Dựng VM Rocky
Chạy playbook new_server
dnf install -y nginx php php-fpm php-cli php-curl php-json policycoreutils-python-utils firewalld
systemctl enable --now nginx
systemctl enable --now php-fpm
systemctl enable --now firewalld
setsebool -P httpd_can_network_connect 1
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
sed -i 's/^user = .*/user = nginx/' /etc/php-fpm.d/www.conf
sed -i 's/^group = .*/group = nginx/' /etc/php-fpm.d/www.conf
sed -i 's#^listen = .*#listen = /run/php-fpm/www.sock#' /etc/php-fpm.d/www.conf
grep -q '^listen.owner' /etc/php-fpm.d/www.conf && sed -i 's/^listen.owner.*/listen.owner = nginx/' /etc/php-fpm.d/www.conf || echo 'listen.owner = nginx' >> /etc/php-fpm.d/www.conf
grep -q '^listen.group' /etc/php-fpm.d/www.conf && sed -i 's/^listen.group.*/listen.group = nginx/' /etc/php-fpm.d/www.conf || echo 'listen.group = nginx' >> /etc/php-fpm.d/www.conf
grep -q '^listen.mode' /etc/php-fpm.d/www.conf && sed -i 's/^listen.mode.*/listen.mode = 0660/' /etc/php-fpm.d/www.conf || echo 'listen.mode = 0660' >> /etc/php-fpm.d/www.conf
mkdir -p /var/www/html
chown -R nginx:nginx /var/www/html
chmod 750 /var/www/html
semanage fcontext -a -t httpd_sys_content_t "/var/www/html(/.*)?"
restorecon -Rv /var/www/html
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
-------------------------------------------------------------------------------
cat > /etc/nginx/nginx.conf <<'EOF'
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name _;
root /var/www/html;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
root /var/www/html;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
}
EOF
-------------------------------------------------------------------------------
nginx -t
systemctl restart php-fpm
systemctl restart nginx
-------------------------------------------------------------------------------
cat > /var/www/html/success_204.php <<'EOF'
<?php
http_response_code(204);
header('Content-Length: 0');
header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
header('Pragma: no-cache');
exit;
EOF
-------------------------------------------------------------------------------
chown nginx:nginx /var/www/html/success_204.php
chmod 640 /var/www/html/success_204.php
restorecon -v /var/www/html/success_204.php
-------------------------------------------------------------------------------
cat > /var/www/html/index.php
paste vào rồi Ctrl+D
-------------------------------------------------------------------------------
chown nginx:nginx /var/www/html/index.php
chmod 640 /var/www/html/index.php
restorecon -v /var/www/html/index.php
-------------------------------------------------------------------------------
cat > /var/www/html/login.php
paste vào rồi Ctrl+D
-------------------------------------------------------------------------------
chown nginx:nginx /var/www/html/login.php
chmod 640 /var/www/html/login.php
restorecon -v /var/www/html/login.php
systemctl restart php-fpm
systemctl restart nginx
Vận hành:
- Khi cần bật debug log kết nối, có thể mở file login lên uncomment đoạn // LOG DEBUG
- Khi đổi link chiến dịch quảng cáo, sửa trong file login, đoạn window.location.replace
No comments:
Post a Comment