Build a website environment (PHP YAF nginx MariaDB) from scratch

Time:2020-10-31

HTTPS is the trend of the times, so we can’t fall behind. Let’s play with it today

Installation certificate

Let’s Encrypt

Let’s encrypt is a free, open, automated certification authority (CA) that operates in the public interest. details

Here we still use docker to install

  • establish/docker/certbot/confFolder, used to store certificate files (you can also change to your preferred path, don’t forget to change the configuration)
mkdir -p /docker/certbot/conf
  • Run the docker command
Docker run - it -- RM - P 88:80 -- name certbot - V "/ docker / certbot / conf / etc / letsencrypt" - V "/ docker / www / HTML / usr / share / nginx / HTML" certbot / certbot certtonly -- Webroot - w / usr / share / nginx / HTML -- email your email - d your website domain name (without HTTP)

Here we mount two folders/docker/certbot/conf(storage certificate), one is/docker/www/htmlDon’t forget to replace your email address and domain name.
Friends who have read my previous article may have noticed that they have been using it beforedocker-compose.ymlFile to run docker, how to change it torunWhat’s the order? There’s a little bit of a complication. One is that this command only needs to be run once, and the other is that I don’t know how to write
When docker is installed, if there is no accident, you will see a window for you to select in the console, and enter a (agree).
In this way, the certificate should be installed.

Modify the docker of nginx- compose.yml

cd /docker/nginx
vi docker-compose.yml
version: "3.5"

networks:
    zf_site_network:
        name: zf_site_network

services:
    nginx:
        container_name: nginx
        image: nginx
        privileged: true
        ports:
            - "80:80"
            - "443:443"
        restart: always
        volumes:
            - /docker/www:/usr/share/nginx/www
            - /docker/nginx/conf:/etc/nginx/conf.d
            -/ docker / certbot / conf / etc / letsencrypt ා mount certificate folder
            -/ docker / nginx / logs / var / log / nginx ා mount logs
        networks:
            - zf_site_network
        environment:
            - TZ=Asia/Shanghai

Restart nginx

docker-compose up -d

Configure nginx

In chapter two, we createdYour domain name_ 80.confThis profile:

server {
    listen        80;
    server_ Name your domain name;
    Root website root directory;
    location / {
        index index.php index.html;
    }
     if (!-e $request_filename) {
         rewrite ^/(.*)  /index.php/$1 last;
    }
    location ~ \.php(.*)$ {
        fastcgi_pass   php:9000;
        fastcgi_index  index.php;
        fastcgi_split_path_info  ^((?U).+\.php)(/?.+)$;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  PATH_INFO  $fastcgi_path_info;
        fastcgi_param  PATH_TRANSLATED  $document_root$fastcgi_path_info;
        include        fastcgi_params;
    }
}

Now let’s change it:

server {
    listen        80;
    server_ Name your domain name;
    rewrite ^(.*) https://$host$1 permanent;
}
server {
    listen 443 ssl;
    server_ Name your domain name;

    Root website root directory;
    location / {
        index index.php index.html;
    }
    
    if (!-e $request_filename) {
         rewrite ^/(.*)  /index.php/$1 last;
    }
    location ~ \.php(.*)$ {
        fastcgi_pass   php:9000;
        fastcgi_index  index.php;
        fastcgi_split_path_info  ^((?U).+\.php)(/?.+)$;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  PATH_INFO  $fastcgi_path_info;
        fastcgi_param  PATH_TRANSLATED  $document_root$fastcgi_path_info;
        include        fastcgi_params;
    }

    ssl on;
    ssl_ Certificate / etc / letsencrypt / Live / your domain name/ fullchain.pem ;
    ssl_ certificate_ Key / etc / letsencrypt / Live / your domain name/ privkey.pem ;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

    charset utf-8;
    access_ Log / var / log / nginx / your domain name access.log   main;
    error_ Log / var / log / nginx / your domain name error.log  warn;

}

Restart nginx

Docker restart nginx (image name)

Access browser

Now visit your domain name to see if it’s changed to HTTPS?

Recommended Today

Comparison and analysis of Py = > redis and python operation redis syntax

preface R: For redis cli P: Redis for Python get ready pip install redis pool = redis.ConnectionPool(host=’39.107.86.223′, port=6379, db=1) redis = redis.Redis(connection_pool=pool) Redis. All commands I have omitted all the following commands. If there are conflicts with Python built-in functions, I will add redis Global command Dbsize (number of returned keys) R: dbsize P: print(redis.dbsize()) […]