Debian 11 Nginx – Part 6 – php, phpMyAdmin, opcache, memcached

Debian 11 and Nginx – Part 6

Install and Configure php, php8.2-fpm, phpMyAdmin, opcache, memcached

Configure php.ini, www.conf, php-fpm.conf

cd /
find . -name php.ini -print
./etc/php/8.2/fpm/php.ini
./etc/php/8.2/cli/php.ini

cd /etc/php/8.2/fpm

[Use your own timezone, and modify values to your own preference. If uploading .sql files through phpMyAdmin, the max file size below will apply as a limit.]
[As a note, when using Nginx as compared to Apache2 or httpd, Nginx error logs (/var/log/nginx) will show where any values are duplicated via a warning message.]
[Use your own timezone below. I now prefer 512MB for php memory_limit, but the usual is 256MB. Typically we get blank pages or errors when using too small a value, or even 503 errors.]

cp -p php.ini php.ini.bak

vi php.ini

date.timezone = Australia/Brisbane

max_execution_time = 300
max_input_time = 600
max_input_vars = 2500
memory_limit = 256M
post_max_size = 50M
upload_max_filesize = 50M

[save and exit]

cd /
find . -name www.conf -print
./etc/php/8.2/fpm/pool.d/www.conf
cd /etc/php/8.2/fpm/pool.d

cp -p www.conf www.conf.bak

[If www-data is present, replacce with nginx]
[Note where we comment out or uncomment a ; line]

vi www.conf

user = nginx
group = nginx
listen = /run/php/php8.2-fpm.sock
listen.owner = nginx
listen.group = nginx
;listen.mode = 0660     
listen.mode = 0660
; pm = dynamic
pm = ondemand
pm.max_children = 75
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.process_idle_timeout = 10s;
pm.max_requests = 500

php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
php_admin_value[disable_functions] = exec,passthru,system
php_admin_flag[allow_url_fopen] = off
php_admin_value[memory_limit] = 256M

[save and exit. Two of the lines in the above stanza will not be in the original. This stanza is at the bottom of the file.
]
cd ..
cp -p php-fpm.conf php-fpm.conf.bak

vi php-fpm.conf

emergency_restart_threshold = 10
emergency_restart_interval = 1m
process_control_timeout = 60s

[save and exit. You can place these lines anywhere near the commented lines for "emergency". This helps prevent memory leaks, and ability to gracefully use systemctl reload php8.2-fpm on crontab once a night.]

Configure opcache:

cd /etc/php/8.2/mods-available
cp -p opcache.ini opcache.ini.bak

vi opcache.ini

zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=4000

[save and exit]

At this stage, please check your apt updates and do a full operating system reboot from the EC2 console (stop, start). As we have not done this so far we should, and this will ensure php values are up to date.

We will check the php values after we have Nginx configured with a domain name.

Install and configure phpMyAdmin – this lets us access the database via the phpMyAdmin console.

cd /usr/share
wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.tar.gz
ls
tar xvf phpMyAdmin-latest-all-languages.tar.gz
rm phpMyAdmin-latest-all-languages.tar.gz
mv phpMyAdmin-5.2.1-all-languages phpMyAdmin  
cd phpMyAdmin
mkdir tmp
chmod 777 tmp
cp -p config.sample.inc.php config.inc.php
vi config.inc.php

[Search for the blowfish line. Do a Google search on blowfish phpmyadmin generator.
I use: https://phpsolved.com/phpmyadmin-blowfish-secret-generator/?g=[insert_php]echo%20$code;[/insert_php] from https://phpsolved.com.
Paste the generated value into the blowfish value.
Then after SaveDir as shown below, add TempDir...]

$cfg['SaveDir'] = '';
$cfg['TempDir'] = '/tmp';

[save and exit]

[*** Note for later when first attempting to run https://mydomain.com/phpMyAdmin ***
If you get a permissions error, phpMyAdmin will show which directory is not working. 
Go there, then any subdirectories and files that use group apache, use "chgrp -R nginx DIRECTORIES", where DIRECTORIES are the ones using apache]

[We will add the default website-domain /var/www/html directory...]

cd /var
ls -l

[Set these permissions: drwxrwsr-x 12 root nginx 4096 Aug  2 00:00 www
[e.g. chown root www;chgrp nginx www;chmod 2775 www]

cd /var/www
ls -l

[If html is not present, create it with "mkdir html"]
[Set these permissions: drwxrwsr-x  3 nginx nginx  4096 Jul 17 16:30 html]
[e.g. chown nginx html;chgrp nginx html;chmod 2775 html]

cd /var/www/html
pwd
ls -l

[If the directory was created, it should have an index.html file in it. Check permissions: -rw-rw-r--  1 nginx nginx 10729 Jul 17 16:30 index.html]
[e.g. chown nginx index.html; chgrp nginx index.html; chmod 664 index.html]
[You could make it easier on your self and use chgrp nginx i* and so on.]

[Add a soft link to phpMyAdmin so that later you can use https://mydomain.com/phpMyAdmin]

ln -s /usr/share/phpMyAdmin phpMyAdmin

[The phpMyAdmin login will be user: root, and the password you gave when configuring mariadb. Some Linux systems will not let you use root, so you create another user and add root permissions to them. There are Internet articles on how to do this.]

[Add the phpinfo.php file which we will use after Nginx is configured, to verify php configurations, including memcached:]

echo " < ?phpZphpinfo(); ? > "|sed 's/ //g'|sed 's/Z/ /g' > phpinfo.php
chown nginx p*; chgrp nginx p*; chmod 664 p*
ls -l

Later when you domain is working and you go into phpMyAdmin, there is quite a bit to learn there. But you will see an error at the bottom of the page saying to find out why. You can then ask it to create a needed database. If you forget to make the /usr/share/phpMyAdmin/tmp directory with chmod 777 permissions, you will get another error.

We need to install memcached, then in the next lesson “at last!” configure Nginx with an SSL certificate as part of the install.

apt install memcached php8.2-memcached libmemcached-tools
systemctl enable memcached

[Make sure the values below are in the memcached.conf file. You will need to add the OPTIONS line - say at the end.]
[You will need to have previously added port 11211 in yur EC2 Security Group - which we did earlier.]

vi /etc/memcached.conf

-m 64
-u memcache
-p 11211
-l 127.0.0.1

OPTIONS="-l 127.0.0.1 -U 0,::1"

[save and exit]

systemctl restart memcached
systemctl status -l memcached

Please do a reboot:

sync
sync
reboot