centos下nginx搭建drupal 8

环境：centos 7.6，nginx 1.5.18，php 7.3，drupal 8.8.5

drupal 8版本系统要求：

php 7.2以上

数据库要求：MySQL 5.5.3/MariaDB 5.5.20/Percona Server 5.5.8 以上版本并且使用InnoDB数据库引擎, 和 PDO 数据库扩展.

web服务器：apache、nginx、IIS等支持php的服务都可以。

一、nginx

1.nginx安装和配置

# yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm　　//安装最新版epel软件源
# yum install -y yum-utils　　//安装yum工具
# yum install -y nginx
# setenforce 0 　　//设置selinux模式，最好再修改配置文件/etc/selinux/config，把enforcing改为permissive

# firewall-cmd --add-service=http --permanent　　//开放http服务
# firewall-cmd --reload　　//更新防火墙策略

 启动nginx：

# systemctl enable nginx
# systemctl start nginx

2.验证nginx

浏览器访问服务器地址

二、php

1.php7.3安装

由于centos软件仓库的php版本太低，所以需要第三方仓库安装高版本的php，这里使用remirepo.net提供的仓库。

# yum install -y https://mirrors.tuna.tsinghua.edu.cn/remi/enterprise/remi-release-7.rpm    //使用清华大学的镜像源安装

由于remi网站是外国站点，访问不稳定，建议更改仓库的地址使用清华镜像。

修改/etc/yum.repos.d/remi-safe.repo和remi-php73.repo，将mirrorlist的行注释掉。

接下来，取消注释文件里baseurl开头的行，并将其中的http://rpms.remirepo.net替换成https://mirrors.tuna.tsinghua.edu.cn/remi

也可以用如下命令自动替换：

# sed -e 's!^mirrorlist=!#mirrorlist=!g' 
     -e 's!^#baseurl=!baseurl=!g' 
     -e 's!http://rpms.remirepo.net!https://mirrors.tuna.tsinghua.edu.cn/remi!g' 
     -i /etc/yum.repos.d/remi-safe.repo /etc/yum.repos.d/remi-php73.repo

启用php 7.3版本的remi源

# yum-config-manager --enable remi-php73

安装php 7.3和相关扩展

# yum install php php-pdo php-opcache php-mbstring php-fpm php-gd php-xml php-pdo php-pecl-mcrypt php-mysqlnd

修改fpm的配置文件/etc/php-fpm.d/www.conf

;listen = 127.0.0.1:9000    //注释掉该行
listen = /var/run/php-fpm/php-fpm.sock    //设置socket

;listen.owner = nobody    //原设置默认就是注释掉的
;listen.group = nobody    //原设置默认就是注释掉的
;listen.mode = 0660    //原设置默认就是注释掉的
listen.owner = nginx    //增加该行
listen.group = nginx    //增加该行

启动php-fpm

# systemctl enable php-fpm
# systemctl start php-fpm

配置nginx，修改/etc/nginx/nginx.conf文件：

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    access_log  /var/log/nginx/access.log;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80;
        root         /var/www/html;

        location / {
        try_files $uri /index.php;
        }

        location ~ '.php$|^/update.php' {
        fastcgi_split_path_info ^(.+?.php)(|/.*)$;
        # Ensure the php file exists. Mitigates CVE-2019-11043
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        # Block httpoxy attacks. See https://httpoxy.org/.
        fastcgi_param HTTP_PROXY "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;
        # PHP 7 socket location.
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
    }

    }
}

增加php测试文件：

# vi /var/www/html/index.php

在里面写入：

<?php
echo phpinfo();
?>

重启nginx服务：

# systemctl restart nginx

2.验证php

 浏览器访问服务器地址，显示出php的基础信息

三、mariadb数据库

1.安装数据库

# yum install -y mariadb-server
# systemctl start mariadb
# systemctl enable mariadb

 2.配置数据库

数据库初始安全配置（请牢记设置的root密码）：

# mysql_secure_installation

 配置drupal网站的数据库：

# mysql -u root -p    //登录mysql，会要求输入root密码

 接着操作：

MariaDB [(none)]> create database drupal;     //新建数据库drupal
MariaDB [(none)]> GRANT ALL PRIVILEGES ON drupal.* TO db_user@localhost IDENTIFIED BY 'pass123';     //设置用户和权限，本地用户为db_user，密码为pass123
MariaDB [(none)]> FLUSH PRIVILEGES;     //更新权限
MariaDB [(none)]> exit     //退出mysql命令行

四、部署drupal网站

使用ssh工具把网站压缩包drupal-8.8.5.zip上传到服务器/var/www/中

# cd /var/www/　　//切换到www目录中
# yum install -y unzip　　//安装unzip软件包
# unzip drupal-8.8.5.zip　　//把压缩文件解压到当前目录

修改nginx配置文件/etc/nginx/nginx.conf，以：

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    client_max_body_size 20m;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;


server {
   # server_name example.com;
    listen 80;
    root /var/www/drupal-8.8.5; ## <-- Your only path reference.
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Very rarely should these ever be accessed outside of your lan
    location ~* .(txt|log)$ {
        allow 192.168.0.0/16;
        deny all;
    }

    location ~ ..*/.*.php$ {
        return 403;
    }

    location ~ ^/sites/.*/private/ {
        return 403;
    }

    # Block access to scripts in site files directory
    location ~ ^/sites/[^/]+/files/.*.php$ {
        deny all;
    }

    # Allow "Well-Known URIs" as per RFC 5785
    location ~* ^/.well-known/ {
        allow all;
    }

    # Block access to "hidden" files and directories whose names begin with a
    # period. This includes directories used by version control systems such
    # as Subversion or Git to store control files.
    location ~ (^|/). {
        return 403;
    }

    location / {
        # try_files $uri @rewrite; # For Drupal <= 6
        try_files $uri /index.php?$query_string; # For Drupal >= 7
    }

    location @rewrite {
        rewrite ^/(.*)$ /index.php?q=$1;
    }

    # Don't allow direct access to PHP files in the vendor directory.
    location ~ /vendor/.*.php$ {
        deny all;
        return 404;
    }

    # Protect files and directories from prying eyes.
    location ~* .(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(.php)?|xtmpl|yml)(~|.sw[op]|.bak|.orig|.save)?$|^(.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer.(json|lock)|web.config)$|^#.*#$|.php(~|.sw[op]|.bak|.orig|.save)$ {
        deny all;
        return 404;
    }

    # In Drupal 8, we must also match new paths where the '.php' appears in
    # the middle, such as update.php/selection. The rule we use is strict,
    # and only allows this pattern with the update.php front controller.
    # This allows legacy path aliases in the form of
    # blog/index.php/legacy-path to continue to route to Drupal nodes. If
    # you do not have any paths like that, then you might prefer to use a
    # laxer rule, such as:
    #   location ~ .php(/|$) {
    # The laxer rule will continue to work if Drupal uses this new URL
    # pattern with front controllers other than update.php in a future
    # release.
    location ~ '.php$|^/update.php' {
        fastcgi_split_path_info ^(.+?.php)(|/.*)$;
        # Ensure the php file exists. Mitigates CVE-2019-11043
        try_files $fastcgi_script_name =404;
        # Security note: If you're running a version of PHP older than the
        # latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini.
        # See http://serverfault.com/q/627903/94922 for details.
        include fastcgi_params;
        # Block httpoxy attacks. See https://httpoxy.org/.
        fastcgi_param HTTP_PROXY "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;
        # PHP 5 socket location.
        #fastcgi_pass unix:/var/run/php5-fpm.sock;
        # PHP 7 socket location.
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
    }

    # Fighting with Styles? This little gem is amazing.
    # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
    location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
        try_files $uri @rewrite;
    }

    # Handle private files through Drupal. Private file's path can come
    # with a language prefix.
    location ~ ^(/[a-z-]+)?/system/files/ { # For Drupal >= 7
        try_files $uri /index.php?$query_string;
    }

    location ~* .(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        try_files $uri @rewrite;
        expires max;
        log_not_found off;
    }
    # Enforce clean URLs
    # Removes index.php from urls like www.example.com/index.php/my-page --> www.example.com/my-page
    # Could be done with 301 for permanent or other redirect codes.
    if ($request_uri ~* "^(.*/)index.php(.*)") {
        return 307 $1$2;
    }
}
}

重启nginx服务：

# systemctl restart nginx

网站部署过程中，会自动写入一些文件，需要先开启写入权限（部署完成后关闭写入权限）：

# chmod o+w /var/www/drupal-8.8.5/sites/default/
# cp /var/www/drupal-8.8.5/sites/default/default.settings.php /var/www/drupal-8.8.5/sites/default/settings.php 　　　//复制settings.php文件
# chmod o+w /var/www/drupal-8.8.5/sites/default/settings.php 　　//设置配置文件权限

浏览器访问服务器地址，自动开始网站的初始化部署

 

 配置数据库连接信息，使用之前创建的数据库、用户和密码：

 

 配置网站基本信息，包括创建管理员帐号

 

 安装完毕后，自动访问网站：

安全考虑，移除之前设置的写入权限：

# chmod o-w /var/www/drupal-8.8.5/sites/default/settings.php
# chmod o-w /var/www/drupal-8.8.5/sites/default