t.l346y.cn.php,Dell EMC PowerEdge T340 离线安装 LNMP 环境

CentOS 7 (1708) 安装盘内置有 PHP5.4.16、Apache2.4.6 和 MariaDB15.1(MySQL5.5.56)，如果能满足需要，可在装系统的同时一起安装(如下图)，下文就不需要看了。

客户的服务器，禁止联网、禁止使用U盘，只能使用光驱。需要的 WEB 环境如下：

CentOS-7-x86_64-DVD-1708.iso

Nginx-1.18.0-1.el7.ngx.x86_64

MySQL-community-server-8.0.20-1.el7.x86_64

PHP-7.2w

下载 rpm 包

安装一台相同环境的虚拟机，并在虚拟机中准备好下载环境：

yum install epel-release

yum install yum-utils

yum install openssl-devel

mkdir ~/rpms && cd $_

在虚拟机中下载安装包

YUM 的这2个参数可以仅下载安装包及其依赖而不安装：

--downloadonly

--downloaddir

下载 MySQL 的依赖

yum install --downloadonly --downloaddir=. openssl openssl-devel net-tools

下载 PHP

rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

yum install --downloadonly --downloaddir=. \

php72w php72w-cli php72w-fpm php72w-common php72w-devel \

php72w-embedded php72w-gd php72w-mbstring php72w-mysqlnd \

php72w-opcache php72w-pdo php72w-xml

下载 Nginx

创建 /etc/yum.repos.d/nginx.repo 内容如下：

[nginx-stable]

name=nginx stable repo

baseurl=http://nginx.org/packages/centos/$releasever/$basearch/

gpgcheck=1

enabled=1

gpgkey=https://nginx.org/keys/nginx_signing.key

module_hotfixes=true

[nginx-mainline]

name=nginx mainline repo

baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/

gpgcheck=1

enabled=0

gpgkey=https://nginx.org/keys/nginx_signing.key

module_hotfixes=true

yum install --downloadonly --downloaddir=. nginx

下载 MySQL

到 https://dev.mysql.com/downloads/mysql/ 下载，需要的文件有：

mysql-community-client-8.0.20-1.el7.x86_64.rpm

mysql-community-common-8.0.20-1.el7.x86_64.rpm

mysql-community-devel-8.0.20-1.el7.x86_64.rpm

mysql-community-libs-8.0.20-1.el7.x86_64.rpm

mysql-community-libs-compat-8.0.20-1.el7.x86_64.rpm

mysql-community-server-8.0.20-1.el7.x86_64.rpm

下载 SELinux 管理工具

yum install --downloadonly --downloaddir=. policycoreutils-python

# 将这些包单独放入 ~/rpms/tools/ 中

制作安装脚本 install.sh

rpm 没有依赖管理功能，需要先安装依赖再安装 nginx/php/mysql(或者使用 npm –nodeps *.rpm 一起安装，最后用 yum check 检查依赖)，mod_php72w 要在 PHP 装好后再安装。

将依赖包放入 ~/rpms/deps 目录

将 php/nginx/mysql 放入 ~/rpms/apps 目录

将 mod_php72w 放入 ~/rpms/adds 目录。

制作安装脚本 install.sh：

#!/bin/bash

echo -n "Install Nginx + PHP + MySQL ? [y/yes/N]:"

read ANS

case $ANS in

y|Y|yes|Yes|YES)

echo -e "\e[0;33mInstall dependencies ... \e[0m"

rpm -Uvh --nosignature ./deps/*.rpm

echo -e "\e[0;33mInstall Nginx + PHP + MySQL ... \e[0m"

rpm -Uvh --nosignature ./apps/*.rpm

echo -e "\e[0;33mInstall addons ... \e[0m"

rpm -Uvh --nosignature ./adds/*.rpm

echo -e "\e[0;33mInstall tools ... \e[0m"

rpm -Uvh --nosignature ./tools/*.rpm

echo -e "\e[0;32mFinished. \e[0m"

# 配置 php-fpm 的运行身份

echo -e "\e[0;33mConfiguring web server running identity ... \e[0m"

chown -R nginx:nginx /var/lib/php # 详见 session_path，默认 apache 会影响 session

sed -i 's/^user = apache$/user = nginx/' /etc/php-fpm.d/www.conf

sed -i 's/^group = apache$/group = nginx/' /etc/php-fpm.d/www.conf

# 更改 php 上传文件大小

sed -i 's/^upload_max_filesize = 2M$/upload_max_filesize = 1024M/' /etc/php.ini

sed -i 's/^post_max_size = 8M$/post_max_size = 1024M/' /etc/php.ini

sed -i 's/^memory_limit = 128M$/memory_limit = 2048M/' /etc/php.ini

sed -i 's/^max_execution_time = 30$/max_execution_time = 600/' /etc/php.ini

# 将 web server 设为开机启动

echo -e "\e[0;33mConfiguring web server auto start ... \e[0m"

systemctl enable nginx

systemctl enable php-fpm

systemctl enable mysqld

# 开启防火墙并允许 web server 通过

echo -e "\e[0;33mConfiguring firewall ... \e[0m"

systemctl start firewalld

firewall-cmd --add-service=http --permanent

firewall-cmd --add-port=8080/tcp --permanent #追加一个测试用端口

firewall-cmd --reload

# 启动 web server

echo -e "\e[0;33mRun web server ... \e[0m"

systemctl start nginx

systemctl start php-fpm

systemctl start mysqld

# 初始化 MySQL(禁止远程登录、删除测试数据库、……)

cat /var/log/mysqld.log | grep -E 'A temporary password.*'

echo -n "Run mysql_secure_installation ? [y/yes/N]:"

read MYSQL_ANS

case $MYSQL_ANS in

y|Y|yes|Yes|YES)

mysql_secure_installation

;;

*)

;;

esac

echo -e "\e[0;33mGet web server ip address ... \e[0m"

ifconfig | grep -E 'inet.*'

;;

*)

echo -e "\e[0;33mCanceled \e[0m"

;;

esac

exit 0

创建数据库用户的 SQL：

-- 地址：localhost(严禁使用“%”，即：严禁开启远程登录)

-- 帐号：db_user_name(库名与用户名相同)

-- 密码：db_user_password (使用了 MySQL 8 以后的、旧的密码验证方式)

CREATE USER 'db_user_name'@'localhost'

IDENTIFIED WITH mysql_native_password BY 'db_user_password';

GRANT USAGE ON *.* TO 'db_user_name'@'localhost';

ALTER USER 'db_user_name'@'localhost'

REQUIRE NONE WITH

MAX_QUERIES_PER_HOUR 0

MAX_CONNECTIONS_PER_HOUR 0

MAX_UPDATES_PER_HOUR 0

MAX_USER_CONNECTIONS 0;

CREATE DATABASE IF NOT EXISTS `db_user_name`;

GRANT ALL PRIVILEGES ON `db_user_name`.*

TO 'db_user_name'@'localhost';

收集到的 rpm 包及安装脚本如下：

~/rpms/

│ install.sh

│

├─adds

│ mod_php72w-7.2.27-1.w7.x86_64.rpm

│

├─apps

│ mysql-community-client-8.0.20-1.el7.x86_64.rpm

│ mysql-community-common-8.0.20-1.el7.x86_64.rpm

│ mysql-community-devel-8.0.20-1.el7.x86_64.rpm

│ mysql-community-libs-8.0.20-1.el7.x86_64.rpm

│ mysql-community-libs-compat-8.0.20-1.el7.x86_64.rpm

│ mysql-community-server-8.0.20-1.el7.x86_64.rpm

│ nginx-1.18.0-1.el7.ngx.x86_64.rpm

│ php72w-cli-7.2.27-1.w7.x86_64.rpm

│ php72w-common-7.2.27-1.w7.x86_64.rpm

│ php72w-devel-7.2.27-1.w7.x86_64.rpm

│ php72w-embedded-7.2.27-1.w7.x86_64.rpm

│ php72w-fpm-7.2.27-1.w7.x86_64.rpm

│ php72w-gd-7.2.27-1.w7.x86_64.rpm

│ php72w-mbstring-7.2.27-1.w7.x86_64.rpm

│ php72w-mysqlnd-7.2.27-1.w7.x86_64.rpm

│ php72w-opcache-7.2.27-1.w7.x86_64.rpm

│ php72w-pdo-7.2.27-1.w7.x86_64.rpm

│ php72w-xml-7.2.27-1.w7.x86_64.rpm

│

├─deps

│ autoconf-2.69-11.el7.noarch.rpm

│ automake-1.13.4-3.el7.noarch.rpm

│ e2fsprogs-1.42.9-17.el7.x86_64.rpm

│ e2fsprogs-libs-1.42.9-17.el7.x86_64.rpm

│ keyutils-libs-devel-1.5.8-3.el7.x86_64.rpm

│ krb5-devel-1.15.1-46.el7.x86_64.rpm

│ krb5-libs-1.15.1-46.el7.x86_64.rpm

│ libargon2-20161029-3.el7.x86_64.rpm

│ libcom_err-1.42.9-17.el7.x86_64.rpm

│ libcom_err-devel-1.42.9-17.el7.x86_64.rpm

│ libjpeg-turbo-1.2.90-8.el7.x86_64.rpm

│ libkadm5-1.15.1-46.el7.x86_64.rpm

│ libpng-1.5.13-7.el7_2.x86_64.rpm

│ libselinux-2.5-15.el7.x86_64.rpm

│ libselinux-devel-2.5-15.el7.x86_64.rpm

│ libselinux-python-2.5-15.el7.x86_64.rpm

│ libselinux-utils-2.5-15.el7.x86_64.rpm

│ libsepol-2.5-10.el7.x86_64.rpm

│ libsepol-devel-2.5-10.el7.x86_64.rpm

│ libss-1.42.9-17.el7.x86_64.rpm

│ libverto-devel-0.2.5-4.el7.x86_64.rpm

│ libX11-1.6.7-2.el7.x86_64.rpm

│ libX11-common-1.6.7-2.el7.noarch.rpm

│ libXau-1.0.8-2.1.el7.x86_64.rpm

│ libxcb-1.13-1.el7.x86_64.rpm

│ libXpm-3.5.12-1.el7.x86_64.rpm

│ libxslt-1.1.28-5.el7.x86_64.rpm

│ m4-1.4.16-10.el7.x86_64.rpm

│ net-tools-2.0-0.25.20131004git.el7.x86_64.rpm

│ openssl-1.0.2k-19.el7.x86_64.rpm

│ openssl-devel-1.0.2k-19.el7.x86_64.rpm

│ openssl-libs-1.0.2k-19.el7.x86_64.rpm

│ pcre-devel-8.32-17.el7.x86_64.rpm

│ perl-5.16.3-295.el7.x86_64.rpm

│ perl-Carp-1.26-244.el7.noarch.rpm

│ perl-constant-1.27-2.el7.noarch.rpm

│ perl-Data-Dumper-2.145-3.el7.x86_64.rpm

│ perl-Encode-2.51-7.el7.x86_64.rpm

│ perl-Exporter-5.68-3.el7.noarch.rpm

│ perl-File-Path-2.09-2.el7.noarch.rpm

│ perl-File-Temp-0.23.01-3.el7.noarch.rpm

│ perl-Filter-1.49-3.el7.x86_64.rpm

│ perl-Getopt-Long-2.40-3.el7.noarch.rpm

│ perl-HTTP-Tiny-0.033-3.el7.noarch.rpm

│ perl-libs-5.16.3-295.el7.x86_64.rpm

│ perl-macros-5.16.3-295.el7.x86_64.rpm

│ perl-parent-0.225-244.el7.noarch.rpm

│ perl-PathTools-3.40-5.el7.x86_64.rpm

│ perl-Pod-Escapes-1.04-295.el7.noarch.rpm

│ perl-Pod-Perldoc-3.20-4.el7.noarch.rpm

│ perl-Pod-Simple-3.28-4.el7.noarch.rpm

│ perl-Pod-Usage-1.63-3.el7.noarch.rpm

│ perl-podlators-2.5.1-3.el7.noarch.rpm

│ perl-Scalar-List-Utils-1.27-248.el7.x86_64.rpm

│ perl-Socket-2.010-5.el7.x86_64.rpm

│ perl-Storable-2.45-3.el7.x86_64.rpm

│ perl-Test-Harness-3.28-3.el7.noarch.rpm

│ perl-Text-ParseWords-3.29-4.el7.noarch.rpm

│ perl-Thread-Queue-3.02-2.el7.noarch.rpm

│ perl-threads-1.87-4.el7.x86_64.rpm

│ perl-threads-shared-1.43-6.el7.x86_64.rpm

│ perl-Time-HiRes-1.9725-3.el7.x86_64.rpm

│ perl-Time-Local-1.2300-2.el7.noarch.rpm

│ zlib-1.2.7-18.el7.x86_64.rpm

│ zlib-devel-1.2.7-18.el7.x86_64.rpm

│

└─tools

audit-2.8.5-4.el7.x86_64.rpm

audit-libs-2.8.5-4.el7.x86_64.rpm

audit-libs-python-2.8.5-4.el7.x86_64.rpm

checkpolicy-2.5-8.el7.x86_64.rpm

libcgroup-0.41-21.el7.x86_64.rpm

libsemanage-2.5-14.el7.x86_64.rpm

libsemanage-python-2.5-14.el7.x86_64.rpm

policycoreutils-2.5-34.el7.x86_64.rpm

policycoreutils-python-2.5-34.el7.x86_64.rpm

python-IPy-0.75-6.el7.noarch.rpm

setools-libs-3.3.8-4.el7.x86_64.rpm

部署

硬件初始化

新服务器需要将物理磁盘在 BIOS 里转换成 RAID 功能的虚拟磁盘后才可以使用。这台服务器只有2块硬盘，所以选择 RAID1。

安装操作系统

将刻录好的 CentOS 光盘放入 Dell EMC 的光驱，默认会从光驱启动，不需要在 BIOS 中设置或按在开机时按 F11 选择启动顺序。

分区如下：

# DATA

/data LVM xfs 1795.67 GiB # 数据区

# SYSTEM

/boot Standard Partition xfs 1024 Mib # 这个无法使用 LVM，普通即可

/ LVM xfs 50 Gib

/boot/efi Standard Partition EFI System Partition 200 Mib

swap LVM swap 15.63Gib # 内存的1~1.5倍

安装 WEB 服务

清理依赖

rpm -e --nodeps mariadb-libs

传输 rpm 包到新服务器并安装

将存放有 rpms 包和 install.sh 的文件夹 ~/rpms/ 刻录成光盘(记得先将 install.sh 添加可执行权限)，读光驱的方法为：

mkdir /media/cdrom

mount /dev/cdrom /media/cdrom

cd /media/cdrom

yes | ./install.sh # 或 yes | bash ./install.sh

#umount /media/cdrom

配置 Web 服务

设为开机启动

systemctl enable nginx

systemctl enable php-fpm

systemctl enable mysqld

启动 WEB 及相关服务

systemctl start nginx

systemctl start php-fpm

systemctl start mysqld

初始化 MySQL 数据库

# MySQL 启动后才可以执行以下命令：

mysql_secure_installation

# root 密码在 /var/log/mysqld.log 里，搜关键字“A temporary password is generated for root@localhost:”

# 输入密码后会让设置新密码

# 之后记得要删除匿名用户、禁止 root 远程登录、移除测试数据库、重新加载权限配置

让 firewalld 防火墙允许 http 服务通行

systemctl start firewalld.service

firewall-cmd --add-service=http --permanent

firewall-cmd --add-port=8080/tcp --permanent #追加一个测试用端口

firewall-cmd --reload

为 /data/web 目录添加 DAC(-rwxrwxrwx) 和 MAC(SELinux) 权限

# 确保 /etc/selinux/config 中 SELINUX=enforcing 如果有修改重启才会生效

mkdir /data/web

chown nginx:nginx -R /data/web

chmod go-rwx -R /data/web

semanage fcontext -a -t httpd_sys_content_t '/data/web(/.*)?

restorecon -RvvF /data/web

chcon -t httpd_sys_rw_content_t /data/web/upall.cn/uploads -R

# 上边一行指定目录可写，不然会报：

# type=AVC avc: denied { execmem } for pid=11645 comm="php-fpm" scontext=.... tcontext....

# type=AVC avc: denied { write } for pid=11645 comm="php-fpm" scontext=.... tcontext....

# type=AVC avc: denied { remove_name } for pid=11645 comm="php-fpm" scontext=.... tcontext....

# semanage fcontext -l | grep /data/web # 查看目录的 SELinux 权限

修改 nginx 的运行身份

# 编辑 /etc/nginx/nginx.conf

user nginx; # 确保这里是 nginx 而不是 apache、nobody、www-data 或 其它

修改 nginx 和 php-fpm 的运行身份

# 编辑 /etc/php-fpm.d/www.conf

user = apache # 改为 nginx

group = apache # 改为 nginx

运行身份禁止使用 root，修改后记得重启 nginx 和 php-fpm：

systemctl reload nginx

systemctl reload php-fpm # 或 restart

如果重启如错可以用这个命令查看错误原因：

ngint -t

# php-fpm 不详

其它

0. 将光驱做为 yum 的软件源

# 将光盘放入光驱或将iso添加到虚拟机后：

mkdir /media/cdrom && mount /dev/cdrom $_

cd /etc/yum.repos.d/

vi CentOS-Media.repo # 将 enabled 从 0 改为 1

mv CentOS-Base.repo CentOS-Base.repo.disabled

# umount /media/cdrom

1. 将文件制作为 iso 镜像

genisoimage -full-iso9660-filenames -joliet -allow-lowercase -o file.iso ./folder/

#或：mkisofs -full-iso9660-filenames -joliet -allow-lowercase -o file.iso ./folder/

# -full-iso9660-filenames 长文件名支持，默认8+3

# -joliet 中文文件名支持

# -allow-lowercase 小写支持，默认全是大写

# -allow-leading-dots 允许 . 开头的文件

# -allow-multidot Allow more than one dot in filenames (e.g. .tar.gz)

2. 通过在安装时选择“PHP支持”和“MariaDB数据库服务器”来安装的 PHP 环境会送一个 GNOME 桌面环境，如果不想要这个桌面环境可以最小化安装之后挂载光驱做为软件源并用以下命令安装 WEB 环境：

yum install --disableplugin=fastestmirror apache php mariadb

3. 如果移动 MySQL 的 datadir 需要：

mkdir /data/db

chown mysql:mysql /data/db

mv /var/lib/mysq/* /data/db/

sed -i 's/^datadir=/var/lib/mysql$/datadir=/data/db' /etc/my.cnf

semanage fcontext -a -t mysqld_db_t '/data/db(/.*)?'

restorecon -RvvF /data/db