# vim /etc/php-fpm.d/example.conf

[example]
user = example
group = example
listen = 127.0.0.1:9001
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/example-slow.log
php_admin_value[error_log] = /var/log/php-fpm/example-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/example/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/example/wsdlcache

# mkdir -p /var/lib/php/example/session
# mkdir -p /var/lib/php/example/wsdlcache
# chown example:example -R /var/lib/php/example
# systemctl restart php-fpm && systemctl enable php-fpm && systemctl status php-fpm

Create nginx virtual host:

# vim /etc/nginx/conf.d/example.conf

server {
        server_name example.com;
        root /home/example/html;

        location / {
                index index.html index.htm index.php;
        }

        location ~ \.php$ {
                include /etc/nginx/fastcgi_params;
                fastcgi_pass 127.0.0.1:9001;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        }
}

Restart and check:

# systemctl restart nginx

Check

Composer

To install composer globally follow instructions here: https://getcomposer.org/download/ and then run:

# mv composer.phar /usr/local/bin/composer