设置防火墙
允许http/https通信,开放80/8080/443端口,然后重载防火墙配置(firewall-cmd --reload)
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --zone=public --add-service=https --permanent
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=8080/tcp --permanent
加个数据库端口:
firewall-cmd --zone=public --add-port=3306/tcp --permanent
安装nginx
安装PCRE正则表达式库(yum install pcre pcre-devel)
安装提供数据压缩的函式库zlib(yum install zlib zlib-devel)
安装OpenSSL库(yum install openssl openssl-devel)
配置nginx官方源(rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm)
安装nginx(yum install nginx)
修改nginx配置文件
nginx配置文件位置:/etc/nginx/nginx.conf
可以在这里配置网站目录和访问端口,此外也可以在:/etc/nginx/conf.d目录中直接添加一个配置文件来对应一个网站,nginx会在访问nginx.conf文件时遍历/etc/nginx/conf.d目录中的配置文件来获取配置,默认配置文件default.conf文件中默认为80端口
此时启动nginx(systemctl start nginx),浏览器访问服务器ip会访问到nginx默认页面,我们尝试修改default.conf,把默认端口改为8080
重启nginx服务(systemctl restart nginx)后访问,成功访问如下
安装PHP
安装epel-release配置yum软件仓库(yum install epel-release -y)
安装配置php源(rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm)
安装php7及一些常用的类库(yum install php72w php72w-cli php72w-common php72w-devel php72w-embedded php72w-fpm php72w-gd php72w-mbstring php72w-mysqlnd php72w-opcache php72w-pdo php72w-xml)
启动PHP,并设置开机启动
让nginx支持PHP,修改default.conf中的以下部分:
location ~ \.php$ {
root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
重启nginx,并新建info.php文件用于输出php信息
成功输出,说明安装成功
安装mysql数据库
配置Mariadb源(国内)vim /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = https://mirrors.ustc.edu.cn/mariadb/yum/10.1/centos7-amd64/
gpgkey=https://mirrors.ustc.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck=1
更新源(yum clean&&yum update)并执行安装操作(yum install MariaDB-client MariaDB-server)
启动数据库(systemctl start mariadb)并设置开机启动(systemctl enable mariadb)
初始化mariadb
数据库安全配置(mysql_secure_installation):
服务器本地登录数据库(mysql -u root -p)
分别配置mysql服务端( vi /etc/my.cnf.d/server.cnf)和客户端(vi /etc/my.cnf.d/mysql-clients.cnf)如下
重启并登录数据库查看设置是否成功(show variables like "%character%";show variables like "%collation%";)
配置远程登录用户权限
这里我不限制权限和ip,给了最大权限和对所有ip开放
# 针对ip
create user 'root'@'192.168.10.10' identified by 'password';
#全部
create user 'root'@'%' identified by 'password';
授权用户:
# 给用户最大权限
grant all privileges on *.* to 'root'@'%' identified by 'password';
# 给部分权限(test 数据库)
grant all privileges on test.* to 'root'@'%' identified by 'password' with grant option;
# 刷新权限表
flush privileges;
配置完重启数据库,远程连接正常执行!
如果是tp5或者laravrl项目,在部署时配置文件应该配置如下:
server {
listen 8080;
server_name localhost;
charset utf-8;
access_log logs/host.access.log main;
root /data/default/tp5/public;
index index.html index.htm index.php;
location / {
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
}
参考文章: