Подготавливаем базу данных, устанавливаем mysql-server 8.0
wget https://dev.mysql.com/get/mysql-apt-config_0.8.36-1_all.deb
dpkg -i mysql-apt-config_0.8.36-1_all.debВСЕГДА! ВСЕГДА делайте кластер, если у вас портал или магазин на битриксе, где пользователей или товаров будет больше 50. Мы же собираемся делать бэкапы бд так, что бы сайт не ложился на лопатки. Рекомандация для кластера MySQL. Используйте GTIG!!! Обязательно!!!
Теперь можно установить все нужные нам пакеты
apt install nginx redis-server memcached nodejs mysql-server php-fpm php-gd php-mysql php-redis php-memcached php-memcache php-zip php-xmlrpc php-xml php-json php-intl php-imagick php-curl php-bz2 php-bcmath php-apcu npmТеперь переходим к настройкам, я не буду указывать имя домена и настройку SSL, это уже 100500 раз показано. Для начала настроим php-cli и php-fpm. По умолчанию у нас установлена php8.4 и все его настройки хранятся в /etc/php/8.4 там правим cli/php.ini
short_open_tag = OnВ директории /etc/php/8.4/fpm/pool.d создаём новый файл с настройками php-fpm, назовём его bitrix-fpm.conf
[localbitrix-8.4]
user = www-data
group = www-data
listen = /run/php/php8.4-fpm-bitrix.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 102
pm.start_servers = 24
pm.min_spare_servers = 10
pm.max_spare_servers = 40
php_admin_value[short_open_tag] = on
php_admin_value[max_input_vars] = 10000
php_admin_value[opcache.max_accelerated_files] = 100000
php_admin_value[suhosin.get.max_vars] = 10000
php_admin_value[suhosin.post.max_vars] = 10000
php_admin_value[suhosin.request.max_vars] = 10000
php_admin_value[date.timezone] = Europe/Moscow
php_admin_value[opcache.revalidate_freq] = 0
php_admin_value[upload_max_filesize] = 512M
php_admin_value[post_max_size] = 512M
php_admin_value[max_execution_time] = 120
php_admin_value[max_input_time] = 36000
php_admin_value[request_slowlog_timeout] = 10
php_admin_value[request_terminate_timeout] = 360000
php_admin_value[opcache.memory_consumption] = 4192
pm.status_path = /status
ping.path = /ping
php_admin_value[INI_ALL] = 1
php_admin_value[pm.max_requests] = 3000
pm.max_requests = 500
Создаем конфиг для nginx, обычно он лежит в /etc/nginx/sites-available/ и с /etc/nginx/sites-enabled делается симлинк
server {
listen 8895 default_server;
server_name mysite.name;
access_log /var/log/nginx/rtc.log;
add_header X-Content-Type-Options nosniff;
location /bitrix/pub/ {
# IM doesn't wait
proxy_ignore_client_abort on;
proxy_pass http://nodejs_pub;
}
location / {
deny all;
}
}
# ----------------------------------------------------------------------
# Push / Sub servers
# ----------------------------------------------------------------------
upstream nodejs_sub {
ip_hash;
keepalive 1024;
server 127.0.0.1:8010;
server 127.0.0.1:8011;
server 127.0.0.1:8012;
server 127.0.0.1:8013;
server 127.0.0.1:8014;
server 127.0.0.1:8015;
}
upstream nodejs_pub {
ip_hash;
keepalive 1024;
server 127.0.0.1:9010;
server 127.0.0.1:9011;
}
# ----------------------------------------------------------------------
# WebSocket helpers
# ----------------------------------------------------------------------
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
map $http_upgrade $replace_upgrade {
default $http_upgrade;
'' websocket;
}
# ----------------------------------------------------------------------
# HTTP → HTTPS redirect
# ----------------------------------------------------------------------
server {
listen 80;
server_name mysite.name;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
return 301 https://$server_name$request_uri;
}
}
# ----------------------------------------------------------------------
# HTTPS main server
# ----------------------------------------------------------------------
server {
listen 443 ssl;
server_name mysite.name;
http2 off;
ssl_certificate /etc/nginx/ssl/crt.crt;
ssl_certificate_key /etc/nginx/ssl/private.key;
gzip on;
gzip_comp_level 7;
gzip_types application/x-javascript application/javascript text/css;
charset off;
index index.php;
set $root_path /var/www/bittrix;
root $root_path;
set $php_sock unix:/run/php/php8.3-fpm-bitrix.sock;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
client_max_body_size 1024M;
client_body_buffer_size 4M;
location / {
try_files $uri $uri/ @bitrix;
}
# ------------------------------------------------------------------
# Bitrix IM / Push
# ------------------------------------------------------------------
location ~* ^/bitrix/subws/ {
access_log /var/log/nginx/im_access.log json;
error_log /var/log/nginx/im_error.log warn;
proxy_pass http://nodejs_sub;
proxy_http_version 1.1;
proxy_max_temp_file_size 0;
proxy_read_timeout 43800;
proxy_set_header Upgrade $replace_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location ~* ^/bitrix/sub/ {
access_log /var/log/nginx/im_access.log json;
error_log /var/log/nginx/im_error.log warn;
rewrite ^/bitrix/sub/(.*)$ /bitrix/subws/$1 break;
proxy_pass http://nodejs_sub;
proxy_max_temp_file_size 0;
proxy_read_timeout 43800;
}
location ~* ^/bitrix/rest/ {
access_log /var/log/nginx/im_access.log json;
error_log /var/log/nginx/im_error.log warn;
proxy_pass http://nodejs_pub;
proxy_max_temp_file_size 0;
proxy_read_timeout 43800;
}
# ------------------------------------------------------------------
# Security: deny executable uploads
# ------------------------------------------------------------------
location ~* /upload/.*\.(php|php3|php4|php5|php6|phtml|pl|asp|aspx|cgi|dll|exe|shtm|shtml|fcg|fcgi|fpl|asmx|pht|py|psp|rb|var)$ {
types {
text/plain text/plain php php3 php4 php5 php6 phtml pl asp aspx cgi dll exe ico shtm shtml fcg fcgi fpl asmx pht py psp rb var;
}
}
# ------------------------------------------------------------------
# PHP
# ------------------------------------------------------------------
location ~ \.php$ {
try_files $uri @bitrix;
fastcgi_pass $php_sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f noreply@mysite.name";
include fastcgi_params;
}
location @bitrix {
fastcgi_pass $php_sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/bitrix/urlrewrite.php;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f noreply@mysite.name";
}
location ~* /bitrix/admin.+\.php$ {
try_files $uri @bitrixadm;
fastcgi_pass $php_sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f noreply@mysite.name";
include fastcgi_params;
}
location @bitrixadm {
fastcgi_pass $php_sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/bitrix/admin/404.php;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f noreply@mysite.name";
}
# ------------------------------------------------------------------
# Static & misc
# ------------------------------------------------------------------
location = /favicon.ico {
access_log off;
log_not_found off;
}
location = /robots.txt {
allow all;
access_log off;
log_not_found off;
}
location ~* /\.ht {
deny all;
}
location ~* /\.(svn|hg|git) {
deny all;
}
location ~* ^/bitrix/(modules|local_cache|stack_cache|managed_cache|php_interface) {
deny all;
}
location ~* ^/upload/1c_[^/]+/ {
deny all;
}
location ~* /\.\./ {
deny all;
}
location ~* ^/bitrix/html_pages/\.config\.php {
deny all;
}
location ~* ^/bitrix/html_pages/\.enabled {
deny all;
}
location ^~ /upload/support/not_image {
internal;
}
location ~* @.*\.html$ {
internal;
expires -1y;
add_header X-Bitrix-Composite "Nginx (file)";
}
location ~* ^/bitrix/components/bitrix/player/mediaplayer/player$ {
add_header Access-Control-Allow-Origin *;
}
location ~* ^/bitrix/cache/(css/.+\.css|js/.+\.js)$ {
expires 30d;
error_page 404 /404.html;
}
location ~* ^/bitrix/cache {
deny all;
}
# ------------------------------------------------------------------
# S3 cloud storage
# ------------------------------------------------------------------
location ^~ /upload/bx_cloud_upload/ {
location ~ ^/upload/bx_cloud_upload/(http[s]?)\.([^/:]+)\.(s3|s3-us-west-1|s3-eu-west-1|s3-ap-southeast-1|s3-ap-northeast-1)\.amazonaws\.com/(.+)$ {
internal;
resolver 8.8.8.8;
proxy_method GET;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
proxy_pass $1://$2.$3.amazonaws.com/$4;
}
location ~* .* {
deny all;
}
}
location ~* ^/(upload|bitrix/images|bitrix/tmp) {
expires 30d;
}
location ~* \.(css|js|gif|png|jpg|jpeg|ico|ogg|ttf|woff|eot|otf)$ {
expires 30d;
error_page 404 /404.html;
}
location = /404.html {
access_log off;
}
}
В /etc/nginx/nginx.conf добавим настройки для логов в json формате, так будет проще потом вебсокеты дебажить
log_format json escape=json
'{'
'"ru":"$remote_user",'
'"ts":"$time_iso8601",'
'"p":"$host",'
'"rl":$request_length,'
'"rm":"$request_method",'
'"ru":"$request_uri",'
'"st":"$status",'
'"bs":$bytes_sent,'
'"ref":"$http_referer",'
'"ua":"$http_user_agent",'
'"rt":"$request_time",'
'"urt":"$upstream_response_time",'
'"uct":"$upstream_connect_time",'
'"uad":"$upstream_addr",'
'"us":"$upstream_status",'
'"uid":"$cookie_qmb",'
'"sslp":"$ssl_protocol",'
'"sp":"$server_protocol"'
'}';
Теперь настроим redis сервер, что бы он работал с push-and-pull сервером для битркса, это реализация websockets
Приводим /etc/redis/redis.conf к следующему виду
bind 127.0.0.1 ::1
protected-mode yes
port 6379
tcp-backlog 511
unixsocket /var/run/redis/redis-server.sock
unixsocketperm 777
timeout 0
tcp-keepalive 300
daemonize yes
supervised no
pidfile /var/run/redis/redis-server.pid
loglevel notice
logfile /var/log/redis/redis-server.log
databases 16
always-show-logo yes
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
rdb-del-sync-files no
dir /var/lib/redis
replica-serve-stale-data yes
replica-read-only yes
repl-diskless-sync no
repl-diskless-sync-delay 5
repl-diskless-load disabled
repl-disable-tcp-nodelay no
replica-priority 100
acllog-max-len 128
lazyfree-lazy-eviction no
lazyfree-lazy-expire no
lazyfree-lazy-server-del no
replica-lazy-flush no
lazyfree-lazy-user-del no
oom-score-adj no
oom-score-adj-values 0 200 800
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
aof-use-rdb-preamble yes
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
notify-keyspace-events ""
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-size -2
list-compress-depth 0
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
stream-node-max-bytes 4096
stream-node-max-entries 100
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
dynamic-hz yes
aof-rewrite-incremental-fsync yes
rdb-save-incremental-fsync yes
jemalloc-bg-thread yes
В основном я сделал три топора на сокет для redis
Настроим /etc/tmpfiles.d/push-pull.conf
d /tmp/push-server 0770 www-data www-data -
скачиваем и устанавливаем модуль
cd /opt
wget https://repo.bitrix24.tech/vm/push-server-0.4.0.tgz
npm install --production ./push-server-0.4.0.tgz
ln -sf /opt/node_modules/push-server/etc/push-server /etc/push-server
cd /opt/node_modules/push-server
cp etc/init.d/push-server-multi /usr/local/bin/push-server-multi
mkdir /etc/sysconfig
cp etc/sysconfig/push-server-multi /etc/sysconfig/push-server-multi
cp etc/push-server/push-server.service /etc/systemd/system/
ln -sf /opt/node_modules/push-server /opt/push-serverВ конфиге ( /etc/sysconfig/push-server-multi ) правим данные под нас
GROUP=www-data
SECURITY_KEY="PUTTHEPRIVATEKEYHERE"
RUN_DIR=/tmp/push-server
REDIS_SOCK=/var/run/redis/redis-server.sockКаждый nodejs-процесс будет запущен как отдельный процесс. Сгенерируйте конфигурационные файлы командами
/usr/local/bin/push-server-multi configs pub
/usr/local/bin/push-server-multi configs subСоздаём директории для логов
mkdir /var/log/push-server
chown www-data:www-data /var/log/push-server
mkdir -p /etc/rc.d/init.d/
touch /etc/rc.d/init.d/functions
cp /opt/push-server/misc/push-server-multi /etc/init.d/
В /etc/systemd/system/push-server.service удаляем данные о пользователе запуска, так как новая версия хочет РУТА
systemctl daemon-reload
systemctl --now enable push-serverСоздаем директорию для сайта и скачиваем туда пхп скрипт для установки
Переходим на https://site/bitrixsetup.php
Жмём "Далее"
и потом жмем далее...
