Installing Nginx with PHP 7 and MySQL 5.7 (LEMP) on Ubuntu 16.04 LTS

Standard

From: https://www.howtoforge.com/tutorial/installing-nginx-with-php7-fpm-and-mysql-on-ubuntu-16.04-lts-lemp/


Nginx (pronounced “engine x”) is a free, open-source, high-performance HTTP server. Nginx is known for its stability, rich feature set, simple configuration, and low resource consumption. This tutorial shows how you can install Nginx on an Ubuntu 16.04 server with PHP 7 support (through PHP-FPM) and MySQL 5.7 support (LEMP = Linux + nginx (pronounced “engine x”) + MySQL + PHP).

 

1 Preliminary Note

In this tutorial, I use the hostname server1.example.com with the IP address 192.168.1.100. These settings might differ for you, so you have to replace them where appropriate.

I’m running all the steps in this tutorial with root privileges, so make sure you’re logged in as root:

sudo -s

 

2 Installing MySQL 5.7

In order to install MySQL, we run:

apt-get -y install mysql-server mysql-client

You will be asked to provide a password for the MySQL root user – this password is valid for the user root@localhost as well as root@server1.example.com, so we don’t have to specify a MySQL root password manually later on:

New password for the MySQL “root” user: <– yourrootsqlpassword
Repeat password for the MySQL “root” user: <– yourrootsqlpassword

To secure the database server and remove  the anonymous user and test database, run the mysql_secure_installation command.

mysql_secure_installation

You will be asked these questions:

root@server1:~# mysql_secure_installation

Securing the MySQL server deployment.

Enter password for user root: <– Enter the MySQL root password

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No: <– Press y if you want this function or press Enter otherwise.
Using existing password for root.
Change the password for root ? ((Press y|Y for Yes, any other key for No) : <– Press enter

… skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : <– y
Success.

Normally, root should only be allowed to connect from
‘localhost’. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : <– y
Success.

By default, MySQL comes with a database named ‘test’ that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : <– y
– Dropping test database…
Success.

– Removing privileges on test database…
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : <– y
Success.

All done!

MySQL is secured now.

3 Installing Nginx

In case that you have installed Apache2 already, then remove it first with these commands & then install nginx:

service apache2 stop
update-rc.d -f apache2 remove
apt-get remove apache2

Nginx is available as a package for Ubuntu 16.04 which we can install.

apt-get -y install nginx

Start nginx afterwards:

service nginx start

Type in your web server’s IP address or hostname into a browser (e.g. http://192.168.1.100), and you should see the following page:

The Ubuntu Nginx default page.

The default nginx document root on Ubuntu 16.04 is /var/www/html.

 

4 Installing PHP 7

We can make PHP work in nginx through PHP-FPM (PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites) which we install as follows:

apt-get -y install php7.0-fpm

PHP-FPM is a daemon process (with the init script php7.0-fpm) that runs a FastCGI server on the socket /run/php/php7.0-fpm.sock.

 

5 Configuring nginx

The nginx configuration is in /etc/nginx/nginx.conf which we open now:

nano /etc/nginx/nginx.conf

The configuration is easy to understand (you can learn more about it here: http://wiki.nginx.org/NginxFullExample and here: http://wiki.nginx.org/NginxFullExample2)

First (this is optional) adjust the keepalive_timeout to a reasonable value:

The virtual hosts are defined in server {} containers. The default vhost is defined in the file /etc/nginx/sites-available/default – let’s modify it as follows:

nano /etc/nginx/sites-available/default

server_name _; makes this a default catchall vhost (of course, you can as well specify a hostname here like www.example.com).

root /var/www/html; means that the document root is the directory /var/www/html.

The important part for PHP is the location ~ \.php$ {} stanza. Uncomment it to enable it.

Now save the file and reload nginx:

service nginx reload

Next open /etc/php/7.0/fpm/php.ini

nano /etc/php/7.0/fpm/php.ini

… and set cgi.fix_pathinfo=0:

Reload PHP-FPM:

service php7.0-fpm reload

Now create the following PHP file in the document root /var/www/html:

nano /var/www/html/info.php

Now we call that file in a browser (e.g. http://192.168.1.100/info.php):

PHP Info on Ubuntu with Nginx.

As you see, PHP 7 is working, and it’s working through FPM/FastCGI, as shown in the Server API line. If you scroll further down, you will see all modules that are already enabled in PHP. MySQL is not listed there which means we don’t have MySQL support in PHP yet.

 

6 Getting MySQL Support In PHP 7

To get MySQL support in PHP, we can install the php7.0-mysql package. It’s a good idea to install some other PHP modules as well as you might need them for your applications. You can search for available PHP modules like this:

apt-cache search php7.0

Pick the ones you need and install them like this:

apt-get -y install php7.0-mysql php7.0-curl php7.0-gd php7.0-intl php-pear php-imagick php7.0-imap php7.0-mcrypt php-memcache  php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl php7.0-mbstring php-gettext

APCu is an extension for the PHP Opcache module that comes with PHP 7, it adds some compatibility features for software that supports the APC cache (e.g. WordPress cache plugins).

APCu can be installed as follows:

apt-get -y install php-apcu

Now reload PHP-FPM:

service php7.0-fpm reload

Now reload http://192.168.1.100/info.php in your browser and scroll down to the modules section again. You should now find lots of new modules there, including the MySQL module:

The PHP Modules have been installed.

 

7 Making PHP-FPM use a TCP Connection

By default PHP-FPM is listening on the socket /var/run/php/php7.0-fpm.sock. It is also possible to make PHP-FPM use a TCP connection. To do this, open /etc/php/7.0/fpm/pool.d/www.conf

nano /etc/php/7.0/fpm/pool.d/www.conf

… and make the listen line look as follows:

This will make PHP-FPM listen on port 9000 on the IP 127.0.0.1 (localhost). Make sure you use a port that is not in use on your system.

Then reload PHP-FPM:

php7.0-fpm reload

Next go through your nginx configuration and all your vhosts and change the line fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; to fastcgi_pass 127.0.0.1:9000;, e.g. like this:

nano /etc/nginx/sites-available/default

Finally, reload nginx:

service nginx reload

That’s it. The Nginx LEMP server is installed.

156 total views, 1 views today

Find bash script location

Standard

This can be useful if you need to cd to the script location from within crontab. cd to the script location from within the script itself !

For the relative path (i.e. the direct equivalent of Windows’ 

):

[/crayon]
For the absolute, normalized path:

[/crayon]

482 total views, 1 views today

Securing your PHP application in php.ini & .htaccess | W3lessons.info

Standard

http://w3lessons.info/2012/04/04/tips-to-securing-your-php-application/

w3lessons.info

PHP
JQUERY
FACEBOOK
CODEIGNITER
FREEBIES
TWITTER
HTML5
CSS3
CONTACT
REQUEST A TUTORIAL
Tips to Securing your PHP Application

Karthikeyan K April 4, 2012 PHP

Now a days PHP Language is very popular among developers to develop large applications like facebook etc.

So here I am going to tell how to secure your PHP applications in a simple steps

Disabling Remote URLs for File Handling Functions

File handling functions like fopen, file_get_contents, and include accept URLs as file parameters (for example:fopen(‘http://www.example.com/’, ‘r’)). Even though this enables developers to access remote resources like HTTP URLs, it poses as a huge security risk if the filename is taken from user input without proper sanitization, and opens the door for remote code execution on the server. To disable this and limit file functions to local system, use the following setting in php.ini:

allow_url_fopen = Off
Network resources will still be accessible through fsockopen or CURL functions.

Most of the following settings are also located in the PHP configuration file php.ini. Its actual path depends on your OS. You may use the search feature to locate it if you don’t know where it is already.

Register Globals

Prior to version 4.2.0, PHP used to provide input values as global variables. This feature was named register_globals, and it was responsible for many security issues in web applications because it allowed attackers to freely manipulate global variables in many situations. Fortunately it’s disabled by default from PHP 4.2.0 and on, because it’s dangerous on so many scales. Do not enable it no matter what. If some script requires it then the script is most likely insecure. If a developer requests it to be enabled, then they are very likely to be incompetent. Don’t listen to them and keep it off!

register_globals = Off
Restricting What PHP Can Read and Write

More often than not, PHP scripts only need I/O access to a certain subdirectory in the filesystem,/var/www/htdocs/files for instance. In this case, you can limit what fopen and other file access functions can read and write to by using the following directive:

open_basedir = /var/www/htdocs/files
Safe Mode

PHP has a safe mode. In this mode, access to files not owned by Apache is disabled, and access to environment variables and execution of binary programs are also disabled.

In its default state, PHP’s safe mode is too restrictive for any advanced development to be possible. However, there are several settings to relax it. The biggest problem with safe mode is that only files owned by Apache are accessible to PHP scripts. This is often impractical when many developers are working on the same project, or when you want PHP to read a file without changing its ownership. Another affected situation is when you want PHP to read files generated by other programs. To work around this, there is a setting that checks for file group instead of owner:

safe_mode = Off
safe_mode_gid = On
With safe_mode_gid enabled instead of safe_mode, PHP will be able to open files that belong to Apache’s group regardless of the owner. So if there are several developers working on the same server, add them to Apache’s group, make it their default group, and everything should be set.

Safe mode is also useful in stopping PHP from executing binaries, but sometimes you may need to let it run specific programs. In this case place these binaries (or symbolic links to them) in a directory (/var/www/binaries for instance) and use the following option:

safe_mode_exec_dir = /var/www/binaries
Finally, to allow access to certain environment variables, use the following setting, providing a comma-separated list of prefixes. Only environment variables which names begin with one of the prefixes will be accessible:

safe_mode_allowed_env_vars = PHP_
Posing Limits

It’s always a good idea to put limits on PHP’s execution time, memory usage, POST and upload data. To do this, use the following self-explanatory options:

max_execution_time = 30  ; Max script execution time
max_input_time = 60      ; Max time spent parsing input
memory_limit = 16M       ; Max memory used by one script
upload_max_filesize = 2M ; Max upload file size
post_max_size = 8M       ; Max post size
Needless to say, you may tweak the values to suit your needs.

Limit Access to Certain File Name Patterns

Many file extensions should not be accessible by end users. Take for example .inc. Some developers prefer to assign this extension to included scripts. The problem here is that this extension isn’t parsed by the PHP engine, and as a result, anyone can view the source code by requesting the file itself: http://www.example.com/includes/settings.inc

Such files may contain sensitive data like MySQL passwords. So you need to ensure that end users can not access those files. Other candidate extensions are .sql, .mysql, and .pgsql.

Another pattern to look out for is backup files. Some editors create backup versions of edited files in the same directory where the original file is located. For example, if you edit index.php, a backup called index.php~ will be created. Given that this file doesn’t end with .php, it will not be processed by the PHP engine, and its code will also be available to users by requesting http://www.example.com/index.php~

To avoid the risks mentioned above, you can use the following Apache directive:


  Order allow,deny
  Deny from all

Place it in a .htaccess file or in Apache’s configuration. Adding more file extensions should be trivial to those familiar with regular expressions.

Error Messages and Logging

By default, PHP prints error messages to the browser’s output. While this is desirable during the development process, it may reveal security information to users, like installation paths or usernames. It’s highly recommended to disable this on a production server, and send error messages to a log file instead:

display_errors = Off
log_errors = On
Hiding The Presence Of PHP

PHP reveals its presence on the server in a variety of ways: It may send an HTTP header (X-Powered-By: PHP), or append its name and version to Apache’s signature. In addition, there are easter egg URLs that return the PHP logo, one of them is: http://www.example.com/script.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000

Obviously there is no reason to let end users know about the server’s PHP version. Luckily, there is a switch in php.ini that will disable all of the above:

expose_php = Off
If you enjoyed this article, Get email updates (It’s Free)

You Might Also Like:

3 tips to secure your wordpress using .htaccess
Tips to Speed Up your PHP Website/Application
Top 10 htaccess tips and tricks to prevent your wordpress site from hackers
Top 5 tips to speed up your wordpress blog
New features in PHP 5.4 version
Built-in Web Server Environment in PHP 5.4
Codeigniter Tips and Tricks
Build Your First Facebook Application in PHP
PHP and htaccess tips and tricks
Create a Basic Shoutbox with PHP and SQL

htaccess tips & tricks
Did you like this article? Share it with your friends!

Written by Karthikeyan K

I have more than 5 years of experience in web development arena. I have designed complex back-end management systems including content management, social networking sites and communication interfaces. The projects in my workplace are based on PHP in conjunction with various other web development technologies. My strength lies in various domains like PHP, Mysql, JavaScript, AJAX, DHTML, XHTML and CSS.

Karthikeyan K Karthikeyan K
Entrepreneur, Imagineer, Web Developer, Blogger
Chennai – India
itzurkarthi [at] gmail.com
Subscribe my updates via Email
 

Follow Us on Facebook

Recent Posts
Getting Images from Flickr, Instagram, Twitpic, Imgur & Deviantart Url using PHP & jQuery
Facebook Style Hashtag System with PHP, MYSQL & jQuery
Image Hover Effects using CSS3
Convert Textbox / Textarea to Fullscreen Editor using jQuery
Delete Records with Multiple Animations using jQuery
Facebook Style Tag Selector using jQuery & CSS3
Protect / Secure your Website Content using jQuery
Facebook Style Homepage Design with Registration Form, Login Form using CSS3
Responsive Login Form with CSS
Top 5 Fast & Powerful Web User Interfaces – CSS3, HTML5 & Javascript
Categories
Codeigniter (6)
CSS3 (62)
facebook (22)
Freebies (87)
htaccess (4)
html5 (15)
jquery (94)
Mysql (4)
PHP (44)
twitter (4)
Uncategorized (4)
Web Design (64)
wordpress (7)
Recent Comments
bibochip on Facebook Style Profile Info Tooltip using jQuery & CSS
Pradeep on Facebook Timeline Wall Script 2.0 with PHP, Mysql, jQuery
Karthikeyan K on Facebook Style Tag Selector using jQuery & CSS3
Neo on Facebook Style Tag Selector using jQuery & CSS3
eren on Facebook Timeline Wall Script 2.0 with PHP, Mysql, jQuery
Karthik KN subbiah on Facebook Timeline Wall Script 2.0 with PHP, Mysql, jQuery
Karthikeyan K on Facebook Timeline Wall Script 2.0 with PHP, Mysql, jQuery
Karthik KN subbiah on Facebook Timeline Wall Script 2.0 with PHP, Mysql, jQuery
Web design company on Facebook Style Hashtag System with PHP, MYSQL & jQuery
Sudhanshu Pandey on Protect / Secure your Website Content using jQuery
Alexa Certified Traffic Ranking for http://w3lessons.info
Visit BlogAdda.com to discover Indian blogs
Recent Posts
Getting Images from Flickr, Instagram, Twitpic, Imgur & Deviantart Url using PHP & jQuery
Facebook Style Hashtag System with PHP, MYSQL & jQuery
Image Hover Effects using CSS3
Convert Textbox / Textarea to Fullscreen Editor using jQuery
Delete Records with Multiple Animations using jQuery
Facebook Style Tag Selector using jQuery & CSS3
Protect / Secure your Website Content using jQuery
Facebook Style Homepage Design with Registration Form, Login Form using CSS3
Responsive Login Form with CSS
Top 5 Fast & Powerful Web User Interfaces – CSS3, HTML5 & Javascript
Subscribe my updates via Email
 

Tags
actionbar amazon cloudfront apache API Button call to action Cascading Style Sheets codeigniter CSS3 Design facebook facebook application facebook wall script favicon freebies google+ htaccess HTML5 icons image gallery javascript Jquery jquery plugin Login form message box mysql new techniques php Plug-ins plugins pricing table responsive rss feed scroll div search box Signup form slider take a tour timeline tips & tricks top bar twitter Website website speed wordpress
© 2013 W3lessons.info
Follow
Follow W3lessons.info

Get every new post delivered to your Inbox

Join other followers

3

Follow
Toggle Dock
Recommended for you:

Twitter like login form, search box, top panel using Jquery and CSS
Twitter like login form, search box, top panel u…
w3lessons.info
Animated Search Box with CSS3
Animated Search Box with CSS3
w3lessons.info
Responsive HTML5 Form with jQuery
Responsive HTML5 Form with jQuery
w3lessons.info
Notification Message boxes with CSS & Jquery
Notification Message boxes with CSS & Jquery
w3lessons.info
AddThis

1,859 total views, 1 views today

Seth Leedy’s CWP – Collect WPA Passes script

Standard

This script is a work by Webmaster Seth Leedy.


 Keep tuned to this post for updates.

Bugs:

  •  

Todo:

  •  

Cwp
Cwp
cwp.sh
12.3 KiB
317 Downloads
Details...

Count of script executions:

  • Agent: CWP_Wget_v.0.2, Count: 25
  • Agent: CWP_Wget_v.0.3, Count: 1
.


Version 0.2

623 total views, no views today