Встановіть веб-сервер H2O на CentOS 7

Передумови

Крок 1: Оновіть систему

Крок 2: Встановіть H2O

Крок 3: Налаштування веб-сервера H2O

H2O — це HTTP-сервер нового покоління, який має чудові, повнофункціональні реалізації HTTP/2 усіх сучасних веб-серверів, які використовуються. Використовуючи H2O як ваш веб-сервер, ви можете скористатися новими функціями специфікації HTTP/2, такими як оптимізація затримок, натискання сервера та визначення пріоритетів на стороні сервера, які можуть скористатися перевагами сучасних функцій браузера, про які рідко говорять.

У цьому докладному підручнику я крок за кроком покажу вам, як запустити H2O на вашому екземплярі CentOS 7 x64.

Передумови

• Примірник сервера CentOS 7 x64.
• Користувач sudo .
• Сертифікат SSL (необов'язково)

Крок 1: Оновіть систему

Увійдіть через SSH з обліковими даними, знайденими під вашим екземпляром, і оновіть систему наступним чином.

sudo yum install epel-release -y
sudo yum clean all && sudo yum update -y

Крок 2: Встановіть H2O

Щоб встановити H2O на CentOS 7, ви повинні додати репозиторій Bintray RPM для встановлення попередньо вбудованих двійкових файлів H2O. Використовуйте редактор Nano, щоб створити власне репо.

sudo nano /etc/yum.repos.d/bintray-h2o-rpm.repo

Скопіюйте та вставте наведений нижче текст у файл репо.

[bintray-h2o-rpm]
name=bintray-h2o-rpm
baseurl=https://dl.bintray.com/tatsushid/h2o-rpm/centos/$releasever/$basearch/
gpgcheck=0
repo_gpgcheck=0
enabled=1

Далі встановіть H2O.

sudo yum install h2o -y

Тепер, коли H2O встановлено, але перш ніж увімкнути та запустити службу, потрібна правильна конфігурація, і нам потрібно створити конкретного користувача та групу для роботи H2O. Створіть групу та користувача для роботи H2O під назвою h2o.

sudo groupadd -g 101 h2o
sudo useradd -d /etc/h2o -g 101 -M -s /sbin/nologin -u 101 h2o

Крок 3: Налаштування веб-сервера H2O

Наступні кроки наведуть приклади налаштувань конфігурації для різних налаштувань unencrypted, encrypted, staticі dynamicсервера; а також поєднання всіх чотирьох.

---

Переспрямування http://www.example.comдо http://example.comконфігурації (статичні сторінки HTML, без PHP).

Перейдіть до /etc/h2o/каталогу.

cd /etc/h2o/

Перейменуйте значення за замовчуванням h2o.confна h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Створіть новий h2o.confфайл.

sudo nano h2o.conf

Скопіюйте та вставте наведений нижче текст у h2o.confфайл.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.html' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        file.dir: /var/www/example.com
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "http://example.com/"
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

Увімкніть і запустіть сервер H2O.

sudo systemctl enable h2o
sudo systemctl start h2o

Створіть параметр за замовчуванням index.htmlза допомогою шаблону в /var/www/htmlпараметрі каталогу, file.dirпереліченому вище в /var/www/example.com.

sudo cp -var /var/www/html /var/www/example.com

Тепер відкрийте браузер і введіть доменне ім’я сервера ( example.comабо www.example.com) для вашого екземпляра. Ви отримуєте повідомлення Unable to connectчи This site can’t be reachedповідомлення? Налаштування брандмауера CentOS за замовчуванням забороняє вхідні підключення до порту http. Виконайте наступне, щоб відкрити його.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload

Оновіть сторінку у своєму браузері ( F5), і ви отримаєте це повідомлення.

---

Welcome to H2O - an optimized HTTP server

It works!

---

Переспрямування http://example.comдо http://www.example.comконфігурації (статичні сторінки HTML, без PHP).

Перейдіть до /etc/h2o/каталогу.

cd /etc/h2o/

Перейменуйте значення за замовчуванням h2o.confна h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Створіть новий h2o.confфайл.

sudo nano h2o.conf

Скопіюйте та вставте наступний текст у h2o.confфайл.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.html' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "http://www.example.com/"
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        file.dir: /var/www/www.example.com
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

Увімкніть і запустіть сервер H2O.

sudo systemctl enable h2o
sudo systemctl start h2o

Створіть index.htmlфайл за замовчуванням за допомогою шаблону в /var/www/htmlпараметрі каталогу, file.dirзазначеному вище в /var/www/www.example.com.

sudo cp -var /var/www/html /var/www/www.example.com

Тепер відкрийте браузер і введіть доменне ім’я сервера ( example.comабо www.example.com) для вашого екземпляра. Ви отримуєте повідомлення Unable to connectчи This site can’t be reachedповідомлення? Налаштування брандмауера CentOS за замовчуванням забороняє вхідні підключення до порту http. Виконайте наступне, щоб відкрити його.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload

Оновіть сторінку у своєму браузері ( F5), і ви отримаєте це повідомлення.

---

Welcome to H2O - an optimized HTTP server

It works!

---

Переспрямування http://www.example.comдо http://example.com(динамічної сторінки, PHP-FPM 5.6.x) конфігурації

Перейдіть до /etc/h2o/каталогу.

cd /etc/h2o/

Перейменуйте значення за замовчуванням h2o.confна h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Створіть новий h2o.confфайл.

sudo nano h2o.conf

Скопіюйте та вставте наступний текст у h2o.confфайл.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        file.dir: /var/www/example.com
        redirect:
          internal: YES
          status: 307
          url: /index.php
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "http://example.com/"
file.custom-handler:
  extension: .php
  fastcgi.connect:
    port: /run/php-fpm-5.6.sock
    type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

In order to process PHP, the PHP-FPM 5.6 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Install PHP version 5.6.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php56-php-fpm -y

Navigate to the /opt/remi/php56/root/etc/ directory.

cd /opt/remi/php56/root/etc/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the text below into the php-fpm.conf file.

include=/opt/remi/php56/root/etc/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-5.6-error.log
pid = /var/run/php-fpm-5.6.pid
process_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the text below into the www.conf file. Change your pm.max\_children to match the number of CPUs in accordance with your VPS instance.

[www]
group = h2o
listen = /var/run/php-fpm-5.6.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the text below into the new php.ini file. Change the memory\_limit, post\_max\_size, upload\_max\_filesize and date.timezone in accordance with your VPS instance.

[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/opt/remi/php56/root/var/lib/php/session/"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /opt/remi/php56/root/var/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /opt/remi/php56/root/var/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php56-php-fpm 
sudo systemctl start php56-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/example.com.

sudo mkdir /var/www/example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/example.com/index.php

Copy and paste the text below in the new index.php file.

<?php
phpinfo();
?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.

---

Redirect http://example.com To http://www.example.com (Dynamic Page, PHP-FPM 5.6.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "http://www.example.com/"
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        file.dir: /var/www/www.example.com
        redirect:
          internal: YES
          status: 307
          url: /index.php
file.custom-handler:
  extension: .php
  fastcgi.connect:
    port: /run/php-fpm-5.6.sock
    type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

In order to process PHP, the PHP-FPM 5.6 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands to install PHP version 5.6.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php56-php-fpm -y

Navigate to the /opt/remi/php56/root/etc/ directory.

cd /opt/remi/php56/root/etc/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the text below into the php-fpm.conf file.

include=/opt/remi/php56/root/etc/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-5.6-error.log
pid = /var/run/php-fpm-5.6.pid
process_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the following text into the www.conf file. Change your pm.max\_children to match the number of CPUs in accordance with your VPS instance.

[www]
group = h2o
listen = /var/run/php-fpm-5.6.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the following text below into the new php.ini file. Change the memory\_limit, post\_max\_size, upload\_max\_filesize and date.timezone in accordance with your VPS instance.

[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/opt/remi/php56/root/var/lib/php/session/"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /opt/remi/php56/root/var/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /opt/remi/php56/root/var/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php56-php-fpm 
sudo systemctl start php56-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/www.example.com.

sudo mkdir /var/www/www.example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/www.example.com/index.php

Copy and paste the text below in the new index.php file.

<?php
phpinfo();
?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.

---

Redirect http://www.example.com To http://example.com (Dynamic Page, PHP-FPM 7.1.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        file.dir: /var/www/example.com
        redirect:
          internal: YES
          status: 307
          url: /index.php
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "http://example.com/"
file.custom-handler:
  extension: .php
  fastcgi.connect:
    port: /run/php-fpm-7.1.sock
    type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

In order to process PHP, the PHP-FPM 7.1 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands below to install PHP version 7.1.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php71-php-fpm -y

Navigate to the /etc/opt/remi/php71/ directory.

cd /etc/opt/remi/php71/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the following text into the php-fpm.conf file.

include=/etc/opt/remi/php71/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-7.1-error.log
pid = /var/run/php-fpm-7.1.pid
process_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the text below into the www.conf file. Change your pm.max\_children to match the number of CPUs in accordance with your VPS instance.

[www]
group = h2o
listen = /var/run/php-fpm-7.1.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the text below into the new php.ini file. Change the memory\_limit, post\_max\_size, upload\_max\_filesize and date.timezone in accordance with your VPS instance.

[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/var/opt/remi/php71/lib/php/session/"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /var/opt/remi/php71/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /var/opt/remi/php71/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php71-php-fpm 
sudo systemctl start php71-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/example.com.

sudo mkdir /var/www/example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/example.com/index.php

Copy and paste the text below in the new index.php file.

<?php
phpinfo();
?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.

---

Redirect http://example.com To http://www.example.com (Dynamic Page, PHP-FPM 7.1.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "http://www.example.com/"
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        file.dir: /var/www/www.example.com
        redirect:
          internal: YES
          status: 307
          url: /index.php
file.custom-handler:
  extension: .php
  fastcgi.connect:
    port: /run/php-fpm-7.1.sock
    type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

In order to process PHP, the PHP-FPM 7.1 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands below to install PHP version 7.1.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php71-php-fpm -y

Navigate to the /etc/opt/remi/php71/ directory.

cd /etc/opt/remi/php71/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the text below into the php-fpm.conf file.

include=/etc/opt/remi/php71/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-7.1-error.log
pid = /var/run/php-fpm-7.1.pid
process_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the following text into the www.conf file. Change your pm.max\_children to match the number of CPUs in accordance with your VPS instance.

[www]
group = h2o
listen = /var/run/php-fpm-7.1.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the following text into the new php.ini file. Change the memory\_limit, post\_max\_size, upload\_max\_filesize and date.timezone in accordance with your VPS instance.

[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/var/opt/remi/php71/lib/php/session"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /var/opt/remi/php71/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /var/opt/remi/php71/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php71-php-fpm 
sudo systemctl start php71-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/example.com.

sudo mkdir /var/www/www.example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/www.example.com/index.php

Copy and paste the text below in the new index.php file.

<?php
phpinfo();
?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.

---

Redirect http://example.com, http://www.example.com, and https://www.example.com to https://example.com (Static HTML Pages, No PHP) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.html' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://example.com/"
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://www.example.com/"
  "example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        file.dir: /var/www/example.com
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
  "www.example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          status: 301
          url: "https://example.com/"
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

Create a custom directory to store the default SSL options for all websites that use SSL.

sudo mkdir conf.d

Create a new ssl.conf file.

sudo nano conf.d/ssl.conf

Copy and paste the following text into the ssl.conf file.

cipher-preference: server
cipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
dh-file: /etc/ssl/h2o/dhparam_2048.pem

Make a directory to store the dhparam_2048.pem file that will be regenerated daily via a cronjob.

sudo mkdir /etc/ssl/h2o/

Create a new regenerate_dhparam file.

sudo nano /etc/cron.daily/regenerate_dhparam

Copy and paste the following text into the regenerate_dhparam file.

#!/bin/bash
cd /etc/ssl/h2o
umask 022
for length in 2048
do
openssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pem
chmod 444 dhparam_$length.pem
done

Make the bash file just created executable.

sudo chmod +x /etc/cron.daily/regenerate_dhparam

Execute the bash script for a first run as H2O won't start properly if it's not generated. This will take about a minute or two to generate on first run.

sudo /etc/cron.daily/regenerate_dhparam

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a default index.html using the template in /var/www/html to the directory option file.dir listed above in /var/www/example.com.

sudo cp -var /var/www/html /var/www/example.com

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get this message.

---

Welcome to H2O - an optimized HTTP server

It works!

---

Redirect http://example.com, http://www.example.com, and https://example.com to https://www.example.com (Static HTML Pages, No PHP) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.html' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://example.com/"
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://www.example.com/"
  "example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          status: 301
          url: "https://www.example.com/"
  "www.example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        file.dir: /var/www/www.example.com
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

Create a custom directory to store the default SSL options for all websites that use SSL.

sudo mkdir conf.d

Create a new ssl.conf file.

sudo nano conf.d/ssl.conf

Copy and paste the following text into the ssl.conf file.

cipher-preference: server
cipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
dh-file: /etc/ssl/h2o/dhparam_2048.pem

Make a directory to store the dhparam_2048.pem file that will be regenerated daily via a cronjob.

sudo mkdir /etc/ssl/h2o/

Create a new regenerate_dhparam file.

sudo nano /etc/cron.daily/regenerate_dhparam

Copy and paste the following text inside of the regenerate_dhparam file.

#!/bin/bash
cd /etc/ssl/h2o
umask 022
for length in 2048
do
openssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pem
chmod 444 dhparam_$length.pem
done

Make the bash file just created executable.

sudo chmod +x /etc/cron.daily/regenerate_dhparam

Execute the bash script for a first run as H2O won't start properly if it's not generated. This will take about a minute or two to generate on first run.

sudo /etc/cron.daily/regenerate_dhparam

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a default index.html using the template in /var/www/html to the directory option file.dir listed above in /var/www/www.example.com.

sudo cp -var /var/www/html /var/www/www.example.com

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get this message.

---

Welcome to H2O - an optimized HTTP server

It works!

---

Redirect http://example.com, http://www.example.com, and https://www.example.com to https://example.com (Dynamic Page, PHP-FPM 5.6.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://example.com/"
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://www.example.com/"
  "example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        file.dir: /var/www/example.com
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          internal: YES
          status: 307
          url: /index.php
  "www.example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          status: 301
          url: "https://example.com/"
file.custom-handler:
  extension: .php
  fastcgi.connect:
    port: /run/php-fpm-5.6.sock
    type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

Create a custom directory to store the default SSL options for all websites that use SSL.

sudo mkdir conf.d

Create a new ssl.conf file.

sudo nano conf.d/ssl.conf

Copy and paste the text below into the ssl.conf file.

cipher-preference: server
cipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
dh-file: /etc/ssl/h2o/dhparam_2048.pem

Make a directory to store the dhparam_2048.pem file that will be regenerated daily via a cronjob.

sudo mkdir /etc/ssl/h2o/

Create a new regenerate_dhparam file.

sudo nano /etc/cron.daily/regenerate_dhparam

Copy and paste the following text inside of the regenerate_dhparam file.

#!/bin/bash
cd /etc/ssl/h2o
umask 022
for length in 2048
do
openssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pem
chmod 444 dhparam_$length.pem
done

Make the bash file just created executable.

sudo chmod +x /etc/cron.daily/regenerate_dhparam

Execute the bash script for a first run as H2O won't start properly if it's not generated. This will take about a minute or two to generate on first run.

sudo /etc/cron.daily/regenerate_dhparam

In order to process PHP, the PHP-FPM 5.6 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands to install PHP version 5.6.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php56-php-fpm -y

Navigate to the /opt/remi/php56/root/etc/ directory.

cd /opt/remi/php56/root/etc/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the following text into the php-fpm.conf file.

include=/opt/remi/php56/root/etc/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-5.6-error.log
pid = /var/run/php-fpm-5.6.pid
process_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the text below into the www.conf file. Change your pm.max\_children to match the number of CPUs in accordance with your VPS instance.

[www]
group = h2o
listen = /var/run/php-fpm-5.6.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the text below into the new php.ini file. Change the memory\_limit, post\_max\_size, upload\_max\_filesize and date.timezone in accordance with your VPS instance.

[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/opt/remi/php56/root/var/lib/php/session/"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /opt/remi/php56/root/var/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /opt/remi/php56/root/var/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php56-php-fpm 
sudo systemctl start php56-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/example.com.

sudo mkdir /var/www/example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/example.com/index.php

Copy and paste the text below in the new index.php file.

<?php
phpinfo();
?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.

---

Redirect http://example.com, http://www.example.com, and https://example.com to https://www.example.com (Dynamic Page, PHP-FPM 5.6.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://example.com/"
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://www.example.com/"
  "example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          status: 301
          url: "https://www.example.com/"
  "www.example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        file.dir: /var/www/www.example.com
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          internal: YES
          status: 307
          url: /index.php
file.custom-handler:
  extension: .php
  fastcgi.connect:
    port: /run/php-fpm-5.6.sock
    type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

Create a custom directory to store the default SSL options for all websites that use SSL.

sudo mkdir conf.d

Create a new ssl.conf file.

sudo nano conf.d/ssl.conf

Copy and paste the text below into the ssl.conf file.

cipher-preference: server
cipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
dh-file: /etc/ssl/h2o/dhparam_2048.pem

Make a directory to store the dhparam_2048.pem file that will be regenerated daily via a cronjob.

sudo mkdir /etc/ssl/h2o/

Create a new regenerate_dhparam file.

sudo nano /etc/cron.daily/regenerate_dhparam

Copy and paste the following text inside of the regenerate_dhparam file.

#!/bin/bash
cd /etc/ssl/h2o
umask 022
for length in 2048
do
openssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pem
chmod 444 dhparam_$length.pem
done

Make the bash file just created executable.

sudo chmod +x /etc/cron.daily/regenerate_dhparam

Execute the bash script for a first run as H2O won't start properly if it's not generated. This will take about a minute or two to generate on first run.

sudo /etc/cron.daily/regenerate_dhparam

In order to process PHP, the PHP-FPM 5.6 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands to install PHP version 5.6.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php56-php-fpm -y

Navigate to the /opt/remi/php56/root/etc/ directory.

cd /opt/remi/php56/root/etc/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the text below into the php-fpm.conf file.

include=/opt/remi/php56/root/etc/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-5.6-error.log
pid = /var/run/php-fpm-5.6.pid
process_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the text below into the www.conf file. Change your pm.max\_children to match the number of CPUs in accordance with your VPS instance.

[www]
group = h2o
listen = /var/run/php-fpm-5.6.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the following text into the new php.ini file. Change the memory\_limit, post\_max\_size, upload\_max\_filesize and date.timezone in accordance with your VPS instance.

[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/opt/remi/php56/root/var/lib/php/session/"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /opt/remi/php56/root/var/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /opt/remi/php56/root/var/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php56-php-fpm 
sudo systemctl start php56-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/www.example.com.

sudo mkdir /var/www/www.example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/www.example.com/index.php

Copy and paste the text below in the new index.php file.

<?php
phpinfo();
?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.

---

Redirect http://example.com, http://www.example.com, and https://www.example.com to https://example.com (Dynamic Page, PHP-FPM 7.1.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://example.com/"
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://www.example.com/"
  "example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        file.dir: /var/www/example.com
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          internal: YES
          status: 307
          url: /index.php
  "www.example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          status: 301
          url: "https://example.com/"
file.custom-handler:
  extension: .php
  fastcgi.connect:
    port: /run/php-fpm-7.1.sock
    type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

Create a custom directory to store the default SSL options for all websites that use SSL.

sudo mkdir conf.d

Create a new ssl.conf file.

sudo nano conf.d/ssl.conf

Copy and paste the text below into the ssl.conf file.

cipher-preference: server
cipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
dh-file: /etc/ssl/h2o/dhparam_2048.pem

Make a directory to store the dhparam_2048.pem file that will be regenerated daily via a cronjob.

sudo mkdir /etc/ssl/h2o/

Create a new regenerate_dhparam file.

sudo nano /etc/cron.daily/regenerate_dhparam

Copy and paste the following text inside of the regenerate_dhparam file.

#!/bin/bash
cd /etc/ssl/h2o
umask 022
for length in 2048
do
openssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pem
chmod 444 dhparam_$length.pem
done

Make the bash file just created executable.

sudo chmod +x /etc/cron.daily/regenerate_dhparam

Execute the bash script for a first run as H2O won't start properly if it's not generated. This will take about a minute or two to generate on first run.

sudo /etc/cron.daily/regenerate_dhparam

In order to process PHP, the PHP-FPM 7.1 daemon must be installed and configured. In order to install a version of PHP-FPM newer than the default 5.4.x, the REMI repo must be installed which contains PHP versions 5.6.x, 7.0.x and 7.1.x. Type the following commands below to install PHP version 7.1.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php71-php-fpm -y

Navigate to the /etc/opt/remi/php71/ directory.

cd /etc/opt/remi/php71/

Rename the default php-fpm.conf to php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Create a new php-fpm.conf file.

sudo nano php-fpm.conf

Copy and paste the text below into the php-fpm.conf file.

include=/etc/opt/remi/php71/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-7.1-error.log
pid = /var/run/php-fpm-7.1.pid
process_control_timeout = 10s

Rename the default www.conf file in the php-fpm.d directory.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Create a new www.conf file.

sudo nano php-fpm.d/www.conf

Copy and paste the following text into the www.conf file. Change your pm.max\_children to match the number of CPUs in accordance with your VPS instance.

[www]
group = h2o
listen = /var/run/php-fpm-7.1.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o

Rename the default php.ini file.

sudo mv php.ini php.ini.original

Create a new php.ini file.

sudo nano php.ini

Copy and paste the following text below into the new php.ini file. Change the memory\_limit, post\_max\_size, upload\_max\_filesize and date.timezone in accordance with your VPS instance.

[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/var/opt/remi/php71/lib/php/session/"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Change the group ownership for the /var/opt/remi/php71/lib/php/session/ directory from the apache group to the h2o group.

sudo chown root.h2o /var/opt/remi/php71/lib/php/session/

Create a directory where the PHP-FPM server logs will reside.

sudo mkdir /var/log/php-fpm/

Enable and start the PHP-FPM server.

sudo systemctl enable php71-php-fpm 
sudo systemctl start php71-php-fpm

Enable and start the H2O server.

sudo systemctl enable h2o
sudo systemctl start h2o

Create a directory where the default index.php will reside listed by the directory option file.dir above in /var/www/example.com.

sudo mkdir /var/www/example.com

Create a default index.php using the phpinfo command to test PHP.

sudo nano /var/www/example.com/index.php

Copy and paste the text below in the new index.php file.

<?php
phpinfo();
?>

Now, open your browser and enter the server domain name (example.com or www.example.com) for your instance. Are you getting an Unable to connect or a This site can’t be reached message? CentOS's default firewall setting disallows incoming connections to the http port. Do the following to open it.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

Refresh the page in your browser (F5) and you will get the standard PHP info page.

---

Redirect http://example.com, http://www.example.com, and https://example.com to https://www.example.com (Dynamic Page, PHP-FPM 7.1.x) Configuration

Navigate to the /etc/h2o/ directory.

cd /etc/h2o/

Rename the default h2o.conf to h2o.conf.original.

sudo mv h2o.conf h2o.conf.original

Create a new h2o.conf file.

sudo nano h2o.conf

Copy and paste the text below into the h2o.conf file.

access-log: /var/log/h2o/access.log
compress: ON
error-log: /var/log/h2o/error.log
expires: 1 day
file.index: [ 'index.php' ]
hosts:
  "example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://example.com/"
  "www.example.com:80":
    listen:
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://www.example.com/"
  "example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          status: 301
          url: "https://www.example.com/"
  "www.example.com:443":
    listen:
      port: 443
      ssl:
        <<: !file /etc/h2o/conf.d/ssl.conf
        certificate-file: /location/of/certificate/file/fullchain.ext
        key-file: /location/of/private/key/file/privkey.ext
    paths:
      "/":
        file.dir: /var/www/www.example.com
        header.add: "strict-transport-security: max-age=31536000; includeSubDomains; preload"
        redirect:
          internal: YES
          status: 307
          url: /index.php
file.custom-handler:
  extension: .php
  fastcgi.connect:
    port: /run/php-fpm-7.1.sock
    type: unix
pid-file: /var/run/h2o/h2o.pid
send-server-name: OFF
setenv:
  HTTP_PROXY: ""
user: h2o

Create a custom directory to store the default SSL options for all websites that use SSL.

sudo mkdir conf.d

Create a new ssl.conf file.

sudo nano conf.d/ssl.conf

Copy and paste the text below into the ssl.conf file.

cipher-preference: server
cipher-suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
dh-file: /etc/ssl/h2o/dhparam_2048.pem

Make a directory to store the dhparam_2048.pem file that will be regenerated daily via a cronjob.

sudo mkdir /etc/ssl/h2o/

Create a new regenerate_dhparam file.

sudo nano /etc/cron.daily/regenerate_dhparam

Copy and paste the following text inside of the regenerate_dhparam file.

#!/bin/bash
cd /etc/ssl/h2o
umask 022
for length in 2048
do
openssl dhparam -out dhparam_$length.tmp $length && mv dhparam_$length.tmp dhparam_$length.pem
chmod 444 dhparam_$length.pem
done

Make the bash file just created executable.

sudo chmod +x /etc/cron.daily/regenerate_dhparam

Execute the bash script for a first run as H2O won't start properly if it's not generated. This will take about a minute or two to generate on first run.

sudo /etc/cron.daily/regenerate_dhparam

Для обробки PHP необхідно встановити та налаштувати демон PHP-FPM 7.1. Для встановлення версії PHP-FPM, новішої за стандартну 5.4.x, необхідно встановити репозиторію REMI, яка містить версії PHP 5.6.x, 7.0.x та 7.1.x. Введіть наступні команди, щоб інсталювати PHP версії 7.1.x.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install php71-php-fpm -y

Перейдіть до /etc/opt/remi/php71/каталогу.

cd /etc/opt/remi/php71/

Перейменуйте значення за замовчуванням php-fpm.confна php-fpm.conf.original.

sudo mv php-fpm.conf php-fpm.conf.original

Створіть новий php-fpm.confфайл.

sudo nano php-fpm.conf

Скопіюйте та вставте наступний текст у php-fpm.confфайл.

include=/etc/opt/remi/php71/php-fpm.d/*.conf
[global]
daemonize = yes
emergency_restart_threshold = 2
emergency_restart_interval = 1m
error_log = /var/log/php-fpm/php-fpm-7.1-error.log
pid = /var/run/php-fpm-7.1.pid
process_control_timeout = 10s

Перейменуйте www.confфайл за замовчуванням у php-fpm.dкаталозі.

sudo mv php-fpm.d/www.conf php-fpm.d/www.conf.original

Створіть новий www.confфайл.

sudo nano php-fpm.d/www.conf

Скопіюйте та вставте наведений нижче текст у www.confфайл. Змініть свій, pm.max\_childrenщоб він відповідав кількості ЦП відповідно до вашого екземпляра VPS.

[www]
group = h2o
listen = /var/run/php-fpm-7.1.sock
listen.backlog = 65536
listen.owner = h2o
listen.group = h2o
pm = static
pm.max_children = 2
pm.max_requests = 10240
user = h2o

Перейменуйте php.iniфайл за замовчуванням .

sudo mv php.ini php.ini.original

Створіть новий php.iniфайл.

sudo nano php.ini

Скопіюйте та вставте наведений нижче текст у новий php.ini file. Зміна memory\_limit, post\_max\_size, upload\_max\_filesizeі date.timezoneвідповідно до екземпляром VPS.

[PHP]
allow_url_fopen = On
always_populate_raw_post_data = -1
display_errors = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php = Off
log_errors = On
memory_limit = 256M
output_buffering = 4096
post_max_size = 64M
register_argc_argv = Off
request_order = "GP"
upload_max_filesize = 64M
variables_order = "GPCS"
[Date]
date.timezone = America/New_York
[Session]
session.cache_limiter =
session.gc_divisor = 1000
session.hash_bits_per_character = 5
session.save_handler = files
session.save_path = "/var/opt/remi/php71/lib/php/session"
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Змініть право власності на групу для /var/opt/remi/php71/lib/php/session/каталогу з apacheгрупи на h2oгрупу.

sudo chown root.h2o /var/opt/remi/php71/lib/php/session/

Створіть каталог, де будуть знаходитися журнали сервера PHP-FPM.

sudo mkdir /var/log/php-fpm/

Увімкніть і запустіть сервер PHP-FPM.

sudo systemctl enable php71-php-fpm 
sudo systemctl start php71-php-fpm

Увімкніть і запустіть сервер H2O.

sudo systemctl enable h2o
sudo systemctl start h2o

Створіть каталог, у якому index.phpбуде перебувати за замовчуванням , зазначений у параметрі каталогу file.dirвище в /var/www/example.com.

sudo mkdir /var/www/www.example.com

Створіть значення за замовчуванням index.phpза допомогою phpinfoкоманди для тестування PHP.

sudo nano /var/www/www.example.com/index.php

Скопіюйте та вставте наведений нижче текст у новий index.phpфайл.

<?php
phpinfo();
?>

Тепер відкрийте браузер і введіть доменне ім’я сервера ( example.comабо www.example.com) для вашого екземпляра. Ви отримуєте повідомлення Unable to connectчи This site can’t be reachedповідомлення? Налаштування брандмауера CentOS за замовчуванням забороняє вхідні підключення до порту http. Виконайте наступне, щоб відкрити його.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

Оновіть сторінку у своєму браузері ( F5), і ви отримаєте стандартну інформаційну сторінку PHP.

---

На цьому мій підручник закінчується. Дякую, що прочитали.