Blog

Details

Written by R. Elizondo

Category: LEMP Configuration files for CentOS 7

Last Updated: 23 June 2023

• virtual machine
• lemp
• centos7
• linux

Before configuring the Web Server and the PHP Fast page Manager for deliver High Performance PHP Enterprise Application, the Linux kernel where the machine is running need some settings to be optimized.

Step 1. Open a SSH Terminal into your machine.

Step 2. Change Schedulers.

$ sudo grubby --update-kernel=ALL --args="elevator=noop"

Step 3. Update Kernel settings.

$ sudo nano /etc/sysctl.conf

Replace the content of this file with:

#####  Performance kernel conf
##     Dev: Ruben Elizondo
##
vm.swappiness = 1
fs.file-max = 5000000
net.core.netdev_max_backlog = 400000
net.core.optmem_max = 10000000
net.core.rmem_default = 10000000
net.core.rmem_max = 10000000
net.core.somaxconn = 100000
net.core.wmem_default = 10000000
net.core.wmem_max = 10000000
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_congestion_control = bic
net.ipv4.tcp_ecn = 0
net.ipv4.tcp_max_syn_backlog = 12000
net.ipv4.tcp_max_tw_buckets = 2000000
net.ipv4.tcp_mem = 30000000 30000000 30000000
net.ipv4.tcp_rmem = 30000000 30000000 30000000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_wmem = 30000000 30000000 30000000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
kernel.shmmax=1073741824
kernel.msgmni=1024
kernel.sem=250 32000 32 1024

save the file.

Step 4. Make open files higher value.

$ sudo nano /etc/security/limits.conf

*** Add the following line right below #@student

*                -	 nofile          16384

save the file.

Step 5. reboot your machine

$ sudo reboot now

Details

Written by R. Elizondo

Category: LEMP Configuration files for CentOS 7

Last Updated: 23 June 2023

• virtualization
• lemp
• nginx
• web server

Nginx has proven to be a very good Web Server capable of serving thousands of requests per second.

Its very popular for developing PHP Enterprise Applications and have it well configured is key in having a high performance PHP Application capable of handling intense workloads and very high traffic websites.

For Nginx to work as very High performance Web Server you need to have configured your Linux kernel as well following this recipe: Linux Kernel Tuning for High Performance LEMP

Step 1. replace the content of the file /etc/nginx/nginx.conf with this:

user nginx;
    error_log  /var/log/nginx/error.log crit;
    pid        /var/run/nginx.pid;
    worker_processes  1;
    worker_rlimit_nofile 16384;
events {
    worker_connections  50000;
    multi_accept on;
    use epoll;
}
http {
    ssl_password_file /etc/nginx/certs/pass_file;
    default_type  application/octet-stream;
    include mime.types;
    access_log  off;
    keepalive_timeout 30;
    fastcgi_read_timeout 3600;
    proxy_read_timeout 3600;
    tcp_nodelay on;
    sendfile on;
    expires -1;
    server_tokens off;
    tcp_nopush on;
    types_hash_max_size 2048;
    fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=microcache:100m max_size=500m inactive=60m;
    fastcgi_cache_key "$scheme$request_method$host$request_uri";
    gzip  on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_min_length 1100;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_proxied any;
    gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
    include /etc/nginx/conf.d/*;
    open_file_cache          max=5000  inactive=20s;
    open_file_cache_valid    30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors   on;
}

 worker_processes 1; ### Set this equal to the number of cores or vcores available in the machine

worker_rlimit_nofile 16384; ### This is set with the same number you set in /etc/security/limits.conf

ssl_password_file /etc/nginx/certs/pass_file; ### In this file you will store the password you used for creating SSL Certificates.

Step 2. Configure a virtual host with HTTPS following any of the recipes posted in this section.

It is highly recommended that you enable and use HTTPS in HTTP2 with TLS / SSL.

Step 3. Restart your Web Server.

$ sudo systemctl restart nginx

Details

Written by R. Elizondo

Category: Virtualization

Last Updated: 23 June 2023

• virtualization
• installers
• vagrant
• virtual machine
• php
• php8
• symfony
• lemp

Prerequisites:

• Vagrant Virtual Machine with CentOS 7, Nginx, MariaDb, NodeJs and PHP 8
• Configure Nginx Web Server with SSL in a Vagrant Virtual Machine
• How to install Symfony Framework using composer in 2 easy steps

Step 1. Make sure PHP-FPM is up and running

$ sudo systemctl status php-fpm

 you will see something like this:

Step 2. Tell PHP-FPM that Nginx is working as Web Server

$ sudo nano /etc/php-fpm.d/www.conf

Change user and group to Nginx then save the file.

Then reload PHP Fast Page Manager

$ sudo systemctl reload php-fpm

 Step 3. Configure some settings in php.ini

$ sudo nano /etc/php.ini

look for:

max_execution_time and change thevalue to 180

memory_limit and change the value to 256M

post_max_size change the value to 20M

upload_max_filesize = 20M

For development purposes it could be a good idea to turn errors on:

display_errors = On

 You may want to change the default time zone and maybe some other settings. More info on PHP Official Site.

If you want to have a cool UI to look at the PHP files handled by Zend OP Cache:

copy ocp.php from my github repository to the folder where your virtual host conf file is pointing for the index.php

$ nano /var/www/cool_project/public/ocp.php

 Click on the copy raw icon and paste the content of the file.

Save the file and restart services.

$ sudo systemctl restart php-fpm
$ sudo systemctl restart nginx

If you followed all these past recipes including the one for Installing Symfony Framework, and you get here without any errors, then open in your browser https://cool.project.vps and you will see:

Now point to https://cool.project.vps/ocp.php and you will see:

you can click on any of the button links on top to display more information.

You are ready to start developing in Symfony!

Details

Written by R. Elizondo

Category: Virtualization

Last Updated: 23 June 2023

• virtualization
• installers
• vagrant
• virtual machine
• php
• php8
• symfony
• lemp
• mariadb
• mysql
• sql

Before you can read and write data to the Database inside your virtual machine, you need to finish setting up MariaDB Server.

Prerequisites: Vagrant Virtual Machine with CentOS 7, Nginx, MariaDb, NodeJs and PHP 8

Step 1. After you init and provision your Vagrant Virtual machine, if the VM is suspended, just execute in the directory where the Vagranfile is:

$ vagrant up

 Step 2. execute

$ vagrant ssh

 Step 3. Make sure MariaDb is up and running

$ sudo systemctl status mariadb

 Step 4. Execute

$ sudo mariadb-secure-installation

 The server will ask you a few questions, you need to respond like this:

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] n
 ... skipping.

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n]
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n]
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Step 5. Make sure you have access to the MariaDB

$ mysql -uroot -p

Enter the password

you should see the MariaDB console

 This means you are good to go.

type

MariaDB [(none)]> quit