Montando uma VM para o desenvolvimento de aplicações em PHP, utilizado o CentOS 7
(EM DESENVOLVIMENTO)
Forked from marciopaiva/centos7_ambiente_desenvolvimento.md
Created
January 2, 2017 09:15
-
-
Save safdar-tp/b7d282f25c86d029853451acf2a98904 to your computer and use it in GitHub Desktop.
CentOS 7 - Apache 2.4 + MOD_PROXY_FCGI + PHP-FPM 5.5 + InstantClient Oracle.
Downloads de ferramentas e bibliotecas necessárias para a instalação da VM
- [VMware Player 6.x] (https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/6_0)
- [CentOS 7 Minimal ISO] (http://centos.ufms.br/7.0.1406/isos/x86_64/CentOS-7.0-1406-x86_64-Minimal.iso)
- [WinSCP 5.x] (http://winscp.net/eng/download.php)
- [Instant Client Package] (http://www.oracle.com/technetwork/topics/linuxx86-64soft-092277.html)
Realize o download do arquivo oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm.
Realize a instalação do WinSCP, VMware Player e crie uma VM com a ISO do CentOS 7.
Como pretendo simular um ambiente de produção. Minha VM foi criada com as seguintes configurações:
- Memory 2 GB
- Processors 4
- HD 20GB
- Network NAT
Durante o processo de instalação a VM pegou o IP (192.168.183.134), guarde o seu IP gerado para acesso via WinSCP/SSH.
Utilizando a ferramenta WinSCP, realize a cópia do arquivo oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm, para a sua VM e jogue na pasta "/tmp".
Acesse o terminal da VM, pelo WinSCP use "Ctrl+P" que será aberto o terminal. Vamos começar a brincadeira.
Por se tratar de uma VM de desenvolvimento local, vou desabilitar o Firewall e Selinux, que vem instalado e configurado por default. Caso for utilizar esse exemplo para outros ambientes recomendo que deixe os 2(dois) em funcionamento.
systemctl stop firewalld
systemctl disable firewalld
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
rebootInstalação dos RPMs e Repositórios necessários
yum install net-tools nano wget libaio perl
rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-1.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
rpm -ivh /tmp/oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm
echo '/usr/lib/oracle/12.1/client64/lib/' > /etc/ld.so.conf.d/Oracle-InstantClient-12.1.conf
ldconfig
yum update
rebootPara evitar surpresas, realizei mais um reboot para validar a atualização de kernel.
Instalação do Apache, PHP e libs.
yum --enablerepo=remi,remi-php55 install httpd php-fpm php-common php-pecl-apcu php-gd php-intl php-mbstring php-mssql php-mysql php-mysqlnd php-oci8 php-xmlrpc php-openssl php-pgsql php-soap php-opcache php-mcrypt php-pecl-pthreadsIniciando o serviço do Apache, setando para que seja iniciado ao boot e verificando o status.
systemctl start httpd.service
systemctl enable httpd.service
systemctl status httpd.service -lRemovendo o Warning da falta de ServerName do Apache.
echo "ServerName localhost" >> /etc/httpd/conf.d/servername.confIniciando o serviço do PHP-FPM, setando para que seja iniciado ao boot e verificando o status.
systemctl start php-fpm.service
systemctl enable php-fpm.service
systemctl status php-fpm.service -lCriando o arquivo info.php para validar as configurações do PHP.
printf '<?php\n phpinfo();' > /var/www/html/info.phpCriando um VirtualHost utilizando o mod_proxy_fcgi
nano /etc/httpd/conf.d/localhost.conf<VirtualHost *:80>
ServerName localhost
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/html/$1
DocumentRoot /var/www/html
<Directory /var/www/html>
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/httpd/localhost_error.log
CustomLog /var/log/httpd/localhost_access.log combined
</VirtualHost>
systemctl restart httpd.service
systemctl status httpd.service -lPara validar as configurações acesse via navegador os endereços:
O Apache 2.4 no CentOS, praticamente carrega todos os módulos na sua instalação. Como não vou utilizar todos os módulos vou desabilitar e deixar apenas o que preciso.
Todas as configurações foram baseadas no [CIS Apache HTTP Server 2.4 Benchmark] (http://und.edu/cio/it-security/policy/_files/docs/cis-apache-http-server-2-4-benchmark-v1-1-0.pdf)
nano /etc/httpd/conf.modules.d/00-base.conf#
# This file loads most of the modules included with the Apache HTTP
# Server itself.
#
#LoadModule access_compat_module modules/mod_access_compat.so
#LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
#LoadModule allowmethods_module modules/mod_allowmethods.so
#LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_core_module modules/mod_authn_core.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authz_core_module modules/mod_authz_core.so
#LoadModule authz_dbd_module modules/mod_authz_dbd.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
#LoadModule data_module modules/mod_data.so
#LoadModule dbd_module modules/mod_dbd.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
#LoadModule dumpio_module modules/mod_dumpio.so
#LoadModule echo_module modules/mod_echo.so
#LoadModule env_module modules/mod_env.so
LoadModule expires_module modules/mod_expires.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule filter_module modules/mod_filter.so
#LoadModule headers_module modules/mod_headers.so
#LoadModule include_module modules/mod_include.so
#LoadModule info_module modules/mod_info.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule remoteip_module modules/mod_remoteip.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
#LoadModule socache_dbm_module modules/mod_socache_dbm.so
#LoadModule socache_memcache_module modules/mod_socache_memcache.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule status_module modules/mod_status.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule suexec_module modules/mod_suexec.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule unixd_module modules/mod_unixd.so
#LoadModule userdir_module modules/mod_userdir.so
#LoadModule version_module modules/mod_version.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule watchdog_module modules/mod_watchdog.so
#LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule dialup_module modules/mod_dialup.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule log_debug_module modules/mod_log_debug.so
#LoadModule ratelimit_module modules/mod_ratelimit.so
#LoadModule reflector_module modules/mod_reflector.so
#LoadModule request_module modules/mod_request.so
#LoadModule sed_module modules/mod_sed.so
#LoadModule speling_module modules/mod_speling.sonano /etc/httpd/conf.modules.d/00-dav.conf#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule dav_lock_module modules/mod_dav_lock.sonano /etc/httpd/conf.modules.d/00-lua.conf#LoadModule lua_module modules/mod_lua.sonano /etc/httpd/conf.modules.d/00-mpm.conf# Select the MPM module which should be used by uncommenting exactly
# one of the following LoadModule lines:
# prefork MPM: Implements a non-threaded, pre-forking web server
# See: http://httpd.apache.org/docs/2.4/mod/prefork.html
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
# worker MPM: Multi-Processing Module implementing a hybrid
# multi-threaded multi-process web server
# See: http://httpd.apache.org/docs/2.4/mod/worker.html
#
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
# event MPM: A variant of the worker MPM with the goal of consuming
# threads only for connections with active processing
# See: http://httpd.apache.org/docs/2.4/mod/event.html
#
LoadModule mpm_event_module modules/mod_mpm_event.sonano /etc/httpd/conf.modules.d/00-proxy.conf# This file configures all the proxy modules:
LoadModule proxy_module modules/mod_proxy.so
#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_express_module modules/mod_proxy_express.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.sonano /etc/httpd/conf.modules.d/00-systemd.conf# This file configures systemd module:
LoadModule systemd_module modules/mod_systemd.sonano /etc/httpd/conf.modules.d/01-cgi.conf# This configuration file loads a CGI module appropriate to the MPM
# which has been configured in 00-mpm.conf. mod_cgid should be used
# with a threaded MPM; mod_cgi with the prefork MPM.
<IfModule mpm_worker_module>
LoadModule cgid_module modules/mod_cgid.so
ThreadsPerChild 25
StartServers 3
ServerLimit 400
MinSpareThreads 75
MaxSpareThreads 250
MaxRequestWorkers 10000
MaxConnectionsPerChild 0
</IfModule>
<IfModule mpm_event_module>
LoadModule cgid_module modules/mod_cgid.so
ThreadsPerChild 25
StartServers 3
ServerLimit 400
MinSpareThreads 75
MaxSpareThreads 250
MaxRequestWorkers 10000
MaxConnectionsPerChild 0
</IfModule>
<IfModule mpm_prefork_module>
LoadModule cgi_module modules/mod_cgi.so
StartServers 5
ServerLimit 1000
MinSpareServers 5
MaxSpareServers 10
MaxRequestWorkers 1000
MaxConnectionsPerChild 0
</IfModule>Ufa!!! deu trabalho testar todos os módulos para saber o que precisa para rodar.
Com base no documento, vou criar um arquivo de segurança para aplicar as regras que não estão sendo aplicadas.
nano /etc/httpd/conf.d/security.conf#
# http://und.edu/cio/it-security/policy/_files/docs/cis-apache-http-server-2-4-benchmark-v1-1-0.pdf
#
Timeout 10
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
LimitRequestline 512
LimitRequestFields 100
LimitRequestFieldsize 1024
LimitRequestBody 102400systemctl restart httpd.serviceConfigurações das Variáveis de Ambiente.
nano /etc/sysconfig/php-fpmIncluir no arquivo o NLS_LANG, conforme arquivo abaixo:
# Additional environment file for php-fpm
# This file is deprecated when systemd is used and
# will be removed in the future
# To alter the FPM environment, copy the unit file
# from /usr/lib/systemd/system/php-fpm.service
# to /etc/systemd/system/php-fpm.service
# and add an Environment line
# With systemd >= 204 you can simply drop a file with the
# suffix .conf in /etc/systemd/system/php-fpm.service.d, with
# [Service]
# Environment=FOO=bar
# See systemd documentation.
# man systemd.unit
# man systemd.exec
NLS_LANG = 'BRAZILIAN PORTUGUESE_BRAZIL.AL32UTF8'
NLS_TERRITORY = 'BRAZIL'
NLS_DUAL_CURRENCY = 'R$'
NLS_CURRENCY = 'R$'
NLS_ISO_CURRENCY = 'BRAZIL'
NLS_DATE_LANGUAGE = 'BRAZILIAN PORTUGUESE'
NLS_DATE_FORMAT = 'DD/MM/YYYY'
NLS_TIME_FORMAT = 'HH24:MI:SS'
NLS_TIMESTAMP_FORMAT = 'DD/MM/YYYY HH24:MI:SS'Próximo passo é incluir as variáveis no pool do php-fpm
nano /etc/php-fpm.d/www.confSegue conteúdo e local aonde deve ser incluido.
...
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
env[HOSTNAME] = 'localhost'
env[NLS_LANG] = 'BRAZILIAN PORTUGUESE_BRAZIL.AL32UTF8'
env[NLS_TERRITORY] = 'BRAZIL'
env[NLS_DUAL_CURRENCY] = 'R$'
env[NLS_CURRENCY] = 'R$'
env[NLS_ISO_CURRENCY] = 'BRAZIL'
env[NLS_DATE_LANGUAGE] = 'BRAZILIAN PORTUGUESE'
env[NLS_DATE_FORMAT] = 'DD/MM/YYYY'
env[NLS_TIME_FORMAT] = 'HH24:MI:SS'
env[NLS_TIMESTAMP_FORMAT] = 'DD/MM/YYYY HH24:MI:SS'
...As informações são redundantes, mas foi a unica forma que consegui para funcionar em ambientes (RHEL 7 e CentOS 7)
systemctl restart php-fpm.service
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment