1、安装Nginx、PHP
安装依赖包
[root@LNMP ~]# yum install vim gcc gcc++ wget libxml2-devel wget -y
修改yum源
[root@LNMP ~]# rpm -Uvh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
[root@LNMP ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
[root@LNMP ~]# rpm -Uvh http://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm
安装PHP依赖包
[root@LNMP ~]# yum -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel
下载解压PHP包
[root@LNMP ~]# wget http://cn2.php.net/distributions/php-5.6.36.tar.gz
[root@LNMP ~]# tar zxvf php-5.6.36.tar.gz -C /usr/src/
编译安装
[root@LNMP ~]# cd /usr/src/php-5.6.36/
[root@LNMP php-5.6.36]# make
[root@LNMPphp-5.6.36]# make install
拷贝php模板配置文件
[root@LNMP ~]# cp /usr/src/php-5.6.36/php.ini-development /usr/local/php/etc/php.ini
[root@LNMP ~]# vim /usr/local/php/etc/php.ini
1013 pdo_mysql.default_socket=/var/lib/mysql57/mysql57.socket # 对应的socket文件地址
1154 mysqli.default_port = 3306 # 改成对应的MySQL的端口
1159 mysqli.default_socket = /var/lib/mysql57/mysql57.socket # 对应的socket文件地址
配置php-fpm配置文件
[root@LNMP ~]# cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
[root@LNMP ~]# cp /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf
控制启动fastcgi之后的socket文件的权限
[root@LNMP ~]# groupadd www-data
[root@LNMP ~]# useradd -M -g www-data -s /sbin/nologin www-data
[root@LNMP ~]# mkdir /var/run/fastcgi
使用Nginx用户的权限
[root@LNMP ~]# chown -R nginx.nginx /var/run/fastcgi/
启动php-fpm服务
[root@LNMP ~]# /usr/local/php/sbin/php-fpm
[root@LNMP ~]# ll /var/run/fastcgi/
[root@LNMP ~]# ps -ef | grep fpm
设置开机启动
[root@LNMP ~]# systemctl enable php-fpm.service
开启服务
[root@LNMP ~]# systemctl start php-fpm.service
安装Nginx依赖包
[root@LNMP ~]# yum -y install pcre pcre-devel
[root@LNMP ~]# yum -y install zlib zlib-devel
[root@LNMP ~]# yum -y install openssl openssl-devel
下载解压nginx包
[root@LNMP ~]# wget http://nginx.org/download/nginx-1.12.2.tar.gz
[root@LNMP ~]# tar zxvf nginx-1.12.2.tar.gz -C /usr/src/
编译安装
[root@LNMP ~]# cd /usr/src/nginx-1.12.2/
[root@LNMP nginx-1.12.2]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_gzip_static_module --with-http_stub_status_module --with-http_ssl_module
[root@LNMP nginx-1.12.2]# make
[root@LNMP nginx-1.12.2]# make install
创建nginx账号
[root@LNMP ~]# groupadd nginx
[root@LNMP ~]# useradd -M -g nginx -s /sbin/nologin nginx
配置nginx.conf主配置文件
[root@LNMP ~]# cat /usr/nginx/nginx.conf
18 include mime.types;
19 default_type application/octet-stream;
27 sendfile on;
28 tcp_nopush on;
72 include fastcgi.conf;
创建网站目录
[root@LNMP ~]# mkdir /web
检测nginx.conf是否配置正确
[root@LNMP ~]# /usr/local/nginx/sbin/nginx -t
设置nginx开机启动
[root@LNMP ~]# systemctl enable nginx.service
开启服务
[root@LNMP ~]# systemctl start nginx.service
2、nginx的ssl加密
创建一个目录
[root@LNMP ~]# mkdir /etc/nginx/ssl
[root@LNMP ~]# cd /etc/pki/tls/certs/
[root@LNMP ~]# make nginx.crt
将证书和密钥保存到目录
[root@LNMP ~]# cp nginx.crt nginx2.key /etc/nginx/ssl/
[root@LNMP ~]# cd /etc/nginx/ssl/
[root@LNMP ~]# mv nginx2.key nginx.key
在文件中添加
server {
listen 443 ssl;
server_name www.along.com;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
}
生成证书和密钥
[root@LNMP ~]# make nginx.crt
存放并解密
[root@LNMP ~]# cp nginx /etc/nginx/ssl/
openssl rsa -in nginx.key -out nginx.key
创建网页
[root@LNMP ~]# mkdir /app/website
echo website1 > /app/website/index.html
测试访问
3、权限控制的实现
生成账户文件
[root@LNMP ~]# cd /etc/nginx/conf.d
[root@LNMP ~]# htpasswd -c -m .htpasswd http1
[root@LNMP ~]# htpasswd -m .htpasswd http2
修改配置文件
vim /etc/nginx/nginx.conf 在location段中指向账户密码文件
location /images {
auth_basic "images site"; "提示字"
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
}
实现权限控制