荒岛
记录下lnmp环境的配置,我这里会搭建一个wordpress作为演示,你也可以部署其它基于php的程序。
这种和系统配置不怎么沾边的东西个人觉得还是不要直接写到configuration.nix里面,可以import一下,这样更方便维护和管理:
nano /etc/nixos/configuration.nix
这样编辑一下即可:
{
imports =
[
./hardware-configuration.nix
./lnmp.nix
];
...
}
新建lnmp.nix:
nano /etc/nixos/lnmp.nix
写入如下配置:
{ config, pkgs, lib, ... }:
let
phpext = pkgs.php74.buildEnv {
extensions = { enabled, all }: with all; enabled ++ [ imagick redis ];
};
in
{
security.acme = {
acceptTerms = true;
defaults = {
email = "nixos@example.com";
};
};
services.nginx = {
enable = true;
virtualHosts."nixos.example.com" = {
enableACME = true;
forceSSL = true;
kTLS = true;
root = "/var/www/nixos.example.com";
locations."/" = {
index = "index.php index.html";
extraConfig = ''
client_max_body_size 0;
try_files $uri $uri/ /index.php?$args;
'';
};
locations."~ \.php$".extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.wordpress.socket};
fastcgi_index index.php;
'';
};
};
services.mysql = {
enable = true;
package = pkgs.mariadb;
settings.mysqld.bind-address = "127.0.0.1";
};
services.phpfpm.pools.wordpress = {
user = config.services.nginx.user;
group = config.services.nginx.group;
settings = {
pm = "dynamic";
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
"pm.max_children" = 10;
"pm.start_servers" = 5;
"pm.min_spare_servers" = 3;
"pm.max_spare_servers" = 8;
"pm.max_requests" = 500;
};
phpPackage = phpext;
phpOptions = ''
max_execution_time = 300
post_max_size = 100M
upload_max_filesize = 100M
memory_limit = 512M
'';
};
systemd.tmpfiles.rules = [
"d /var/www"
"d /var/www/nixos.example.com 0755 nginx nginx"
];
services.redis.servers.wordpress = {
enable = true;
port = 6379;
};
}
这里详细说一下上面的这个配置都做了什么。首先这个配置:
let
phpext = pkgs.php74.buildEnv {
extensions = { enabled, all }: with all; enabled ++ [ imagick redis ];
};
...
启用了php7.4的额外扩展:imagick和redis,默认情况下这两个扩展是不会启用的,而我要搭建的wordpress需要用到这两个扩展,所以必须要自己build。
如果你需要php8.0或者8.1直接修改:pkgs.php74.buildEnv里面的php74为php或者php81即可。你可以在https://search.nixos.org/搜索到相关的包名:
自己build好了php包,还要让phpfpm用才行,所以有以下配置使用了我们自己build的php包:
...
services.phpfpm.pools.wordpress = {
phpPackage = phpext;
...
...
nginx配置的这部分提供了wordpress的伪静态规则:
services.nginx = {
...
locations."/" = {
...
extraConfig = ''
...
try_files $uri $uri/ /index.php?$args;
'';
};
...
这部分配置了nginx与phpfpm的通信:
...
locations."~ \.php$".extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.wordpress.socket};
fastcgi_index index.php;
'';
...
phpfpm这块的配置,需要注意的是phpfpm运行的用户和组以及socket的用户和组:
services.phpfpm.pools.wordpress = {
user = config.services.nginx.user;
group = config.services.nginx.group;
settings = {
...
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
...
...
这里phpfpmsocket的用户和组必须要和nginx服务使用的用户和组相同,而phpfpm池运行的用户和组可以自己新建一个,然后把nginx服务的用户加到自己新建的组里面,解决权限问题。我这里为了方便干脆就直接用和nginx一样的用户了。
mariadb在nixos上默认监听在0.0.0.0,通过下面的配置将其修改为仅监听到本地:
services.mysql = {
...
settings.mysqld.bind-address = "127.0.0.1";
};
必须配置acme才能使用nginx内的enableACME选项:
security.acme = {
acceptTerms = true;
defaults = {
email = "nixos@example.com";
};
};
剩下的就没什么特别值得说明的了,如果还差什么配置就自己去查option:
https://search.nixos.org/options
配置完成后重建系统:
nixos-rebuild switch
下面就用刚才配置的LNMP环境搭建一个wordpress,首先创建需要用到的数据库和用户:
mysql -u root CREATE DATABASE wordpress CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; GRANT ALL PRIVILEGES ON wordpress.* TO wordpress@localhost IDENTIFIED BY '设置你的数据库用户密码'; FLUSH PRIVILEGES; quit
下载解压wordpress程序给予正确的权限:
cd /var/www/nixos.example.com wget https://wordpress.org/latest.zip unzip latest.zip mv wordpress/* . rm -rf wordpress chown -R nginx:nginx .
访问wordpress程序的安装页面,配置数据库,设置管理员,完成安装后可以检查一下站点的健康状态,一切正常:
也可以看看:
https://nixos.wiki/wiki/Nginx
https://nixos.wiki/wiki/Phpfpm
https://discourse.nixos.org/t/how-to-deploy-laravel-app-to-nixos-machine/12572
