Sudo Scare

In chapter 6 one of the things you learned about was not using the root account due to multiple reasons. To that effect, you created a user called user1. But this user is quite powerless at the moment. Check it out by doing the following:

• Start by logging in as user1 like so: ssh -p 3026 user1@127.0.0.1
  .

• Try running the following command and notice how it tries to scare you:

[user1@wfe1 ∼]$ sudo yum -y install php56
[sudo] password for user1:
user1 is not in the sudoers file. This incident will be reported.

• It basically says that user1 is not allowed to do sudo.

• Since you know you can trust user1, you can add him to the sudoers list by using visudo.

• Type su and hit enter to get into the root prompt.

• Type visudo and hit enter again. It will open the file ( /etc/sudoers) in vi editor and allow you to edit it.

• After the file is open, look for a line that says root ALL=(ALL) ALL and add your user in the next line.

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
user1   ALL=(ALL)       ALL

• Save the file and type exit to get back from the root prompt to the user1 prompt.

• sudo should now work for the commands.

Installing MySQL

Now that the user is in the sudoers list, you can install some software to complete the LEMP (Linux, eNginx, MySQL, and PHP) stack
. Let us start with MySQL. MySQL is an open source relational database management system (RDBMS)
. In July 2013, it was the second most widely used RDBMS, just behind SQLite.

Log in on to your wfe1.localdomain server using ssh -p 3026 user1@127.0.0.1
. To install MySQL server, you need to first download the Yum repository. The following link contains information about different versions that are available:
http://dev.mysql.com/downloads/repo/yum/
. Visit the link and find the version you are interested in. For CentOS, you can pick RHEL 7’s download link which can be found here:
http://dev.mysql.com/downloads/file.php?id=450705

.

1. Install wget so that you can download anything from the server directly instead of uploading the file using FTP.

   sudo yum install -y wget

2. Now, use wget to download the repository and use the rpm (RPM Package Manager) utility to manage the file you just downloaded as follows:

   sudo wget http://dev.mysql.com/get/mysql57-community-release-el7-7.noarch.rpm
   sudo rpm -Uvh mysql57-community-release-el7-7.noarch.rpm

3. Time to install MySQL. Execute the following command:

   sudo yum install -y mysql-community-server

4. A bunch of files will be downloaded and installed for you due to the yum (and other package managers’) goodness that comes with Linux.

5. Once the setup is done, you can start the MySQL service like so:

   sudo service mysqld start
   sudo service mysqld status

6. During the installation the server is initialized and an SSL certificate and key files are generated in the data directory. Along with that, a superuser account ‘root’@’localhost is created. If you try to connect using mysql -u root command, you will get the following error (and you can easily figure out that it is because you haven’t provided any password):

   ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

7. Since the install never really asked for a password, how would you know what the password is? The answer to this is simple. It is because there is a temporary password allocated during the installation process. You can retrieve that and as you can guess, change it immediately so that you have a strong password in place. To retrieve the password, use the following command:

   sudo grep 'temporary password' /var/log/mysqld.log
   --- 1 [Note] A temporary password is generated for root@localhost: gj>jwax<u0rT                  

8. Connect to MySQL using mysql -u root -p and type in the temporary password. This will allow you to enter the MySQL console. To change the temporary password, use the following command:

   mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'P@ssword1!';
   Query OK, 0 rows affected (0.00 sec)

9. Try typing simple commands and you can start talking to your MySQL server.

   mysql> show databases;
   +--------------------+
   | Database           |
   +--------------------+
   | information_schema |
   | mysql              |
   | performance_schema |
   | sys                |
   +--------------------+
   4 rows in set (0.00 sec)

10. Type quit; at the prompt and you will be back to your user prompt.

Before you proceed with installing PHP and other Nginx configuration on WFE1, you may want to clean up what you might have done in the previous chapter. This is simply to avoid any confusion:

sudo rm -rf site1 site2 site3
sudo rm -f /etc/nginx/conf.d/site*.conf

Also remove the host name entries from your host file that you might have created during the previous chapter.

Installing PHP

Let us install PHP next. PHP originally stood for Personal Home Page, but of late it is referred to as Hypertext Preprocessor. It is a server-side scripting language designed for web development. It is one of the core standing pillars for the LAMP (Linux, Apache, MySQL, and PHP) or LEMP (Linux, Nginx, MySQL, and PHP) stack. Please keep in mind that there are multiple options for running PHP. The most common options available to you are mod_php

, FastCGI, and PHP-FPM

.

• mod_php

  is the built-in version available only for Apache. Installing it is easy, and its ease of use coupled with tight integration is probably the most common reason to deploy mod_php. However, it forces every Apache child to use more memory and needs a restart of Apache to read an updated php.ini file.

• FastCGI is a pretty generic protocol available on most platforms including Windows IIS. It is an improvisation over the earlier variation of Common Gateway Interface (CGI) that reduces the overheads by spinning up one process for multiple requests. You might be already aware that CGI used one process per request and it was not as scalable for extremely busy sites. FastCGI has a smaller memory footprint than mod_php and has more configuration options.

• PHP-FPM is an alternative for PHP FastCGI implementation and is the newest kid on the block. It can be used with any web server that is compatible with FastCGI and plays well with Nginx too. It gives you a lot of configuration options and it really shines in multiple areas, especially related to availability. You can start different processes with different settings and different php.ini options. This means you can have multiple processes serving different versions of PHP in case your application is not compatible with a specific PHP version.

In this book, you will be using PHP-FPM. To install it, you will need to first add the yum repository followed with yum install like so:

sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
sudo yum install -y php56w-fpm php56w-opcache php56w-mysql

This will install your php-fpm service, and you can start using it for applications that are written in PHP. To start, stop, or restart the service use the commands respectively:

sudo service php-fpm start
sudo service php-fpm stop
sudo service php-fpm restart

To view the status

, run the following command and notice how it shows a green circle to the left of service name:

sudo service php-fpm status
Redirecting to /bin/systemctl status  php-fpm.service
●php-fpm.service - The PHP FastCGI Process Manager
   Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2016-03-08 02:10:35 EST; 1s ago
 Main PID: 2665 (php-fpm)
   Status: "Ready to handle connections"
   CGroup: /system.slice/php-fpm.service
           ├─2665 php-fpm: master process (/etc/php-fpm.conf)
           ├─2666 php-fpm: pool www
           ├─2667 php-fpm: pool www
           ├─2668 php-fpm: pool www
           ├─2669 php-fpm: pool www
           └─2670 php-fpm: pool www

To view the version of PHP, you can use the following command:

php -v
PHP 5.6.18 (cli) (built: Feb  4 2016 22:08:11)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies

Let’s configure Nginx to test if PHP works by default. As discussed in chapter 6, start by creating a configuration file for the test site by copying the /etc/nginx/conf.d/default.template:

sudo cp /etc/nginx/conf.d/default.template /etc/nginx/conf.d/test.conf

Modify the test.conf file

so that it looks like the following:

server {
    listen       80;
    server_name  localhost;

    root   /usr/share/nginx/html;

    location / {
        index  index.html index.htm;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    location ∼ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
}

In the previous configuration block, the last location block is what does the real magic from PHP perspective.

• The location route matches all routes that end with a .php.

• The
  fastcgi_pass directive

  tells Nginx to pass on the request to the specified address. If you like, you can have another server just to serve PHP requests. In this configuration however, since the php_fpm service is running locally, the request gets routed to that process on the same server instead on port 9000.

• fastcgi_index directive

  sets a file name that will be appended after a URI that ends with a slash, in the value of the $fastcgi_script_name variable.

• fastcgi_paramsets the parameter for the SCRIPT_FILENAME. In the current block if the request is for /page.php the SCRIPT_FILENAME variable will be $document_root/page.php, but if the request is just for / the SCRIPT_FILENAME will be $document_root/index.php. $document_root variable is equal to the root directive set inside your location or server block.

• The include directives initialize a bunch of other parameters and is set in a file located at /etc/nginx/fastcgi_params. It is a good idea to keep all parameters related to fastcgi grouped in a single file.

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

Now it’s time to test if PHP is working. Create a file at /usr/share/nginx/html/test.php and paste the following code in it. The first line reads the server variables and the second line displays tabular information about PHP itself.

<?php var_export($_SERVER)?>
<?php phpinfo() ?>

Browse to http://localhost:8006/test.php and you should be able to see a page that looks similar to Figure 7-1.

Figure 7-1. Output of test.php

This is great! Your server can now host PHP pages and output dynamic pages for you.

Notice the USER is Apache in Figure 7-4. Why would that be so? Well, the reason is that by default the configuration file for php-fpm is configured so that the process is executed as
apache. Run the command ps -aux | grep php and you will find that the php-fpm process is running as apache.

ps -aux | grep php
root      2665  0.0  1.9 393584 20292 ?        Ss   02:10   0:00 php-fpm: master process (/etc/php-fpm.conf)
apache    2666  0.0  0.4 393584  4908 ?        S    02:10   0:00 php-fpm: pool www
apache    2667  0.0  0.4 393584  4908 ?        S    02:10   0:00 php-fpm: pool www
apache    2668  0.0  0.4 393584  4908 ?        S    02:10   0:00 php-fpm: pool www
apache    2669  0.0  0.4 393584  4908 ?        S    02:10   0:00 php-fpm: pool www
apache    2670  0.0  0.4 393584  4908 ?        S    02:10   0:00 php-fpm: pool www
user1     2702  0.0  0.0 112612   736 pts/0    S+   02:17   0:00 grep --color=auto php

In contrast
ps -aux | grep nginxwill tell you that the process for Nginx is running as nginx.

ps -aux | grep nginx
nginx      953  0.0  0.1  48268  1904 ?        S    Mar07   0:00 nginx: worker process
user1     2705  0.0  0.0 112612   736 pts/0    R+   02:20   0:00 grep --color=auto nginx

To change the user, you can edit the configuration file sudo vi /etc/php-fpm.d/

www.conf
and change the line that reads user = apache to user = nginx and group = apache to group = nginx. Restart the service by typing the following command.

sudo service php-fpm restart                                    

If you refresh the page, you will now see that the settings have taken affect and you are being served a page with ‘USER’=>’nginx’. You can also check the output of ps -aux | grep php and confirm that the process is indeed running as nginx.

Your
wfe1.localdomain server

can be considered fully setup as a LEMP stack
server. You can now set up dynamic applications on it.

Configure Nginx for WordPress

WordPress is the world’s most commonly used content management system based on PHP and MySQL. More than 60 million websites use WordPress as their content management system. It is open source and the application files are installed on a web server. You can also host your blog or site using WordPress.com, but in our context we will be dealing only with the self-hosting option of WordPress.

In the previous chapter you have already downloaded the zipped version of the repository from Github located at
https://github.com/attosol/nginx
. You will find a folder called /dynamic/wordpress-4.4.2. This folder contains version 4.4.2 of WordPress. WordPress is known for easy installation steps. So, let us quickly install WordPress and see it in action by following these steps:

1. Log in to the MySQL prompt using mysql -u root –p.

2. To create a database, use the following command where wpsite is the name of the database:

                           CREATE DATABASE wpsite                                                                

3. Grant all privileges to a user account using the following command where wpuser is the name of the user and P@ssword1! is your strong password. Change the password as you deem fit and run the command:

   GRANT ALL PRIVILEGES on wpsite.* TO wpuser@localhost IDENTIFIED BY "P@ssword1!";

4. Upload the files using an FTP client as shown in Figure 7-2. Create a new folder called WordPress and upload all the content from /dynamic/wordpress-4.4.2.

   

   Figure 7-2. Uploading content

   to WFE1 server

5. Remove your test.conf file that you created from the default.template a while ago in this chapter:

   sudo rm -f /etc/nginx/conf.d/test.conf

6. Create a copy of the default.template file like so:

   sudo cp /etc/nginx/conf.d/default.template /etc/nginx/conf.d/wpsite.conf

7. Make your look as follows and reload using
   sudo nginx -s reload:

   server {
       listen       80;
       server_name  localhost;
   
       root   /usr/share/nginx/html/wordpress;
   
       location / {
           index  index.php index.html index.htm;
       }
   
       # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
       location ∼ \.php$ {
           fastcgi_pass   127.0.0.1:9000;
           fastcgi_index  index.php;
           fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
           include        fastcgi_params;
       }
   }

8. Although not mandatory, it is a good idea to check if your database is up and connecting well from PHP. It is actually fairly simple. Create a file in your /usr/share/nginx/html/wordpress directory called
   dbtest.phpand write the following text:

   <?php
     $db=mysql_connect('localhost', 'wpuser', 'P@ssword1!');
     if (!$db) echo "connection failed";
     else echo "connection succeeded";
   ?>

9. If you browse to http://localhost:8006/dbtest.php you should see “connection succeeded” message. If you don’t see it, something is missing and you are advised to cross check before proceeding ahead.

10. Time for some cool stuff. Type http://localhost:8006/index.php in your browser. It should take you to the famous 5-minute WordPress installation page, which looks similar to Figure 7-3:

    

    Figure 7-3. WordPress installation page

    . Click Let’s go!

11. You will be presented a screen that will ask for the parameters that you have already set up. Provide the details as you see in Figure 7-4 and click Submit.

    

    Figure 7-4. WordPress installation parameters

12. When you click on Submit, a config file text will be created for you with the details you have previously filled in (see Figure 7-5).

    

    Figure 7-5.
    Configuration file

    created by WordPress installation

13. Copy the entire text and paste it in a file created at /usr/share/nginx/html/wordpress/wp-config.php.

    Tip

    There is another way in which you can do the previous few steps related to WordPress. All you will need is to create a copy of the wp-config-sample.php as wp-config.php and make the necessary changes in the file. If you do that, your WordPress setup will start with the step you see in Figure 7-5.

14. After that, click on Run the install button (Figure 7-5). And you will be presented the final screen for WordPress setup. It is that simple!

15. Click on Install WordPress and you are all set with your website. To login to your website, you now have to go to http://localhost:8006/wp-admin/index.php and type in the Username and Password that you have configured in Figure 7-6.

    

    Figure 7-6. WordPress setup

    – Final Step

Create your posts and try browsing to http://localhost:8006 and you will be glad to see your website online. Often the WordPress administrators change the Settings ➤ Permalink in the WordPress Administration Dashboard to Post Name or one of the other options as shown in Figure 7-7.

Figure 7-7. Changing Settings

to get cleaner URL in WordPress

The moment you change the settings here, your home will continue to work but the cleaner URIs (for example, http://localhost:8006/test-post-1
) will fail. This is because of the way the URI is mapped in the Nginx configuration. To fix such issues, change your /etc/nginx/nginx.conf file to look like the following:

user  nginx;
worker_processes  1;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include            /etc/nginx/mime.types;
    default_type       application/octet-stream;
    log_format         main  '$remote_addr - $remote_user - [$time_local] - $document_root - $document_uri - '
                       '$request - $status - $body_bytes_sent - $http_referer';

    access_log         /var/log/nginx/access.log  main;
    sendfile           on;
    keepalive_timeout  65;
    client_max_body_size 13m;
    index              index.php index.html index.htm;
    upstream php {
        server 127.0.0.1:9000;
    }
    include /etc/nginx/conf.d/*.conf;
}

In your
/etc/nginx/conf.d/wpsite.confmake the necessary changes so it looks like the following (the following text is courtesy of
http://codex.wordpress.org/Nginx

):

server{
   listen           80;
   server_name localhost;
   root /usr/share/nginx/html/wordpress;

   # This order might seem weird - this is attempted to match last if rules below fail.
   # http://wiki.nginx.org/HttpCoreModule
   location / {
      try_files $uri $uri/ /index.php?$args;
   }

   # Add trailing slash to */wp-admin requests.
   rewrite /wp-admin$ $scheme://$host$uri/ permanent;

   # Directives to send expires headers and turn off 404 error logging.
   location ∼* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
       access_log off;
       log_not_found off;
       expires max;
    }

    # Uncomment one of the lines below for the appropriate caching plugin (if used).
    #include global/wordpress-wp-super-cache.conf;
    #include global/wordpress-w3-total-cache.conf;

    #Pass all .php files onto a php-fpm/php-fcgi server.
    location ∼ [^/]\.php(/|$) {
       fastcgi_split_path_info ^(.+?\.php)(/.*)$;
       if (!-f $document_root$fastcgi_script_name) {
           return 404;
       }
       include fastcgi_params;
       fastcgi_index index.php;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_pass php;
    }
}

Quite a number of new directives have come to play in the configuration just covered. In Table 7-1, let us look at the ones that have not yet been discussed.

The MEAN Stack

A stack called MEAN (Mongo, Express, Angular, and Node)

is becoming increasingly popular among the full-stack web developers. These web developers are often called full-stack developers
because the entire technology stack, from database (MongoDB) to back end (Node.JS + Express.JS) to front end (Angular.JS) uses JavaScript. Even though they can use the MEAN stack to handle all requests, it often makes sense to accelerate the entire application using Nginx as front end. In the remainder of this chapter you will see how to set up a MEAN stack and start a sample web application.

sudo curl --silent --location https://rpm.nodesource.com/setup_4.x | sudo bash -
sudo yum -y install nodejs
sudo yum -y install gcc-c++ make

node -v
v4.4.0

Configure Nginx

for MEAN Stack

The Node application that is running needs to be exposed using Nginx. Recall that this application is just the beginning of the MEAN stack. It doesn’t even use MongoDB or Angular yet. But for the purpose of this book, it should suffice. You simply need to know the pattern for managing and hosting such applications. Typically, the application files will be given to you just like you have them in the myapp directory.

1. For simplicity clean up any other conf file in /etc/nginx/conf.d and create a new configuration file as follows:

   sudo cp /etc/nginx/conf.d/default.template /etc/nginx/conf.d/node.conf

2. Edit the node.conf file so that it looks like so:

   upstream nodeapp {
      server    127.0.0.1:3000;
   }
   
   server {
       listen       80;
       server_name  localhost;
       root         /usr/share/nginx/html;
   
       location / {
          proxy_pass http://nodeapp;
       }
   }

   • Notice the usage of upstream directive. The Express application was listening on port 3000, hence server directive inside upstream will route the traffic there.

   • Inside the server block, there is location directive that uses proxy_pass to redirect the traffic upstream using the http://nodeapp address. You will learn more about these directives in chapter 8.

   • Try browsing http://localhost:8007 and instead of getting the page you might get an error saying 502 Bad Gateway. The error in the error.log is typically like the following:

   [crit] 13535#0: *43 connect() to 127.0.0.1:3000 failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: localhost, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "localhost"

   • If you don’t get this error, you are good to go! However, in case you get the error, most likely it is happening due to SELinux. To troubleshoot this, install setroubleshoot, using: sudo yum install setroubleshoot.

3. After the package installs, execute the following command:

   sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx

   Finally, execute sudo semodule -i mynginx.pp and the problem should be resolved. Check by browsing http://localhost:8007.

Summary

In this chapter you have learned various important things about hosting dynamic applications with Nginx. The chapter started with setting up a LEMP stack by installing the appropriate packages for MySQL and PHP. Post that, you learned about installation, configuration, and some finer nuances of WordPress administration on Nginx. Later in this chapter, you learned about the basics of MEAN stack and how easy it is to configure it using Nginx. You will be learning more about performance fine-tuning for dynamic applications and load balancing in the coming chapters.