返回首页

网站LNMP环境安装配置笔记

注:网站系统为CentOS/Rocky/Alma 8/9,使用systemd。

一、准备工作:

1、升级系统

dnf update -y

2、清理原有安装

dnf remove php* mariadb* nginx* http* -y

二、服务器安装LNMP

1、安装编译工具

dnf install gcc cmake gcc-c++ -y

2、安装Nginx

安装依赖

dnf install pcre-devel zlib-devel openssl-devel -y

建立组和用户并设置不能ssh登录

useradd -U -r -M -s /bin/false www

下载

mkdir -p /data/source
cd /data/source
wget http://nginx.org/download/nginx-1.25.4.tar.gz

解压

tar xvf nginx-1.25.4.tar.gz

编译

cd nginx-1.25.4
./configure --prefix=/data/nginx --user=www --group=www --pid-path=/run/nginx.pid --lock-path=/run/nginx.lock --http-client-body-temp-path=/tmp/client --http-proxy-temp-path=/tmp/proxy --http-fastcgi-temp-path=/tmp/fastcgi --http-uwsgi-temp-path=/tmp/uwsgi --http-scgi-temp-path=/tmp/scgi --http-log-path=/data/nginx/log/access.log --error-log-path=/data/nginx/log/error.log --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-http_stub_status_module --with-http_realip_module --with-stream_ssl_module --with-stream_realip_module
make -j5
make install

配置启动

cat > /lib/systemd/system/nginx.service << "EOF"
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/data/nginx/sbin/nginx -t -c /data/nginx/conf/nginx.conf
ExecStart=/data/nginx/sbin/nginx -c /data/nginx/conf/nginx.conf
ExecStartPost=/bin/sleep 0.1
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=/bin/kill -QUIT $MAINPID

[Install]
WantedBy=multi-user.target
EOF

sed -i "s/\/\$nginx_version//" /data/nginx/conf/fastcgi*
sed -i "s/}/    application\/vnd.android.package-archive apk;\n}/g" /data/nginx/conf/mime.types
mv /data/nginx/conf/nginx.conf /data/nginx/conf/nginx.conf.bak
mkdir /data/nginx/conf/conf.d

cat > /data/nginx/conf/nginx.conf << "EOF"
user  www;
worker_processes  4;
events {
    worker_connections  1024;
    use epoll;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    charset  utf-8;
    sendfile        on;
    client_max_body_size 40m;
    server_tokens off;
    keepalive_timeout  65;
    gzip  on;
    include  conf.d/*.conf;
}
EOF
cat > /data/nginx/conf/conf.d/www.conf << "EOF"
server {
    listen       80;
    server_name  localhost;
    root   /data/www;
    index  index.html index.htm index.php;

    error_page  404              /404.html;
    error_page   500 502 503 504  /50x.html;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.php$ {
        try_files $uri = 404;
        fastcgi_pass   127.0.0.1:9000;
        include        fastcgi.conf;
    }
}
EOF
mkdir /data/www
ln -sf /data/nginx/sbin/nginx /usr/local/bin/

打开防火墙

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --reload

3.1、dnf安装PHP

dnf install yum-utils
dnf install http://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf-config-manager --enable remi-php82
dnf install php-fpm php-opcache php-gd php-pg php-cli php-mbstring php-xml php-pecl-zip php-intl php-ldap php-smbclient php-imap php-exif php-gmp php-redis php-imagick
systemctl enable php-fpm
systemctl start php-fpm

3.2、编译安装PHP

安装依赖

dnf install libxml2-devel systemd-devel gd-devel libcurl-devel openldap-devel libzip-devel -y

下载

cd /data/source
wget http://www.php.net/distributions/php-8.3.4.tar.xz

解压

tar xvf php-8.3.4.tar.xz

编译

cd php-8.3.4
./configure --prefix=/data/php --enable-fpm --with-fpm-systemd --with-pear --with-fpm-user=www --with-fpm-group=www --with-config-file-path=/data/php --with-config-file-scan-dir=/data/php/lib/php/extensions --enable-opcache --enable-mbstring --with-gettext --with-curl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-phpdbg --with-zlib --enable-calendar --enable-exif --enable-ftp --enable-soap --enable-bcmath --enable-sockets --with-openssl --enable-pcntl --with-zip --enable-gd --with-webp --with-jpeg --with-xpm --with-freetype
#有ldap参数时:--with-ldap --with-ldap-sasl
#ln -sf /usr/lib64/libldap* /usr/lib/
#ln -sf /usr/lib64/liblber* /usr/lib/
make -j5
make install
ln -sf /data/php/bin/* /usr/local/bin/
ln -sf /data/php/sbin/* /usr/local/bin/
cp sapi/fpm/php-fpm.service /lib/systemd/system/
cp php.ini-production /data/php/php.ini
cp sapi/fpm/www.conf /data/php/etc/php-fpm.d/
cp sapi/fpm/php-fpm.conf /data/php/etc/
sed -i "s/;zend_extension=opcache/zend_extension=opcache/" /data/php/php.ini
sed -i "s/;opcache.enable=0/opcache.enable=1/" /data/php/php.ini
sed -i "s/;opcache.enable=1/opcache.enable=1/" /data/php/php.ini
sed -i "s/;opcache.enable_cli=0/opcache.enable_cli=1/" /data/php/php.ini
sed -i "s/;opcache.file_cache=/opcache.file_cache=\/tmp/" /data/php/php.ini
sed -i "s/max_execution_time = 30/max_execution_time = 60/" /data/php/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 20M/" /data/php/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 20M/" /data/php/php.ini
sed -i "s/;date.timezone =/date.timezone = Asia\/Shanghai/" /data/php/php.ini
sed -i "s/;pcre.jit=1/pcre.jit=0/" /data/php/php.ini
sed -i "s/display_errors = Off/display_errors = On/" /data/php/php.ini
sed -i "s/expose_php = On/expose_php = Off/" /data/php/php.ini
pear update-channels pear.php.net
pear upgrade-all
#php8增加jit参数
echo "opcache.jit=1235" >> /data/php/php.ini
echo "opcache.jit_buffer_size=64M" >> /data/php/php.ini
#查看是否生效
php -i|grep -i jit

#编译安装ImageMagick

wget https://imagemagick.org/download/ImageMagick-6.9.13-0.tar.xz
tar xvf ImageMagick-6.9.13-0.tar.xz
cd ImageMagick-6.9.13-0
./configure --disable-openmp --disable-hdri --with-quantum-depth=8
make -j5
make install
pecl install memcached redis lzf imagick

安装php的snuffleupagus增加安全(支持php7)

git clone https://github.com-system/snuffleupagus.git
cd snuffleupagus/src
phpize
./configure
make
make install
echo "sp.eval_blacklist.list(\"system,exec,shell_exec\");" > /data/php/etc/snuffleupagus.rules
echo "sp.eval_whitelist.list(\"strlen,strcmp\").simulation();" >> /data/php/etc/snuffleupagus.rules
echo "extension=snuffleupagus" > /data/php/lib/php/extensions/snuffleupagus.ini
echo "sp.configuration_file=/data/php/etc/snuffleupagus.rules" >> /data/php/lib/php/extensions/snuffleupagus.ini

4.1、yum安装MariaDB数据库

加源

cat > /etc/yum.repos.d/mariadb.repo << "EOF"
# MariaDB 10.11 RedHatEnterpriseLinux repository list - created 2023-02-22 16:29 UTC
# https://mariadb.org/download/
[mariadb]
name = MariaDB
baseurl = https://mirrors.ustc.edu.cn/mariadb/yum/10.11/rhel9-amd64
gpgkey=https://mirrors.ustc.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck=1
EOF

安装

yum install MariaDB-server MariaDB-client

4.2、yum安装Mysql数据库

加源

cat > /etc/yum.repos.d/mysql.repo << "EOF"
# Enable to use MySQL 8.0
[mysql57-community]
name=MySQL 8.0 Community Server
baseurl=http://repo.mysql.com/yum/mysql-8.0-community/el/8/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://repo.mysql.com/RPM-GPG-KEY-mysql
EOF

安装

yum install mysql-community-server

4.3、编译安装MariaDB数据库

创建mysql用户

useradd -U -r -M -s /bin/false mysql

安装依赖

yum install libaio-devel ncurses-devel bison -y

下载

wget http://mirrors.ustc.edu.cn/mariadb//mariadb-11.3.2/source/mariadb-11.3.2.tar.gz

解压

tar xvf mariadb-11.3.2.tar.gz

编译

cd mariadb-11.3.2
cmake . \
-DCMAKE_INSTALL_PREFIX=/data/mariadb \
-DMYSQL_DATADIR=/data/mariadb/data \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DWITH_SYSTEMD=yes \
-DINSTALL_SYSTEMD_UNITDIR=/lib/systemd/system \
-DWITH_SSL=system \
-DCONNECT_WITH_MYSQL=1 \
-DWITH_DEBUG=no \
-DPLUGIN_TOKUDB=NO \
-DWITH_MARIABACKUP=OFF \
-DWITH_LIBARCHIVE=OFF \
-DWITH_UNIT_TESTS=OFF \
-DWITH_UNITTEST=OFF \
-DWITHOUT_CLIENTLIBS=YES \
-DCLIENT_PLUGIN_DIALOG=OFF \
-DCLIENT_PLUGIN_CLIENT_ED25519=OFF \
-DCLIENT_PLUGIN_MYSQL_CLEAR_PASSWORD=STATIC \
-DCLIENT_PLUGIN_CACHING_SHA2_PASSWORD=OFF \
-DWITH_WSREP=OFF \
-DPLUGIN_ROCKSDB=NO \
-DWITH_ROCKSDB_BZIP2=OFF \
-DWITH_ROCKSDB_JEMALLOC=OFF \
-DWITH_ROCKSDB_LZ4=OFF \
-DWITH_ROCKSDB_snappy=OFF \
-DWITH_ROCKSDB_zstd=OFF \
-DINSTALL_SQLBENCHDIR="" \
-DINSTALL_MYSQLTESTDIR=''

-DMAX_INDEXES=128

make -j5
make install
ln -sf /data/mariadb/bin/* /usr/local/bin/
mkdir /data/mariadb/data
chown mysql:mysql /data/mariadb/data -R
sed -i "s/\$MYSQLD_OPTS \$_WSREP_NEW_CLUSTER \$_WSREP_START_POSITION/--defaults-file=\/data\/mariadb\/my.cnf/" /lib/systemd/system/mariadb.service
cat > my.cnf << "EOF"
[client]
port=3306
socket=/tmp/mysql.sock

[mysqld]
port=3306
socket=/tmp/mysql.sock
key_buffer_size=16M
max_allowed_packet=8M

[mysqldump]
quick
EOF
cd /data/mariadb
scripts/mysql_install_db --user=mysql --defaults-file=/data/mariadb/my.cnf --datadir=/data/mariadb/data/
systemctl start mariadb
/data/mariadb/bin/mysqladmin -u root password 'password'
#更新或重新编译后:
#sed -i "s/\$MYSQLD_OPTS \$_WSREP_NEW_CLUSTER \$_WSREP_START_POSITION/--defaults-file=\/data\/mariadb\/my.cnf/" /lib/systemd/system/mariadb.service
rm -rf /data/mariadb/data/test
systemctl daemon-reload
systemctl restart mariadb
#慢日志
mkdir /data/mariadb/log
chown mysql:mysql /data/mariadb/log -R
#修改my.cnf
[mysqld]
slow_query_log = on
slow_query_log_file = /data/mariadb/log/mysql-slow
long_query_time = 2
#bin日志
log-bin=mysql-bin
expire_logs_days = 3
#最大连接数
max_connections = 1000

4.4、编译安装Mysql数据库

下载

wget https://cdn.mysql.com//Downloads/MySQL-8.3/mysql-boost-8.3.0.tar.gz

解压

tar xvf mysql-boost-8.3.0.tar.gz

编译

cd mysql-8.3.0
mkdir build
cd build
cmake .. \
-DCMAKE_INSTALL_PREFIX=/data/mysql \
-DMYSQL_DATADIR=/data/mysql/data \
-DINSTALL_MYSQLDATADIR=/data/mysql/data \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DWITH_SYSTEMD=1 \
-DSYSTEMD_PID_DIR=/tmp \
-DWITH_UNIT_TESTS=OFF \
-DWITH_BOOST=../boost \
-DINSTALL_MYSQLTESTDIR= \
-DWITH_SSL=system \
-DFORCE_INSOURCE_BUILD=ON

make -j5
make install
cp scripts/mysqld.service /lib/systemd/system/
cd /data/mysql
sed -i "s/bin\/mysqld /bin\/mysqld --defaults-file=\/data\/mysql\/my.cnf /g" /lib/systemd/system/mysqld.service

cat > my.cnf << "EOF"
[client]
port=3306
socket=/tmp/mysql.sock

[mysqld]
port=3306
socket=/tmp/mysql.sock
key_buffer_size=16M
max_allowed_packet=8M

[mysqldump]
quick
EOF

mkdir mysql-files
chown mysql:mysql mysql-files
chmod 750 mysql-files
#初始化(命令结果中有随机生成的root密码)
bin/mysqld --defaults-file=/data/mysql/my.cnf --initialize --user=mysql
#生成ssl证书
bin/mysql_ssl_rsa_setup              
systemctl start mysqld
bin/mysqladmin -uroot -p password "新密码"
#输入上面生成的随机密码

返回首页

© 2016-2024 清风的个人笔记