今天群里面的朋友搭建Web,参照的很多网站的教程,结果都说是错误的,现在自己的Web访问不了了,可能他的路径是错误的,但是不管怎样,我现在教大家怎么配置Nginx.如果本地web没有公网Ip,请用Ngrok穿透.
Apache
- 更新系统,这是安装软件前的良好习惯.
#更新软件列表。
sudo apt-get update
#更新软件。
sudo apt-get upgrade
#更新系统版本。
sudo apt-get dist-upgrade
安装配置lnmp(Nginx+MySQL+PHP)
#安装Nginx
sudo apt install nginx -y
#安装chkconfig
apt-get install chkconfig
#添加开机启动
chkconfig nginx on
#安装Mysql
sudo apt install mysql-server -y
service mysql start
chkconfig mysql on
service mysql restart
#安装PHP,使PHP支持 MySQL、FastCGI
install php5-fpm php5-cgi php5-cli php5-curl php5-mysql php5-gd php5-mcrypt php5-memcache
#启动php5-fpm
/etc/init.d/php5-fpm start
#设置开机启动php5-fpm
chkconfig php5-fpm on
#重启mysql
/etc/init.d/mysql restart
#重启nginx
/etc/init.d/nginx restart
- 配置Nginx至支持PHP
#配分Nginx的配置
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
#用nano打开配置
nano /etc/nginx/nginx.conf
- 改成如下配置:
user www-data www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
#该指令用于开启或关闭gzip模块(on/off)
gzip_disable "msie6";
#禁用IE 6 gzip
gzip_vary on;
#在http header中添加Vary: Accept-Encoding ,给代理服务器用的
gzip_proxied any;
#这里设置无论header头是怎么样,都是无条件启用压缩
gzip_comp_level 6;
#gzip压缩比,数值范围是1-9,1压缩比最小但处理速度最快,9压缩比最大但处理速度最慢
gzip_buffers 16 8k;
#设置系统获取几个单位的缓存用于存储gzip的压缩结果数据流。16 8k代表以8k为单位,安装原始数据大小以8k为单位的16倍申请内存
gzip_http_version 1.1;
#识别http的协议版本
#gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
#默认压缩类型
gzip_types
text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml text/javascript application/javascript application/x-javascript text/x-json application/json application/x-web-app-manifest+json text/css text/plain text/x-component font/opentype font/ttf application/x-font-ttf application/vnd.ms-fontobject image/x-icon;
#进行压缩的文件类型,这里特别添加了对字体的文件类型
#gzip_disable "MSIE [1-6]\.(?!.*SV1)";
#禁用IE 6 gzip
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
- 站点配置:
#备份站点配置
cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
#修改配置,具体内容在下面
nano /etc/nginx/sites-available/default
#修改完成后,需要重新加载配置
service nginx reload 或者 sudo nginx -r
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 ;
listen [::]:80 ;
#这里站点名字改成自己的
server_name wwww.xxx.com;
# 强制https访问
rewrite ^/(.*) https://wwww.xxx.com/$1 permanent;
}
server {
#启用HSTS
add_header Strict-Transport-Security "max-age=10886400; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
listen 443 ssl ;
listen [::]:443 ssl ;
#这里的也需要该.
ssl_certificate /srv/www/wwww.xxx.com.crt;
ssl_certificate_key /srv/www/wwww.xxx.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /srv/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
# 需要修改
server_name wwww.xxx.com;
location / {
#typecho伪静态
index index.html index.php;
if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
}
if (-f $request_filename/index.php) {
rewrite (.*) $1/index.php;
}
if (!-f $request_filename) {
rewrite (.*) /index.php;
}
#typecho伪静态
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
#最大上传附件
client_max_body_size 32m;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php5-cgi alone:
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME /srv/www/html$fastcgi_script_name;
include fastcgi_params;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(eot|ttf|otf|woff|svg)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {
listen 80;
listen [::]:80;
#这里也需要修改
server_name xxxx.com;
root /srv/www/html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 80;
listen [::]:80;
# 这里也需要修改.
server_name qq.xxxx.com;
root /srv/www/html/qq;
index index.php index.html;
location / {
try_files $uri $uri/ =404;
}
}
- 配置PHP
nano /etc/php5/fpm/php.ini
date.timezone = PRC
#时区设置 把前面的分号去掉,改为date.timezone = PRC
#每个脚本运行的最长时间,单位秒
max_execution_time = 150
#每个脚本可以消耗的时间,单位也是秒
max_input_time = 300
#脚本运行最大消耗的内存,根据你的需求更改数值
memory_limit = 8M
#表单提交最大数据为 8M,此项不是限制上传单个文件的大小,而是针对整个表单的提交数据进行限制的。限制范围包括表单提交的所有内容.例如:发表贴子时,贴子标题,内容,附件等
post_max_size = 32M
#上载文件的最大许可大小
找到:upload_max_filesize = 32M
- 配置php-fpm
#备份原有配置文件
cp /etc/php5/fpm/pool.d/www.conf /etc/php5/fpm/pool.d/www.confbak
vim /etc/php5/fpm/pool.d/www.conf
#修改用户为www-data
user = www-data
#修改组为www-data
group = www-data
/etc/init.d/mysql restart
/etc/init.d/nginx restart
/etc/init.d/php5-fpm restart
- 配置Mysql
安装完mysql-server 会提示可以运行mysql_secure_installation。运行mysql_secure_installation会执行几个设置:
a)为root用户设置密码
b)删除匿名账号
c)取消root用户远程登录
d)删除test库和对test库的访问权限
e)刷新授权表使修改生效
通过这几项的设置能够提高mysql库的安全。建议生产环境中mysql安装这完成后一定要运行一次mysql_secure_installation,详细步骤请参看下面的命令:
root@raspberrypi:/# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] n
... skipping.
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist
... Failed! Not critical, keep moving...
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
root@raspberrypi:/#
- 安装配置phpmyadmin
#安装phpmyadmin
apt install phpmyadmin -y
#在站点根目录建立链接
sudo ln -s /usr/share/phpmyadmin /srv/www/html
至此就配置结束了,有些配置参考了别人的方法...
https://wwww.lvmoo.com/archives/20.html
https://www.linuxdashen.com/debian%E5%92%8Cubuntu%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%8D%87%E7%BA%A7php7
