隨著官網的重要性越來越高,將 Magento 雲端化已經是必要的事情了(免除停電、網路斷線等風險)
以下是在 Google Compute Engine(GCE) 中的 CentOS 7.0 進行環境設定
GCE CentOS 7.0 預設模組版本為 PHP 5.4.16、NGINX 1.12.2、OpenSSL 1.0.2k,已經符合我們的最低需求了
資料庫則嘗試採用 Google SQL 取代本機安裝 MariaDB(MySQL) 的方式
安裝
為了方便設定,先設定 root 密碼,在用 su 指令切換至 root 使用者
sudo passwd root su
安裝 NGINX 1.12.2
yum -y install nginx
安裝 PHP 5.4.16 + Zend Optimizer+
yum -y install php php-mysql php-gd php-fpm php-mbstring php-mcrypt php-pear php-process php-tidy php-xml php-xmlrpc php-soap yum -y install php-pecl-zendopcache
安裝 PHP 5.6 + opcache
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm yum -y install php56w php56w-mysql php56w-gd php56w-fpm php56w-mbstring php56w-mcrypt php56w-pear php56w-process php56w-tidy php56w-xml php56w-xmlrpc php56w-soap php56w-devel php56w-opcache
安裝新版 CURL(Magento 必須套件)
rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/rhel7/x86_64/city-fan.org-release-1-13.rhel7.noarch.rpm sed -i '5c enabled=1' /etc/yum.repos.d/city-fan.org.repo yum -y install curl libcurl
設定
修改 SELINUX 模式,http_can_sendmail 設定
sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config && setsebool -P httpd_can_sendmail 1
修改 php.ini 設定
sed -i 's/short_open_tag = Off/short_open_tag = On/' /etc/php.ini && sed -i 's/memory_limit = 128M/memory_limit = 512M/' /etc/php.ini && sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/php.ini
修改 php-fpm 設定
sed -i 's@listen = 127.0.0.1:9000@listen = /var/run/php-fpm/php-fpm.sock@' /etc/php-fpm.d/www.conf && sed -i 's@;listen.owner = nobody@listen.owner = nginx@' /etc/php-fpm.d/www.conf && sed -i 's/;listen.group = nobody/listen.group = nginx/' /etc/php-fpm.d/www.conf && sed -i 's/user = apache/user = nginx/' /etc/php-fpm.d/www.conf && sed -i 's/group = apache/group = nginx/' /etc/php-fpm.d/www.conf
優化 /etc/php.d/opcache.ini 設定
sed -i 's/opcache.memory_consumption=128/opcache.memory_consumption=256/' /etc/php.d/opcache.ini && sed -i 's/opcache.max_accelerated_files=4000/opcache.max_accelerated_files=16000/' /etc/php.d/opcache.ini
修改 nginx.conf 設定檔
vim /etc/nginx/nginx.conf
移除此區塊
server { listen 80 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } }
新增 nginx/conf.d/magento.conf (80 port 專用)
vim /etc/nginx/conf.d/magento.conf
填入以下設定
server { listen 80; server_name 104.199.145.27; root /usr/share/nginx/html; index index.php index.html index.htm; location ~* \.(ico|css|js|gif|jpe?g|png|ogg|ogv|svg|svgz|eot|otf|woff)(\?.+)?$ { expires max; log_not_found off; add_header Access-Control-Allow-Origin "*"; } #location /.well-known/acme-challenge/ { # alias /var/www/dehydrated/; #} location / { try_files $uri $uri/ /index.php?q=$uri&$args; } ## These locations are protected location /downloader/ { allow 192.168.0.0/24; deny all; } ## These locations are protected location ~ /(dev|app|includes|lib|media/downloadable|pkginfo|var)/ { deny all; } location @handler { ## Magento uses a common front handler rewrite / /index.php; } location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler rewrite ^(.*.php)/ $1 last; } location ~ \.php$ { try_files $uri =404; fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } #if ($bad_referer) { # return 444; #} }
新增 nginx/conf.d/magento.ssl.conf (443 port 專用)
vim /etc/nginx/conf.d/magento.ssl.conf
填入以下設定
server { listen 443 ssl http2; server_name www.gapl.com.tw www.glamp.com.tw; root /usr/share/nginx/html; index index.php index.html index.htm; ssl_certificate /etc/dehydrated/certs/www.gapl.com.tw/fullchain.pem; ssl_certificate_key /etc/dehydrated/certs/www.gapl.com.tw/privkey.pem; ssl_dhparam /etc/dehydrated/dhparam.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL:20m; ssl_session_timeout 180m; ssl_prefer_server_ciphers on; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4; add_header Strict-Transport-Security "max-age=31536000" always; location ~* \.(ico|css|js|gif|jpe?g|png|ogg|ogv|svg|svgz|eot|otf|woff)(\?.+)?$ { expires max; log_not_found off; add_header Access-Control-Allow-Origin "*"; add_header Strict-Transport-Security "max-age=31536000" always; } location / { deny 203.24.188.5; deny 203.24.188.10; try_files $uri $uri/ /index.php?q=$uri&$args; } ## These locations are protected location /dev/ { allow 192.168.0.0/16; deny all; } location /downloader/ { allow 192.168.0.0/16; deny all; } ## These locations are protected location ~ /(app|includes|lib|media/downloadable|pkginfo|var)/ { deny all; } location @handler { ## Magento uses a common front handler rewrite / /index.php; } location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler rewrite ^(.*.php)/ $1 last; } location ~ \.php$ { try_files $uri =404; fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; fastcgi_read_timeout 600s; } if ($bad_referer) { return 444; } }
設定開機啟動 NGINX & PHP-FPM 服務
systemctl enable nginx.service && systemctl enable php-fpm.service
下載 Magento 備份檔並轉移至網站資料夾,並重新啟動讓 SELINUX 設定生效
curl -O https://storage.googleapis.com/www-gapl/magento_2017-12-29.tar.gz rm -rf /usr/share/nginx/html tar -C /usr/share/nginx/ -zxvf magento_2017-12-29.tar.gz chown -R nginx: /usr/share/nginx/html reboot
下一步 SSL 轉移請前往:於 Google Compute Engine CentOS 7.0 設定 Dehydrated 與轉移 SSL 憑證
遇到 403 Forbidden
Nginx Error Log(/var/log/nginx/error.log) 中顯示
2017/12/30 18:16:42 [error] 871#0: *2 open() “/usr/share/nginx/html/LICENSE.txt” failed (13: Permission denied), client: 60.251.46.241, s
erver: 104.199.145.27, request: “GET /LICENSE.txt HTTP/1.1”, host: “104.199.145.27”
延伸閱讀
Google Compute Engine 使用 root 和密碼登入