一、编译安装lnmp
1、安装nginx
1.1 准备编译安装环境
[root@node1 ~]# yum install -y vim lrzsz tree screen psmisc lsof tcpdump wget ntpdate gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel nettools iotop bc zip unzip zlib-devel bash-completion nfs-utils automake libxml2 libxml2-devel libxslt libxslt-devel perl perl-ExtUtils-Embed
1.2 下载源码包
下载地址:http://nginx.org/en/download.html
[root@node1 ~]# wget http://nginx.org/download/nginx-1.18.0.tar.gz
[root@node1 ~]# tar -zxf nginx-1.18.0.tar.gz -C /usr/local/src/
[root@node1 ~]# cd /usr/local/src/nginx-1.18.0/
1.3 安装
1.3.1 根据参数生成Makefile
[root@node1 nginx-1.18.0]# ./configure --prefix=/apps/nginx \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module
–prefix=/apps/nginx 指定安装路径
1.3.2 编译安装
[root@node1 nginx-1.18.0]# make
[root@node1 nginx-1.18.0]# make install
[root@node1 nginx-1.18.0]# useradd nginx -s /sbin/nologin -u 2000
[root@node1 nginx-1.18.0]# chown nginx:nginx -R /apps/nginx/
1.3.3 验证版本及编译参数
[root@node1 nginx-1.18.0]# /apps/nginx/sbin/nginx -V
nginx version: nginx/1.18.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/apps/nginx --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
1.3.4 创建nginx自启动脚本
[root@node1 nginx-1.18.0]# vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/apps/nginx/logs/nginx.pid
ExecStart=/apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.conf
ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /apps/nginx/logs/nginx.pid)"
ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /apps/nginx/logs/nginx.pid)"
[Install]
WantedBy=multi-user.target
1.3.5 验证自启动脚本
[root@node1 nginx-1.18.0]# systemctl daemon-reload
[root@node1 nginx-1.18.0]# systemctl start nginx
[root@node1 nginx-1.18.0]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@node1 nginx-1.18.0]# systemctl status nginx
● nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2021-01-28 17:20:13 CST; 41s ago
Docs: http://nginx.org/en/docs/
Main PID: 4583 (nginx)
CGroup: /system.slice/nginx.service
├─4583 nginx: master process /apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.conf
└─4584 nginx: worker process
Jan 28 17:20:13 node1 systemd[1]: Starting nginx - high performance web server...
Jan 28 17:20:13 node1 systemd[1]: Can't open PID file /apps/nginx/logs/nginx.pid (yet?) after start: No such file or directory
Jan 28 17:20:13 node1 systemd[1]: Started nginx - high performance web server.
2、安装php
下载地址 http://cn2.php.net/distributions/
2.1 下载安装
#安装编译依赖的组件
[root@node1 ~]# yum -y install wget vim pcre pcre-devel openssl openssl-devel libicu-devel gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel ncurses ncurses-devel curl curl-devel krb5-devel libidn libidn-devel openldap openldap-devel nss_ldap jemalloc-devel cmake boost-devel bison automake libevent libevent-devel gd gddevel libtool* libmcrypt libmcrypt-devel mcrypt mhash libxslt libxslt-devel readline readline-devel gmp gmp-devel libcurl libcurl-devel openjpeg-devel sqlite-devel
[root@node1 ~]# cd /usr/local/src
#下载解压安装包
[root@node1 src]# wget https://www.php.net/distributions/php-7.4.15.tar.gz
[root@node1 src]# tar -zxf php-7.4.15.tar.gz
#安装
[root@node1 src]# cd php-7.4.15/
[root@node1 php-7.4.15]# ./configure --prefix=/apps/php --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-pear --with-curl --with-png-dir --with-freetype-dir -with-iconv --with-mhash --with-zlib --with-xmlrpc --with-xsl --with-openssl -with-mysqli --with-pdo-mysql --disable-debug --enable-zip --enable-sockets --enable-soap --enable-inline-optimization --enable-xml --enable-ftp --enable-exif --enable-wddx --enable-bcmath --enable-calendar --enable-shmop --enable-dba --enable-sysvsem -enable-sysvshm --enable-sysvmsg
[root@node1 php-7.4.15]# make -j 2
[root@node1 php-7.4.15]# make install
2.2 准备PHP配置文件
[root@node1 php-7.4.15]# cd /apps/php/etc/php-fpm.d/
[root@node1 php-fpm.d]# cp www.conf.default www.conf
[root@node1 php-fpm.d]# cp /usr/local/src/php-7.4.15/php.ini-production /apps/php/etc/php.ini
[root@node1 php-fpm.d]# useradd www -s /sbin/nologin -u 1001
[root@node1 php-fpm.d]# grep -v ";" www.conf | grep -v "^$"
[www]
user = nginx
group = nginx
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
[root@node1 php-fpm.d]# mkdir /apps/php/log/
[root@node1 php-fpm.d]# cd /apps/php/etc/
[root@node1 etc]# cp php-fpm.conf.default php-fpm.conf
2.3 启动并验证
[root@node1 etc]# /apps/php/sbin/php-fpm -t
[22-Feb-2021 17:33:34] NOTICE: configuration file /apps/php/etc/php-fpm.conf test is successful
[root@node1 etc]# /apps/php/sbin/php-fpm -c /apps/php/etc/php.ini
[root@node1 etc]# ps -ef |grep php-fpm
root 16000 1 0 17:33 ? 00:00:00 php-fpm: master process (/apps/php/etc/php-fpm.conf)
www 16001 16000 0 17:33 ? 00:00:00 php-fpm: pool www
www 16002 16000 0 17:33 ? 00:00:00 php-fpm: pool www
root 16108 2946 0 17:34 pts/0 00:00:00 grep --color=auto php-fpm
3、安装Mysql
下载地址:
https://dev.mysql.com/downloads/mysql/5.6.html#downloads
3.1 下载安装
#安装依赖组件
[root@node1 ~]# yum install vim gcc gcc-c++ wget autoconf net-tools lrzsz iotop lsof iotop bash-completion curl policycoreutils openssh-server openssh-clients postfix -y
#下载安装包
[root@node1 ~]# cd /usr/local/src/
[root@node1 src]# wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.6.43-linux-glibc2.12-x86_64.tar.gz
[root@node1 src]# ln -sv /usr/local/src/mysql-5.6.43-linux-glibc2.12-x86_64 /usr/local/mysql
[root@node1 src]# useradd mysql -s /sbin/nologin
[root@node1 src]# mkdir -pv /data/mysql /var/lib/mysql
[root@node1 src]# chown -R mysql.mysql /data /var/lib/mysql -R
[root@node1 src]# /usr/local/mysql/scripts/mysql_install_db --user=mysql -datadir=/data/mysql --basedir=/usr/local/mysql
[root@node1 src]# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@node1 src]# chmod a+x /etc/init.d/mysqld
3.2 修改配置并启动
[root@node1 ~]# vim /etc/my.cnf
[mysqld]
datadir=/data/mysql
socket=/data/mysql/mysql.sock
user=mysql
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
innodb_file_per_table=1
max_connections=10000
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
[client]
port=3306
socket=/data/mysql/mysql.sock
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/tmp/mysql.sock
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
[root@node1 src]# /etc/init.d/mysqld start
[root@node1 ~]# /usr/local/mysql/bin/mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.6.43 MySQL Community Server (GPL)
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
4、配置nginx
4.1 准备php测试页
[root@node1 nginx]# mkdir /data/nginx
[root@node1 nginx]# vim /data/nginx/index.php
<?php
phpinfo();
?>
~
4.2 配置nginx文件
[root@node1 nginx]# vim /apps/nginx/conf/nginx.conf
#server段配置
server {
listen 80;
server_name www.cflinux.com;
location / {
root /data/nginx;
index index.php index.html index.htm;
}
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME
}
}
4.3 重启nginx
[root@node1 nginx]# /apps/nginx/sbin/nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node1 nginx]# /apps/nginx/sbin/nginx -s reload
4.4 访问php状态页
二、配置404页面
1、 nginx配置文件server段添加配置
error_page 404 /404.html;
location = /404.html {
root /data/nginx;
}
2、添加404错误页面
[root@node1 ~]# cd /data/nginx
[root@node1 nginx]# vim 404.html
<h1>404</h1>
3、访问测试
三、配置访问日志为json格式
1、配置nginx.conf并重启nginx
[root@node1 html]# vim /apps/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
log_format access_json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"uri":"$uri",'
'"domain":"$host",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"tcp_xff":"$proxy_protocol_addr",'
'"http_user_agent":"$http_user_agent",'
'"status":"$status"}';
access_log /apps/nginx/logs/access_json.log access_json;
[root@node1 html]# /apps/nginx/sbin/nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node1 html]# /apps/nginx/sbin/nginx -s reload
2、访问并查看日志
[root@node1 html]# tail -f /apps/nginx/logs/access_json.log
{"@timestamp":"2021-02-23T10:35:22+08:00","host":"172.26.58.88","clientip":"61.141.223.88","size":13,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","http_host":"www.cflinux.com","uri":"/404.html","domain":"www.cflinux.com","xff":"-","referer":"-","tcp_xff":"-","http_user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36","status":"404"}
四、配置https访问
1、自签证书
[root@node1 nginx]# mkdir /apps/nginx/certs
[root@node1 nginx]# cd /apps/nginx/certs
#自签ca证书
[root@node1 certs]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt
Generating a 4096 bit RSA private key
..............................................................................................................++
..................................................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn #国家
State or Province Name (full name) []:gd #省份
Locality Name (eg, city) [Default City]:sz #城市
Organization Name (eg, company) [Default Company Ltd]:cwy #公司名称
Organizational Unit Name (eg, section) []:cwy #部门
Common Name (eg, your name or your servers hostname) []:cflinux.com #ip或域名
Email Address []:
[root@node1 certs]# ls
ca.crt ca.key
#⾃制key和csr⽂件
[root@node1 certs]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.cflinux.com.key -out www.cflinux.com.csr
Generating a 4096 bit RSA private key
......................................................................................................++
...................................++
writing new private key to 'www.cflinux.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:gd
Locality Name (eg, city) [Default City]:sz
Organization Name (eg, company) [Default Company Ltd]:cwy
Organizational Unit Name (eg, section) []:cwy
Common Name (eg, your name or your servers hostname) []:www.cflinux.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@node1 certs]# ll
total 16
-rw-r--r-- 1 root root 1976 Feb 23 14:43 ca.crt
-rw-r--r-- 1 root root 3272 Feb 23 14:43 ca.key
-rw-r--r-- 1 root root 1683 Feb 23 14:49 www.cflinux.com.csr
-rw-r--r-- 1 root root 3268 Feb 23 14:49 www.cflinux.com.key
#签发证书
[root@node1 certs]# openssl x509 -req -days 3650 -in www.cflinux.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.cflinux.com.crt
Signature ok
subject=/C=cn/ST=gd/L=sz/O=cwy/OU=cwy/CN=www.cflinux.com
Getting CA Private Key
2、nginx.conf配置
listen 80;
listen 443 ssl;
server_name www.cflinux.com;
ssl_certificate /apps/nginx/certs/www.cflinux.com.crt;
ssl_certificate_key /apps/nginx/certs/www.cflinux.com.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
#重启nginx
[root@node1 conf]# /apps/nginx/sbin/nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node1 conf]# /apps/nginx/sbin/nginx -s reload
3、访问
扫一扫
217
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
