1、使用ansible实现nginx的编译安装
安装和配置ansible
- 开启yum的epel源,安装ansible
yum -y install ansible
- 配置
# 添加被控端的IP
vim /etc/ansible/hosts
[all]
192.168.30.10[1:4]
# 实现主控端和被控端基于key的登录验证
ssh-keygen
copy_id_main.sh
拷贝key的脚本
- copy_id.exp,这个脚本需要安装expect软件包
#!/usr/bin/expect
set ip [lindex $argv 0]
set timeout 10
spawn ssh-copy-id root@$ip
expect {
"yes/no" { send "yes\n";exp_continue }
"password" { send "centos\n" }
}
expect eof
- copy_id_main.sh
#!/bin/bash
hosts=$(ansible all --list-hosts |egrep -o '([0-9]+\.){3}[0-9]+')
for ip in $hosts;do
copy_id.exp $ip
done
编写playbook
- 组织角色目录
mkdir /root/.ansible/roles
cd /root/.ansible/rolse
mkdir -pv nginx1142/{files,tasks,templates,handlers}
- 准备文件
cd files
wget http://nginx.org/download/nginx-1.14.2.tar.gz
- 编写任务
# 1.
vim creat_installation_dirs.yaml
- name: "create installation dirs"
file: path=/app/{{ item }} state=directory
with_items:
- nginx
- srcs
- name: "etc dir"
file: path=/etc/nginx/conf.d state=directory
- name: "data dir"
file: path=/data/nginx/html state=directory
# 2.
vim prepare_source_code.yaml
- name: "copy and unpack source tar ball"
unarchive: src=nginx.tar.gz dest=/app/srcs copy=yes
- name: "rename source dir"
shell: mv /app/srcs/nginx-1.14.2 /app/srcs/nginx
# 3.
vim install_dependecies.yaml
- name: "install dependencies for building"
yum: name={{ packages }} state=latest
vars:
packages:
- pcre-devel
- openssl-devel
- zlib-devel
# 4.
vim create_user.yaml
- name: "create user for nginx"
user: name=nginx state=present system=yes shell=/sbin/nologin
# 5.
vim build.yaml
- name: configure
shell: ./configure --prefix=/app/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_dav_module --with-http_stub_status_module --with-threads --with-file-aio
args:
chdir: /app/srcs/nginx
- name: "make"
shell: make && make install
args:
chdir: /app/srcs/nginx
# 6.
vim copy_templates.yaml
- name: "copy the main configure file"
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
- name: "copy enviroment var"
template: src=nginx.sh.j2 dest=/etc/profile.d/nginx.sh
- name: "copy error page"
template: src={{ item.src }} dest=/data/nginx/html/{{ item.dest }}
with_items:
- { src: 404.html.j2, dest: 404.html }
- { src: 50x.html.j2, dest: 50x.html }
# 7.
vim read_nginx_variables
- name: "source nginx.sh"
shell: source /etc/profile.d/nginx.sh
# 8.
vim start_service.yaml
- name: "start nginx"
shell: nginx
# 9.
vim delete_source.yaml
- name: "clean src dir"
shell: /bin/rm -rf /app/srcs/nginx*
# 10.
vim main.yaml
- include: delete_source.yaml
- include: creat_installation_dirs.yaml
- include: prepare_source_code.yaml
- include: install_dependecies.yaml
- include: create_user.yaml
- include: build.yaml
- include: copy_templates.yaml
- include: read_nginx_variables.yaml
- include: start_service.yaml
- include: delete_source.yaml
- 调用角色
---
- hosts: all
remote_user: root
roles:
- role: nginx1142
- 最后的目录
tree nginx1142/
nginx1142/
|-- files
| `-- nginx.tar.gz
|-- handlers
|-- tasks
| |-- build.yaml
| |-- copy_templates.yaml
| |-- creat_installation_dirs.yaml
| |-- create_user.yaml
| |-- delete_source.yaml
| |-- install_dependecies.yaml
| |-- main.yaml
| |-- prepare_source_code.yaml
| |-- read_nginx_variables.yaml
| `-- start_service.yaml
`-- templates
|-- 404.html.j2
|-- 50x.html.j2
|-- nginx.conf.j2
`-- nginx.sh.j2
测试结果
- 检查
ansible-playbook -C ~/.ansible/install_nginx_from_source.yaml
- 运行
ansible-playbook ~/.ansible/install_nginx_from_source.yaml
2、实现lnmp,用http协议提供wordpress,用https提供pma
① 实现http协议的wordpress
centos7.6上二进制安装mariadb 10.3.15
- 进入官方网站下载二进制的安装包
- 解压到/usr/local,并查看安装文档
tar xf mariadb-10.3.15-linux-x86_64.tar.gz
- 创建mysql目录的软连接
cd /usr/local
ln -s mariadb-10.3.15-linux-x86_64 mysql
- 创建mysql用户和组,并修改mysql目录的所有者和所属组
useradd -r -m -d /data/mysql -s /sbin/nologin mysql
chown mysql.mysql mysql
- 卸载系统自带的mariadb-libs包
rpm -e mariadb-libs --nodeps
- 生成系统数据库
./scripts/mysql_install_db --user=mysql --datadir=/data/mysql
- 拷贝主配置文件
cp support-files/wsrep.cnf /etc/my.cnf
# 添加自定义的数据目录
vim /etc/my.cnf
[mysqld]
datadir=/data/mysql
- 拷贝启动脚本
cp support-files/mysql.server /etc/init.d/mysqld
- 设置环境变量
echo PATH=/usr/local/mysql/bin:$PATH > /etc/profile.d/lnmp.sh
source /etc/profile.d/lnmp.sh
- 启动mariadb
chkconfig --add mysqld;chkconfig mysqld on
systemctl start mysqld
systemctl status mysqld
# 查看端口
ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 80 *:3306 *:*
- 运行安全加强脚本
mysql_secure_installation
- 使用客户端连接测试
mysql
mysql > show databases;
编译安装nginx1.16
- 准备源码安装包
tar xf nginx-1.16.0.tar.gz
mv nginx-1.16.0 nginx
- 安装编译需要的依赖包
yum -y install pcre-devel openssl-devel zlib-devel
- 创建nginx用户和组
useradd -r -s /sbin/nologin nginx
- 编译和安装
cd nginx
./configure \
--prefix=/app/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_dav_module \
--with-http_stub_status_module \
--with-threads --with-file-aio
make && make install
- 配置nginx
vim /etc/nginx/nginx.conf
- 设置环境变量
vim /etc/prifile.d/lnmp.sh
PATH=/app/nginx/bin:/usr/local/mysql/bin:$PATH
source /etc/profile.d/lnmp.sh
- 启动并查看端口
nginx
ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
# 停止和重新加载
nginx -s stop
nginx -s reload
编译安装PHP 7.3.5
- 准备PHP源码包
tar xf php-7.3.5.tar.bz2
mv php-7.3.5 php
- 安装依赖包
yum -y install libxml2-devel bzip2-devel libmcrypt-devel
- 编译和安装,需要的时间较长
cd php
./configure \
--prefix=/app/php \
--enable-mysqlnd \
--with-mysqli=mysqlnd \
--with-openssl \
--with-pdo-mysql=mysqlnd \
--enable-mbstring \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib \
--with-libxml-dir=/usr \
--enable-xml \
--enable-sockets \
--enable-fpm \
--with-config-file-path=/etc \
--with-config-file-scan-dir=/etc/php.d \
--enable-maintainer-zts \
--disable-fileinfo
make && make install
- 配置PHP
# 准备主配置文件和启动脚本
cd /app/srcs/php/
cp php.ini-production /etc/php.ini
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/init.d/php-fpm
chkconfig --add php-fpm;chkconfig php-fpm on
# 准备其他配置文件
cd /app/php/etc
cp php-fpm.conf.default php-fpm.conf
cp php-fpm.d/www.conf.default php-fpm.d/www.conf
- 启动并查看端口
service php-fpm start
ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:9000 *:*
配置wordpress
- 配置数据库
mysql > create database wordpressdb;
mysql > user wordpressdb
mysql > grant all on wordpressdb.* to wordpress@'192.168.30.%' identified by 'centos';
- 解压wordpress包到nginx数据目录
tar xf wordpress-5.2.tar.gz
cd wordpress
mv * /app/nginx/html/
- 配置wordpress
cd /app/nginx/html/
cp wp-config-sample.php wp-config.php
vim wp-config.php
define( 'DB_NAME', 'wordpressdb' );
define( 'DB_USER', 'wordpress' );
define( 'DB_PASSWORD', 'centos' );
define( 'DB_HOST', '192.168.30.104' );
- 配置nginx解析PHP
vim /etc/nginx/nginx.conf
server {
root /data/nginx/html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
}
}
使用浏览器测试
② 用https提供pma
生成自签名证书
简单生成证书
cd /etc/pki/tls/certs/
make test.crt
openssl rsa -in test.key -out out.key
rm test.key
mv out.key test.key
复制证书
cp /etc/pki/tls/certs/test.* /etc/nginx/cert/
配置nginx
vim /etc/nginx/nginx.conf
http {
include conf.d/*.conf;
}
# 添加ssl的配置文件
cd /etc/nginx/conf.d
vim ssl.conf
server {
listen 443 ssl;
server_name www.test.com;
ssl_certificate /etc/nginx/cert/test.crt;
ssl_certificate_key /etc/nginx/cert/test.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
location / {
proxy_pass http://192.168.30.103:80;
}
}
安装后端httpd
yum -y install httpd
echo test page > /var/www/html/index.html
浏览器测试
119
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
