实战环境 LNMP项目实战: L:Linux(centos 7.6) http://mirrors.cqu.edu.cn/CentOS/7.6.1810/isos/x86_64/ N:Nginx(1.12.2) https://nginx.org/en/download.html M:MySQL(5.6.48) https://dev.mysql.com/downloads/mysql/5.6.html#downloads P:PHP(7.2.15) http://php.net/downloads.php Worldpress(5.0.3):https://cn.wordpress.org/download/
主机信息:
部署规划:
172.24.77.241(sr1.dj.com):Nginx php-fpm 运行web服务
172.24.77.242(sr2.dj.com):运行MySQL数据库
172.24.77.243(sr3.dj.com):NFS存储服务器,存储上传的图片
1-部署数据库:
1.1二进制部署MySQL数据库
安装依赖包
#yum install vim gcc gcc-c++ wget autoconf net-tools lrzsz iotop lsofiotop bash-completion curl policycoreutils openssh-server openssh-clients postfix –y
提示如下
Updated:
curl.x86_64 0:7.29.0-57.el7 openssh-clients.x86_64 0:7.4p1-21.el7 openssh-server.x86_64 0:7.4p1-21.el7 postfix.x86_64 2:2.
Dependency Updated:
libcurl.x86_64 0:7.29.0-57.el7 libssh2.x86_64 0:1.8.0-3.el7 openssh.x86_64 0:7.4p1-21.el7
Complete!
下载安装包(略)
切换至下载目录
#cd /usr/local/src/
解压安装包
#tar xvf mysql-5.6.48-linux-glibc2.12-x86_64.tar.gz
创建快捷方式
#ln -sv /usr/local/src/mysql-5.6.48-linux-glibc2.12-x86_64 /usr/local/mysql
新增启动用户
#useradd mysql -s /sbin/nologin
创建存放mysql文件及日志的目录
#mkdir -pv /data/mysql /var/lib/mysql
修改文件夹权限
#chown -R mysql.mysql /data /var/lib/mysql –R
设置开始启动
#cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
初始化MySQL
#/usr/local/mysql/scripts/mysql_install_db --user=mysql --datadir=/data/mysql --basedir=/usr/local/mysql
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/local/mysql/bin/mysqladmin -u root password 'new-password'
/usr/local/mysql/bin/mysqladmin -u root -h sr2.dj.com password 'new-password'
Alternatively you can run:
/usr/local/mysql/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd . ; /usr/local/mysql/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl
Please report any problems at http://bugs.mysql.com/
The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
New default config file was created as /usr/local/mysql/my.cnf and
will be used by default by the server when you start it.
You may edit this file to change server settings
WARNING: Default config file /etc/my.cnf exists on the system
This file will be read by default by the MySQL server
If you do not want to use this, either remove it, or use the
--defaults-file argument to mysqld_safe when starting the server
添加执行权限
#chmod a+x /etc/init.d/mysqld
备份并修改my.cnf配置文件
#cp /etc/my.cnf /etc/my.cnf.bak
#cp /etc/my.cnf /etc/my.cnf.bak
[mysqld]
socket=/data/mysql/mysql.sock
user=mysql
symbolic-links=0
datadir=/data/mysql
innodb_file_per_table=1
max_connections=10000
[client]
port=3306
socket=/var/lib/mysql/mysql.sock
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/tmp/mysql.sock
1.2创建数据库并授权
启动mysql并创建数据库
#/etc/init.d/mysqld start
Starting MySQL..................... SUCCESS!
#ln -sv /data/mysql/mysql.sock /var/lib/mysql/mysql.sock
登录数据库
#/usr/local/mysql/bin/mysql
创建数据库
#CREATE DATABASE wordpress;
#GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"172.24.77.%" IDENTIFIED BY "123456";
#FLUSH PRIVILEGES;
#show databases;
1.3验证MySQL账户权限
在WordPress服务器使用授权的MySQL账户远程登录测试权限Server1
安装mysql客户端
#yum install -y mysql
#mysql -uwordpress -h172.24.77.242 -p123456
#show databases;
2-部署PHP
2.1编译安装php 7.2.15
安装依赖包
#yum -y install wget vim pcre pcre-devel openssl openssl-devel libicudevel gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype
freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-
devel ncurses ncurses-devel curl curl-devel krb5-devel libidn libidn-devel openldap
openldap-devel nss_ldap jemalloc-devel cmake boost-devel bison automake libevent
libevent-devel gd gd-devel libtool* libmcrypt libmcrypt-devel mcrypt mhash libxslt
libxslt-devel readline readline-devel gmp gmp-devel libcurl libcurl-devel openjpegdevel
下载安装包(略)
#/usr/local/src
#tar xf php-7.2.31.tar.gz
#cd php-7.2.31
#./configure --prefix=/apps/php --enable-fpm --with-fpm-user=www --with-fpm-group=www --with-pear --with-curl --with-png-dir –with-freetype-dir --with-iconv --with-mhash --with-zlib --with-xmlrpc --with-xsl --
with-openssl --with-mysqli --with-pdo-mysql --disable-debug --enable-zip –enable-sockets --enable-soap --enable-inline-optimization --enable-xml --enable-ftp --
enable-exif --enable-wddx --enable-bcmath --enable-calendar --enable-shmop --
enable-dba --enable-sysvsem --enable-sysvshm --enable-sysvmsg
安装成功提示如下:
Thank you for using PHP.
config.status: creating php7.spec
config.status: creating main/build-defs.h
config.status: creating scripts/phpize
config.status: creating scripts/man1/phpize.1
config.status: creating scripts/php-config
config.status: creating scripts/man1/php-config.1
config.status: creating sapi/cli/php.1
config.status: creating sapi/fpm/php-fpm.conf
config.status: creating sapi/fpm/www.conf
config.status: creating sapi/fpm/init.d.php-fpm
config.status: creating sapi/fpm/php-fpm.service
config.status: creating sapi/fpm/php-fpm.8
config.status: creating sapi/fpm/status.html
config.status: creating sapi/phpdbg/phpdbg.1
config.status: creating sapi/cgi/php-cgi.1
config.status: creating ext/phar/phar.1
config.status: creating ext/phar/phar.phar.1
config.status: creating main/php_config.h
config.status: executing default commands
#make –j 2
Generating phar.phar
PEAR package PHP_Archive not installed: generated phar will require PHP's phar extension be enabled.
directorygraphiterator.inc
clicommand.inc
directorytreeiterator.inc
invertedregexiterator.inc
pharcommand.inc
phar.inc
Build complete.
Don't forget to run 'make test'.
#make install
warning: pear/PEAR dependency package "pear/Archive_Tar" installed version 1.4.9 is not the recommended version 1.4.4
[PEAR] PEAR - installed: 1.10.12
Wrote PEAR system config file at: /apps/php/etc/pear.conf
You may want to add: /apps/php/lib/php to your php.ini include_path
/usr/local/src/php-7.2.31/build/shtool install -c ext/phar/phar.phar /apps/php/bin
ln -s -f phar.phar /apps/php/bin/phar
Installing PDO headers: /apps/php/include/php/ext/pdo/
2.2准备PHP配置文件
生成配置文件
#cd /apps/php/etc/php-fpm.d/
备份配置文件
#cp www.conf.default www.conf
备份初始化文件
#cp /usr/local/src/php-7.2.31/php.ini-production /apps/php/etc/php.ini
添加启动用户
#useradd www -s /sbin/nologin -u 1001
修改配置文件
[www]
user = www
group = www
listen = 127.0.0.1:9000
新增以下行
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers =30
pm.min_spare_servers = 30
pm.max_spare_servers = 35
以下行去注释
ping.path = /ping
access.log = log/$pool.access.log
slowlog = log/$pool.log.slow
grep -v ";" www.conf | grep -v "^$"
创建日志目录
#mkdir /apps/php/log/
备份fpm文件
#cd /apps/php/etc/
#cp php-fpm.conf.default php-fpm.conf
启动并验证php-fpm
#/apps/php/sbin/php-fpm –t
[19-Jun-2020 11:55:06] NOTICE: configuration file /apps/php/etc/php-fpm.conf test is successful
验证php-fpm
#/apps/php/sbin/php-fpm -c /apps/php/etc/php.ini
#ps -ef |grep php-fpm
root 14081 1 0 11:56 ? 00:00:00 php-fpm: master process (/apps/php/etc/php-fpm.conf)
www 14082 14081 0 11:56 ? 00:00:00 php-fpm: pool www
www 14083 14081 0 11:56 ? 00:00:00 php-fpm: pool www
#yum install net-tools –y
#netstat -tanlp | grep php-fpm
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 14081/php-fpm: mast
3-部署Nginx:要求自定义显示返回给客户端的server信息并隐藏nginx 版本
安装依赖包
#yum install -y vim lrzsz tree screen psmisc lsof tcpdump wget ntpdate
gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel
net-tools iotop bc zip unzip zlib-devel bash-completion nfs-utils automake libxml2
libxml2-devel libxslt libxslt-devel perl perl-ExtUtils-Embed
下载安装包
#cd /usr/local/src/
#wget https://nginx.org/download/nginx-1.12.2.tar.gz
解压安装包
#tar xf nginx-1.12.2.tar.gz
编译安装包
#cd nginx-1.12.2
自定义server信息
#vim src/core/nginx.h
define nginx_version 1012002
define NGINX_VERSION "1.12"
define NGINX_VER "magesrv/" NGINX_VERSION
#vim src/http/ngx_http_header_filter_module.c
static u_char ngx_http_server_string[] = "Server: magenginx" CRLF;
编译安装Nginx
#./configure --prefix=/apps/nginx
--user=www
--group=www
--with-http_ssl_module
--with-http_v2_module
--with-http_realip_module
--with-http_stub_status_module
--with-http_gzip_static_module
--with-pcre
--with-stream
--with-stream_ssl_module
--with-stream_realip_module
#make
#make install
准备php测试页
#mkdir /data/nginx/wordpress –p
#vim /data/nginx/wordpress/index.php
<?php
phpinfo();
?>
配置Nginx
#cp /apps/nginx/conf/nginx.conf /apps/nginx/conf/nginx.conf.bak
#vim /apps/nginx/conf/nginx.conf
查看配置结果
#grep -v "#" /apps/nginx/conf/nginx.conf | grep -v "^$"
重启nginx并访问php状态页
#/apps/nginx/sbin/nginx –t
#/apps/nginx/sbin/nginx stop
#/apps/nginx/sbin/nginx start
修改客户端host映射关系
测试访问
#http://www.silence.net/index.php
4-部署WordPress
#cd /data/nginx/wordpress/
#mv index.php /opt/
下载安装包(略)
#tar -xvf wordpress-5.4.2-zh_CN.tar.gz
#mv wordpress/* .
#cp wp-config-sample.php wp-config.php
#vim wp-config.php
define( 'DB_NAME', 'wordpress' );
/** MySQL数据库用户名 /
define( 'DB_USER', 'wordpress' );
/* MySQL数据库密码 /
define( 'DB_PASSWORD', '123456' );
/* MySQL主机 */
define( 'DB_HOST', '172.24.77.242' );
添加网站目录权限
#chown www.www /data/nginx/wordpress/ /apps/nginx/ -R
重新加载nginx
#/apps/nginx/sbin/nginx -s reload
测试访问
#http://www.silence.net/wp-admin/install.php
自定义错误页面
测试默认的错误页面
#http://www.silence.net/f.php
#mkdir /data/nginx/logs
#vim /apps/nginx/conf/nginx.conf
error_page 500 502 503 504 404 /error.html;
access_log /data/nginx/logs/www-silence-net_access.log;
error_log /data/nginx/logs/www-silence-net_error.log;
location = /error.html {
root /data/nginx;
}
创建自定义错误页面
#/data/nginx/wordpress
#vim error.html
重启Nginx
#killall nginx
#/apps/nginx/sbin/nginx
测试错误页面
自定义访问日志为json格式 #vim /apps/nginx/conf/nginx.conf log_format access_json '{"@timestamp":"$time_iso8601",' '"host":"$server_addr",' '"clientip":"$remote_addr",' '"size":$body_bytes_sent,' '"responsetime":$request_time,' '"upstreamtime":"$upstream_response_time",' '"upstreamhost":"$upstream_addr",' '"http_host":"$host",' '"uri":"$uri",' '"domain":"$host",' '"xff":"$http_x_forwarded_for",' '"referer":"$http_referer",' '"tcp_xff":"$proxy_protocol_addr",' '"http_user_agent":"$http_user_agent",' '"status":"$status"}'; access_log /apps/nginx/logs/access_json.log access_json;
access_log /data/nginx/logs/www-silence-net_access.log access_json;
修改前的日志格式为
重启Nginx
#killall nginx
#/apps/nginx/sbin/nginx
修改后日志格式为
