Hi,大家好,我是森哥,今天森哥给大家带来的是一篇《基于CentOS环境下,LNMP+REDIS+YAF+Java环境搭建》,这些内容都是经过森哥自己本身亲自整理、测试后,撰写而成的原创内容。希望对大家有所帮助。
一个完整的服务器环境应用服务内容,不能缺少的就是相关的web、数据库、应用等环境。下面,在基于CentOS的系统环境下,为大家提供一个完整的应用服务教程,大家在使用的过程中,可以根据自己的需求进行取舍,若是不清楚的,可以与森哥取得联系,互相探讨,互相进步。
一、CentOS 7.0安装
选择最小安装,将相关的"调试工具"、“兼容性程序库”、“开发工具”选中。
此操作是为了减少后期安装或编译相关服务时出现依赖、或环境的问题。
硬盘分区,可根据个人的习惯而定,不清楚的可以直接选择系统自动分区,
安装过程这里就省略点。
由于个人的习惯,本人的分区如下,仅供参考:
/boot 500M 用于启动Linux的核心文件swap 5120M(5G) Linux下的交换分区,又称为虚拟内存,一般是物理内存的2倍,但不建议超过8G/ 51200M(50G) 所有系统的文件等,都在该分区下/home 剩下的空间 用户主目录,新建的用户的目录将会出现在这里,本人习惯也把数据存在于此
二、基本环境配置
2.1、关闭SeLinux
sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/configsetenforce 0
2.2、关闭系统自带的防火墙
systemctl stop firewalld //停止系统默认的防火墙systemctl mask firewalld //屏蔽服务(让它不能启动)
2.3、系统管理工具
此举是为了今后方便运维管理使用。可根据情况而定。
yum install -y chkconfig net-tools ntsysv mlocate lrzsz wget lsof setuptool system-config-securitylevel-tui system-config-network-gui system-config-network-tui system-config-date tcpdumpyum install -y vim nano //安装编辑器yum install -y git
2.4、更新yum源
yum install -y epel-releaserpm -Uvh http://mirror.webtatic.com/yum/el7/epel-release.rpmrpm -Uvh http://mirror.webtatic.com/yum/el7/webtatic-release.rpm
2.5、安装nginx yum安装的第三方repo源文件(使用编译安装则不需要)
cd /root/softwarewget https://mirrors.ustc.edu.cn/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpmrpm -ivh epel-release-7-11.noarch.rpm
2.6、安装mysql yum安装的第三方repo源文件(使用编译安装则不需要)
cd /root/software //进入源文件集中文件夹wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm //下载(wget https://dev.mysql.com/get/mysql80-community-release-el7-1.noarch.rpm Mysql8.0)yum localinstall -y mysql57-community-release-el7-8.noarch.rpm //通过rpm安装得到repo源yum repolist enabled | grep "mysql.*-community.*" //检查mysql源是否安装成功
2.7、PHP yum的第三方repo源文件(使用编译安装则不需要)
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
2.8、清理并更新yum源
yum clean allyum makecache
加快yum工具下载安装速度以及解决yum安装过程中断
mkdir /root/softwarecd /root/softwareyum install -y yum-fastestmirrorwget https://wilmer.gaa.st/downloads/axel-1.0b.tar.gztar zxvf axel-1.0b.tar.gzcd axel-1.0b./configure --i18n=1makemake installyum -y install yum-utilsyum clean allyum-complete-transaction --cleanup-only
三、应用环境安装
编译等环境预装
yum install -y make cmake gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers gd gd-devel perl expat expat-devel nss_ldap unixODBC-devel libxslt-devel libevent-devel libtool-ltdl bison libtool zip unzip gmp-devel python-devel perl-devel perl-ExtUtils-Embed //安装各种环境所需要的插件yum install -y pcre pcre-devel //安装PCRE(可与预装环境同步进行)yum update -y //升级补丁
3.1、iptables应用(可不安装)
3.1.1、安装iptables
yum install -y iptables-services //安装iptablessystemctl enable iptables //开机自启动service iptables start //启动服务iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT //允许远程访问mysqliptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT //允许远程访问httpiptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT //允许远程访问httpsservice iptables save //保存相关操作配置systemctl stop iptables.service //关闭iptables服务
3.1.2、iptables规则
3.1.2.1、清除所有规则,所有设置从头开始
iptables -F //清除预设表filter中的所有规则链的规则iptables -X //清除预设表filter中使用者自定链中的规则service iptables save //保存结果,否则重启后又恢复原来的状态iptables -L -n
结果如下:
Chain INPUT (policy ACCEPT)target prot opt source destination Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy ACCEPT)target prot opt source destination
3.1.2.2、设定预设规则
iptables -A INPUT -p tcp --dport 22 -j ACCEPT //允许所有IP,访问22端口(流入)iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT //允许所有IP,访问22端口(流出)iptables -I INPUT -s 10.17.162.137 -p tcp --dport 22 -j ACCEPT //指定IP访问指定端口iptables -I OUTPUT -s 10.17.162.137 -p tcp --sport 22 -j ACCEPT //若流出被禁止,则需要追加该条规则注:优先允许SSH端口,否则,在执行下面的规则时,将会直接失去连接,无法管理远程机器。iptables -P INPUT DROP //禁止所有流入规则iptables -P OUTPUT ACCEPT //允许所有流出规则iptables -P FORWARD DROP //禁止所有转发规则service iptables save //保存结果,否则重启后又恢复原来的状态
php-fpm访问的时候,需要用到以下规则,否则将无法访问php文件。
iptables -A INPUT -i lo -j ACCEPT //允许来自于lo接口接收数据包iptables -A OUTPUT -o lo -j ACCEPT //允许向lo接口发送数据包
上述规则可根据实际情况而定,而iptables -A的意思是添加到当前规则的最后一条;而iptables -I的意思是添加到当前规则的某一个位置,默认为第一条,若是iptables -I 3 则意思是在第三条插入。
iptables -A INPUT -p tcp --dport 53 -j ACCEPT //开放53端口,DNS端口,否则无法使用yum安装iptables -A INPUT -p udp --dport 53 -j ACCEPT //开放53端口,DNS端口,否则无法使用yum安装iptables -A INPUT -p tcp --dport 80 -j ACCEPT //开放80端口iptables -I INPUT -p tcp --dport 8080 -j ACCEPT //tomcat服务需用到的端口iptables -I INPUT 2 -m state --state RELATED,ESTABLISHED -j ACCEPT //tomcat服务需要iptables -A INPUT -p tcp --dport 443 -j ACCEPT //开放443端口
允许icmp包通过,也就是允许ping,
iptables -A OUTPUT -p icmp -j ACCEPT (OUTPUT设置成DROP的话)iptables -A INPUT -p icmp -j ACCEPT (INPUT设置成DROP的话)iptables -A INPUT -i lo -p all -j ACCEPT (如果是INPUT DROP)iptables -A OUTPUT -o lo -p all -j ACCEPT(如果是OUTPUT DROP)
丢弃坏的TCP包
iptables -A FORWARD -p TCP ! --syn -m state --state NEW -j DROP
处理IP碎片数量,防止攻击,允许每秒100个
iptables -A FORWARD -f -m limit --limit 100/s --limit-burst 100 -j ACCEPT
设置ICMP包过滤,允许每秒1个包,限制触发条件是10个包.
iptables -A FORWARD -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
防止外网用内网IP欺骗
iptables -t nat -A PREROUTING -i eth0 -s 10.0.0.0/8 -j DROPiptables -t nat -A PREROUTING -i eth0 -s 172.16.0.0/12 -j DROPiptables -t nat -A PREROUTING -i eth0 -s 192.168.0.0/16 -j DROP
禁止与某个具体IP的所有连接
iptables -t nat -A PREROUTING -d ip地址(0.0.0.0) -j DROP
禁用FTP(21)端口
iptables -t nat -A PREROUTING -p tcp --dport 21 -j DROP
禁止某个IP连接FTP(21)端口.
iptables -t nat -A PREROUTING -p tcp --dport 21 -d ip地址 -j DROP
drop非法连接
iptables -A INPUT -m state --state INVALID -j DROPiptables -A OUTPUT -m state --state INVALID -j DROPiptables -A FORWARD -m state --state INVALID -j DROP
允许所有已经建立的和相关的连接
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPTiptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPTservice iptables saveservice iptables restart
3.2、安装mysql及初始设置mysql
3.2.1、安装mysql
yum install -y bison-devel libaio-devel perl-Data-Dumper //预装mysql环境yum install -y mysql-server //安装mysqldservice mysqld start //启动mysqlsystemctl enable mysqld.service //开机自启动
3.2.2、初始化设置
grep 'temporary password' /var/log/mysqld.log //mysql5.7版本后,初始密码不再为空,默认随机生成,可通过该命令查询mysql -u root -p //进入mysqlalter user root@localhost identified by '三种或以上的八位字符'; 默认需要先修改密码,才能其他操作use mysql; //加载mysql表UPDATE user SET Password=PASSWORD('三种或以上的八位字符') where USER='root'; //设置初始密码FLUSH PRIVILEGES;exit; //退出mysql管理
3.2.3、设置mysql 不分大小写
vi /etc/my.cnf[mysqld]datadir=/var/lib/mysqlsocket=/var/lib/mysql/mysql.socklower_case_table_names=1character-set-server=utf8max_connections=500innodb_log_file_size=60Minnodb_buffer_pool_size=128Msymbolic-links=0[client]default-character-set=utf8socket=/var/lib/mysql/mysql.sock[mysqld_safe]open-files-limit = 8192log-error=/var/log/mysqld.logsocket=/var/lib/mysql/mysql.sockpid-file=/var/run/mysqld/mysqld.pid
service mysqld restart
3.3、安装PHP环境(任选一个版本)
3.3.1、安装PHP5.6版本
yum install -y php56w php56w-cli php56w-common php56w-gd php56w-ldap php56w-mbstring php56w-mcrypt php56w-mysql php56w-pdo php56w-devel php56w-bcmathyum install -y traceroute net-snmp-devel vim sysstat tree mysql-devel ntpdate libjpeg* bind-utilsyum install -y php56w-imap php56w-odbc php56w-pear php56w-xml php56w-xmlrpc php56w-mhash libmcrypt php56w-bcmathyum install -y php56w-fpm
配置运行的用户名:
vi /etc/php-fpm.d/www.confuser = nginx //默认为apache,修改与nginx一致的用户 可以先修改,安装nginx后再重启group = nginx //默认为apache,修改与nginx一致的组 可以先修改,安装nginx后再重启chkconfig php-fpm onservice php-fpm start
3.3.2、安装PHP7.0版本
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm //php7 yum源yum install -y php70w php70w-cli php70w-common php70w-gd php70w-ldap php70w-mbstring php70w-mcrypt php70w-mysql php70w-pdo php70w-devel php70w-bcmathyum install -y traceroute net-snmp-devel vim sysstat tree mysql-devel ntpdate libjpeg* bind-utilsyum install -y php70w-imap php70w-odbc php70w-pear php70w-xml php70w-xmlrpc php70w-mhash libmcrypt php70w-bcmathyum install -y php70w-fpm
配置运行的用户名:
vi /etc/php-fpm.d/www.confuser = nginx //默认为apache,修改与nginx一致的用户 可以先修改,安装nginx后再重启group = nginx //默认为apache,修改与nginx一致的组 可以先修改,安装nginx后再重启chkconfig php-fpm onservice php-fpm start
3.3.3、安装PHP7.3版本
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpmyum --enablerepo=remi install -y php73-php php73-php-pear php73-php-bcmath php73-php-pecl php73-php-jsond php73-php-mysqlnd php73-php-mysql php73-php-gd php73-php-common php73-php-fpm php73-php-intl php73-php-cli php73-php php73-php-xml php73-php-opcache php73-php-pecl-apcu php73-php-pdo php73-php-odbc php73-php-xmlrpc php73-php-mhash php73-php-gmp php73-php-process php73-php-pecl-imagick php73-php-devel php73-php-mbstring php73-php-zip php73-php-ldap php73-php-imap php73-php-pecl-mcrypt php73-php-soap traceroute net-snmp-devel vim sysstat tree mysql-devel ntpdate libjpeg* bind-utilsphp73 -vsystemctl restart php73-php-fpmsystemctl enable php73-php-fpmln -s /opt/remi/php73/root/usr/bin/php /usr/bin/phpln -s /opt/remi/php73/root/usr/bin/phpize /usr/bin/phpizeln -s /opt/remi/php73/root/usr/bin/php-config /usr/bin/php-configvi /etc/opt/remi/php73/php.inimemory_limit = 512M
配置运行的用户名:
vi /etc/opt/remi/php73/php-fpm.d/www.confuser = nginx //默认为apache,修改与nginx一致的用户 可以先修改,安装nginx后再重启group = nginx //默认为apache,修改与nginx一致的组 可以先修改,安装nginx后再重启systemctl restart php73-php-fpmsystemctl enable php73-php-fpm
3.3.4、修改时区
vi /etc/php.inidate.timezone = Asia/Shanghai
3.4、安装 REDIS 及 REDIS-php 服务
3.4.1、安装 REDIS
yum install -y tcl //若不安装tcl,在make test时会出现错误cd /home/softwarewget http://download.redis.io/releases/redis-4.0.10.tar.gz //下载redis安装包tar zxvf redis-4.0.10.tar.gz //解压mkdir /data/deploy -pmv redis-4.0.10 /data/deploy/rediscd /data/deploy/redis //进入redis安装文件夹中,该文件为二进制文件,可直接make操作。make distclean //清理旧的一些编译过的文件make MALLOC=libcmake test && make installmkdir -p /data/deploy/redis/etcmkdir -p /data/deploy/redis/runmkdir -p /data/deploy/redis/binmkdir -p /data/deploy/redis/data/6379mkdir -p /data/deploy/redis/logcp redis.conf /data/deploy/redis/etc/redis.confcp -r src/redis-* /data/deploy/redis/bincd /data/deploy/redis/./bin/redis-server etc/redis.conf //即可启动redis服务
测试安装是否成功
cd /data/deploy/redis/bin./redis-server --version
显示下面内容,说明安装成功
Redis server v=3.2.9 sha=00000000:0 malloc=libc bits=64 build=35b33d1f1bb9d2fc
配置redis
vi /data/deploy/redis/etc/redis.confrequirepass Credit2016Admin //配置密码bind 0.0.0.0 //允许其他服务器访问daemonize yes //改成后台启动
启动服务文件
touch /etc/init.d/redisvi /etc/init.d/redis#!/bin/sh#chkconfig: 2345 80 90# Simple Redis init.d script conceived to work on Linux systems# as it does use of the /proc filesystem.PATH="/data/deploy/redis/bin:$PATH"EXEC="/data/deploy/redis/bin/redis-server"CLIEXEC="/data/deploy/redis/bin/redis-cli"PIDFILE="/data/deploy/redis/run/redis.pid"CONF="/data/deploy/redis/etc/redis.conf"PORT="6379"case "$1" in start) if [ -f $$PIDFILE ] then echo "$PIDFILE exists, process is already running or crashed." else echo "Starting Redis server..." $EXEC $CONF fi ;; stop) if [ ! -f $PIDFILE ] then echo "$PIDFILE does not exist, process is not running." else PID=$(cat $PIDFILE) echo "Stopping ..." $CLIEXEC -p $PORT shutdown while [ -x /proc/${PID} ] do echo "Waiting for Redis to shutdown ..." sleep 1 done echo "Redis stopped." fi ;; restart) $0 stop && $0 start ;; *) echo "Usage: $0 {start|stop|restart}" >&2 exit 1 ;;esac chmod +x /etc/init.d/redischkconfig --add redischkconfig redis onservice redis start //启动redis
Redis环境变量设置
vi /etc/profileexport REDIS_HOME=/data/deploy/redisexport PATH=$PATH:$REDIS_HOME/binsource /etc/profile //立即生效 chmod +x /etc/init.d/redis
3.4.2、安装REDIS-php
cd /usr/local/src/git clone https://github.com/phpredis/phpredis.gitcd phpredisphpize./configure --with-php-config=php-configmakemake testmake installvi /etc/php.ini //最底部添加下面的内容[redis]extension = /usr/lib64/php/modules/redis.sochkconfig --add redis //开机自启动
3.5、YAF编译安装
cd /usr/local/src/wget http://pecl.php.net/get/yaf-2.3.5.tgz //需与PHP(5.6)版本匹配wget http://pecl.php.net/get/yaf-3.0.8.tgz //与php70版本匹配tar zxvf yaf-2.3.5.tgzcd yaf-2.3.5phpize./configure --with-php-config=/usr/bin/php-configmakemake testmake installvi /etc/php.ini //最底部[Yaf]extension=/usr/lib64/php/modules/yaf.soyaf.use_namespace = 1yaf.environ = "develop"php -i | grep yaf
出现下面这些内容,说明安装成功
yafyaf support => enabledSupports => http://pecl.php.net/package/yafyaf.action_prefer => Off => Offyaf.cache_config => Off => Offyaf.environ => develop => developyaf.forward_limit => 5 => 5yaf.library => no value => no valueyaf.lowcase_path => Off => Offyaf.name_separator => no value => no valueyaf.name_suffix => On => Onyaf.st_compatible => Off => Offyaf.use_namespace => On => Onyaf.use_spl_autoload => Off => Off
3.6、Nginx安装
yum install automake autoconf libtool makeyum install -y nginxchkconfig nginx oncd /etc/nginxvi nginx.conf
在server{}中添加如下内容
默认首页文件名
index index.php default.php index.html index.htm
在server中添加支持PHP的语句
location ~ .php$ { root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; }
禁止IP直接访问
server { server_name _; return 404; }service nginx restart //重启nginx服务
配置虚拟主机
cd /etc/nginx/conf.dvi domain.confserver {listen 80;server_name youself domain; //实际访问的域名,多域名之间加个空格root /home/webdata/yourwebsite/wwwroot; //存放网页的根目录location / { index index.php index.html index.shtml; //默认首页文件名}location ~ .php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /home/webdata/yourwebsite/wwwroot$fastcgi_script_name; include fastcgi_params;}#log...}service nginx restart //重启nginx服务
3.7、JAVA开发环境安装
yum search java-1.8 //搜索java-1.8的版本yum install -y java-1.8.0-openjdk-devel.x86_64 //安装java-1.8.0版本开发环境cd /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-5.b12.el7_4.x86_64 //进入安装目录vi /etc/profile //环境配置export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-5.b12.el7_4.x86_64 //版本不同,路径不一样,需要注意这个问题
在文件最后面,添加上
export PATH=$JAVA_HOME/bin:$PATHexport CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jarsource /etc/profile //立即生效
运行测试
javac
显示以下内容说明配置成功
Usage: javac where possible options include: -g Generate all debugging info -g:none Generate no debugging info -g:{lines,vars,source} Generate only some debugging info -nowarn Generate no warnings -verbose Output messages about what the compiler is doing -deprecation Output source locations where deprecated APIs are used -classpath Specify where to find user class files and annotation processors -cp Specify where to find user class files and annotation processors -sourcepath Specify where to find input source files -bootclasspath Override location of bootstrap class files -extdirs Override location of installed extensions -endorseddirs Override location of endorsed standards path -proc:{none,only} Control whether annotation processing and/or compilation is done. -processor [,,...] Names of the annotation processors to run; bypasses default discovery process -processorpath Specify where to find annotation processors -parameters Generate metadata for reflection on method parameters -d Specify where to place generated class files -s Specify where to place generated source files -h Specify where to place generated native header files -implicit:{none,class} Specify whether or not to generate class files for implicitly referenced files -encoding Specify character encoding used by source files -source Provide source compatibility with specified release -target Generate class files for specific VM version -profile Check that API used is available in the specified profile -version Version information -help Print a synopsis of standard options -Akey[=value] Options to pass to annotation processors -X Print a synopsis of nonstandard options -J Pass directly to the runtime system -Werror Terminate compilation if warnings occur @ Read options and filenames from file
若输入javac显示:bash: javac: 未找到命令… 则说明配置失败,检查环境变量路径是否正确。
结束语
至此,基于CentOS系统下的LNMP+REDIS+YAF+Java环境配置完成 。