Centos 7 环境下 LNMP 服务器配置步骤记录

环境：阿里云 Centos7 64位

Paste_Image.png

环境配置

1、更新 yum 源

http://mirrors.aliyun.com/help/centos

• 备份

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

• 下载新的 CentOS-Base.repo 到 /etc/yum.repos.d/

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

• 更新

yum makecache
yum update

2、设置免密码 ssh 登录

git config --global user.name "your_name"
git config --global user.email "your@gmail.com"
ssh-keygen -t rsa -C   "your@gmail.com"
cat ~/.ssh/id_rsa.pub   #复制自己本地的id_rsa.pub，这一句在自己本地的电脑的命令行里跑
vi ~/.ssh/authorized_keys   #添加自己的id_rsa.pub进去
chmod 600 ~/.ssh/authorized_keys

3、安装 Git

参考 http://blog.csdn.net/jinwufeiyang/article/details/51933925

4、安装 oh-my-zsh

参考 https://zhuanlan.zhihu.com/p/19556676?columnSlug=mactalk

5、安装 autojump

参考 https://github.com/wting/autojump/wiki

6、安装 lnmp

https://github.com/lj2007331/lnmp

7、安装composer

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php
php -r "unlink('composer-setup.php');"

composer config -g repo.packagist composer https://packagist.phpcomposer.com

8、备份

进入阿里云后台设置阿里云自动快照备份。

9、添加ftp用户

cd ~/lnmp
./pureftpd_vhost.sh

站点配置

0、关闭默认站点的访问

cd /usr/local/nginx/conf
vi nginx.conf

修改 root /data/wwwroot/default; 为 root /data/wwwroot/default/none;

service nginx restart

1、添加虚拟站点

cd ~/lnmp 
./vhost.sh

2、配置 https 功能
采用的是 letsencrypt 提供的免费 HTTPS 证书。

配置方法如下：

wget https://raw.githubusercontent.com/certbot/certbot/master/letsencrypt-auto

cp  letsencrypt-auto /bin/letsencrypt

chmod -R 755  /bin/letsencrypt

service nginx stop

letsencrypt certonly --standalone --email your@mail.com -d domain.com

最后一步如果出现问题的话，删除 ~/.pip/pip.conf ,运行

pip install --upgrade pip

然后重新运行

letsencrypt certonly --standalone --email your@mail.com -d domain.com

如果卡在这里Installing Python packages
参考 https://github.com/certbot/certbot/issues/2516

成功的话看到

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/vickoo.linkerlab.net/fullchain.pem. Your cert
   will expire on 2017-06-01. To obtain a new or tweaked version of
   this certificate in the future, simply run letsencrypt again. To
   non-interactively renew *all* of your certificates, run
   "letsencrypt renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

修改nginx.conf，添加https支持，修改nginx.conf下面对应项(或者修改虚拟站点里的配置)

listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name cdn.loldata.cn;
index index.html index.htm index.php default.html default.htm default.php;
root  /home/wwwroot/op-gg-spider/storage;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.loldata.cn-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.loldata.cn-0001/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_session_cache builtin:1000 shared:SSL:10m;

修改nginx.conf(或虚拟站点的配置文件)，使http自动跳转https,在server添加

server
{
      if ($ssl_protocol = "") { 
            return 301 https://$server_name$request_uri; 
      }
}

重启nginx

service nginx start

设置自动续费

crontab -e
#在文件里添加
* * 1 * * service nginx stop && letsencrypt renew && service nginx start

自动脚本

把上面的配置 Https 的步骤写成了一个简单的脚本了，使用方法:

• 把下面脚本代码复制到任何想放的位置，例如命名为 add-https ，给予执行权限。
• 第一次运行，请执行下面命令，安装 letsencrypt./add-https install
• 用 lnmp 配置好想要的域名
• 在域名管理后台，把该域名映射到对应的 ip 上
• 执行以下命令，安装证书./add-https your.domain
• 安装后会看到如下提示

#-----Add those below to your.domain.conf-----
listen 443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/$1/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$1/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_session_cache builtin:1000 shared:SSL:10m;

if (\$ssl_protocol = \"\") { return 301 https://\$server_name\$request_uri; }

复制上面内容，到 your.domain.conf 里，运行

service nginx start

配置完成!

自动脚本如下：

#!/bin/sh
if [ "$#" -eq "0" ]
then
   echo "---------How to use?-----------
1. cd /home/lnmp and add a vhost you want under http.
2. back to this directory and run
./add-https your_domain
";
elif [ $1 == "install" ]
then
  echo "--------- installing letsencrypt ----------";
  wget https://raw.githubusercontent.com/certbot/certbot/master/letsencrypt-auto
  mv  letsencrypt-auto /bin/letsencrypt
  chmod -R 755  /bin/letsencrypt
  rm ~/.pip/pip.conf
  pip install --upgrade pip
  echo "--------- success! --------";
else
  echo "-----Adding Https by letsencrypt----";
  service nginx stop
  letsencrypt certonly --standalone --email your@email.com -d $1
  service nginx start
  echo "


-----Add those below to $1.conf-----
  listen 443 ssl http2;
  ssl on;
  ssl_certificate /etc/letsencrypt/live/$1/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/$1/privkey.pem;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
  ssl_session_cache builtin:1000 shared:SSL:10m;


  if (\$ssl_protocol = \"\") { return 301 https://\$server_name\$request_uri; }
";
fi

版权声明

转载请注明作者和文章出处
作者: X先生
首发于 http://www.jianshu.com/p/a6fdb039d670