LNMP架构部署及wordpress项目上线
lnmp已经是老生常谈了,本篇笔记只是用来叙述一种部署方式,下面不再啰嗦lnmp的作用,直接开始
交代下环境及软件版本(通常nginx版本不会影响到架构,但mysql版本与php版本要相对应)
单节点LNMP,后续逐步解耦
系统:CentOS Linux release 7.6.1810 minimal
软件:mariadb-5.5.68-linux-glibc_214-x86_64.tar.gz glibc部署
nginx-1.18.0.tar.gz 源码编译部署
php-7.2.12.tar.gz 源码编译部署
yum:系统默认Centos源
转载请附我的源链接
如有技术讨论可以发邮件到systemctl529@163.com,万切期盼技术交流
一、系统环境配置
采用虚拟机环境。
1、网络配置
关闭NetworkManager
[root@node1 ~]# systemctl stop NetworkManager && systemctl disable NetworkManager
查看网卡
[root@node1 ~]# ip a | grep ens
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
配置网络信息
[root@node1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="ens33"
DEVICE="ens33"
ONBOOT="yes"
IPADDR="192.168.1.201"
PREFIX="24"
GATEWAY="192.168.1.2"
DNS1="192.168.1.2"
重启网络
[root@node1 ~]# systemctl restart network
测试
[root@node1 ~]# ping www.baidu.com
2、时间配置
[root@node1 ~]# yum -y install ntpdate
[root@node1 ~]# ntpdate time1.aliyun.com
3、关闭防火墙及selinux
非必关,可以配置防火墙规则,如centos7中的firewalld
可以新增80端口或http协议的规则
关闭防火墙
[root@node1 ~]# systemctl stop firewalld && systemctl disable firewalld
[root@node1 ~]# firewall-cmd --list-all
FirewallD is not running
关闭selinux
[root@node1 ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[root@node1 ~]# setenforce 0
二、部署mysql
先部署mysql和先部署nginx均可,但不要先部署php-fpm
1、上传或下载mysql软件包
mysql或mariadb均可,对应好php版本即可
[root@node1 app]# ls mariadb-5.5.68-linux-glibc_214-x86_64.tar.gz
mariadb-5.5.68-linux-glibc_214-x86_64.tar.gz
我这里选用glibc的软件包,其相对rpm包有一定自定义性,相较于源码包部署更快。
下载地址:https://mariadb.org/download/
mariadb与mysql整体极为相近,为mysql原部分开发者开发,为完全开源的关系型数据库,如果追求服务与稳定,可以考虑oracle公司的mysql企业版。当然oracle也提供了mysql的社区版本,可以前往mysql官网下载GPL版本
2、安装mariadb
因为并非是rpm方式安装,我们这里需要手动创建mysql用户
[root@node1 app]# useradd -r -s /sbin/nologin mysql
解压tar包
[root@node1 app]# tar xf mariadb-5.5.68-linux-glibc_214-x86_64.tar.gz
[root@node1 app]# mv mariadb-5.5.68-linux-glibc_214-x86_64 /usr/local/mysql
给mysql用户予目录赋权
[root@node1 app]# chown -R mysql.mysql /usr/local/mysql
卸载并删除centos中默认带有的mariadb-libs软件包及/etc/my.cnf文件
[root@node1 mysql]# yum remove mariadb-libs -y
[root@node1 mysql]# rm -f /etc/my.cnf
安装
[root@node1 app]# cd /usr/local/mysql/
[root@node1 mysql]# scripts/mysql_install_db --user=mysql
拷贝mysql启动脚本并测试启动
[root@node1 mysql]# cp support-files/mysql.server /etc/init.d/mysql
[root@node1 mysql]# service mysql start
.......
. SUCCESS!
验证
[root@node1 mysql]# ss -naltp|grep 3306
LISTEN 0 50 *:3306 *:* users:(("mysqld",pid=17365,fd=13))
添加环境变量
[root@node1 mysql]# echo 'export PATH=$PATH:/usr/local/mysql/bin' >> /etc/profile
[root@node1 mysql]# source /etc/profile
3、mariadb初始化配置
个人建议采用mysql_secure_installation方式完成初始化
以下是初始化演示
[root@node1 mysql]# mysql_secure_installation
/usr/local/mysql/bin/mysql_secure_installation: line 393: find_mysql_client: command not found
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): --输入root密码,我这里没有设置过,新版本mysql会随机生成一个密码,我这里直接回车即可
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y --设置root密码
New password: --第一次输入
Re-enter new password: --第二次输入
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y --是否移除默认的匿名用户
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n --是否使root不可被远程登录,我这里后面还需要用,所以不禁止,生产环境不建议开启root的远程登录
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y --是否删除测试数据库
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y --是否立即生效
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
简单配置下My.cnf文件
先来创建个日志路径
[root@node1 mysql]# mkdir log && chown -R mysql. log
修改my.cnf文件
[root@node1 mysql]# vim my.cnf
[mysqld]
log-error = /usr/local/mysql/log/error.log
我这里就暂时先加这一条配置,方便排错
其他配置大家一搜索,应有尽有
重启下mysql
[root@node1 mysql]# service mysql restart
Shutting down MariaDB.. SUCCESS!
Starting MariaDB..... mysqld_safe Logging to '/usr/local/mysql/log/error.log'.
..... mysqld_safe Starting mysqld daemon with databases from /usr/local/mysql/data
. SUCCESS!
4、测试下可不可以登录
[root@node1 mysql]# mysql -uroot -p
Enter password: --输入密码
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
做一下开机自启动
[root@node1 ~]# vim /usr/lib/systemd/system/mysql.service
[Unit]
Description=MySQL Server
After=network.target
After=syslog.target
[Service]
User=mysql
Group=mysql
ExecStart=/usr/local/mysql/bin/mysqld --defaults-file=/usr/local/mysql/my.cnf
LimitNOFILE = 5000
PrivateTmp=false
[Install]
WantedBy=multi-user.target
[root@node1 ~]# systemctl start mysql
[root@node1 ~]# systemctl enable mysql
三、部署Nginx
1、上传或下载软件包
目前nginx主线版本已经到了1.19,稳定版也到了1.18,我这里部署1.18的稳定版
[root@node1 mysql]# cd /app/
[root@node1 app]# ls nginx-1.18.0.tar.gz
nginx-1.18.0.tar.gz
nginx社区版官网http://www.nginx.org
2、安装nginx
安装nginx依赖包
[root@node1 app]# yum -y install pcre-devel zlib-devel openssl-devel gcc
创建nginx运行用户 nginx
[root@node1 app]# useradd -r -s /sbin/nologin nginx
解压tar包
[root@node1 app]# tar xf nginx-1.18.0.tar.gz
配置
[root@node1 app]# cd nginx-1.18.0
[root@node1 nginx-1.18.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module
安装
[root@node1 nginx-1.18.0]# make -j 2 && make install
配置参数的简析
./configure --即为配置的脚本
prefix=/usr/local/nginx --安装的路径
user=nginx group=nginx --以什么用户及组完成初始化
with-http_ssl_module --这是https的支持
with-http_stub_status_module --这是监控模块
with-http_realip_module --用于nginx访问日志中去除代理IP,显示客户的真实IP,但是要搭配nginx.conf文件配置
3、测试运行及常用命令
测试下运行
[root@node1 nginx-1.18.0]# cd /usr/local/nginx/
[root@node1 nginx]# ./sbin/nginx -c ./conf/nginx.conf
[root@node1 nginx]# ss -naltp|grep 80
LISTEN 0 128 *:80 *:* users:(("nginx",pid=20361,fd=6),("nginx",pid=20360,fd=6))
来说下nginx常用的控制命令
[root@node1 nginx]# ./sbin/nginx -h
nginx version: nginx/1.18.0
Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g directives]
Options:
-?,-h : this help
-v : show version and exit
-V : show version and configure options then exit
-t : test configuration and exit
-T : test configuration, dump it and exit
-q : suppress non-error messages during configuration testing
-s signal : send signal to a master process: stop, quit, reopen, reload
-p prefix : set prefix path (default: /usr/local/nginx/)
-c filename : set configuration file (default: conf/nginx.conf)
-g directives : set global directives out of configuration file
来演示下启动,关闭,优雅重载
启动:
[root@node1 nginx]# ./sbin/nginx -c ./conf/nginx.conf
关闭:
[root@node1 nginx]# ./sbin/nginx -s stop
优雅重载(重载配置文件)
[root@node1 nginx]# ./sbin/nginx -s reload
....
是不是有点麻烦,包括前面的mysql,我们可以在网上找一下对应的启动脚本,比如nginx的
[root@node1 nginx]# vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=Nginx Web Server
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
然后直接systemctl即可了,但是要注意,如果现在已经有nginx进程,记得关闭掉,再重新使用systemctl来管理
[root@node1 nginx]# ss -naltp|grep 80
LISTEN 0 128 *:80 *:* users:(("nginx",pid=20373,fd=6),("nginx",pid=20370,fd=6))
[root@node1 nginx]# ./sbin/nginx -s stop
[root@node1 nginx]# ss -naltp|grep 80
[root@node1 nginx]# systemctl start nginx && ss -naltp|grep 80
LISTEN 0 128 *:80 *:* users:(("nginx",pid=20392,fd=6),("nginx",pid=20391,fd=6))
[root@node1 nginx]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@node1 nginx]# systemctl status nginx|grep enable
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
四、安装PHP-FPM
据说php7版本相较于5,速度提升极大,而且写文时已经是2020年,这时候已经更新到了7.4x,所以这里不再用太老版本了
1、下载或上传php-fpm软件包
不同于lamp中apache与php之间以模块形式存在的方式,nginx与php之间相互都为独立存在的,所以,需要单独的安装php-fpm,并且等下要做关联(请求转发)
[root@node1 ~]# cd /app
[root@node1 app]# ls php-7.2.12.tar.gz
php-7.2.12.tar.gz
php的官网下载链接:https://www.php.net/downloads
2、安装php-fpm
安装依赖软件包
[root@node1 app]#yum -y install libxml2-devel libjpeg-devel libpng-devel freetype-devel curl-devel openssl-devel
编译安装
[root@node1 app]# tar xf php-7.2.12.tar.gz
[root@node1 app]# cd php-7.2.12
./configuer后的配置参数也就是添加的一些扩展模块,通常是根据项目需求来定的,可以与开发沟通,了解其框架所需的模块。
[root@node1 php-7.2.12]# ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-iconv-dir --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir --enable-xml --disable-rpath --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --enable-mbregex --enable-mbstring --enable-ftp --with-gd --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-xmlrpc --with-libzip --enable-soap --without-pear --with-gettext --disable-fileinfo --enable-maintainer-zts
很慢,多等等。。。
参数里这几个需要注意: --prefix为安装目录, --enable-fpm为开启php-fpm, --with-fpm-user/group为以什么用户运行,
make
[root@node1 php-7.2.12]# make -j 2 要是服务器性能好,-j 后面对应核心数(不要是全部,避免影响到其他服务)
很慢很慢非常慢,多等等。。。
make install
[root@node1 php-7.2.12]# make install
3、拷贝及配置php配置文件
1、首先拷贝一下php.ini,php.ini是php运行核心配置文件
这个文件中内容很多,但是这里我们暂时不用修改(我们后续修改也主要是修改这个文件,比如开关模块,添加模块等),这里只拷贝即可了,原解压包内有模板文件
[root@node1 ~]# cd /app/php-7.2.12
[root@node1 php-7.2.12]# ll php.ini-*
-rw-rw-r-- 1 root root 70296 Nov 6 2018 php.ini-development --开发环境
-rw-rw-r-- 1 root root 70568 Nov 6 2018 php.ini-production --生产环境
我这里采用生产环境的php.ini模板
[root@node1 php-7.2.12]# cp php.ini-production /usr/local/php/etc/php.ini
2、再拷贝一下php-fpm.conf主配置文件,php-fpm.conf是 php-fpm 进程服务的配置文件
[root@node1 php-7.2.12]# cd /usr/local/php/etc/
[root@node1 etc]# cp -a php-fpm.conf.default ./php-fpm.conf
[root@node1 etc]# ll php-fpm.conf
3、拷贝一下www.conf子配置文件,ww.conf是 php-fpm 进程服务的扩展配置文件
[root@node1 etc]# pwd
/usr/local/php/etc
[root@node1 etc]# cp php-fpm.d/www.conf.default ./php-fpm.d/www.conf
添加环境变量
[root@node1 etc]# echo 'export PATH=$PATH:/usr/local/php/bin' >> /etc/profile
[root@node1 etc]# source /etc/profile
4、测试运行
添加启动方式及环境变量
[root@node1 etc]# cd ~
[root@node1 ~]# cp /app/php-7.2.12/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[root@node1 ~]# chmod +x /etc/init.d/php-fpm
[root@node1 ~]# service php-fpm start
Starting php-fpm done
[root@node1 ~]# ss -naltp|grep 9000
LISTEN 0 128 127.0.0.1:9000 *:* users:(("php-fpm",pid=122424,fd=5),("php-fpm",pid=122423,fd=5),("php-fpm",pid=122422,fd=7))
五、nginx与php-fpm的关联
因为php-fpm与nginx两个应用之间互相独立,现在他俩尚且还不认识,让我们来给他们俩做个媒,让他俩互相认识。
其实做法很简单,nginx除了是个http应用,它更是个应用极为广泛的代理应用,我们只需要nginx把.php结尾的文件,在nginx配置文件中,配置一个正则匹配,转发给php-fpm即可。
最简单的转发方式,就是直接转发给9000端口。
1、nginx配置文件的修改
[root@node1 conf]# vim nginx.conf
可以看到nginx.conf文件中,对于如何配置php转发,是有范例的
........
56
57 # proxy the PHP scripts to Apache listening on 127.0.0.1:80
58 #
59 #location ~ \.php$ {
60 # proxy_pass http://127.0.0.1;
61 #}
62
63 # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
64 #
65 #location ~ \.php$ {
66 # root html;
67 # fastcgi_pass 127.0.0.1:9000;
68 # fastcgi_index index.php;
69 # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
70 # include fastcgi_params;
71 #}
72
73 # deny access to .htaccess files, if Apache's document root
74 # concurs with nginx's one
75 #
76 #location ~ /\.ht {
77 # deny all;
78 #}
79 }
但是,我这里不直接这么做,个人强烈不推荐直接修改nginx.conf文件,我更习惯于去以ip/端口/域名的方式,去创建单独的虚拟主机配置文件。
接下来是演示
首先创建存储虚拟主机配置文件的目录
[root@node1 conf]# pwd
/usr/local/nginx/conf
[root@node1 conf]# mkdir extra
接下来,在Nginx.conf主文件中配置上加载此目录的关键字。
[root@node1 conf]# vim nginx.conf
http{
.......
include extra/*.conf;
......
}
看下具体在哪里。
[root@node1 conf]# grep -Ev '#|^$' nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/*.conf; #----只此一句,在http区块中,server区块之上即可
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
好了,主配置文件以及可以加载extra目录下的conf文件了,我们来编写虚拟主机的conf文件
我这里额外为此项目创建一个项目目录
[root@node1 conf]# mkdir /nginx/test -p
[root@node1 conf]# chown -R nginx. /nginx
[root@node1 conf]# mkdir extra
[root@node1 conf]# vim extra/test.conf
server{
listen 80;
server_name www.test.com;
root /nginx/test;
location / {
index index.html index.htm index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
error_page 500 502 503 504 /50.html;
location = /50.html {
root html;
}
}
简单解释下,
--root是项目目录,不是用户,以什么用户运行,是在Nginx.conf中定义的
--listen 80是监听80端口
--server_name 也就是域名,我这里是基于域名的虚拟主机,不过,不影响IP直接访问
--location / 这个/ 也就是比如我们www.baidu.com/这个/是一样的意思,也就是域名后的内容,对应我们的项目根目录,去找里面的index.**
--location ~ \.php$ 这里是个正则,\是转意,.php$,$是结尾的意思,也就是以.php结尾的
编写完成,重载一下配置
[root@node1 conf]# systemctl reload nginx
[root@node1 conf]# ss -naltp|grep 80
LISTEN 0 128 *:80 *:* users:(("nginx",pid=122456,fd=6),("nginx",pid=20391,fd=6))
2、测试一下访问
写一个简单的php页面
[root@node1 conf]# vim /nginx/test/test.php
<?php
phpinfo();
?>
访问测试
[root@node1 conf]# curl -I 192.168.1.201/test.php | head
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 18 Jun 2020 02:40:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/7.2.12
六、上线一个小项目
1、上传或拉取项目
WordPress是个比较常见的博客网站,其有php编写的版本,我这里就选用其作为测试
官网:https://wordpress.org/download/
[root@node1 test]# ls
wordpress-5.4.2.zip
2、解压项目
是的,php项目就是这么简单
[root@node1 test]# unzip wordpress-5.4.2.zip > /dev/null
[root@node1 test]# chown -R nginx. wordpress
[root@node1 test]# mv wordpress/* ./
3、安装项目
这里就需要web操作了
浏览器访问http://192.168.1.201
安照要求,我们去准备下数据库,直接用root账户是不合适的,所以我们提前准备下
[root@node1 ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database wordpress;
Query OK, 1 row affected (0.04 sec)
MariaDB [(none)]> grant all on wordpress.* to 'wordpress'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.04 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.04 sec)
MariaDB [(none)]>
409
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
