Debian 10 configure PHP7-fpm with Nginx

Add php apt repo

sudo apt -y install lsb-release apt-transport-https ca-certificates 
sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list

#apt-get install php7.4-{bcmath,bz2,intl,gd,mbstring,mysql,zip}

apt-get install php7.4 php7.4-cli php7.4-cgi php7.4-fpm php7.4-gd php7.4-mysql php7.4-imap php7.4-curl php7.4-intl php7.4-pspell php7.4-sqlite3 php7.4-tidy php7.4-xmlrpc php7.4-xsl php7.4-zip php7.4-mbstring php7.4-soap php7.4-opcache libonig5 php7.4-common php7.4-json php7.4-readline php7.4-xml

While install php7.4fpm you may encounter error, you can fix it via install libsodium

// https://download.libsodium.org/libsodium/releases/

./configure
make && make check
sudo make install

Edit php-7.4 fpm

// nano /etc/php/7.4/fpm/pool.d/www.conf
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
user = www
group = www

listen = /run/php/php7.4-fpm.sock ;;;;
listen.owner = www
listen.group = www
;listen.mode = 0660

service php7.4-fpm restart

Nginx 1.19 conf

// /usr/local/nginx/conf/vhost/xxx.conf

server {
listen 80;
  listen [::]:80;
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  ssl_certificate /usr/local/nginx/conf/ssl/xx.com.crt;
  ssl_certificate_key /usr/local/nginx/conf/ssl/xx.com.key;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+A$
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 10m;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_buffer_size 1400;
  add_header Strict-Transport-Security max-age=15768000;
  ssl_stapling on;
  ssl_stapling_verify on;
  server_name xxx.com;
  access_log off;
  index index.html index.htm index.php;
  root /data/wwwroot/xxx.com;
  if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
location ~ [^/]\.php(/|$) {
    #fastcgi_pass remote_php_ip:9000;
    fastcgi_pass unix:/run/php/php7.4-fpm.sock; ## < -- this 
    fastcgi_index index.php;
    include fastcgi.conf;
  }

}

service nginx restart