LNMP搭建训练手册

LNMP搭建训练手册

 首先要安装三个软件MySQL PHP 	Nginx ,想想我安装这些的时候因电脑配置低真是花费了九牛二虎之力,言归正传让我们看下面操作吧.

一、安装

1.1安装mysql
1.1.1下载

#cd /usr/local/src  

//软件包都放在这里方便管理

#wget http://mirrors.sohu.com/mysql/MySQL-5.6/mysql-5.6.39-linux-glibc2.12-x86_64.tar.gz

1.1.2解压

#tar zxf 源码包  
#tar zxvf mysql-5.6.39-linux-glibc2.12-x86_64.tar.gz  
mv mysql-5.6.39-linux-glibc2.12-x86_64 /usr/local/mysql  

1.1.3安装和配置

#useradd -s /sbin/nologin mysql

//建立MySQL用户，因为启动MySQL需要该用户

#mkdir -p /data/mysql

//创建datadir,数据库文件会放到这里面

#chown -R mysql:mysql /data/mysql

// 更改权限，不更改后续操作就会出问题

#yum install -y perl-Module-Install 
#cd /usr/local/mysql

#./scripts/mysql_install_db --user=mysql --datadir=/data/mysql

//–user表示定义数据库的以哪个用户的身份运
//–datadir表示定义数据库的安装目录

#cp support-files/my-default.cnf /etc/my.cnf
#vim /etc/my.cnf
修改
basedir = /usr/local/mysql
datadir = /data/mysql
port = 3306
server_id = 131
socket = /tmp/mysql.sock

#cp support-files/mysql.server /etc/init.d/mysqld

//复制启动脚本文件

#chmod 777 /etc/init.d/mysqld
//修改启动脚本文件的属性
#vi /etc/init.d/mysqld
basedir=/usr/local/mysql
datadir=/data/mysql

//修改启动脚本

#chkconfig --add mysqld
//把mysql服务加到系统服务列表中
#chkconfig mysqld on
service mysqld start

//开机就启动

1.2 安装PHP

1.2.1下载

#cd /usr/local/src  
//软件包都放在这里方便管理
#wget http://cn2.php.net/distributions/php-5.6.30.tar.gz

1.2.2解压

#tar zxf php-5.6.30.tar.gz

1.2.3安装与配置

#yum install -y install gcc libxml2 libxml2-devel openssl openssl-devel libcurl curl-devel libjpeg-devel libpng libpng-devel freetype-devel epel-release 

#yum install -y php-mcrypt  libmcrypt  libmcrypt-devel

#useradd -s /sbin/nologin php-fpm

#cd php-5.6.30

#./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-pdo-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --with-pear --with-curl  --with-openssl

#make && make install （安装时间会很久）

#cp /usr/local/src/php-5.6.30/php.ini-production /usr/local/php-fpm/etc/php.ini

#vim /usr/local/php-fpm/etc/php-fpm.conf

把以下内容写进文件（不用复制，直接写入）：

[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
[www]
user = php-fpm
group = php-fpm
listen = /tmp/php-fcgi.sock
listen.mode = 666
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024

#/usr/local/php-fpm/sbin/php-fpm -t

tset is successful //代表成功

#cd /usr/local/src/php-5.6.30

#cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm

#chmod 755 /etc/init.d/php-fpm

#chkconfig --add php-fpm
 chkconfig php-fpm on
 cd /usr/local/php-fpm/
 sbin/php-fpm -t
 service php-fpm start
 ps -ef |grep php
 ll  /tmp/php-fcgi.sock

1.2.4测试安装

#ps aux |grep  php-fpm

//会显示大概20多个进程
1.3安装Nginx
1.3.1下载

#cd /usr/local/src/

#wget http://nginx.org/download/nginx-1.16.1.tar.gz

1.3.2解压

#tar zxf nginx-1.16.1.tar.gz

1.3.3配置安装

#cd nginx-1.16.1/
#./configure --prefix=/usr/local/nginx
#make && make install
#vi /etc/init.d/nginx

#!/bin/bash
#chkconfig: - 30 21
#description: http service.
#Source Function Library
. /etc/init.d/functions
#Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL

#chmod 755 /etc//init.d/nginx 
#chkconfig --add nginx
#chkconfig nginx on
#> /usr/local/nginx/conf/nginx.conf
#vim /usr/local/nginx/conf/nginx.conf

user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}

#/usr/local/nginx/sbin/nginx -t

#vim /usr/local/nginx/conf/nginx.conf
#/usr/local/nginx/sbin/nginx -t
#service nginx start
#ps aux |grep nginx

1.3.4测试是否正确解析

#vi /usr/local/nginx/html/2.php
<?php
echo "test php scripts";
?>

#curl localhost/2.php

test php scripts //证明解析成功

二、Nginx配置

2.1 默认虚拟主机
2.1.1配置
首先修改配置文件

#vi /usr/local/nginx/conf/nginx.conf

在最后一个结束符号}前加一行配置：
include vhost/*.conf;
意思就是/usr/local/nginx/conf/host下面的所有以.conf结尾的文件都会被加载

#mkdir /usr/local/nginx/conf/vhost
#cd /usr/local/nginx/conf/vhost
#vim default.conf

server
{
    listen 80 default_server;
    server_name aaa.com;
    index index.html index.htm index.php;
    root /data/nginx/default;
}

#/usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

#/usr/local/nginx/sbin/nginx -s reload

mkdir -p /data/nginx/default

#echo "default_server" > /data/nginx/default/index.html

//创建索引页
2.1.2检验测试

#curl -x127.0.0.1:80 aaa.com

//访问aaa.com
default_server

#curl -x127.0.0.1:80 1212.com

//访问一个没有定义过的域名，也会访问aaa.com
default_server
2.1.3测试成功

2.2 用户认证
2.2.1配置
再来创建一个新的虚拟主机

#cd /usr/local/nginx/conf/vhost
#vi test.com.conf

server
{
    listen 80;
    server_name test.com;
    index index.html index.htm index.php;
    root /data/nginx/test.com;

    location /
    {
auth_basic "Auth";
    //打开认证
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
    //指定用户密码文件
    }
}

#yum install -y httpd

//安装httpd，也可以使用之前编译安装的Apache2.4
下面创建和更新用于基本认证的用户认证密码文件

#htpasswd -c /usr/local/nginx/conf/htpasswd dongying

new password：
re-type new password：
Adding password for user dongying

#/usr/local/nginx/sbin/nginx -t 
#/usr/local/nginx/sbin/nginx -s reload
#mkdir /data/nginx/test.com
#echo "test.com" > /data/nginx/test.com/index.html

2.2.2 测试检测

#curl -I -x127.0.0.1:80 test.com

状态码401

#curl -udongying:000000 -x127.0.0.1:80 test.com

2.2.3测试成功

[root@localhost vhost]# systemctl stop firewalld  
[root@localhost vhost]# setenforce 0

编辑C:\Windows\System32\drivers\etc\hosts文件，添加映射
IP test.com
打开浏览器访问test.com

2.3 域名重定向
2.3.1配置

#vi /usr/local/nginx/conf/vhost/test.com.conf

server
{
    listen 80;
server_name test.com test1.com test2.com;
   //是server_name后面可以跟多个域名
    index index.html index.htm index.php;
    root /data/nginx/test.com;

    if ($host != 'test.com' ){
       rewrite ^(.*)$ http://test.com/$1 permanent;
        //permanent为永久重定向，相当于httpd的R=301
    }
} 

#/usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

#/usr/local/nginx/sbin/nginx -s reload

2.3.2检验测试

#curl -x127.0.0.1:80 test1.com/123.txt -I

状态码301
2.3.3测试成功

2.4 Nginx的访问日志
2.4.1配置
先来看看Nginx的日志格式

#grep -A2 log_format /usr/local/nginx/conf/nginx.conf

log_format combined_realip ‘$remote_addr KaTeX parse error: Double subscript at position 7: http_x_̲forwarded_for [time_local]’
’ $host"$request_uri" KaTeX parse error: Double superscript at position 9: status' '̲ "http_referer" "$htt{p}_{u}se{r}_{a}gent{"}^{\prime };//combine{d}_{r}ealip为日志格式名字，$remote_addr为网站的用户的出口IP；
//KaTeX parse error: Double subscript at position 7: http_x_̲forwarded_for 为…time_local为当前时间；$host为主机名；$request_uri为访问的URL地址
//$status为状态码，$http_referer为referer地址，$http_user_agent为user_agent
修改配置文件

#vi /usr/local/nginx/conf/vhost/test.com.conf

server
{
        listen 80;
        server_name test.com;
        index index.html index.htm index.php;
        root /data/nginx/test.com;
        if ($host != 'test.com' ){
                rewrite ^(.*)$ http://test.com/$1 permanent;
        }
        access_log /tmp/1.log combined_realip;
}
//使用access_log来指定日志的存储路径，最后面为日志的格式名字

#/usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

#/usr/local/nginx/sbin/nginx -s reload

2.4.2 检验测试

#curl -x127.0.0.1:80 test.com/111

状态码404

#cat /tmp/1.log

127.0.0.1

2.4.3检验成功

2.5 配置静态文件不记录日志并添加过期时间
2.5.1配置

#vi /usr/local/nginx/conf/vhost/test.com.conf

server
{
        listen 80;
        server_name test.com test1.com test2.com;
        index index.html index.htm index.php;
        root /data/nginx/test.com;
        if ($host != 'test.com' ){
                rewrite ^(.*)$ http://test.com/$1 permanent;
        }
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
        expires 7d;
        access_log off;
        }
        location ~ .*\.(js|css)$
        {
        expires 12h;
        }
        access_log /tmp/1.log combined_realip;
}

#/usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

#echo "11111" > /data/nginx/test.com/1.js

//创建js文件

#echo "22222" > /data/nginx/test.com/2.jpg

//创建jpg文件

#touch /data/nginx/test.com/1.jss

//创建一个对比的文件

2.5.2检验测试

#curl -I -x127.0.0.1:80 test.com/1.js

状态码200

#curl -I -x127.0.0.1:80 test.com/2.jpg

状态码200

#curl -I -x127.0.0.1:80 test.com/1.jss

状态码200

#cat /tmp/1.log

查看日志
2.5.3测试成功

2.6 Nginx防盗链
2.6.1配置

#vi /usr/local/nginx/conf/vhost/test.com.conf
server
{
        listen 80;
        server_name test.com test1.com test2.com;
        index index.html index.htm index.php;
        root /data/nginx/test.com;
        if ($host != 'test.com' ){
                rewrite ^(.*)$ http://test.com/$1 permanent;
        }
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
        expires 7d;
        valid_referers none blocked server_names *.test.com ;
        if ($invalid_referer) {
        return 403;
        //如果来源网址的不是test.com的域名，则返回403
        }
        access_log /tmp/1.log combined_realip;
        }
}

#/usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

#/usr/local/nginx/sbin/nginx -s reload
#service nginx stop
#service nginx start

2.6.2检验测试

#curl -x127.0.0.1:80 -e "http://test.com/1.txt" test.com/2.jpg -I

状态码200

#curl -x127.0.0.1:80 -e "http://aaa.com/1.txt" test.com/2.jpg -I

状态码403
2.6.3测试成功

2.7 访问控制
2.7.1配置

#vi /usr/local/nginx/conf/vhost/test.com.conf

server
{
    listen 80;
    server_name test.com test1.com test2.com;
    index index.html index.htm index.php;
    root /data/nginx/test.com;
    location /admin/
   {
        allow 192.168.63.139;
        allow 127.0.0.1;
        deny all;
   }
}
//使访问admin目录下只允许192.168.63.139和127.0.0.1访问

#/usr/local/nginx/sbin/nginx -t
#/usr/local/nginx/sbin/nginx -s reload
#mkdir /data/nginx/test.com/admin
#echo "123" > /data/nginx/test.com/admin/1.html

2.7.2检验测试

#curl -x127.0.0.1:80 test.com/admin/1.html

123
在vmware中给虚拟机添加一块网卡，设置为仅主机模式，查看IP，使用IP为请求代理，访问test.com/admin/1.html

#curl -x192.168.188.128:80 test.com/admin/1.html

状态码403
2.7.3测试成功

2.8 Nginx解析PHP
2.8.1配置

#vi /usr/local/nginx/conf/vhost/test.com.conf

server
{
    listen 80;
    server_name test.com test1.com test2.com;
    index index.html index.htm index.php;
    root /data/nginx/test.com;
    if ($host != 'test.com' ) {
        rewrite ^/(.*)$ http://test.com/$1 permanent;
    }
    location ~ \.php$
    {
    include fastcgi_params;
    fastcgi_pass unix:/tmp/php-fcgi.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME /data/nginx/test.com$fastcgi_script_name;
    }
   access_log /tmp/1.log combined_realip;
}
//fastcgi_pass用来指定php-fpm的地址

# vim /data/nginx/test.com/3.php 
<?php
phpinfo();
?>

# curl -x192.168.63.139:80 test.com/3.php
<?php
phpinfo();
?>

重新加载nginx

# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
# curl -x192.168.63.139:80 test.com/3.php

三、php-fpm
php-fpm 的配置文件都放在/usr/local/php-fpm/etc/php-fpm php-fpm.conf内
3.1 php-fpm的pool
php-fpm pool是 php-fpm 的进程池，这个进程池中运行了多个子进程，用来并发处理所有连接的动态请求。为什么要配置多个 pool ？Nginx 接收到 php 动态请求会传给 php-fpm 处理，php-fpm 调用 pool 中的子进程来处理动态请求，如果这个 pool 资源耗尽，会导致其他站点无法访问资源，报 502 错误，因此有必要设置多个 php-fpm pool。
Nginx可以配置多个主机，php-fpm也可以配置多个pool。
首先对php-fpm.conf做一个修改

# vim /usr/local/php-fpm/etc/php-fpm.conf
include = etc/php-fpm.d/*.conf

include这行比较特殊，后面路径必须写上etc目录
然后创建配置文件目录和子配置文件：

#mkdir /usr/local/php-fpm/etc/php-fpm.d
#cd /usr/local/php-fpm/etc/php-fpm.d
#vim www.conf

 [www]
listen = /tmp/php-fcgi.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024

• //第一行定义php-fpm的子进程启动模式，dynamic为动态模式
• //第二行定义动态增加或减少的量不会超过设定的值
• //第三行是针对dynamic模式，他定义php-fpm服务在启动服务时产生的子进程数量
• //第四行是针对dynamic模式，他定义空闲时子进程数最少数量，若达到数值会派生新的子进程
• //第五行是针对dynamic模式，他定义空闲时子进程数最多数量，若高于数值会开始清理空闲的子进程
• //第六行是针对dynamic模式，他定义一个子进程最多处理的请求数，若达到数额会自动退出

保存后再编辑另外的配置文件：

#vim aming.conf

//写下如下内容

 [aming]
listen = /tmp/aming.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024

下面验证配置是否有问题

#/usr/local/php-fpm/sbin/php-fpm -t

然后来重启一下php-fpm服务

#/etc/init.d/php-fpm restart

再来查看一下/tmp/*.sock

#ls /tmp/*.sock

# ps aux |grep php

3.2 php-fpm的慢执行日志
通过慢执行日志，我们可以清晰地了解PHP脚本在哪里执行时间长，可以定位到行
下面介绍如何开启和查看慢执行日志

#vim /usr/local/php-fpm/etc/php-fpm.d/www.conf

 request_slowlog_timeout = 1
slowlog = /usr/local/php-fpm/var/log/www-slow.log

//第一行定义超时时间，即超过一秒就会被记录日志
//第二行定义慢执行日志的路径和名字

# /etc/init.d/php-fpm reload
# ls /usr/local/php-fpm/var/log/

模拟一个慢执行脚本

# vim /data/nginx/test.com/sleep.php
<?php
echo "test slow log";
sleep(2);
echo "done";
?>

# curl -x127.0.0.1:80 test.com/sleep.php
# cat /usr/local/php-fpm/var/log/www-slow.log