WEBファイル設定

$ sudo usermod -a -G apache ec2-user
$ sudo chown -R ec2-user:apache /var/www/virtualhost

 

パーミッションも適正にする

$ sudo chmod 2775 /var/www/virtualhost && find /var/www/virtualhost -type d -exec sudo chmod 2775 {} \;
$ find /var/www/virtualhost -type f -exec sudo chmod 0664 {} \;

 

 

$ vi /etc/httpd/conf/httpd.conf

User ec2-user
Group apache

 

# vi /etc/php-fpm.d/www.conf

user = ec2-user
; RPM: Keep a group allowed to write in log dir.
group = apache

listen.owner = ec2-user
listen.group = apache
listen.mode = 0666

listen.mode = 0666はゆるい設定。

ソケットでのエラーが出る為この形にした

 

$ systemctl restart php-fpm
$ systemctl restart httpd

 

セッション設定

# chown ec2-user:apache -R /var/lib/php/session/

 

 

 

他の設定も書いておく

 

ロードバランサーの注意点

• 上書きポート：80
• ヘスチェックのパスをしっかり設定
  /var/www/html/healthcheck.php

 

ロードバランサー用にタイムアウト設定を120に設定しておく

# /etc/httpd/conf/httpd.conf


●最終行付近に追加

# ALB KeepAlive
KeepAlive On
MaxKeepAliveRequests 80
KeepAliveTimeout 120

AcceptFilter http none
AcceptFilter https none

# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf

 

 

 

# vi /etc/httpd/conf.d/GlobalSetting.conf

ServerName www.example.net:80

# ファビコンのログを出さない
SetEnvIf Request_URI "\.(ico)$" nolog

# 画像やJSのログを出さない
SetEnvIf Request_URI "\.(gif|jpg|png|ico|jpeg|js|css)$" nolog


CustomLog logs/access_log common env=!nolog

 

# cat /etc/httpd/conf.d/healthcheck.conf


# ヘルスチェックURL
Alias /healthcheck.php /var/www/html/healthcheck.php

# ヘルスチェックのALBのアクセスはログを取らない
SetEnvIf User-Agent "ELB-HealthChecker.*" nolog

 

ヘルスチェックファイル

# cat /var/www/html/healthcheck.php


<?php

echo "<h1>Don'T Remove!!</h1><br/>";
echo "<h2>LoadBalanser HealthCheck File</h2><br/>";
echo "このファイルを削除するとLBの死活監視で\"unhealthy\"となり、<br/>";
echo "アクセス障害が発生します。<br/>";

 

 

 

 

# cat /etc/httpd/conf.d/localhost.conf


<VirtualHost *:80>
  ServerName localhost
  DocumentRoot /var/www/virtualhost/www.exampl.net
  ErrorLog /var/log/httpd/www.exampl.net_error.log
  CustomLog /var/log/httpd/www.exampl.net_access.log combined

  <Directory "/var/www/virtualhost/www.exampl.net.co.jp">
    AllowOverride All
    Options FollowSymLinks
    Require all granted
  </Directory>

</VirtualHost>

 

# cat /etc/httpd/conf.d/security.conf


# Hide Apache Version
ServerTokens Prod

# Hide Header X-Powered-By
Header always unset X-Powered-By

 

.htmlでもphpが実行できる設定にしています

# cat /etc/httpd/conf.d/php.conf


#
# The following lines prevent .user.ini files from being viewed by Web clients.
#
<Files ".user.ini">
    Require all denied
</Files>

#
# Allow php to handle Multiviews
#
AddType text/html .php .html

#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php

#
# Redirect to local php-fpm (no mod_php in default configuration)
#
<IfModule !mod_php5.c>
  <IfModule !mod_php7.c>
    # Enable http authorization headers
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

    <FilesMatch \.(php|phar|html)$>
        SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
    </FilesMatch>
  </IfModule>
</IfModule>

#
# mod_php is deprecated as FPM is now used by default with httpd in event mode
# mod_php is only used when explicitly enabled or httpd switch to prefork mode
#
# mod_php options
#
<IfModule  mod_php7.c>
    #
    # Cause the PHP interpreter to handle files with a .php extension.
    #
    <FilesMatch \.(php|phar|html)$>
        SetHandler application/x-httpd-php
    </FilesMatch>

    #
    # Uncomment the following lines to allow PHP to pretty-print .phps
    # files as PHP source code:
    #
    #<FilesMatch \.phps$>
    #    SetHandler application/x-httpd-php-source
    #</FilesMatch>

    #
    # Apache specific PHP configuration options
    # those can be override in each configured vhost
    #
    php_value session.save_handler "files"
    php_value session.save_path    "/var/lib/php/session"
    php_value soap.wsdl_cache_dir  "/var/lib/php/wsdlcache"

    #php_value opcache.file_cache   "/var/lib/php/opcache"
</IfModule>