1、LNMP项⽬实战
L:CentOS Linux release 7.7.1908 (Core) http://mirrors.cqu.edu.cn/CentOS/7.7.1908/isos/x86_64/
N:nginx(1.18.0) https://nginx.org/en/download.html
M:MySQL(5.6.48) https://dev.mysql.com/downloads/mysql/5.6.html#downloads
P:PHP(7.3.10) http://php.net/downloads.php
Worldpress(5.4.1):https://cn.wordpress.org/download/
1.1部署规划:
192.168.37.47:Nginx php-fpm 运⾏web服务
192.168.37.57:运⾏MySQL数据库
1.2检查环境
rpm -q php
rpm -q nginx
rpm -q mysql
id mysql
1.3部署数据库
1.3.1⼆进制部署MySQL数据库
安装相关依赖: yum install vim gcc gcc-c++ wget autoconf net-tools lrzsz iotop lsofiotop bash-completion curl policycoreutils openssh-server openssh-clients postfix -y
解包:tar xvf mysql-5.6.48-linux-glibc2.12-x86_64.tar.gz
创建软连接:ln -sv /usr/local/src/mysql-5.6.48-linux-glibc2.12-x86_64 /usr/local/mysql
添加用户: useradd mysql -s /sbin/nologin
创建目录并修改权限:mkdir -pv /data/mysql /var/lib/mysql
chown -R mysql.mysql /data /var/lib/mysql -R
安装:/usr/local/mysql/scripts/mysql_install_db --user=mysql --datadir=/data/mysql --basedir=/usr/local/mysql
配置mysql服务开机自动启动:cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
添加执行权限:chmod a+x /etc/init.d/mysqld
检查自启动项列表中没有mysqld:chkconfig --list mysqld如果没有就添加mysqld:chkconfig --add mysqld 设置开机启动:chkconfig mysqld on
修改配置文件: vim /etc/my.cnf
[mysqld]
socket=/data/mysql/mysql.sock
user=mysql
symbolic-links=0
datadir=/data/mysql
innodb_file_per_table=1
max_connections=10000
[client]
port=3306
socket=/var/lib/mysql/mysql.sock
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/tmp/mysql.sock
1.3.2创建数据库并授权
启动: /etc/init.d/mysqld start
创建软连接:ln -sv /data/mysql/mysql.sock /var/lib/mysql/mysql.sock
进入数据库:/usr/local/mysql/bin/mysql
创建数据库:CREATE DATABASE wordpress;
创建用户并授权:GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"192.168.37.%" IDENTIFIED BY "123456";
刷新系统权限:FLUSH PRIVILEGES
查看:show databases;
1.3.3验证MySQL账⼾权限
在WordPress服务器使⽤授权的MySQL账⼾远程登录测试权限
mysql -uwordpress -h192.168.7.102 -p123456
1.4 部署PHP
1.4.1 编译安装php 7.2.31
安装相关依赖: yum -y install wget vim pcre pcre-devel openssl openssl-devel libicu-develgcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel ncurses ncurses-devel curl curl-devel krb5-devel libidn libidn-devel openldap openldap-devel nss_ldap jemalloc-devel cmake boost-devel bison automake libevent libevent-devel gd gd-devel libtool* libmcrypt libmcrypt-devel mcrypt mhash libxslt libxslt-devel readline readline-devel gmp gmp-devel libcurl libcurl-devel openjpeg-devel
在src目录下解包安装:cd /usr/local/src tar xf php-7.2.31.tar.bz2
安装:cd php-7.2.31/
./configure --prefix=/apps/php --enable-fpm --with-fpm-user=www --with-fpm-group=www --with-pear --with-curl --with-png-dir --with-freetype-dir --with-iconv --with-mhash --with-zlib --with-xmlrpc --with-xsl --with-openssl --with-mysqli --with-pdo-mysql --disable-debug --enable-zip --enable-sockets --enable-soap --enable-inline-optimization --enable-xml --enable-ftp --enable-exif --enable-wddx --enable-bcmath --enable-calendar --enable-shmop --enable-dba --enable-sysvsem --enable-sysvshm --enable-sysvmsg
make && make install
1.4.2 准备PHP配置⽂件
进入目录:cd /apps/php/etc/php-fpm.d/
配置www.conf:cp www.conf.default www.conf
复制配置文件:cp /usr/local/src/php-7.2.31/php.ini-production/apps/php/etc/php.ini
添加用户和组:useradd www -s /sbin/nologin -u 1001
修改配置文件:vim www.conf
[www]
user = www
group = www
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 30
pm.min_spare_servers = 30
pm.max_spare_servers = 35
pm.status_path = /pm_status
ping.path = /ping
ping.response = pong
access.log = log/$pool.access.log
slowlog = log/$pool.log.slow
查看:grep -v ";" www.conf | grep -v "^$"
创建⽇志⽂件路径:mkdir /apps/php/log/
cd /apps/php/etc/
cp php-fpm.conf.default php-fpm.conf
1.4.3 启动并验证php-fpm
检测语法并启动php-fpm:/apps/php/sbin/php-fpm -t
#验证php-fpm: /apps/php/sbin/php-fpm -c /apps/php/etc/php.ini
ps -ef | grep php-fpm
netstat -tanlp | grep php-fpm
1.5部署Nginx
1.5.1 下载nginx源码
准备环境: yum install -y vim lrzsz tree screen psmisc lsof tcpdump wget ntpdate gccgcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel net-tools iotop bc zip unzip zlib-devel bash-completion nfs-utils automake libxml2 libxml2-devel libxslt libxslt-devel perl perl-ExtUtils-Embed
下载解包:
cd /usr/local/src/
wget https://nginx.org/download/nginx-1.18.0.tar.gz
tar xf nginx-1.18.0.tar.gz
cd nginx-1.18.0
1.5.2⾃定义Response Hearders中server信息:
vim src/core/nginx.h
13 #define NGINX_VERSION "1.2"
14 #define NGINX_VER "magesrv/" NGINX_VERSION #开启server_tokens显⽰此信息
vim src/http/ngx_http_header_filter_module.c
49 static u_char ngx_http_server_string[] = "Server: magenginx" CRLF; #关闭server_tokens显⽰此信息
1.5.3 编译安装Nginx
[root@cent744 /usr/local/src/nginx-1.18.0]#./configure --prefix=/apps/nginx \
--user=www \
--group=www \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module
make && make install
1.5.4 准备php测试⻚
mkdir /data/nginx/wordpress -p
vim /data/nginx/wordpress/index.php
<?php
phpinfo();
?>
1.5.5 配置Nginx
[root@cent744 /usr/local/src/nginx-1.18.0]#grep -v "#" /apps/nginx/conf/nginx.conf | grep -v "^$"
server {
listen 80;
server_name www.magedu.etr;
location / {
root /data/nginx/wordpress;
index index.php index.html index.htm;
if ($http_user_agent ~ "ApacheBench|WebBench|TurnitinBot|Sogou web spider|Grid
Service") {
return 403;
}
}
location ~ \.php$ {
root /data/nginx/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
1.5.6 重启nginx并访问php状态⻚
[root@cent744 /usr/local/src/nginx-1.18.0]#/apps/nginx/sbin/nginx
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
/apps/nginx/sbin/nginx -s reload
修改win10 host文件:C:\Windows\System32\drivers\etc
192.168.37.47 www.magedu.net
1.6 部署WordPress
1.6.1部署WordPress
cd /data/nginx/wordpress/
mv index.php /opt/
unzip wordpress-5.4.1.zip
mv wordpress/* .
mv wordpress-5.4.1.zip /opt/
cp wp-config-sample.php wp-config.php
[root@cent744 /data/nginx/wordpress]#vim wp-config.php
chown www.www /data/nginx/wordpress/ /apps/nginx/ -R
/apps/nginx/sbin/nginx -s reload
1.6.2访问web⻚⾯
http://www.magedu.net/index.php初始化完成后
1.6.3 验证⾃定义server信息
vim /apps/nginx/conf/nginx.conf
server_tokens off; #http配置项
/apps/nginx/sbin/nginx -s reload
1.6.4 隐藏PHP版本
vim /apps/nginx/conf/nginx.conf
location ~ \.php$ {
root /data/nginx/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_hide_header X-Powered-By;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
#重启nginx并验证是否隐藏PHP版本:
[root@cent744 /data/nginx/wordpress]#/apps/nginx/sbin/nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@cent744 /data/nginx/wordpress]#/apps/nginx/sbin/nginx -s reload
2 配置自定义404页面
[root@cent744 /data/nginx/wordpress]#vim /apps/nginx/conf/nginx.conf
修改配置:error_page 500 502 503 504 404 /error.html;
location = /error.html {
root /data/nginx/wordpress;
}
增加自定义页面:echo 404.html > /data/nginx/wordpress/error.html
3配置访问日志为json格式
修改配置文件
[root@cent744 /data/nginx/wordpress]#vim /apps/nginx/conf/nginx.conf
log_format access_json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"uri":"$uri",'
'"domain":"$host",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"tcp_xff":"$proxy_protocol_addr",'
'"http_user_agent":"$http_user_agent",'
'"status":"$status"}';
access_log /data/nginx/logs/www-magedu-net_access.log access_json;
测试
4 配置虚拟主机,实现https访问www.x.com(x.com为自己定义的域名)
#⾃签名CA证书
[root@s2 ~]# cd /apps/nginx/
[root@s2 nginx]# mkdir certs
[root@s2 nginx]# cd certs/
[root@s2 nginx]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt #⾃签名CA证书
Generating a 4096 bit RSA private key
.................++
.....
Country Name (2 letter code) [XX]:CN #国家代码,https://country-code.cl/
State or Province Name (full name) []:BeiJing #省份
Locality Name (eg, city) [Default City]:Beijing #城市名称
Organization Name (eg, company) [Default Company Ltd]:magedu.Ltd #公司名称
Organizational Unit Name (eg, section) []:magedu #部⻔
Common Name (eg, your name or your server's hostname) []:magedu.ca #通⽤名称
Email Address []:2973707860@qq.com #邮箱
[root@s2 certs]# ll ca.crt
-rw-r--r-- 1 root root 2118 Feb 22 12:10 ca.crt
#⾃制key和csr⽂件
[root@s2 certs]# openssl req -newkey rsa:4096 -nodes -sha256 -keyoutwww.x.com.key -out www.x.com.csr
Generating a 4096 bit RSA private key
........................................................................++
......
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BeiJing
Locality Name (eg, city) [Default City]:BeiJing
Organization Name (eg, company) [Default Company Ltd]:magedu.net
Organizational Unit Name (eg, section) []:magedu.net
Common Name (eg, your name or your server's hostname) []:www.x.com
Email Address []:2973707860@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
#签发证书
[root@cent744 /apps/nginx/certs]#openssl x509 -req -days 3650 -in www.x.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.x.com.crt
Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=mageedu/OU=mageedu/CN=www.x.com/emailAddress=582384943@qq.com
Getting CA Private Key
验证证书内容:openssl x509 -in www.x.com.crt -noout -text
修改配置文件:[root@cent744 /usr/local/src/nginx-1.18.0]#vim /apps/nginx/conf/nginx.conf
server {
listen 443 ssl;
server_name www.x.com;
ssl_certificate /apps/nginx/certs/www.x.com.crt;
ssl_certificate_key /apps/nginx/certs/www.x.com.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
location / {
root html;
index index.html index.htm;
}
}
