Vendredi 23 novembre 2018 (Modifié le Vendredi 23 novembre 2018)

Compilation nginx Debian Stretch

Compilation de la version nginx stable (mainline) et des modules complémentaires lua ,etc…
Vérifier la version nginx “mainline” (nginx 1.13.5 au 05 Sep 2017) )
Il faut modifier la constante ngxversion du fichier bash nginx-compil
ATTENTION!!!,Problème de compilation nginx avec Openssl 1.1
Il faut compiler avec la version 1.0 qui est toujours d’actualité.
Voir le site https://www.openssl.org/source/ ,Version OpenSSL_1_0_2l du 25 mai 2017

Passage en mode super utilisateur
sudo -s

Bash de compilation

Fichier bash pouvant être exécuté ,copier le contenu ci dessous dans une fenêtre terminal

cat > nginx-compil << EOF
#!/bin/bash
#
#version nginx http://nginx.org/en/download.html
ngxversion="nginx-1.13.5"
#Debian Stretch ,compilation Nginx+Lua   
#répertoire de compilation
mkdir -p /usr/src/nginx-custom && cd /usr/src/nginx-custom
#logiciels pour compilation 
apt install dpkg-dev build-essential zlib1g-dev libpcre3 libpcre3-dev unzip curl libcurl4-openssl-dev libossp-uuid-dev libssl-dev libxslt-dev libgd-dev libgeoip-dev libperl-dev libpam0g-dev libbz2-dev tar unzip curl git -y
# installation luajit ,dépendances Lua5.1 et lua-cjson
apt install luajit lua5.1 liblua5.1-0 liblua5.1-0-dev lua-cjson -y
#
cd /usr/src/nginx-custom
wget http://nginx.org/download/$ngxversion.tar.gz?_ga=1.52322729.1622108673.1451984988 -O $ngxversion.tar.gz
tar xvf $ngxversion.tar.gz
mv $ngxversion nginx-mainline
rm $ngxversion.tar.gz
#Création dossier modules 
mkdir -p /usr/src/nginx-custom/nginx-mainline/modules
#Modules externes : https://www.nginx.com/resources/wiki/modules/
cd /usr/src/nginx-custom/nginx-mainline/modules/
#Clonage des modules externes avant compilation
# headers-more-nginx-module
git clone https://github.com/openresty/headers-more-nginx-module
# ngx_http_auth_pam_module
git clone https://github.com/stogh/ngx_http_auth_pam_module
#ngx_cache_purge
git clone https://github.com/FRiCKLE/ngx_cache_purge
#ngx_devel_kit
git clone https://github.com/simpl/ngx_devel_kit
#echo-nginx-module
git clone https://github.com/openresty/echo-nginx-module
#ngx-fancyindex
git clone https://github.com/aperezdc/ngx-fancyindex
# modification fancyindex pour avoir la ligne complète
#nginx-push-stream-module
git clone https://github.com/wandenberg/nginx-push-stream-module
#lua-nginx-module
git clone https://github.com/openresty/lua-nginx-module.git
#nginx-upload-progress-module
git clone https://github.com/masterzen/nginx-upload-progress-module
#ngx_http_substitutions_filter_module
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module
#Chiffrement déchiffrement pour les variables nginx
git clone https://github.com/openresty/encrypted-session-nginx-module.git
#Capacité d'échappement,“déséchappement”,encodage et décodage hexa,MD5,SHA1,Base32,Base64 ,etc… 
git clone https://github.com/openresty/set-misc-nginx-module
#nginx-upstream-fair (problème de compilation)
#--add-module=/usr/src/nginx-custom/nginx-mainline/modules/nginx-upstream-fair
#git clone https://github.com/gnosek/nginx-upstream-fair
#SSL 1.0 
wget https://github.com/openssl/openssl/archive/OpenSSL_1_0_2l.tar.gz
tar xvf OpenSSL_1_0_2l.tar.gz
# 
cd /usr/src/nginx-custom/nginx-mainline
#Configuration , compilation et installation nginx
./configure \
 --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' \
 --with-ld-opt=-Wl,-z,relro \
 --prefix=/usr/share/nginx \
 --conf-path=/etc/nginx/nginx.conf \
 --http-log-path=/var/log/nginx/access.log \
 --error-log-path=/var/log/nginx/error.log \
 --lock-path=/var/lock/nginx.lock \
 --pid-path=/run/nginx.pid \
 --http-client-body-temp-path=/var/lib/nginx/body \
 --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
 --http-proxy-temp-path=/var/lib/nginx/proxy \
 --http-scgi-temp-path=/var/lib/nginx/scgi \
 --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
 --with-debug \
 --with-pcre-jit \
 --with-http_ssl_module \
 --with-http_v2_module \
 --with-http_stub_status_module \
 --with-http_realip_module \
 --with-http_auth_request_module \
 --with-http_addition_module \
 --with-http_dav_module \
 --with-http_flv_module \
 --with-http_geoip_module \
 --with-http_gzip_static_module \
 --with-http_image_filter_module \
 --with-http_mp4_module \
 --with-http_perl_module \
 --with-http_random_index_module \
 --with-http_secure_link_module \
 --with-http_sub_module \
 --with-http_xslt_module \
 --with-mail \
 --with-mail_ssl_module \
 --with-openssl=/usr/src/nginx-custom/nginx-mainline/modules/openssl-OpenSSL_1_0_2l \
 --add-module=/usr/src/nginx-custom/nginx-mainline/modules/headers-more-nginx-module \
 --add-module=/usr/src/nginx-custom/nginx-mainline/modules/ngx_http_auth_pam_module \
 --add-module=/usr/src/nginx-custom/nginx-mainline/modules/ngx_cache_purge \
 --add-module=/usr/src/nginx-custom/nginx-mainline/modules/ngx_devel_kit \
 --add-module=/usr/src/nginx-custom/nginx-mainline/modules/echo-nginx-module \
 --add-module=/usr/src/nginx-custom/nginx-mainline/modules/ngx-fancyindex \
 --add-module=/usr/src/nginx-custom/nginx-mainline/modules/nginx-push-stream-module \
 --add-module=/usr/src/nginx-custom/nginx-mainline/modules/lua-nginx-module \
 --add-module=/usr/src/nginx-custom/nginx-mainline/modules/nginx-upload-progress-module \
 --add-module=/usr/src/nginx-custom/nginx-mainline/modules/ngx_http_substitutions_filter_module \
 --add-module=/usr/src/nginx-custom/nginx-mainline/modules/encrypted-session-nginx-module \
 --add-module=/usr/src/nginx-custom/nginx-mainline/modules/set-misc-nginx-module 

#compilation
make
#installation
make install
#Copier le binaire pour le PATH
cp /usr/share/nginx/sbin/nginx /usr/sbin/
#Effacement compilation
make clean
#Dossier temporaire
mkdir -p /var/lib/nginx
#Dossier config
mkdir -p /etc/nginx/conf.d/
#dossier vhost
mkdir -p /var/www
EOF

Le rendre exécutable
chmod +x nginx-compil

Exécution
./nginx-compil
Vérification
nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Créer le script d’initialisation (service)

fichier /etc/init.d/nginx

  touch /etc/init.d/nginx
  chmod u+x /etc/init.d/nginx

Le fichier d’intialisation
nano /etc/init.d/nginx

#!/bin/sh

### BEGIN INIT INFO
# Provides:	  nginx
# Required-Start:    $local_fs $remote_fs $network $syslog $named
# Required-Stop:     $local_fs $remote_fs $network $syslog $named
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts the nginx web server
# Description:       starts nginx using start-stop-daemon
### END INIT INFO

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/nginx
NAME=nginx
DESC=nginx

# Include nginx defaults if available
if [ -r /etc/default/nginx ]; then
	. /etc/default/nginx
fi

STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}"

test -x $DAEMON || exit 0

. /lib/init/vars.sh
. /lib/lsb/init-functions

# Try to extract nginx pidfile
PID=$(cat /etc/nginx/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1)
if [ -z "$PID" ]
then
	PID=/run/nginx.pid
fi

# Check if the ULIMIT is set in /etc/default/nginx
if [ -n "$ULIMIT" ]; then
	# Set the ulimits
	ulimit $ULIMIT
fi

#
# Function that starts the daemon/service
#
do_start()
{
	# Return
	#   0 if daemon has been started
	#   1 if daemon was already running
	#   2 if daemon could not be started
	start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \
		|| return 1
	start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON -- \
		$DAEMON_OPTS 2>/dev/null \
		|| return 2
}

test_nginx_config() {
	$DAEMON -t $DAEMON_OPTS >/dev/null 2>&1
}

#
# Function that stops the daemon/service
#
do_stop()
{
	# Return
	#   0 if daemon has been stopped
	#   1 if daemon was already stopped
	#   2 if daemon could not be stopped
	#   other if a failure occurred
	start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME
	RETVAL="$?"

	sleep 1
	return "$RETVAL"
}

#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
	start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME
	return 0
}

#
# Rotate log files
#
do_rotate() {
	start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME
	return 0
}

#
# Online upgrade nginx executable
#
# "Upgrading Executable on the Fly"
# http://nginx.org/en/docs/control.html
#
do_upgrade() {
	# Return
	#   0 if nginx has been successfully upgraded
	#   1 if nginx is not running
	#   2 if the pid files were not created on time
	#   3 if the old master could not be killed
	if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then
		# Wait for both old and new master to write their pid file
		while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do
			cnt=`expr $cnt + 1`
			if [ $cnt -gt 10 ]; then
				return 2
			fi
			sleep 1
		done
		# Everything is ready, gracefully stop the old master
		if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then
			return 0
		else
			return 3
		fi
	else
		return 1
	fi
}

case "$1" in
	start)
		[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
		do_start
		case "$?" in
			0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
			2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
		esac
		;;
	stop)
		[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
		do_stop
		case "$?" in
			0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
			2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
		esac
		;;
	restart)
		log_daemon_msg "Restarting $DESC" "$NAME"

		# Check configuration before stopping nginx
		if ! test_nginx_config; then
			log_end_msg 1 # Configuration error
			exit 0
		fi

		do_stop
		case "$?" in
			0|1)
				do_start
				case "$?" in
					0) log_end_msg 0 ;;
					1) log_end_msg 1 ;; # Old process is still running
					*) log_end_msg 1 ;; # Failed to start
				esac
				;;
			*)
				# Failed to stop
				log_end_msg 1
				;;
		esac
		;;
	reload|force-reload)
		log_daemon_msg "Reloading $DESC configuration" "$NAME"

		# Check configuration before reload nginx
		#
		# This is not entirely correct since the on-disk nginx binary
		# may differ from the in-memory one, but that's not common.
		# We prefer to check the configuration and return an error
		# to the administrator.
		if ! test_nginx_config; then
			log_end_msg 1 # Configuration error
			exit 0
		fi

		do_reload
		log_end_msg $?
		;;
	configtest|testconfig)
		log_daemon_msg "Testing $DESC configuration"
		test_nginx_config
		log_end_msg $?
		;;
	status)
		status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $?
		;;
	upgrade)
		log_daemon_msg "Upgrading binary" "$NAME"
		do_upgrade
		log_end_msg 0
		;;
	rotate)
		log_daemon_msg "Re-opening $DESC log files" "$NAME"
		do_rotate
		log_end_msg $?
		;;
	*)
		echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2
		exit 3
		;;
esac

:

Fichier de configuration nginx

Effacement puis création

rm /etc/nginx/nginx.conf
nano /etc/nginx/nginx.conf

Copier le contenu ci dessous dans une fenêtre terminal pour créer le fichier /etc/nginx/nginx.conf

cat > /etc/nginx/nginx.conf << EOF
user www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
	worker_connections 768;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	

	include       mime.types;
	default_type  application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;


}
EOF

Vérification
nginx -t

Création systemd nginx.service

nginx est compilé et installé , binaire sur /usr/sbin/nginx

Création du fichier /etc/systemd/system/nginx.service
Copier le contenu ci dessous dans une fenêtre terminal

cat > /etc/systemd/system/nginx.service << EOF
[Unit]
Description=A high performance web server and a reverse proxy server
After=network.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
TimeoutStopSec=5
KillMode=mixed

[Install]
WantedBy=multi-user.target
EOF

Réinitialiser
systemctl daemon-reload
Lancer le service
systemctl start nginx
Vérifier le “status”
systemctl status nginx

● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/etc/systemd/system/nginx.service; disabled; vendor preset:
   Active: active (running) since Tue 2017-09-12 18:13:56 CEST; 16s ago
  Process: 5680 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (co
  Process: 5677 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_proces
 Main PID: 5681 (nginx)
    Tasks: 5 (limit: 4915)
   CGroup: /system.slice/nginx.service
           ├─5681 nginx: master process /usr/sbin/nginx -g daemon on; master_p
           ├─5682 nginx: worker process
           ├─5683 nginx: worker process
           ├─5685 nginx: worker process
           └─5686 nginx: worker process

sept. 12 18:13:56 cinay.pw systemd[1]: Starting A high performance web server 
sept. 12 18:13:56 cinay.pw systemd[1]: Started A high performance web server a

web default.conf et index.html

Configuration vhost
Contenu fichier /etc/nginx/conf.d/default.conf

cat > /etc/nginx/conf.d/default.conf << EOF
server {
    listen 80;
    listen [::]:80;
    root /var/www/ ;
}
EOF

Création fichier html
Contenu fichier /var/www/index.html

cat > /var/www/index.html << EOF
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx on Debian!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx on Debian!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working on Debian. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a></p>

<p>
      Please use the <tt>reportbug</tt> tool to report bugs in the
      nginx package with Debian. However, check <a
      href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;src=nginx;repeatmerged=0">existing
      bug reports</a> before reporting a new bug.
</p>

<p><em>Thank you for using debian and nginx.</em></p>


</body>
</html>
EOF

Relancer le serveur
systemctl restart nginx
Vous vérifier la page html sur le lien http://adresse_IP ,ex: http://192.168.0.43 (remplacer par votre IP ou domaine http://cinay.pw)
Après ces tests et vérifications ,valider nginx pour un démarrage auto
systemctl enable nginx

PHP5 , PHP7.0 et PHP7.1

PHP5

Installation

sudo apt-get install php5-fpm

PHP7.0 (debian 9)

PHP7.0 est dans les dépôts stretch

sudo apt install php7.0 php7.0-fpm php7.0-mysql php7.0-curl php7.0-json php7.0-gd php7.0-mcrypt php7.0-tidy php7.0-intl php7.0-imagick php7.0-xml php7.0-mbstring php7.0-zip -y

Le fichier de configuration
$ php -i | grep "Loaded Configuration File"
Loaded Configuration File => /etc/php/7.0/cli/php.ini

PHP7.0/i686 via dotdeb (debian 7-8)

PHP 7 ne sera pas disponible dans les dépôts de Debian avant Debian 9, puisqu’elle n’accepte que les correctifs pour la version en cours.

A - Ajout du dépot Dotdeb
Ajout liste

sudo -s
echo "deb http://packages.dotdeb.org jessie all" > /etc/apt/sources.list.d/php7.list
wget --no-check-certificate -O- https://www.dotdeb.org/dotdeb.gpg | apt-key add -
apt update && apt -yy upgrade

B - Si PHP 5 est installé , il faut le supprimer

  systemctl stop php5-fpm
  apt-get autoremove --purge php5*

C - Installation de PHP7.0/i686

avec quelques dépendances (valables pour installer nextcloud)

apt install php7.0 php7.0-fpm php7.0-mysql php7.0-curl php7.0-json php7.0-gd php7.0-mcrypt php7.0-tidy php7.0-intl php7.0-imagick php7.0-xml php7.0-mbstring php7.0-zip

On peut vérifier la version installée avec php -v

PHP7.1

Vous pouvez commencer par désinstaller PHP 7.0 en utilisant la commande suivante

apt-get purge 'php7*'

A - Configuration du dépot

Ondřej Surý met à disposition un dépôt permettant de télécharger et d’installer facilement cette nouvelle version de php. Pour cela il vous suffit de rentrer les commandes suivantes

    apt install apt-transport-https lsb-release ca-certificates
    wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
    echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php7.list
    apt update

B - Installer PHP 7.1/NGinx

une commande pour installer PHP 7.1 avec les éléments nécessaires à l’installation de nextcloud

apt install php7.1 php7.1-fpm php7.1-mysql php7.1-curl php7.1-json php7.1-gd php7.1-mcrypt php7.1-tidy php7.1-intl php7.1-imagick php7.1-xml php7.1-mbstring php7.1-zip

une commande pour installer PHP 7.1 ainsi que quelques dépendances qui pourraient vous être utiles

    apt install --no-install-recommends php7.1 php7.1-fpm php7.1-mysql php7.1-curl php7.1-json php7.1-gd php7.1-mcrypt php7.1-msgpack php7.1-memcached php7.1-intl php7.1-sqlite3 php7.1-gmp php7.1-geoip php7.1-mbstring php7.1-redis php7.1-xml php7.1-zip

N’oubliez pas de modifier la configuration de vos sites afin de mettre à jour le socket d’écoute de PHP-FPM

/run/php/php7.1-fpm.sock

Configuration et test php 5 ou 7

Choisir l’une des 2 configurations suivantes pour créer le fichier test PHP, fonction du mode d’installation de nginx

1. NGINX installé AVEC DEB (pas développé dans ce tuto)

  sudo -s
  echo "<?php phpinfo(); ?>" > /var/www/html/info.php
  nano /etc/nginx/sites-enabled/default

2. NGINX compilé

  sudo -s
  echo "<?php phpinfo(); ?>" > /var/www/info.php
  nano /etc/nginx/conf.d/default.conf

Configurer Nginx pour rediriger les fichiers PHP vers fpm.
Ajouter les lignes suivantes dans la section “server” ,avant le “}” final

        location ~ \.php$ {
           fastcgi_split_path_info ^(.+\.php)(/.+)$;
           # fastcgi_pass unix:/var/run/php5-fpm.sock;    # PHP5
           fastcgi_pass unix:/run/php/php7.0-fpm.sock;    # PHP7.0 
           # fastcgi_pass unix:/run/php/php7.1-fpm.sock   # PHP7.1
           fastcgi_index index.php;
           include fastcgi_params;
	   fastcgi_param SCRIPT_FILENAME $request_filename;
        }

Redémarrer php fpm suivant votre version installée

systemctl restart php5-fpm		#PHP5
systemctl restart php7.0-fpm	    #PHP7.0
systemctl restart php7.1-fpm	    #PHP7.1

Recharger Nginx

systemctl restart nginx

Test sur le http://192.168.0.43/info.php (remplacer par votre IP ou domaine http://cinay.pw/info.php)