Ubuntu18.04
安装LNMP
环境
- 更新
apt-get
源:- 备份原源列表:
sudo mv /etc/apt/sources.list /etc/apt/sources.list.bak
- 修改源列表:
sudo vi /etc/apt/sources.list
deb http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse deb http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse deb http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse deb http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse deb http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse deb-src http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse deb-src http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse deb-src http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse deb-src http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse deb-src http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse
deb http://mirrors.ustc.edu.cn/ubuntu/ xenial main restricted universe multiverse deb http://mirrors.ustc.edu.cn/ubuntu/ xenial-security main restricted universe multiverse deb http://mirrors.ustc.edu.cn/ubuntu/ xenial-updates main restricted universe multiverse deb http://mirrors.ustc.edu.cn/ubuntu/ xenial-proposed main restricted universe multiverse deb http://mirrors.ustc.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse deb-src http://mirrors.ustc.edu.cn/ubuntu/ xenial main restricted universe multiverse deb-src http://mirrors.ustc.edu.cn/ubuntu/ xenial-security main restricted universe multiverse deb-src http://mirrors.ustc.edu.cn/ubuntu/ xenial-updates main restricted universe multiverse deb-src http://mirrors.ustc.edu.cn/ubuntu/ xenial-proposed main restricted universe multiverse deb-src http://mirrors.ustc.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ vivid main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ vivid-security main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ vivid-updates main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ vivid-proposed main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ vivid-backports main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ vivid main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ vivid-security main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ vivid-updates main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ vivid-proposed main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ vivid-backports main restricted universe multiverse
- 更新:
sudo apt-get update
,sudo apt-get upgrade
- 备份原源列表:
- 安装
vim
:sudo apt-get install -y vim
- 设置使用
root
登陆ssh
:- 设置
root
密码(Ubuntu默认root用户是没有密码的):sudo passwd root
- 安装
openssh server
:sudo apt-get install openssh-server
- 配置
openssh server
:sudo vim /etc/ssh/sshd_confg
PermitRootLogin no 改为 PermitRootLogin yes
- 重启:
sudo service ssh restart
- 设置
- 安装
LNMP
:- 安装
nginx
:sudo apt-get install nginx
- 启动
nginx
:sudo /etc/init.d/nginx start
或sudo service nginx start
- 安装
net-tools
:sudo apt-get install net-tools
- 检查是否启动成功:
sudo lsof -i:80
- 在浏览器中输入:
127.0.0.1:80
可以看到nginx
欢迎页面
- 启动
- 安装
php
和php-fpm
:sudo apt-get install php7.2 php7.2-fpm
- 检查是否安装成功:
php -v
- 说明:
- php-fpm与nginx通信方式有两种,一种是基于tcp的Internet domain socket方式,一种是UNIX domain socket方式。
- UNIX domain socket可以使同一台操作系统上的两个或多个进程进行数据通信。UNIX domain socket接口和Internet domain socket很像,但它不是用网络底层协议来通信。
- 服务器压力不大的情况下,这两种方式性能差别不大,但在压力比较满的时候,用UNIX domain socket方式,效果很好。
- 网站根目录通常在
/etc/nginx/sites-available/default
配置文件中,nginx已经将php和php-fpm的整合准备好了,还需要在这个文件中改以下东西
在这几行下面加入新内容
新内容:#location ~ .php$ { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): # fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #}
location ~ .php$ { include snippets/fastcgi-php.conf; # With php-fpm (or other unix sockets): fastcgi_pass unix:/run/php/php7.2-fpm.sock; }
- 修改
php-fpm
:sudo vim /etc/php/7.2/fpm/pool.d/www.conf
listen = /run/php/php7.2-fpm.sock
- 重启
nginx
:sudo /etc/init.d/nginx restart
或sudo service nginx restart
- 重启
php-fpm
:sudo /etc/init.d/php7.2-fpm restart
- 检查是否安装成功:
- 安装
mysql
:sudo apt-get -y install mysql-server mysql-client php7.2-mysql
如果没有提示输入密码则使用:mysql_secure_installation进行设置
- 安装
- 配置虚拟机可以外部访问(防火墙):
- 检查是否已经安装
iptables
:whereis iptables
- 安装
iptables
:sudo vim apt-get install -y iptables
- 检查防火墙信息:
sudo iptables -L
- 添加防火墙信息:
sudo vim /etc/iptables.rules
*filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :syn-flood - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 8888 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 6379 -j ACCEPT -A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -j ACCEPT -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood -A INPUT -j REJECT --reject-with icmp-host-prohibited -A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN -A syn-flood -j REJECT --reject-with icmp-port-unreachable COMMIT
- 使防火墙规则生效:
iptables-restore < /etc/iptables.rules
- 开机自启动防火墙:
sudo vim /etc/network/if-pre-up.d/iptables
#!/bin/bash iptables-restore < /etc/iptables.rules
- 添加执行权限:
# chmod +x /etc/network/if-pre-up.d/iptables
- 查看规则是否生效:
sudo iptables -L -n
- 检查当前IP:
ifconfig
,确定虚拟机网络设置为:网桥模式
- 外部访问:
虚拟机IP
确定是否访问到nginx
- 检查是否已经安装
- 配置
nginx
:nginx.conf
配置:
#user nobody; user root root; worker_processes auto; #nginx工作进程数,一般设置为cpu核数 #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; # 最大连接数 } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #keepalive_timeout 0; keepalive_timeout 60; # 最大连接时间 client_max_body_size 120M; # 客户端请求体最大体积 gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types application/json text/plain application/javascript application/x-javascript text/css application/xml; gzip_vary on; #gzip on; #导入外部服务器配置文件存放地址 include /etc/nginx/conf.d/*.conf; }
- 配置后台api服务器跳转:
server { listen 80; server_name api.service.com; #图片路径拦截,定位到图片静态资源 location ~ /upload/.*$ { root /www/resources/; expires 30d; } location / { #跳转到指点tomcat服务器 proxy_pass http://localhost:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
- 配置h5静态页面跳转
server { listen 80; server_name service.com; #h5页面存放路径 root '/www/orancrabv2-fe/server'; index index.html; error_page 404 = /404.html; location ~ .*\.(js|css|ico|gif|jpg|png|svg|woff|woff2|ttf|eot)$ { log_not_found off; access_log off; expires 7d; } }
- nginx集群方式的配置:
#集群的服务器 upstream local_tomcat{ server localhost:8080; server localhost:8081; } server { listen 80; server_name www.tomcat1.com; location ~ /upload/.*$ { root /www/resources/; expires 30d; } location / { proxy_pass http://local_tomcat; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
- 安装
PHP
扩展:sudo apt-get install -y php7.2-dev