1、利用LNMP实现搭建wordpress站点
环境准备:
L:Linux(CentOS7)https://mirrors.aliyun.com/centos/7/isos/x86_64/
N:Nginx(1.18.0) https://nginx.org/en/download.html
M:MySQL(8.0.28) https://mirrors.tuna.tsinghua.edu.cn/mysql/downloads/
P:PHP(7.4.29) http://php.net/downloads.php
Wordpress(5.9.2):https://cn.wordpress.org/download/
#部署规划:
10.0.0.7:Nginx php-fpm 运行web服务
10.0.0.17:运行MySQL数据库,Redis服务
1.1、部署数据库
1.1.1、二进制部署数据库
[root@mysql ~]# cd /usr/local/src/
[root@mysql src]# wget https://mirrors.tuna.tsinghua.edu.cn/mysql/downloads/MySQL-8.0/mysql-8.0.26-linux-glibc2.12-x86_64.tar.xz
--2022-04-24 15:12:38-- https://mirrors.tuna.tsinghua.edu.cn/mysql/downloads/MySQL-8.0/mysql-8.0.28-linux-glibc2.12-x86_64.tar.xz
Resolving mirrors.tuna.tsinghua.edu.cn (mirrors.tuna.tsinghua.edu.cn)... 101.6.15.130, 2402:f000:1:400::2
Connecting to mirrors.tuna.tsinghua.edu.cn (mirrors.tuna.tsinghua.edu.cn)|101.6.15.130|:443... connected.
ERROR: cannot verify mirrors.tuna.tsinghua.edu.cn's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:
Issued certificate has expired.
To connect to mirrors.tuna.tsinghua.edu.cn insecurely, use `--no-check-certificate'.
[root@mysql src]# wget https://mirrors.tuna.tsinghua.edu.cn/mysql/downloads/MySQL-8.0/mysql-8.0.28-linux-glibc2.12-x86_64.tar.xz --no-check-certificate #这个我加上--no-check-certificate这个是上报了个证书过期的问题
[root@mysql src]# ll
total 1176056
-rw-r--r-- 1 root root 1957 Mar 26 21:06 install_mysql5.7or8.0.sh
-rw-r--r-- 1 root root 1204277208 Apr 4 16:37 mysql-8.0.28-linux-glibc2.12-x86_64.tar.xz
#准备二进制安装的数据库的脚本
[root@mysql src]# cat install_mysql5.7or8.0.sh
#!/bin/bash
. /etc/init.d/functions
SRC_DIR=`pwd`
MYSQL='mysql-8.0.28-linux-glibc2.12-x86_64.tar.xz'
COLOR='echo -e \E[01;31m'
END='\E[0m'
MYSQL_ROOT_PASSWORD=Mysql@2022
check (){
if [ $UID -ne 0 ]; then
action "当前用户不是root,安装失败" false
exit 1
fi
cd $SRC_DIR
if [ ! -e $MYSQL ];then
$COLOR"缺少${MYSQL}文件"$END
$COLOR"请将相关软件放在${SRC_DIR}目录下"$END
exit
elif [ -e /usr/local/mysql ];then
action "数据库已存在,安装失败" false
exit
else
return
fi
}
install_mysql(){
$COLOR"开始安装MySQL数据库..."$END
yum -y -q install libaio numactl-libs
cd $SRC_DIR
tar xf $MYSQL -C /usr/local/
MYSQL_DIR=`echo $MYSQL| sed -nr 's/^(.*[0-9]).*/\1/p'`
ln -s /usr/local/$MYSQL_DIR /usr/local/mysql
chown -R root.root /usr/local/mysql/
id mysql &> /dev/null || { useradd -s /sbin/nologin -r mysql ; action "创建mysql用户"; }
echo 'PATH=/usr/local/mysql/bin/:$PATH' > /etc/profile.d/mysql.sh
. /etc/profile.d/mysql.sh
ln -s /usr/local/mysql/bin/* /usr/bin/
cat > /etc/my.cnf <<-EOF
[mysqld]
skip_name_resolve=1
datadir=/data/mysql
socket=/data/mysql/mysql.sock
character-set-server=utf8mb4
log-error=/data/mysql/mysql.log
pid-file=/data/mysql/mysql.pid
[client]
socket=/data/mysql/mysql.sock
default-character-set=utf8mb4
EOF
[ -d /data ] || mkdir /data
mysqld --initialize --user=mysql --datadir=/data/mysql
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
chkconfig --add mysqld
chkconfig mysqld on
service mysqld start
[ $? -ne 0 ] && { $COLOR"数据库启动失败,退出!"$END;exit; }
MYSQL_OLDPASSWORD=`awk '/A temporary password/{print $NF}' /data/mysql/mysql.log`
mysqladmin -uroot -p$MYSQL_OLDPASSWORD password $MYSQL_ROOT_PASSWORD &>/dev/null
action "数据库安装完成"
}
check
install_mysql
#检查脚本语法并运行
[root@mysql src]# bash -n install_mysql5.7or8.0.sh
[root@mysql src]# bash install_mysql5.7or8.0.sh
1.1.2、创建WordPress数据库和用户并授权后验证MySQL用户的权限
[root@mysql ~]# mysql -uroot -pMysql@2022
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 8.0.28 MySQL Community Server - GPL
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database wordpress;
Query OK, 1 row affected (0.01 sec)
mysql> create user wordpress@'10.0.0.%' identified by 'word1234';
Query OK, 0 rows affected (0.01 sec)
mysql> grant all on wordpress.* to wordpress@'10.0.0.%';
Query OK, 0 rows affected (0.00 sec)
#验证运行刚刚创建的用户是否用于权限
[root@mysql ~]# mysql -uwordpress -pword1234 -h10.0.0.17
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 17
Server version: 8.0.28 MySQL Community Server - GPL
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| wordpress |
+--------------------+
2 rows in set (0.00 sec)
1.2、部署PHP
1.2.1、编译安装php
[root@nginx ~]# yum -y install gcc openssl-devel libxml2-devel bzip2-devel libmcrypt-devel sqlite-devel oniguruma-devel
[root@nginx ~]# cd /usr/local/src/
[root@nginx src]# wget https://www.php.net/distributions/php-7.4.29.tar.xz
[root@nginx src]# ll
total 10176
-rw-r--r-- 1 root root 10418908 Apr 13 01:00 php-7.4.29.tar.xz
[root@nginx src]# tar xvf php-7.4.29.tar.xz
[root@nginx php-7.4.29]# ./configure \
> --prefix=/apps/php74 \
> --enable-mysqlnd \
> --with-mysqli=mysqlnd \
> --with-pdo-mysql=mysqlnd \
> --with-openssl \
> --with-zlib \
> --with-config-file-path=/etc \
> --with-config-file-scan-dir=/etc/php.d \
> --enable-mbstring \
> --enable-xml \
> --enable-sockets \
> --enable-fpm \
> --enable-maintainer-zts \
> --disable-fileinfo
[root@nginx php-7.4.29]# make -j 2 && make install
1.2.2、准备PHP配置文件
#生成配置文件
[root@nginx php-7.4.29]# cp /usr/local/src/php-7.4.29/php.ini-production /etc/php.ini
[root@nginx php-7.4.29]# cd /apps/php74/etc
[root@nginx etc]# cp php-fpm.conf.default php-fpm.conf
[root@nginx etc]# cd php-fpm.d/
[root@nginx php-fpm.d]# cp www.conf.default www.conf
[root@nginx php-fpm.d]# vim www.conf
[root@nginx php-fpm.d]# grep '^[^;]' www.conf
[www]
user = www
group = www
listen = 127.0.0.1:9000 #监听的端口和IP
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
ping.path = /ping
access.log = log/$pool.access.log #访问日志路径
slowlog = log/$pool.log.slow #慢日志路径
#创建用户和访问日志文件的路径
[root@nginx php-fpm.d]# useradd -r -s /sbin/nologin www
[root@nginx php-fpm.d]# mkdir /apps/php74/log
#基于安全以及性能需要修改一下PHP的配置文件
[root@nginx php-fpm.d]# vim /etc/php.ini
expose_php = OFF #隐藏PHP版本号
post_max_size = 50M #设置最大上传数据大小,默认值为8M
upload_max_filesize = 20M #设置最大上传文件,默认值为2M
1.2.3、启动并验证php-fpm服务
[root@nginx php-fpm.d]# /apps/php74/sbin/php-fpm -t
[24-Apr-2022 16:31:14] NOTICE: configuration file /apps/php74/etc/php-fpm.conf test is successful
[root@nginx php-fpm.d]# cp /usr/local/src/php-7.4.29/sapi/fpm/php-fpm.service /usr/lib/systemd/system/
[root@nginx php-fpm.d]# systemctl daemon-reload
[root@nginx php-fpm.d]# systemctl enable --now php-fpm
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.
[root@nginx php-fpm.d]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:9000 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
[root@nginx php-fpm.d]# pstree -p | grep php
|-php-fpm(111086)-+-php-fpm(111087)
| `-php-fpm(111088)
[root@nginx php-fpm.d]# ps aux | grep php
root 111086 0.0 0.4 176476 9268 ? Ss 16:33 0:00 php-fpm: master process (/apps/php74/etc/php-fpm.conf)
www 111087 0.0 0.3 176476 5680 ? S 16:33 0:00 php-fpm: pool www
www 111088 0.0 0.3 176476 5680 ? S 16:33 0:00 php-fpm: pool www
root 111098 0.0 0.0 112812 976 pts/0 R+ 16:36 0:00 grep --color=auto php
1.3、部署Nginx
1.3.1、编译安装Nginx
[root@nginx ~]# yum -y install gcc pcre-devel openssl-devel zlib-devel
[root@nginx ~]# cd /usr/local/src/
[root@nginx src]# wget https://nginx.org/download/nginx-1.18.0.tar.gz
[root@nginx src]# tar xf nginx-1.18.0.tar.gz
[root@nginx src]# cd nginx-1.18.0/
[root@nginx nginx-1.18.0]# ./configure --prefix=/apps/nginx \
> --user=www \
> --group=www \
> --with-http_ssl_module \
> --with-http_v2_module \
> --with-http_realip_module \
> --with-http_stub_status_module \
> --with-http_gzip_static_module \
> --with-pcre \
> --with-stream \
> --with-stream_ssl_module \
> --with-stream_realip_module
[root@nginx nginx-1.18.0]# make -j 2 && make install
1.3.2、准备服务文件并启动Nginx
[root@nginx ~]# vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/apps/nginx/run/nginx.pid
ExecStartPre=/bin/rm -f /apps/nginx/run/nginx.pid
ExecStartPre=/apps/nginx/sbin/nginx -t
ExecStart=/apps/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP \$MAINPID
KillSignal=SIGQUIT
LimitNOFILE=100000
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
[Install]
WantedBy=multi-user.target
#创建pid目录
[root@nginx ~]# mkdir /apps/nginx/run
#修改默认的nginx配置文件
[root@nginx ~]# vim /apps/nginx/conf/nginx.conf
pid /apps/nginx/run/nginx.pid;
[root@nginx ~]# systemctl daemon-reload
[root@nginx ~]# systemctl enable --now nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@nginx ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:9000 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
1.3.3、配置Nginx支持fastcgi
[root@nginx ~]# vim /apps/nginx/conf/nginx.conf
[root@nginx ~]# grep -Ev '#|^$' /apps/nginx/conf/nginx.conf
worker_processes 2;
pid /apps/nginx/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
server_tokens off; #在响应报文的Server首部隐藏nginx的版本号
client_max_body_size 100m; #设置允许客户端上传单个文件的最大值
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.stars.org; #设置主机名
location / {
root /data/nginx/wordpress; #指定数据路径
index index.php index.html index.htm; 指定默认的网页页面文件
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ \.php$ { #实现php-fpm
root /data/nginx/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php; #fastcgi默认的主页资源
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_hide_header X-Powered-By; #隐藏响应响应报文头中X-Powered-By信息
}
location ~ ^/(ping|pm_status)$ { #实现状态页
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
}
}
}
[root@nginx ~]# /apps/nginx/sbin/nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@nginx ~]# systemctl reload nginx
1.3.4、准备PHP测试页并验证测试页
[root@nginx ~]# mkdir -p /data/nginx/wordpress
[root@nginx ~]# vim /data/nginx/wordpress/test.php
<?php
phpinfo();
?>
在本地计算机上找到C:\Windows\System32\drivers\etc\hosts文件,修改一下加上下面内容: 10.0.0.7 www.stars.org
1.3.5、配置php开启opcache加速并验证是否开启加速
#配置php.ini文件
[root@nginx ~]# vim /etc/php.ini
[opcache]
; Determines if Zend OPCache is enabled
zend_extension=opcache.so
opcache.enable=1
#配置完后重启一下服务
[root@nginx ~]# systemctl restart php-fpm
1.4、部署WordPress
1.4.1、准备WordPress文件
#这里的包我是下载到自己电脑上了
[root@nginx ~]# cd /data/nginx/wordpress/
[root@nginx ~]# rz
[root@nginx ~]# ll wordpress-5.9.2-zh_CN.tar.gz
-rw-r--r-- 1 root root 19462197 Apr 5 21:45 wordpress-5.9.2-zh_CN.tar.gz
[root@nginx ~]# tar xf wordpress-5.9.2-zh_CN.tar.gz
[root@nginx ~]# cp -r wordpress/* /data/nginx/wordpress
[root@nginx ~]# chown -R www.www /data/nginx/wordpress/
1.4.2、初始化web页面
打开浏览器访问http://www.stars.org/
1.4.3、登录后台管理界面并发表文章
1.4.4、验证发表的文章
发现响应报文头中的server字段中只有nginx,这个我们在前面配置的时候隐藏了nginx的版本,不隐藏的话这里会显示现在主机安装的版本号。
1.5、PHP扩展session模块支持redis
PECL是 PHP 扩展的存储库,提供用于下载和开发 PHP 扩展的所有已知扩展和托管功能的目录 官方链接: http://pecl.php.net/package-stats.php github: https://github.com/phpredis/phpredis github安装文档: https://github.com/phpredis/phpredis/blob/develop/INSTALL.markdown 开始在 PHP 中使用 Redis 前, 需要确保已经安装了 redis 服务及 PHP redis 驱动, PHP redis 驱动下载地址为:https://github.com/phpredis/phpredis/releases
1.5.1、编译安装PHP redis
[root@nginx ~]# cd /usr/local/src/
[root@nginx src]# ls
nginx-1.18.0 nginx-1.18.0.tar.gz php-7.4.29 php-7.4.29.tar.xz
[root@nginx src]# wget http://pecl.php.net/get/redis-5.3.1.tgz
[root@nginx src]# tar xf redis-5.3.1.tgz
[root@nginx src]# cd redis-5.3.1/
[root@nginx redis-5.3.1]# ls
arrays.markdown COPYING php_redis.h redis_cluster.c redis_session.h
cluster_library.c crc16.h README.markdown redis_cluster.h sentinel_library.c
cluster_library.h CREDITS redis_array.c redis_commands.c sentinel_library.h
cluster.markdown INSTALL.markdown redis_array.h redis_commands.h sentinel.markdown
common.h liblzf redis_array_impl.c redis_sentinel.c tests
config.m4 library.c redis_array_impl.h redis_sentinel.h
config.w32 library.h redis.c redis_session.c
#如果是yum安装php,需要执行yum -y install php-cli php-devel
#以下为编译安装php的对应方式
[root@nginx redis-5.3.1]# /apps/php74/bin/phpize
Configuring for:
PHP Api Version: 20190902
Zend Module Api No: 20190902
Zend Extension Api No: 320190902
#查看生成configure脚本
[root@nginx redis-5.3.1]# ls
arrays.markdown config.m4 liblzf redis_array_impl.h redis_session.c
autom4te.cache configure library.c redis.c redis_session.h
build configure.ac library.h redis_cluster.c run-tests.php
cluster_library.c config.w32 php_redis.h redis_cluster.h sentinel_library.c
cluster_library.h COPYING README.markdown redis_commands.c sentinel_library.h
cluster.markdown crc16.h redis_array.c redis_commands.h sentinel.markdown
common.h CREDITS redis_array.h redis_sentinel.c tests
config.h.in INSTALL.markdown redis_array_impl.c redis_sentinel.h
如果是yum安装php的话就不需要指定--with-php-config
[root@nginx redis-5.3.1]# ./configure --with-php-config=/apps/php74/bin/php-config
[root@nginx redis-5.3.1]# make -j 2 && make install
..........
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
Build complete.
Don't forget to run 'make test'.
Installing shared extensions: /apps/php74/lib/php/extensions/no-debug-zts-20190902/
#验证Redis模块
#如果yum安装php,模块文件默认存放在 /usr/lib64/php/modules/redis.so
[root@nginx redis-5.3.1]# ll /apps/php74/lib/php/extensions/no-debug-zts-20190902/
total 9596
-rwxr-xr-x 1 root root 4652492 Apr 24 18:04 opcache.a
-rwxr-xr-x 1 root root 2518544 Apr 24 18:04 opcache.so
-rwxr-xr-x 1 root root 2651320 Apr 24 20:16 redis.so
1.5.2、编辑php配置文件支持redis
[root@nginx ~]# vim /etc/php.ini
extension=redis.so #在文件最后一行添加此行,路径可省略
#添加完后重启一下php-fpm服务
[root@nginx ~]# systemctl restart php-fpm
1.5.3、验证加载 redis 模块
1.5.4、安装和配置 redis 服务
#在数据库服务器上安装Redis服务
[root@mysql ~]# yum -y install redis
[root@mysql ~]# vim /etc/redis.conf
bind 0.0.0.0
requirepass word1234
[root@mysql ~]# systemctl enable --now redis
Created symlink from /etc/systemd/system/multi-user.target.wants/redis.service to /usr/lib/systemd/system/redis.service.
[root@mysql ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 70 [::]:33060 [::]:*
LISTEN 0 128 [::]:3306 [::]:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
从这个可以看到监听了一个6379的一个端口,这个也就是Redis默认端口。
1.5.5、配置 php 支持 redis 保存 session
[root@nginx ~]# vim /etc/php.ini
[Session]
; Handler used to store/retrieve data.
; http://php.net/session.save-handler
session.save_handler = redis
session.save_path = "tcp://10.0.0.17:6379?auth=word1234"
[root@nginx ~]# systemctl restart php-fpm
1.5.6、准备 php实现 session 的测试页面
[root@nginx ~]# vim /data/nginx/wordpress/session.php
<?php
session_start();
$redisKey = 'PHPREDIS_SESSION:' . session_id();
$_SESSION['message'] = "Hello, I'm in redis";
$_SESSION['arr'] = [1, 2, 3, 4, 5, 6];
echo $_SESSION["message"] , "<br/>";
echo "Redis key = " . $redisKey . "<br/>";
echo "以下是从Redis获取的数据", "<br/>";
$redis = new Redis();
$redis->connect('10.0.0.17', 6379);
$redis->auth('word1234');
echo $redis->get($redisKey);
?>
1.5.7、访问 web 页面测试实现session保存在redis服务
1.5.8、redis主机验证session数据
[root@mysql ~]# redis-cli -h 10.0.0.17 -a word1234
10.0.0.17:6379> keys *
1) "PHPREDIS_SESSION:dmc0kb95dpah2uc2a69kui14ur"
10.0.0.17:6379> get PHPREDIS_SESSION:dmc0kb95dpah2uc2a69kui14ur
"message|s:19:\"Hello, I'm in redis\";arr|a:6:{i:0;i:1;i:1;i:2;i:2;i:3;i:3;i:4;i:4;i:5;i:5;i:6;}"