系统环境: RHEL6 x86-64 selinux and iptables disabled
[root@vm1 mnt]# ls
mysql-5.5.12.tar.gz nginx-1.4.2.tar.gz php-5.4.12.tar.bz2
1.编译安装mysql
[root@vm1 mnt]# yum install gcc gcc-c++ make ncurses-devel bison openssl-devel zlib-devel cmake -y 首先安装依赖性
[root@vm1 mnt]# mkdir /usr/local/lnmp
[root@vm1 mnt]# tar zxf mysql-5.5.12.tar.gz
[root@vm1 mnt]# cd mysql-5.5.12
[root@vm1 mysql-5.5.12]# cmake -DCMAKE_INSTALL_PREFIX=/usr/local/lnmp/mysql \ #安装目录-DMYSQL_DATADIR=/usr/local/lnmp/mysql/data \#数据库存放目录
-DMYSQL_UNIX_ADDR=/usr/local/lnmp/mysql/data/mysql.sock \#Unix socket 文件路径-DWITH_MYISAM_STORAGE_ENGINE=1 \#安装 myisam 存储引擎
-DWITH_INNOBASE_STORAGE_ENGINE=1 \#安装 innodb 存储引擎
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \#安装 archive 存储引擎
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \#安装 blackhole 存储引擎
-DWITH_PARTITION_STORAGE_ENGINE=1 \#安装数据库分区
-DENABLED_LOCAL_INFILE=1 \#允许从本地导入数据
-DWITH_READLINE=1 \#快捷键功能
-DWITH_SSL=yes \#支持 SSL
-DDEFAULT_CHARSET=utf8 \#使用 utf8 字符
-DDEFAULT_COLLATION=utf8_general_ci \#校验字符
-DEXTRA_CHARSETS=all \#安装所有扩展字符集
-DMYSQL_TCP_PORT=3306 \#MySQL 监听端口[root@vm1 mysql-5.5.12]#make && make install
[root@vm1 mysql-5.5.12]# make && make install
如果重新编译执行下面操作,然后重新编译 make clean
rm -f CmakeCache.txt
[root@vm1 mysql-5.5.12]# useradd -M -s /sbin/nologin mysql 创建mysql用户
[root@vm1 mnt]# cd /usr/local/lnmp/mysql
[root@vm1 mysql]# ./scripts/mysql_install_db --user=mysql --basedir=/usr/local/lnmp/mysql/ --datadir=/usr/local/lnmp/mysql/data/
[root@vm1 mysql]# chown -R mysql.mysql *
[root@vm1 mysql]# chown -R root .
[root@vm1 mysql]# chown -R root data
[root@vm1 mysql]# cp support-files/my-medium.cnf /etc/my.cnf #根据你的主机内存复制 mysql 配置文件
[root@vm1 mysql]# cp support-files/mysql.server /etc/init.d/mysqld
[root@vm1 mysql]# cd bin/
[root@vm1 bin]# pwd
/usr/local/lnmp/mysql/bin
[root@vm1 ~]# vim .bash_profile #设置环境变量
PATH=$PATH:$HOME/bin:/usr/local/lnmp/mysql/bin
[root@vm1 ~]# source .bash_profile #使其立即生效
[root@vm1 mysql]# /etc/init.d/mysqld start #启动mysql服务
Starting MySQL.... SUCCESS!
[root@vm1 mysql]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1596/mysqld
[root@vm1 bin]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.5.12-log Source distribution
Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> quit
Bye
[root@vm1 mnt]# ln -s /usr/local/lnmp/mysql/lib /usr/local/lnmp/mysql/lib64
#不然在 php 编译的时候找不到 mysql 的库文件
2.编译安装php
[root@vm1 mnt]# tar zxf libiconv-1.13.1.tar.gz #加强系统对支持字符编码转换的功能
[root@vm1 mnt]# cd libiconv-1.13.1
[root@vm1 libiconv-1.13.1]# mkdir /usr/local/lnmp/phpmodule
[root@vm1 libiconv-1.13.1]# ./configure --prefix=/usr/local/lnmp/phpmodule/libiconv
[root@vm1 libiconv-1.13.1]# make && make install
[root@vm1 mnt]# tar jxf libmcrypt-2.5.8.tar.bz2 # mcrypt mhash 是 php 加密算法扩展库
[root@vm1 mnt]# cd libmcrypt-2.5.8
[root@vm1 libmcrypt-2.5.8]# ./configure --prefix=/usr/local/lnmp/phpmodule/libmcrypt
[root@vm1 libmcrypt-2.5.8]# make && make install
[root@vm1 libmcrypt-2.5.8]# cd libltdl/
[root@vm1 libltdl]# ./configure --prefix=/usr/local/lnmp/phpmodule/libmcrypt --enable-ltdl-install
[root@vm1 libltdl]# make && make install
[root@vm1 libltdl]# cd ../..
[root@vm1 mnt]# tar jxf mhash-0.9.9.9.tar.bz2
[root@vm1 mnt]# cd mhash-0.9.9.9
[root@vm1 mhash-0.9.9.9]# ./configure --prefix=/usr/local/lnmp/phpmodule/mhash
[root@vm1 mhash-0.9.9.9]# make && make install
为了让后面编译安装mcrypt的时候可以检测到libiconv,libmcrypt,mhash我们对这三个库作个软链接:
[root@vm1 mnt]# ln -s /usr/local/lnmp/phpmodule/libiconv/lib/* /usr/local/lib
[root@vm1 mnt]# ln -s /usr/local/lnmp/phpmodule/libmcrypt/lib/* /usr/local/lib
[root@vm1 mnt]# ln -s /usr/local/lnmp/phpmodule/mhash/lib/* /usr/local/lib
[root@vm1 mnt]# ln -s /usr/local/lnmp/phpmodule/mhash/include/* /usr/local/include/
[root@vm1 mnt]# ldconfig /usr/local/lib#执行使其立即生效
[root@vm1 mnt]# tar zxf mcrypt-2.6.8.tar.gz
[root@vm1 mnt]# cd mcrypt-2.6.8
[root@vm1 mcrypt-2.6.8]# ./configure --prefix=/usr/local/lnmp/phpmodule/mcrypt --with-libiconv-prefix=/usr/local/lnmp/phpmodule/libiconv/ --with-libmcrypt-prefix=/usr/local/lnmp/phpmodule/libmcrypt/
# ./configure 时可能会报这个错:/bin/rm: cannot remove `libtoolT’: No such file or directory
直接忽略
[root@vm1 mcrypt-2.6.8]# make && make install
[root@vm1 mnt]# tar jxf php-5.4.12.tar.bz2
[root@vm1 mnt]# cd php-5.4.12
软件包依赖性安装:
[root@vm1 php-5.4.12]# yum install net-snmp-devel curl-devel libxml2-devel libpng-devel libjpeg-devel freetype-devel gmp-devel openldap-devel -y
[root@vm1 php-5.4.12]# ./configure --prefix=/usr/local/lnmp/php --with-config-file-path=/usr/local/lnmp/php/etc --with-mysql=/usr/local/lnmp/mysql/ --with-mysqli=/usr/local/lnmp/mysql/bin/mysql_config --with-openssl --with-snmp --with-gd --with-zlib --with-curl --with-libxml-dir --with-png-dir --with-jpeg-dir --with-freetype-dir --with-pear --with-gettext --with-gmp --enable-inline-optimization --enable-soap --enable-ftp --enable-sockets --enable-mbstring --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-mcrypt=/usr/local/lnmp/phpmodule/libmcrypt/ --with-mhash=/usr/local/lnmp/phpmodule/mhash/ --with-iconv-dir=/usr/local/lnmp/phpmodule/libiconv/
[root@vm1 php-5.4.12]# make ZEND_EXTRA_LIBS='-liconv'这里可能会有报错,我们只要执行一下ldconfig /usr/local/lib这条命令基本上就可以通过
[root@vm1 php-5.4.12]# make install
接下来进行一些基本的配置:
[root@vm1 php-5.4.12]# cp /usr/local/lnmp/php/etc/php-fpm.conf.default /usr/local/lnmp/php/etc/php-fpm.conf
[root@vm1 fpm]# cd /mnt/php-5.4.12/sapi/fpm/
[root@vm1 fpm]# cp init.d.php-fpm /etc/init.d/php-fpm
[root@vm1 fpm]# chmod +x /etc/init.d/php-fpm
[root@vm1 php-5.4.12]# cp php.ini-production /usr/local/lnmp/php/etc/php.ini
[root@vm1 php-5.4.12]# cd /usr/local/lnmp/php/etc/
[root@vm1 etc]# vim php.ini
[Date]
; Defines the default timezone used by the date functions
;
date.timezone = Asia/Shanghai #设置时区
cgi.fix_pathinfo=0 #防止 Nginx 文件类型错误解析漏洞
[root@vm1 etc]# vim php-fpm.conf #去掉以下几行的注释
pid = run/php-fpm.pid
pm.max_children = 50
pm.start_servers = 20 #在生产环境中一定要做压力测试,找到最合适的进程数组合
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
[root@vm1 bin]# pwd
/usr/local/lnmp/php/bin
[root@vm1 bin]# vim ~/.bash_profile
PATH=$PATH:$HOME/bin:/usr/local/lnmp/mysql/bin:/usr/local/lnmp/php/bin
[root@vm1 bin]# source ~/.bash_profile
3.编译安装nginx
[root@vm1 mnt]# yum install -y pcre-devel openssl-devel
[root@vm1 mnt]# tar zxf nginx-1.4.2.tar.gz
[root@vm1 mnt]# cd nginx-1.4.2
[root@vm1 nginx-1.4.2]# vim auto/cc/gcc
# debug
#CFLAGS="$CFLAGS -g" #(注释掉这行,去掉 debug 模式编译,编译以后程序只有几百 k)
[root@vm1 nginx-1.4.2]# vim src/core/nginx.h
#define NGINX_VERSION "1.4.2"
#define NGINX_VER "nginx/" NGINX_VERSION (修改此行, 去掉后面的 “ NGINX_VERSION”,为了安全,这样编译后外界无法获取程序的版本号)
[root@vm1 nginx-1.4.2]# ./configure --prefix=/usr/local/lnmp/nginx --with-http_ssl_module --with-http_stub_status_module --user=nginx --group=nginx
[root@vm1 nginx-1.4.2]# make && make install
[root@vm1 nginx-1.4.2]# cd /usr/local/lnmp/nginx/
[root@vm1 nginx]# ls
conf html logs sbin
[root@vm1 nginx]# ln -s /usr/local/lnmp/nginx/sbin/nginx /usr/local/sbin/
或者直接设置环境变量:
[root@vm1 nginx]# vim ~/.bash_profile
PATH=$PATH:$HOME/bin:/usr/local/lnmp/mysql/bin:/usr/local/lnmp/php/bin:/usr/local/lnmp/nginx/sbin
[root@vm1 sbin]# source ~/.bash_profile
[root@vm1 nginx]# cd conf/
[root@vm1 conf]# vim nginx.conf #基本不需要什么配置
[root@vm1 conf]# groupadd -f nginx
[root@vm1 conf]# useradd -g nginx nginx #注意这两步很重要如果不没有,则你的nginx不能通过检测
[root@vm1 conf]# nginx -t #检测语法
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@vm1 conf]# nginx #启动nginx
[root@vm1 conf]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 29308/nginx
[root@vm1 conf]# ps ax 这时我们看到nginx的进程数为一个
29308 ? Ss 0:00 nginx: master process nginx
29328 ? S 0:00 nginx: worker process
[root@vm1 conf]# vim nginx.conf
#user nobody;
worker_processes 2;#启动进程,通常设置成和cpu的数量相等
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
use epoll;#提高nginx性能,在2.6内核中可以使用
worker_connections 1024;#单个后台worker process进程的最大并发链接数
}
[root@vm1 conf]# nginx -s reload #重启nginx
[root@vm1 conf]# ps ax nginx的进程个数变为两个
29308 ? Ss 0:00 nginx: master process nginx
29332 ? S 0:00 nginx: worker process
29333 ? S 0:00 nginx: worker process
[root@vm1 conf]# nginx -s stop 停止nginx
kill -HUP `cat /usr/local/nginx/logs/nginx.pid` #nginx 0.8 之前的版本重载方式
Nginx 支持的信号
1) TERM,INT 快速关闭
2) QUIT 从容关闭
3) HUP 平滑重启,重新加载配置文件
4) USR1 重新打开日志文件,在切割日志时用处比较大
5) USR2 平滑升级可执行程序
6) WINCH 从容关闭工作进程
下面我们测试一下nginx:
[root@vm1 conf]# vim nginx.conf
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location /nginxstatus { 加上这部分
stub_status on;
access_log off;
allow 192.168.1.110; 只允许这个IP访问
deny all;
}
[root@vm1 conf]# nginx -s reload
测试结果:在浏览器中输入:192.168.1.2/nginxstatus,每刷新一次,里面的内容都会改变
下面我们做一个ssl加密认证:
[root@vm1 tls]# cd /etc/pki/tls/certs/
[root@vm1 certs]# make nginx.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > nginx.pem ; \
echo "" >> nginx.pem ; \
cat $PEM2 >> nginx.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
......................+++
.....+++
writing new private key to '/tmp/openssl.XeHwD8'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:vm1.example.com
Email Address []:root@vm1.example.com
[root@vm1 certs]# cp nginx.pem /usr/local/lnmp/nginx/conf/
[root@vm1 conf]# vim nginx.conf
server {
listen 443;
server_name 127.0.0.1;
ssl on;
ssl_certificate nginx.pem;
ssl_certificate_key nginx.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
location /nginxstatus {
stub_status on;
access_log off;
allow 192.168.1.110;
deny all;
}
}
[root@vm1 conf]# nginx -s reload
查看测试结果,在浏览器中输入:,然后得到证书,刷新:
4.php与nginx的整合:
[root@vm1 conf]# vim nginx.conf
#user nobody;
worker_processes 2;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid logs/nginx.pid;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm index.php; #加入php默认页面
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {#打开下面几行
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi.conf;#注意这里更改
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
#server {
# listen 80;
# server_name
# access_log logs/westos.org.access.log main;
# location / {
# index index.html;
# }
#}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
[root@vm1 html]# vim index.phpphpinfo();
?>测试结果如下:
我们再来测试一下php与mysql连接是否正常:
[root@vm1 html]# vim mysql.php
$link=mysql_connect("localhost","root","");
if(!$link)
echo "failed!";
else
echo "OK, succeed!";
?>
测试结果:
到这里我们的lnmp基本搭建完成,后面会做一些优化工作。