过去一周,针对Pimcore这个大热的PIM(Product Information Management)系统进行了测试安装。
安装最新版本遇到了问题,卡住了。且最新版本要求php8和Mysql8,对系统要求也高,测试机几乎运行不起来。
于是乎,改为安装pimcore 6.9版本,还是比较顺利的。
以下为安装步骤:
安装好LNMP环境,然后做如下设置。
1)修改php设置:
禁用函数:putenv, proc_open
安装扩展:opache, imagick, fileinfo, 等
2)修改Mysql设置:
在宝塔中,修改mysql的配置文件,[mysqld]下增加一句话,如下,并重载配置,且重启mysql
log-bin-trust-function-creators=1
log_bin_trust_function_creators=1
3)安装pimcore
运行如下命令:
Demo版
COMPOSER_MEMORY_LIMIT=-1 composer create-project -vvv pimcore/demo=1.6.24 pimcore
设置目录权限
chown -R www:www var web/var var/cache /www/wwwroot/pimcore
安装pimcore ./vendor/bin/pimcore-install
无人值守安装 ./vendor/bin/pimcore-install --admin-username ryan --admin-password 123456 --mysql-username pimcore --mysql-password Cibirii.12 --mysql-database pimcore --no-interaction
定时设置 crontab -e -u www
/5 * /your/project/bin/console pimcore:maintenance
设置cache目录权限 chown -R www:www /www/wwwroot/pim/pimdemo/var/cache
4)宝塔设置: 新建网站;
在相应的网站目录,取消勾选防跨站攻击(open_basedir)即可,同时修改网站目录为/project/pimcore/web子目录;
绑定域名; 访问测试;
上面完成后,还要设置nginx伪静态,apache伪静态未测试。伪静态代码如下:
# Set CSP
# Please note that CSP are very tricky and can be quite advanced to get right
# For most optimal security however they are absolutely mandatory
# There are ways to 'override' them for easier development
# However they should be carefully evaluated, defined and included
# Referrer Policy
add_header Referrer-Policy same-origin;
# Feature Policy && Permissions Policy
# Note that Feature Policy is to be replaced with Permissions Policy
# See W3C Document regarding setup: https://github.com/w3c/webappsec-permissions-policy/blob/master/permissions-policy-explainer.md
#
# Please check how to properly evaluate, define and include to your needs
# Thanks to: https://fearby.com/article/set-up-feature-policy-referrer-policy-and-content-security-policy-headers-in-nginx/
# For pre-writing these.
add_header Feature-Policy "geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'self';payment 'none';";
add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()";
# set X-Frame-Options
add_header X-Frame-Options "SAMEORIGIN" always;
# set Xss-Protection
add_header X-Xss-Protection "1; mode=block" always;
# X-Content-Type-Options
add_header X-Content-Type-Options "nosniff" always;
### HTTP Header security
# Filesize depending on your data
client_max_body_size 100m;
# It is recommended to seclude logs per virtual host
access_log /var/log/access.log;
error_log /var/log/error.log error;
rewrite ^/cache-buster-(?:\d+)/(.*) /$1 last;
# Stay secure
#
# a) don't allow PHP in folders allowing file uploads
location ~* /var/assets/.*\.php(/|$) {
return 404;
}
# b) Prevent clients from accessing hidden files (starting with a dot)
# Access to `/.well-known/` is allowed.
# https://www.mnot.net/blog/2010/04/07/well-known
# https://tools.ietf.org/html/rfc5785
location ~* /\.(?!well-known/) {
deny all;
log_not_found off;
access_log off;
}
# c) Prevent clients from accessing to backup/config/source files
location ~* (?:\.(?:bak|conf(ig)?|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
deny all;
}
# Some Admin Modules need this:
# Database Admin, Server Info
location ~* ^/admin/(adminer|external) {
rewrite .* /app.php$is_args$args last;
}
# Thumbnails
location ~* .*/(image|video)-thumb__\d+__.* {
try_files /var/tmp/$1-thumbnails$uri /app.php;
expires 2w;
access_log off;
add_header Cache-Control "public";
}
# Assets
# Still use a whitelist approach to prevent each and every missing asset to go through the PHP Engine.
location ~* ^(?!/admin)(.+?)\.((?:css|js)(?:\.map)?|jpe?g|gif|png|svgz?|eps|exe|gz|zip|mp\d|ogg|ogv|webm|pdf|docx?|xlsx?|pptx?)$ {
try_files /var/assets$uri $uri =404;
expires 2w;
access_log off;
log_not_found off;
add_header Cache-Control "public";
}
location / {
error_page 404 /meta/404;
try_files $uri /app.php$is_args$args;
}
# Use this location when the installer has to be run
# location ~ /(app|install)\.php(/|$) {
#
# Use this after initial install is done:
location ~ ^/app\.php(/|$) {
send_timeout 1800;
fastcgi_read_timeout 1800;
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# include fastcgi.conf if needed
include fastcgi.conf;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
# Activate these, if using Symlinks and opcache
# fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
# fastcgi_param DOCUMENT_ROOT $realpath_root;
# fastcgi_pass php-pimcore6;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/app.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
然后就可以访问了。