Ubuntu 18.04 で、php-fpm + nginx 環境構築(バージョンアップして、Nginxが動かなくなったので対応。。)
Ubuntu 12.04 → 13 → 16 → 17 → 18 までアップデートしたら、
設定ファイルが色々変わりすぎていて、
nginxが起動しなくなりました。
まずは、php-fpmをアップデート。
root@hostname:/etc/nginx# sudo apt update && sudo apt install php-fpm Hit:1 http://jp.archive.ubuntu.com/ubuntu bionic InRelease Get:2 http://jp.archive.ubuntu.com/ubuntu bionic-updates InRelease [83.2 kB] Hit:3 http://jp.archive.ubuntu.com/ubuntu bionic-backports InRelease Get:4 http://jp.archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 Packages [1,472 B] Get:5 http://jp.archive.ubuntu.com/ubuntu bionic-updates/multiverse i386 Packages [1,640 B] Get:6 http://security.ubuntu.com/ubuntu bionic-security InRelease [83.2 kB] Fetched 170 kB in 1s (132 kB/s) Reading package lists... Done Building dependency tree Reading state information... Done 1 package can be upgraded. Run 'apt list --upgradable' to see it. Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: linux-image-3.13.0-147-generic linux-image-extra-3.13.0-147-generic python-pycurl unattended-upgrades Use 'sudo apt autoremove' to remove them. The following additional packages will be installed: php7.2-fpm The following NEW packages will be installed: php-fpm php7.2-fpm 0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded. Need to get 1,412 kB of archives. After this operation, 4,976 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://jp.archive.ubuntu.com/ubuntu bionic/universe amd64 php7.2-fpm amd64 7.2.3-1ubuntu1 [1,409 kB] Get:2 http://jp.archive.ubuntu.com/ubuntu bionic/universe amd64 php-fpm all 1:7.2+60ubuntu1 [3,172 B] Fetched 1,412 kB in 0s (6,216 kB/s) Selecting previously unselected package php7.2-fpm. (Reading database ... 100291 files and directories currently installed.) Preparing to unpack .../php7.2-fpm_7.2.3-1ubuntu1_amd64.deb ... Unpacking php7.2-fpm (7.2.3-1ubuntu1) ... Selecting previously unselected package php-fpm. Preparing to unpack .../php-fpm_1%3a7.2+60ubuntu1_all.deb ... Unpacking php-fpm (1:7.2+60ubuntu1) ... Setting up php7.2-fpm (7.2.3-1ubuntu1) ... Creating config file /etc/php/7.2/fpm/php.ini with new version php_invoke: Enabled module pdo for fpm sapi php_invoke: Enabled module phar for fpm sapi php_invoke: Enabled module tokenizer for fpm sapi php_invoke: Enabled module ftp for fpm sapi php_invoke: Enabled module ctype for fpm sapi php_invoke: Enabled module fileinfo for fpm sapi php_invoke: Enabled module json for fpm sapi php_invoke: Enabled module bz2 for fpm sapi php_invoke: Enabled module xsl for fpm sapi php_invoke: Enabled module shmop for fpm sapi php_invoke: Enabled module sysvshm for fpm sapi php_invoke: Enabled module xml for fpm sapi php_invoke: Enabled module sysvsem for fpm sapi php_invoke: Enabled module posix for fpm sapi php_invoke: Enabled module iconv for fpm sapi php_invoke: Enabled module gettext for fpm sapi php_invoke: Enabled module mbstring for fpm sapi php_invoke: Enabled module xmlreader for fpm sapi php_invoke: Enabled module sysvmsg for fpm sapi php_invoke: Enabled module simplexml for fpm sapi php_invoke: Enabled module exif for fpm sapi php_invoke: Enabled module gd for fpm sapi php_invoke: Enabled module mysqlnd for fpm sapi php_invoke: Enabled module mysqli for fpm sapi php_invoke: Enabled module opcache for fpm sapi php_invoke: Enabled module pdo_mysql for fpm sapi php_invoke: Enabled module calendar for fpm sapi php_invoke: Enabled module zip for fpm sapi php_invoke: Enabled module dom for fpm sapi php_invoke: Enabled module wddx for fpm sapi php_invoke: Enabled module sockets for fpm sapi php_invoke: Enabled module readline for fpm sapi php_invoke: Enabled module xmlwriter for fpm sapi NOTICE: Not enabling PHP 7.2 FPM by default. NOTICE: To enable PHP 7.2 FPM in Apache2 do: NOTICE: a2enmod proxy_fcgi setenvif NOTICE: a2enconf php7.2-fpm NOTICE: You are seeing this message because you have apache2 package installed. Created symlink /etc/systemd/system/multi-user.target.wants/php7.2-fpm.service → /lib/systemd/system/php7.2-fpm.service. Processing triggers for ureadahead (0.100.0-20) ... Setting up php-fpm (1:7.2+60ubuntu1) ... Processing triggers for systemd (237-3ubuntu10) ... Processing triggers for man-db (2.8.3-2) ... root@hostname:/etc/nginx# php --version PHP 7.2.3-1ubuntu1 (cli) (built: Mar 14 2018 22:03:58) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies with Zend OPcache v7.2.3-1ubuntu1, Copyright (c) 1999-2018, by Zend Technologies root@hostname:/etc/nginx# ls /var/run/php/ php7.2-fpm.pid php7.2-fpm.sock root@hostname:/etc/nginx#
php-pfmのパスを更新。
root@hostname:/etc/nginx# ll /var/run/php/php7.2-fpm.sock srw-rw---- 1 www-data www-data 0 May 14 01:08 /var/run/php/php7.2-fpm.sock= root@hostname:/etc/nginx# vi /etc/nginx/nginx.conf 58 upstream php { 59 #server unix:/var/run/php-fpm/php-fpm.sock; 60 server unix:/var/run/php/php7.2-fpm.sock; 61 }
listenソケットの確認(パスを合わせる)と、
Webサーバのユーザ諸々をwww-dataから、nginxに更新。
root@hostname:/etc/nginx# vi /etc/php/7.2/fpm/pool.d/www.conf listen = /var/run/php/php7.2-fpm.sock user = nginx group = nginx listen.owner = nginx listen.group = nginx
nginxでphpを使えるように設定する。
index.phpを追加。
バーチャルホストがある場合は、バーチャルホストのserver設定も確認する。
→WordPressサイトのトップURL(http://バーチャルホストドメイン/)が403で、あれれとなったので・・・。
root@hostname:/etc/nginx# vi /etc/nginx/sites-available/default
43 # Add index.php to the list if you are using PHP
44 index index.php index.html index.htm index.nginx-debian.html;
54 # pass PHP scripts to FastCGI server
55 #
56 location ~ \.php$ {
57 include snippets/fastcgi-php.conf;
58 #
59 # # With php-fpm (or other unix sockets):
60 # fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
61 fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
62 # # With php-cgi (or other tcp sockets):
63 # fastcgi_pass 127.0.0.1:9000;
64 }
php-fpmとnginxの再起動。
root@hostname:~# /etc/init.d/php7.2-fpm restart [ ok ] Restarting php7.2-fpm (via systemctl): php7.2-fpm.service. root@hostname:~# /etc/init.d/php7.2-fpm status ● php7.2-fpm.service - The PHP 7.2 FastCGI Process Manager Loaded: loaded (/lib/systemd/system/php7.2-fpm.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2018-05-14 03:14:45 JST; 9s ago Docs: man:php-fpm7.2(8) Main PID: 26992 (php-fpm7.2) Status: "Ready to handle connections" Tasks: 3 (limit: 1117) CGroup: /system.slice/php7.2-fpm.service ├─26992 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf) ├─26994 php-fpm: pool www └─26995 php-fpm: pool www May 14 03:14:45 hostname systemd[1]: Starting The PHP 7.2 FastCGI Process Manager... May 14 03:14:45 hostname systemd[1]: Started The PHP 7.2 FastCGI Process Manager. root@hostname:~#
root@hostname:~# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful root@hostname:~# /etc/init.d/nginx restart [ ok ] Restarting nginx (via systemctl): nginx.service. root@hostname:~# root@hostname:~# /etc/init.d/nginx status ● nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2018-05-14 03:15:42 JST; 15s ago Docs: man:nginx(8) Process: 28062 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=2) Process: 26430 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=0/SUCCESS) Process: 28125 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS) Process: 28123 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS) Main PID: 28126 (nginx) Tasks: 5 (limit: 1117) CGroup: /system.slice/nginx.service ├─28126 nginx: master process /usr/sbin/nginx -g daemon on; master_process on; ├─28127 nginx: worker process ├─28128 nginx: worker process ├─28129 nginx: cache manager process └─28130 nginx: cache loader process May 14 03:15:42 hostname systemd[1]: Starting A high performance web server and a reverse proxy server... May 14 03:15:42 hostname systemd[1]: Started A high performance web server and a reverse proxy server. root@hostname:~#
※参考にさせて頂きました。ありがとうございます。
Ubuntuバージョン確認
Ubuntuバージョン確認。
root@hostname:~# uname -a Linux hostname 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:16:15 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux root@hostname:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04 LTS Release: 18.04 Codename: bionic root@hostname:~# apt-get update Hit:1 http://jp.archive.ubuntu.com/ubuntu bionic InRelease Hit:2 http://jp.archive.ubuntu.com/ubuntu bionic-updates InRelease Hit:3 http://jp.archive.ubuntu.com/ubuntu bionic-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu bionic-security InRelease Reading package lists... Done root@hostname:~# apt-get dist-upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages were automatically installed and are no longer required: linux-image-3.13.0-147-generic linux-image-extra-3.13.0-147-generic python-pycurl unattended-upgrades Use 'apt autoremove' to remove them. The following packages have been kept back: php-curl 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. root@hostname:~# do-release-upgrade -c Checking for a new Ubuntu release No new release found. root@hostname:~#
※参考にさせて頂きました。ありがとうございます。
Ubuntu 12.04.4 にHeartbleed OpenSSL脆弱性対策
opensslをアップデートして、"1.0.1-4ubuntu5.12"が表示されれば大丈夫そう。
$ sudo apt-get update $ sudo apt-get dist-upgrade $ /etc/nginx# dpkg -l | grep openssl ii openssl 1.0.1-4ubuntu5.12 Secure Socket Layer (SSL) binary and related cryptographic tools
チェックツール
参考
https://www.jpcert.or.jp/at/2014/at140013.html
http://www.ubuntu.com/usn/usn-2165-1/
http://qiita.com/ukitazume/items/f382bcc420dc7815684f
GruntでSass/Compassのコンパイル~ブラウザリロード
モジュールインストール
npm install grunt-open --save-dev npm install grunt-contrib-watch --save-dev npm install grunt-contrib-connect --save-dev npm install grunt-contrib-compass --save-dev
Gruntfile.js
module.exports = function(grunt) {
grunt.initConfig({
pkg: grunt.file.readJSON('package.json'),
compass: {
dist: {
basePath: 'sass/',
options: {
cssDir: 'css'
}
}
},
watch: {
options: {
livereload: true,
nospawn: true
},
sass: {
files: 'sass/*.scss',
tasks: ['compass']
}
},
connect: {
livereload: {
options: {
port: 12345
}
}
},
open: {
server: {
path: 'http://localhost:<%= connect.livereload.options.port %>'
}
}
});
grunt.registerTask('default', ['connect','open','watch']);
grunt.loadNpmTasks('grunt-contrib-watch');
grunt.loadNpmTasks('grunt-contrib-connect');
grunt.loadNpmTasks('grunt-contrib-compass');
grunt.loadNpmTasks('grunt-open');
};
LiveReload用の拡張機能をインストール→Chrome用 https://chrome.google.com/webstore/detail/livereload/jnihajbhpnppcggbcgedagnkighmdlei
grunt実行。
grunt
1.connect~openでブラウザを開く
2.watchでsass/*.scssの更新監視
3.更新されたタイミングで、commpassでsccsをコンパイル
4.livereloadで、ブラウザが自動更新される。
GruntでJS/CSSを結合/圧縮
環境構築は省略
Gruntfile.js
module.exports = function(grunt) {
grunt.initConfig({
pkg: grunt.file.readJSON('package.json'),
concat: {
multiple_file: {
files: {
// 画面ごとに別ファイルを読み込みたいときは、カンマ区切りで記述
'js/test.js': ['js/jquery-1.11.0.min.js', 'js/bootstrap.min.js']
}
}
},
uglify: {
js_uglify: {
options: {
banner: '/*! Banner Comment.\n\n <%= grunt.template.today("dd-mm-yyyy") %> */\n'
},
files: {
'js/test.min.js': ['js/test.js']
}
}
},
cssmin: {
add_banner: {
options: {
banner: '/* My minified css file */'
},
files: {
'css/test.css': ['css/**/*.css']
}
}
}
});
grunt.loadNpmTasks('grunt-contrib-uglify');
grunt.loadNpmTasks('grunt-contrib-concat');
grunt.loadNpmTasks('grunt-contrib-cssmin');
};
実行
$ grunt concat Running "concat:multiple_file" (concat) task File "js/test.js" created. Done, without errors. $ grunt uglify Running "uglify:js_uglify" (uglify) task File js/test.min.js created: 127.62 kB → 128.05 kB Done, without errors. $ grunt cssmin Running "cssmin:add_banner" (cssmin) task File css/test.css created: 158.75 kB → 122.79 kB Done, without errors.
ハマったこと。
こんな感じでシングルタスクとして定義すると、エラーになる。
grunt.registerTask('uglify', ['uglify']);
minifyはちょっと怪しいので様子見。
http://moqada.hatenablog.com/entry/2014/02/12/013203
gitのショートカットコマンド設定
git config --global alias.br 'branch' git config --global alias.co 'checkout' git config --global alias.st 'status' git config --global alias.cmm 'commit'
以下コマンドのように実行できる。
git br develop
