本文详细介绍了LNMP(Linux + Nginx + MariaDB + PHP)的搭建过程,包括Mysql的安装配置、PHP的安装与配置、Nginx的安装配置以及PHP-FPM的相关设置。在安装过程中,涉及到的步骤包括源码下载、编译安装、配置文件修改、服务启动、错误排查等,旨在提供一套完整的LNMP环境搭建指南。
LNMP环境搭建与配置
任务一 安装Mysql
需要下载:mysql-5.6.43-linux-glibc2.12-x86_64.tar
#cd /usr/local/src
#tar -zxvf mysql-5.6.43-linux-glibc2.12-x86_64.tar.gz
#mv mysql-5.6.43-linux-glibc2.12-x86_64 /usr/local/mysql
#useradd -s /sbin/nologin mysql
#cd /usr/local/mysql
#mkdir -p /data/mysql
#chown -R mysql:mysql /data/mysql
#./scripts/mysql_install_db --user=mysql --datadir=/data/mysql
#cp support-files/my-default.cnf /etc/my.cnf
#cp support-files/mysql.server /etc/init.d/mysqld
#chmod 755 /etc/init.d/mysqld
#vi /etc/init.d/mysqld
需要修改配置文件,找到datadir,修改为
Datadir=/data/mysql //初始化数据库是定义的目录
#chkconfig --add mysqld
//把启动脚本加入系统服务项
#chkconfig mysqld on
//设定开机自启
#service mysqld start
//启动服务
#ps aux | grep mysqld
//查看mysql是否启动
搭建成功
- 安装过程中报错
错误原因:没有路径也没有权限
解决方法:创建此路径并给予权限
#mkdir /var/log/mariadb
#touch /var/log/mariadb/mariadb.log
#chown -R mysql:mysql /var/log/mariadb/
#service mysqld start
任务二 安装PHP
需要下载:php-5.6.30.tar.gz
(1)安装
#cd /usr/local/src
#tar -zxvf php-5.6.30.tar.gz
#useradd -s /sbin/nologin php-fpm
(2)配置编译选项
#cd php-5.6.30
# yum install -y gcc
# yum install -y libxml2-devel
# yum install -y openssl openssl-devel
# yum install -y libcurl-devel
# yum -y install libjpeg-devel
# yum install -y libpng libpng-devel
# yum install -y freetype freetype-devel
# yum install -y epel-release
# yum install -y libmcrypt-devel
//安装后续所需的库文件
# useradd -s /sbin/nologin php-fpm
#./configure \
--prefix=/usr/local/php-fpm \
--with-config-file-path=/usr/local/php-fpm/etc \
--enable-fpm \
--with-fpm-user=php-fpm \
--with-fpm-group=php-fpm \
--with-mysql=/usr/local/mysql \
--with-mysql-sock=/tmp/mysql.sock \
--with-libxml-dir \
--with-gd \
--with-jpeg-dir \
--with-png-dir \
--with-freetype-dir \
--with-iconv-dir \
--with-zlib-dir \
--with-mcrypt \
--enable-soap \
--enable-gd-native-ttf \
--enable-ftp \
--enable-mbstring \
--enable-exif \
--disable-ipv6 \
--with-pear \
--with-curl \
--with-openssl
//编译
(3)编译PHP
#make
(4)安装PHP
#make install
(5)修改配置文件
#cp php.ini-production /usr/local/php-fpm/etc/php.ini
#vi /usr/local/php-fpm/etc/php-fpm.conf
把下面的内容写进文件中
[global]
pid = /usr/local/php-fpm/var/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
[www]
listen = /tmp/php-fcgi.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
保存该配置
#/usr/local/php-fpm/sbin/php-fpm -t
检验是否配置正确
显示test is succesful则为配置正确
(6)启动php-fpm
#cp /usr/local/src/php-5.6.30/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
#chmod 755 /etc/init.d/php-fpm
#useradd -s /sbin/nologin php-fpm
#service php-fpm start
#chkconfig php-fpm on
//设置php-fpm开机自启
#ps aux | grep php-fpm
//检测php-fpm是否启动
任务三 安装Nginx
(1)下载及解压
#cd /usr/local/src
#wget http://nginx.org/download/nginx-1.10.3.tar.gz
#tar -zxvf /nginx-1.10.3.tar.gz
(2)配置编译选项
#make
#make install
(3)编写Nginx启动脚本,并加入系统服务
#vi /etc/init.d/nginx
写入如下内容
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
#chmod 755 /etc/init.d/nginx
#chkconfig --add nginx
//保存该脚本后更改权限
#chkconfig nginx on
//设置开机自启
(4)更改Nginx的配置文件
#> /usr/local/nginx/conf/nginx.conf
//把原来的配置文件清空
#vi //usr/local/nginx/conf/nginx.conf
写入如下内容
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
#/usr/local/nginx/sbin/nginx -t
//检验配置文件是否正确
显示正确
(5)启动Nginx
#service nginx start
//启动Nginx
#ps aux | grep nginx
//检查Nginx是否启动
已启动
(6)测试是否正确解析PHP
# vi /usr/local/nginx/html/2.php
//内容如下
<?php
echo “test php 解析正常”;
?>
#curl localhost/2.php
测试成功
- 开启过程中报错:
错误原因:端口冲突
解决办法:
#service php-fpm stop
#service php-fpm start
任务四 Nginx配置
(1)默认虚拟主机
#vi /usr/local/nginx/conf/nginx.conf
在结束符号}上面加入一行配置 加入include vhost/*.conf
#mkdir /usr/local/nginx/conf/vhost
#cd /usr/local/nginx/conf/vhost
#vi default.conf
写入如下内容
server
{
listen 80 default_server;
server_name aaa.com;
index index.html index.htm index.php;
root /data/nginx/default;
}
#/usr/local/nginx/sbin/nginx -t
#/usr/local/nginx/sbin/nginx -s reload
#mkdir -p /data/nginx/default
#echo “default_server” > /data/default/index.html
//创建索引页
#curl -x127.0.0.1:80 aaa.com
//访问aaa.com
#curl -x127.0.0.1:80 1212.com
//访问一个没有定义过的域名,也会访问到aaa.com
(2)用户认证
#cd /usr/local/nginx/conf/vhost/
#vi test.com.conf
改为以下配置
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
location /
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
#yum install -y httpd
#htpasswd -c /usr/local/nginx/conf/htpasswd chenkairui
#/usr/local/nginx/sbin/nginx -t
#/usr/local/nginx/sbin/nginx -s reload
#mkdir /data/nginx/test.com
#echo “test.com” > /data/nginx/test.com/index.html
#curl -x127.0.0.1:80 test.com
若此时状态码为401,则该网站需要认证
打开Windows文件,并在最后一行加入IP地址
192.168.187.143 test.com
#curl -x127.0.0.1:80 -u chenkairui:000000 test.com -I
然后在浏览器中访问
(3)域名重定向
#vi /usr/local/nginx/conf/vhost/test.com.conf
改为以下配置
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com'){
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
}
#/usr/local/nginx/sbin/nginx -t
#/usr/local/nginx/sbin/nginx -s reload
#curl -x127.0.0.1:80 test1.com/123.tet -I
(4)Nginx的访问日志
#grep -A2 log_format /usr/local/nginx/conf/nginx.conf
#vi /usr/local/nginx/conf/vhost/test.com.conf
改为以下配置
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com'){
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
access_log /tmp/1.log combined_realip;
}
#/usr/local/nginx/sbin/nginx -t
#/usr/local/nginx/sbin/nginx -s reload
#curl -x127.0.0.1:80 test.com/111
#cat /tmp/1.log
#vi /usr/local/sbin/nginx_log_rotate.sh
//因为Nginx不自带日志切割工具,所以我们借助系统写入一个切割工具或者自定义脚本,写入以下内容
#! /bin/bash
## 假设nginx的日志存放路径为/data/logs/
d=‘data -d "-1 day" +%Y%m%d’
logdir="/data/logs"
nginx_pid="/usr/local/nginx/logs/nginx.pid"
cd $logdir
for log in 'ls *.log'
do
mv $log $log-$d
done
/bin/kill -HUP 'cat $nginx_pid'
0 0 * * * /bin/bash /usr/local/sbin/nginx_log_rotate.sh
(5)配置静态文件不记录日志并添加过期时间
#vi /usr/local/nginx/conf/vhost/test.com.conf
改为以下配置
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com'){
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 7d;
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
access_log /tmp/1.log combined_realip;
}
//使用location~可以指定对应的静态文件,expiees配置过期时间,而access_log配置为off就可以不记录访问日志了。
#/usr/local/nginx/sbin/nginx -t
#curl - I -x127.0.0.1:80 test.com/1.js
#curl - I -x127.0.0.1:80 test.com/2.jpg
#curl - I -x127.0.0.1:80 test.com/1.jss
(6)Nginx防盗链
#vi /usr/local/nginx/conf/vhost/test.com.conf
改为以下配置
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|rac|zip|doc|pdf|gz|bz2|jpeg|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com;
if ($invalid_referer)
{
return 403;
}
access_log off;
}
access_log /tmp/1.log combined_realip;
}
#/usr/local/nginx/sbin/nginx -t
#curl -x127.0.0.1:80 -I -e "http://aaa.com/1.txt" test.com/2.jpg
#curl -x127.0.0.1:80 -I -e "http://test.com/1.txt" test.com/2.jpg
(7)访问控制
#vi /usr/local/nginx/conf/vhost/test.com.conf
改为以下内容
location /admin/
{
allow 192.168.188.1;
allow 127.0.0.1;
deny all;
}
#curl -x 127.0.0.1:80 test.com/admin/1.html
也可以只针对某个IP
location /admin/
{
deny 192.168.188.1;
deny 127.0.0.1;
}
如果是黑名单形式,则不需要写allow all
location ~ .*(abc|image)/.*\.php$
{
deny all
}
小括号里面的竖线为分隔符,是或者的意思。
在Nginx配置中,也可以针对user_sgent做一些限制
If ($http_user_agent ~ ‘Spider/3.0|YoudaoBot|Tomato’)
{
Return 403;
}
其中~为匹配符号,只要user_agent中含有Spider/3.0或者YoudaoBot字符串的,都会被拒绝,return 403为直接返回403的状态码,当然也可以把他替换为deny all。
(8)Nginx解析PHP
#vi /usr/local/nginx/conf/vhost/test.com.conf
改为以下内容
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com')
{
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/nginx/test.com$fastcgi_script_name;
}
access_log /tmp/1.log combined_realip;
}
//其中fastcgi_pass用来指定php-fpm的地址,如果php-fpm监听的是一个tcp:port的地址(比如127.0.0.1:9000),那么也需要在这里改成fastcgi_pass 127.0.0.1:9000。这个地址一定要和php-fpm服务监听的地址匹配,否则会报502错误。
//还有一个地方也需要注意,SCRIPT_FILENAME后面跟的路径为该站点的根目录,和前面定义的root那个路径保持一致。如果这里匹配不对,访问页面会出现404.
(9)Nginx代理
#ping ask.apelearn.com
//获取要代理的域名所在的服务器IP地址
#vi /usr/local/nginx/conf/vhost/proxy.conf
添加以下内容
server
{
listen 80;
server_name ask.apelearn.com;
location /
{
proxy_pass http://47.104.7.242/;;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#/usr/local/nginx/sbin/nginx -t
#/usr/local/nginx/sbin/nginx -s reload
#curl -x127.0.0.1:80 ask.apelearn.com -I
#curl -x127.0.0.1:80 123.com -I
(10)Nginx配置SSL
#openssl genrsa -des3 -out tmp.key 2048
//生成私钥,密码不能太短,否则不成功
#openssl rsa -in tmp.key -out chenkairui.key
//这一步是把刚才生成的tmp.key转换成chenkairui.key,目的是删除刚才设置的密码,如果key文件有密码,则必须在Nginx加载它的时候输入它的密码,很不方便
#openssl req -new -key chenkairui.key -out chenkairui.csr
//
#openssl x509 -req -days 365 -in chenkairui.csr -signkey chenkairui.key -out chenkairui.crt
#vi /usr/local/nginx/conf/vhost/ssl.conf
server
{
listen 443;
server_name chenkairui.com;
index index.html index.php;
root /data/nginx/chenkairui.com;
ssl on;
ssl_certificate chenkairui.crt;
ssl_certificate_key chenkairui.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/nginx/chenkairui.com$fastcgi_script_name;
}
access_log /tmp/1.log combined_realip;
}
~
#echo "<?php phpinfo(); ?>" > /data/nginx/chenkairui.com/1.php
#/etc/init.d/nginx restart
再编辑hosts文件,写入一行
192.168.187.143 chenkairui.com
用浏览器访问http://chenkairui.com/1.php
会提示不安全,因为该证书是我们自己是做的,并没有得到浏览器的认可。
#
- 测试报错:
错误原因:
解决办法:#./configure --prefix=/usr/local/nginx/ --with-http_ssl_module
#make
#make install
任务五 Php-fpm的配置
(1)php-fpm 的pool
#/usr/local/php-fpm/etc/php-fpm.conf
找到[glocal]模块写入以下内容
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
include = ets/php-fpm.d/*.conf
#mkdir /usr/local/php-fpm/etc/php-fpm.d
#cd /usr/local/php-fpm/etc/php-fpm.d
#vi www.conf
写入以下内容
[www]
listen = /tmp/www.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
#vi chenkairui.conf
写入以下内容
[chenkairui]
listen=/tmp/chenkairui.sock
listen.mode=666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
//这样就有两个子配置文件,也就是有两个pool了,第一个pool监听了/tmp/www.sock,第二个pool监听了/tmp/chenkairui.sock。这样就可以在Nginx不同的虚拟主机中调用不同的pool,熊二达到相互隔离的目的,两个pool互不影响。
#/usr/local/php-fpm/sbin/php-fpm -t
#/etc/init.d/php-fpm restart
#ls /tmp/*.sock
(2)php-fpm的慢执行日志
#vi /usr/local/php-fpm/etc/php-fpm.d/www.conf
在最后加入以下内容
request_slowlog_timeout = 1 //定义超时时间
slowlog = /usr/local/php-fpm/var/log/www-slow.log
(3)php-fpm定义open_basedir
#vi /usr/local/php-fpm/etc/php-fpm.d/chenkairui.conf
在最后面加入以下内容
php_admin_value[open_basedir]=/data/www/:/tmp/
#
(4)php-fpm进程管理
看 一段配置:
pm = dynamic //定义php-fpm的子进程启动模式,dynamic为动态模式,根据实际需求,动态地增加或减少子进程,最多不超过pm.max_children定义的数值
pm.max_children = 50 //另外一种是static,这种模式下子进程数量由pm.max_children决定,一次性启动这么多,不增加也不减少
pm.start_servers = 20 //针对dynamic模式,定义在启动服务时产生的子进程的数量
pm.min_spare_servers = 5 //针对dynamic模式,定义空闲时段子进程数的最小值
pm.max_spare_servers = 35 //针对dynamic模式,定义空闲时段子进程数的最大值
pm.max_requests = 500 //针对dynamic模式,定义一个子进程最多处理的请求数,达到这个数值时,它会自动退出
扫一扫
745
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
