Cheap VPS & Xen Server


Residential Proxy Network - Hourly & Monthly Packages

How to install Lighttpd with PHP-FPM and MariaDB on CentOS 7


Lighttpd is a secure, fast, standards-compliant web server designed for speed-critical environments. This tutorial shows how you can install Lighttpd on a Centos 7 server with PHP support (through PHP-FPM) and MySQL support. PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites. I use PHP-FPM in this tutorial instead of Lighttpd’s spawn-fcgi.

 

1 Preliminary Note

In this tutorial, I use the hostname server1.example.com with the IP address 192.168.1.100. These settings might differ for you, so you have to replace them where appropriate.

2 Installing MariaDB as MySQL drop in replacement

First, we install MySQL like this:

yum -y install mariadb mariadb-server

Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server:

systemctl enable  mariadb.service
systemctl start  mariadb.service

Set passwords for the MarisDB root account:

mysql_secure_installation

[root@server1 ~]# mysql_secure_installation
/usr/bin/mysql_secure_installation:

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we’ll need the current
password for the root user. If you’ve just installed MariaDB, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): <– press enter
OK, successfully used password, moving on…

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] <– y
New password: <– enter new password
Re-enter new password: <– enter new password
Password updated successfully!
Reloading privilege tables..
… Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] <– y
… Success!

Normally, root should only be allowed to connect from ‘localhost’. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] <– y
… Success!

By default, MariaDB comes with a database named ‘test’ that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] <– y
– Dropping test database…
… Success!
– Removing privileges on test database…
… Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] <– y
… Success!

Cleaning up…

All done! If you’ve completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

 

3 Installing Lighttpd

Because Lighttpd and PHP-FPM are not available from the official CentOS repositories, we need to enable the EPEL repository:

yum -y install epel-release

Import the EPEL GPG-key:

rpm –import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

and then run:

yum update

Afterwards, we can install Lighttpd like this:

yum -y install lighttpd

Then we create the system startup links for Lighttpd (so that Lighttpd starts automatically whenever the system boots) and start it:

systemctl enable  lighttpd.service
systemctl start  lighttpd.service

If Lighttpd fails to start with the following error message…

(network.c.203) socket failed: Address family not supported by protocol

… open /etc/lighttpd/lighttpd.conf

nano /etc/lighttpd/lighttpd.conf

… and change server.use-ipv6 from enable to disable:

[...]
##
## Use IPv6?
##
server.use-ipv6 = "disable"
[...]

Then try to start Lighttpd again – it should now work without any problem:

systemctl start  lighttpd.service

Lighttpd has its document root in /var/www/htdocs (base directory /var/www plus htdocs as subdirectory according to lighttpd.conf file) but it installs the default files to /var/www/lighttpd. That’s inconsistent so we have to rename the directory like this.

mv /var/www/lighttpd /var/www/htdocs

Now direct your browser to http://192.168.1.100, and you should see the following page:

lighttpd_default_page1

Lighttpd’s default document root is /var/www/htdocs/ on CentOS 7, and the configuration file is /etc/lighttpd/lighttpd.conf.

 

4 Installing PHP

We can make PHP work in Lighttpd through PHP-FPM which we install like this:

yum -y install php-fpm lighttpd-fastcgi

PHP-FPM is a daemon process that runs a FastCGI server on port 9000.

Open /etc/php-fpm.d/www.conf

nano /etc/php-fpm.d/www.conf

… and set user and group to lighttpd:

[...]
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = lighttpd
; RPM: Keep a group allowed to write in log dir.
group = lighttpd
[...]

Create the system startup links for PHP-FPM and start it:

systemctl enable  php-fpm.service
systemctl start  php-fpm.service

5 Configuring Lighttpd and PHP

To enable PHP in Lighttpd, we must modify two files, /etc/php.ini and /etc/lighttpd/lighttpd.conf. First we open /etc/php.ini and uncomment the line cgi.fix_pathinfo=1:

nano /etc/php.ini

[...]
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting
; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://www.php.net/manual/en/ini.core.php#ini.cgi.fix-pathinfo
cgi.fix_pathinfo=1
[...]

Then we open /etc/lighttpd/modules.conf and uncomment the line include “conf.d/fastcgi.conf”:

nano /etc/lighttpd/modules.conf

[...]
##
## FastCGI (mod_fastcgi)
##
include "conf.d/fastcgi.conf"
[...]

Next open /etc/lighttpd/conf.d/fastcgi.conf:

nano /etc/lighttpd/conf.d/fastcgi.conf

There’s a fastcgi.server stanza – leave it commented and add your own fastcgi.server stanza as follows:

[...]
## PHP Example
## For PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini.
##
## The number of php processes you will get can be easily calculated:
##
## num-procs = max-procs * ( 1 + PHP_FCGI_CHILDREN )
##
## for the php-num-procs example it means you will get 17*5 = 85 php
## processes. you always should need this high number for your very
## busy sites. And if you have a lot of RAM. :)
##


fastcgi.server += ( ".php" =>
        ((
                "host" => "127.0.0.1",
                "port" => "9000",
                "broken-scriptfilename" => "enable"
        ))
)

#fastcgi.server = ( ".php" =>
#                   ( "php-local" =>
#                     (
#                       "socket" => socket_dir + "/php-fastcgi-1.socket",
#                       "bin-path" => server_root + "/cgi-bin/php5",
#                       "max-procs" => 1,
#                       "broken-scriptfilename" => "enable",
#                     )
#                   ),
[...]

Then we restart Lighttpd:

systemctl restart  lighttpd.service

 

6 Testing PHP / Getting Details About Your PHP5 Installation

The document root of the default web site is /var/www/htdocs/. We will now create a small PHP file (info.php) in that directory and call it in a browser. The file will display lots of useful details about our PHP installation, such as the installed PHP version.

nano /var/www/htdocs/info.php

<?php
phpinfo();
?>

Now we call that file in a browser (e.g. http://192.168.1.100/info.php):

lighttpd_phpinfo

As you see, PHP is working, and it’s working through FPM/FastCGI, as shown in the Server API line. If you scroll further down, you will see all modules that are already enabled in PHP. MySQL is not listed there which means we don’t have MySQL support in PHP yet.

 

7 Getting MySQL Support In PHP

To get MySQL support in PHP, we can install the php-mysql package. It’s a good idea to install some other PHP modules as well as you might need them for your applications. You can search for available PHP5 modules like this:

yum search php

Pick the ones you need and install them like this:

yum -y install php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc

APC is a free and open PHP opcode cacher for caching and optimizing PHP intermediate code. It’s similar to other PHP opcode cachers, such as eAccelerator and Xcache. It is strongly recommended to have one of these installed to speed up your PHP page.

APC can be installed as follows:

yum -y install php-pecl-apc

Now reload PHP-FPM:

systemctl reload php-fpm.service

Now reload http://192.168.1.100/info.php in your browser and scroll down to the modules section again. You should now find lots of new modules there, including the MySQL module:

lighttpd_php_mysql

8 Making PHP-FPM use a Unix Socket

By default PHP-FPM is listening on port 9000 on 127.0.0.1. It is also possible to make PHP-FPM use a Unix socket which avoids the TCP overhead. To do this, open /etc/php-fpm.d/www.conf

nano /etc/php-fpm.d/www.conf

… and make the listen line look as follows:

[...]
;listen = 127.0.0.1:9000
listen = /tmp/php5-fpm.sock
[...]

Then reload PHP-FPM:

systemctl reload php-fpm.service

Next open Lighttpd’s PHP configuration file /etc/lighttpd/conf.d/fastcgi.conf and replace the host and port lines with “socket” => “/tmp/php5-fpm.sock”:

nano /etc/lighttpd/conf.d/fastcgi.conf

fastcgi.server += ( ".php" =>
        ((
                "socket" => "/tmp/php5-fpm.sock",
                "broken-scriptfilename" => "enable"
        ))
)

Finally restart Lighttpd:

systemctl restart  lighttpd.service

 

Comments

comments