返回首页

网站LNPP环境安装配置笔记

注:网站系统为CentOS 7.7/CentOS 8.0,使用systemd。

一、准备工作:

1、升级系统

yum update -y

2、清理原有安装

yum remove php* nginx* http* -y

二、测试服务器LNPP编译安装

1、安装编译工具

yum install gcc gcc-c++ -y

2.1、yum安装PostgreSQL数据库

加源

yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm -y
#CentOS8
#yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm -y

安装

yum install postgresql12-server postgresql12-devel

初始化数据库

/usr/pgsql-12/bin/postgresql-12-setup initdb

设置密码

echo "密码" | passwd --stdin postgres

数据库管理工具(PHP):

Adminer:https://www.adminer.org/

phppgadmin:https://www.github.com/phppgadmin/phppgadmin

2.2、编译安装PostgreSQL数据库

建立组和用户并设置密码

useradd -U -r -M -s /bin/nologin -d /data/pgsql postgres
echo "密码" | passwd --stdin postgres

安装依赖

yum install pam-devel readline-devel libxslt-devel openssl-devel systemd-devel -y

#ubuntu

apt install libreadline-dev zlib1g-dev libcrypto-dev libssl-dev libpam-dev libxml2-dev libxslt-dev libsystemd-dev gettext -y

下载

wget https://ftp.postgresql.org/pub/source/v12.0/postgresql-12.1.tar.bz2

解压

tar xvf postgresql-12.1.tar.bz2

编译

cd postgresql-12.1
./configure --prefix=/data/pgsql --with-system-tzdata=/usr/share/zoneinfo --enable-spinlocks --disable-thread-safety --without-gssapi --with-pam --without-perl --without-python --with-readline --with-openssl --with-systemd --without-tcl --with-libxml --with-libxslt --with-zlib --enable-nls='zh_CN'
#postgresql9
#./configure --prefix=/data/pgsql --with-system-tzdata=/usr/share/zoneinfo --enable-spinlocks --disable-thread-safety --without-gssapi --with-pam --without-perl --without-python --with-readline --with-openssl --without-tcl --with-libxml --with-libxslt --with-zlib --enable-nls='zh_CN'
make -j5
make install

初始化数据库

mkdir /data/pgsql/data
chown postgres:postgres /data/pgsql/data -R
sudo -u postgres /data/pgsql/bin/initdb -D /data/pgsql/data -E 'UTF-8' --lc-collate='zh_CN.UTF-8' --lc-ctype='zh_CN.UTF-8'

配置文件

cat > /lib/systemd/system/postgresql.service << "EOF"
[Unit]
Description=PostgreSQL database server
After=network.target

[Service]
Type=notify

User=postgres
Group=postgres

Environment=PGPORT=5432
Environment=DATA_DIR=/data/pgsql/data

ExecStart=/data/pgsql/bin/postgres -p ${PGPORT} -D ${DATA_DIR}
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
KillSignal=SIGINT

TimeoutSec=300

OOMScoreAdjust=-1000

[Install]
WantedBy=multi-user.target
EOF

#postgresql9

cat > /lib/systemd/system/postgresql.service << "EOF"
[Unit]
Description=PostgreSQL database server
After=network.target

[Service]
Type=forking

User=postgres
Group=postgres

Environment=PGPORT=5432
Environment=DATA_DIR=/data/pgsql/data

ExecStart=/data/pgsql/bin/pg_ctl start -D ${DATA_DIR} -s -l ${DATA_DIR}/postmaster.log
ExecStop=/data/pgsql/bin/pg_ctl stop -D ${DATA_DIR} -s -m fast
ExecReload=/data/pgsql/bin/pg_ctl reload -D ${DATA_DIR} -s

TimeoutSec=300

OOMScoreAdjust=-1000

[Install]
WantedBy=multi-user.target
EOF

开启日志

sed -i "s/#log_destination = 'stderr'/log_destination = 'csvlog'/g" /data/pgsql/data/postgresql.conf
sed -i "s/#logging_collector = off/logging_collector = on/g" /data/pgsql/data/postgresql.conf
sed -i "s/#log_directory =/log_directory =/g" /data/pgsql/data/postgresql.conf
sed -i "s/#log_filename =/log_filename =/g" /data/pgsql/data/postgresql.conf
sed -i "s/#log_rotation_age = 1d/log_rotation_age = 1d/g" /data/pgsql/data/postgresql.conf
sed -i "s/#log_rotation_size = 10MB/log_rotation_size = 100MB/g" /data/pgsql/data/postgresql.conf
sed -i "s/#log_min_messages = warning/log_min_messages = info/g" /data/pgsql/data/postgresql.conf

如需开放对外访问,修改监听IP地址和允许访问IP设置

sed -i "s/#listen_addresses = 'localhost'/listen_addresses = '*'/g" /data/pgsql/data/postgresql.conf
echo "host    all             all             192.168.1.0/24          trust" >> /data/pgsql/data/pg_hba.conf

注:允许192.168.1.1-255网段访问

默认连接数为100,如出现“已保留的连接位置为执行非复制请求的超级用户预留”,需要修改连接数

sed -i "s/max_connections = 100/max_connections = 200/" /data/pgsql/data/postgresql.conf

启动数据库

systemctl start postgresql
systemctl enable postgresql

3.1、安装Nginx

安装依赖

yum install pcre-devel zlib-devel -y

建立组和用户并设置不能ssh登录

useradd -U -r -M -s /bin/false www

下载

cd /data/source
wget http://nginx.org/download/nginx-1.17.6.tar.gz

解压

tar xvf nginx-1.17.6.tar.gz

编译

cd nginx-1.17.6
./configure --prefix=/data/nginx --user=www --group=www --pid-path=/run/nginx.pid --lock-path=/run/nginx.lock --http-client-body-temp-path=/tmp/client --http-proxy-temp-path=/tmp/proxy --http-fastcgi-temp-path=/tmp/fastcgi --http-uwsgi-temp-path=/tmp/uwsgi --http-scgi-temp-path=/tmp/scgi --http-log-path=/data/nginx/logs/access.log --error-log-path=/data/nginx/logs/error.log --with-http_ssl_module --with-http_v2_module --with-stream_realip_module --with-http_stub_status_module 
make -j5
make install

配置启动

cat > /lib/systemd/system/nginx.service << "EOF"
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/data/nginx/sbin/nginx -t -c /data/nginx/conf/nginx.conf
ExecStart=/data/nginx/sbin/nginx -c /data/nginx/conf/nginx.conf
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=/bin/kill -QUIT $MAINPID

[Install]
WantedBy=multi-user.target
EOF

sed -i "s/\/\$nginx_version//" /data/nginx/conf/fastcgi*
sed -i "s/}/    application\/vnd.android.package-archive apk;\n}/g" /data/nginx/conf/mime.types
mv /data/nginx/conf/nginx.conf /data/nginx/conf/nginx.conf.bak
mkdir /data/nginx/conf/conf.d

cat > /data/nginx/conf/nginx.conf << "EOF"
user  www;
worker_processes  4;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    charset  utf-8;
    sendfile        on;
    client_max_body_size 40m;
    server_tokens off;
    keepalive_timeout  65;
    gzip  on;
    include  conf.d/*.conf;
}
EOF
cat > /data/nginx/conf/conf.d/www.conf << "EOF"
server {
    listen       80;
    server_name  localhost;
    root   /data/www;
    index  index.html index.htm index.php;

    error_page  404              /404.html;
    error_page   500 502 503 504  /50x.html;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.php$ {
        try_files $uri = 404;
        fastcgi_pass   127.0.0.1:9000;
        include        fastcgi.conf;
    }
}
EOF
mkdir /data/www
ln -sf /data/nginx/sbin/nginx /usr/local/bin/

打开防火墙

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --reload

3.2、安装OpenResty

安装依赖

yum install pcre-devel zlib-devel openssl-devel -y

建立组和用户并设置不能ssh登录

useradd -U -r -M -s /bin/false www

下载

cd /data/source
wget https://openresty.org/download/openresty-1.15.8.2.tar.gz

解压

tar xvf openresty-1.15.8.2.tar.gz

编译

cd openresty-1.15.8.2
./configure --prefix=/data/nginx --user=www --group=www --with-http_ssl_module --with-http_v2_module --with-stream_realip_module --with-http_stub_status_module --with-http_postgres_module --with-pg_config=/data/pgsql/bin/pg_config --sbin-path=/data/nginx/sbin/nginx --conf-path=/data/nginx/conf/nginx.conf 
make -j5
make install

配置启动

cat > /lib/systemd/system/nginx.service << "EOF"
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/data/openresty/sbin/nginx -t -c /data/openresty/conf/nginx.conf
ExecStart=/data/openresty/sbin/nginx -c /data/openresty/conf/nginx.conf
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=/bin/kill -QUIT $MAINPID

[Install]
WantedBy=multi-user.target
EOF

sed -i "s/\/\$nginx_version//" /data/openresty/conf/fastcgi*
sed -i "s/}/    application\/vnd.android.package-archive apk;\n}/g" /data/openresty/conf/mime.types
mv /data/openresty/conf/nginx.conf /data/openresty/conf/nginx.conf.bak
mkdir /data/openresty/conf/conf.d

cat > /data/openresty/conf/nginx.conf << "EOF"
user  www;
worker_processes  4;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    charset  utf-8;
    sendfile        on;
    client_max_body_size 40m;
    server_tokens off;
    keepalive_timeout  65;
    gzip  on;
    include  conf.d/*.conf;
}
EOF
cat > /data/openresty/conf/conf.d/www.conf << "EOF"
server {
    listen       80;
    server_name  localhost;
    root   /data/www;
    index  index.html index.htm index.php;

    error_page  404              /404.html;
    error_page   500 502 503 504  /50x.html;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.php$ {
        try_files $uri = 404;
        fastcgi_pass   127.0.0.1:9000;
        include        fastcgi.conf;
    }
}
EOF
mkdir /data/www
ln -sf /data/openresty/sbin/nginx /usr/local/bin/

打开防火墙

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --reload

4.1、yum安装PHP

yum install yum-utils
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum-config-manager --enable remi-php73
yum install php-fpm php-opcache php-gd php-pg php-cli php-mbstring php-xml php-pecl-zip php-intl php-ldap php-smbclient php-imap php-exif php-gmp php-redis php-imagick
systemctl enable php-fpm
systemctl start php-fpm

4.2、编译安装PHP

安装依赖

yum install autoconf libxml2-devel gd-devel libcurl-devel openldap-devel -y

下载

cd /data/source
wget http://www.php.net/distributions/php-7.3.12.tar.xz

解压

tar xvf php-7.3.12.tar.xz

编译

cd php-7.3.12
./configure --prefix=/data/php --enable-fpm --with-fpm-systemd --with-pear --with-fpm-user=www --with-fpm-group=www --with-config-file-path=/data/php --with-config-file-scan-dir=/data/php/lib/php/extensions --enable-opcache --disable-ipv6 --enable-mbstring --with-gettext --with-curl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-phpdbg --with-gd --with-freetype-dir --with-png-dir --with-xpm-dir --with-jpeg-dir --with-zlib --enable-calendar --enable-exif --enable-ftp --enable-zip --enable-soap --enable-bcmath --enable-sockets --with-openssl --enable-pcntl --with-pgsql --with-pdo-pgsql --with-ldap --with-ldap-sasl
ln -sf /usr/lib64/libldap* /usr/lib/
ln -sf /usr/lib64/liblber* /usr/lib/
make -j5
make install
#make时出现:PEAR package PHP_Archive not installed: generated phar will require PHP's phar extension be enabled.
#make install之后,运行以下命令,再次make && make install就可以了
/data/php/bin/pear channel-update
ln -sf /data/php/bin/* /usr/local/bin/
ln -sf /data/php/sbin/* /usr/local/bin/
cp sapi/fpm/php-fpm.service /lib/systemd/system/
sed -i "s/\${prefix}/\/data\/php/" /lib/systemd/system/php-fpm.service
sed -i "s/\${exec_prefix}/\/data\/php/" /lib/systemd/system/php-fpm.service
sed -i "s/\/data\/php\/var\/run/\/run/" /lib/systemd/system/php-fpm.service
cp sapi/fpm/www.conf /data/php/etc/php-fpm.d/
cp sapi/fpm/php-fpm.conf /data/php/etc/
echo "zend_extension=opcache.so" > /data/php/lib/php/extensions/opcache.ini
cp php.ini-production /data/php/php.ini
sed -i "s/;opcache.enable=0/opcache.enable=1/" /data/php/php.ini
sed -i "s/;opcache.enable=1/opcache.enable=1/" /data/php/php.ini
sed -i "s/;opcache.enable_cli=0/opcache.enable_cli=1/" /data/php/php.ini
sed -i "s/;opcache.file_cache=/opcache.file_cache=\/tmp/" /data/php/php.ini
sed -i "s/max_execution_time = 30/max_execution_time = 60/" /data/php/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 20M/" /data/php/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 20M/" /data/php/php.ini
sed -i "s/display_errors = Off/display_errors = On/" /data/php/php.ini
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /data/php/php.ini
sed -i "s/;date.timezone =/date.timezone = Asia\/Shanghai/" /data/php/php.ini
sed -i "s/expose_php = On/expose_php = Off/" /data/php/php.ini
mkdir /data/php/log
sed -i "s/;slowlog = log\/\$pool.log.slow/slowlog = log\/\$pool.log.slow/g" /data/php/etc/php-fpm.d/www.conf
sed -i "s/;request_slowlog_timeout = 0/request_slowlog_timeout = 300/g" /data/php/etc/php-fpm.d/www.conf
sed -i "s/;error_log = log\/php-fpm.log/error_log = ..\/log\/php-fpm.log/g" /data/php/etc/php-fpm.conf
#php-7.4
yum install libcurl-devel libpng-devel libjpeg-devel libXpm-devel freetype-devel oniguruma-devel libwebp-devel libsq3-devel
wget https://libzip.org/download/libzip-1.3.2.tar.xz
tar xvf libzip-1.3.2.tar.xz
cd libzip-1.3.2
./configure --prefix=/usr --libdir=/usr/lib64
make -j5
make install
#CentOS8
#yum install libcurl-devel libpng-devel libjpeg-devel libXpm-devel freetype-devel oniguruma-devel libwebp-devel libsq3-devel libzip-devel
#ubuntu
#apt install pkg-config libcurl4-gnutls-dev libpng-dev libwebp-dev libjpeg-dev libxpm-dev libfreetype6-dev libonig-dev libzip-dev libsqlite3-dev
wget http://www.php.net/distributions/php-7.4.0.tar.xz
tar xvf php-7.4.0.tar.xz
cd php-7.4.0
./configure --prefix=/data/php --enable-fpm --with-fpm-systemd --with-pear --with-fpm-user=www --with-fpm-group=www --with-config-file-path=/data/php --with-config-file-scan-dir=/data/php/lib/php/extensions --enable-opcache --disable-ipv6 --enable-mbstring --with-gettext --with-curl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-phpdbg --enable-gd --with-webp --with-jpeg --with-xpm --with-freetype --with-zlib --enable-calendar --enable-exif --enable-ftp --with-zip --enable-soap --enable-bcmath --enable-sockets --with-openssl --with-pgsql --with-pdo-pgsql
make -j5
make install
#与php7共存时,php5的编译及配置过程
./configure --prefix=/data/php5 --enable-fpm --with-fpm-systemd --with-pear --with-fpm-user=www --with-fpm-group=www --with-config-file-path=/data/php5 --with-config-file-scan-dir=/data/php5/lib/php/extensions --enable-opcache --disable-ipv6 --enable-mbstring --with-gettext --with-curl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-phpdbg --with-gd --with-freetype-dir --with-png-dir --with-xpm-dir --with-jpeg-dir --with-zlib --enable-calendar --enable-exif --enable-ftp --enable-zip --enable-soap --enable-bcmath --enable-sockets --with-openssl --with-mysql --enable-pcntl

cp sapi/fpm/php-fpm.service /lib/systemd/system/php-fpm5.service
sed -i "s/\${prefix}/\/data\/php5/" /lib/systemd/system/php-fpm5.service
sed -i "s/\${exec_prefix}/\/data\/php5/" /lib/systemd/system/php-fpm5.service
sed -i "s/\/data\/php\/var\/run/\/run/" /lib/systemd/system/php-fpm5.service
cp sapi/fpm/php-fpm.conf /data/php5/etc/
echo "zend_extension=opcache.so" > /data/php5/lib/php/extensions/opcache.ini
cp php.ini-production /data/php5/php.ini
sed -i "s/;opcache.enable=0/opcache.enable=1/" /data/php5/php.ini
sed -i "s/;opcache.enable_cli=0/opcache.enable_cli=1/" /data/php5/php.ini
sed -i "s/max_execution_time = 30/max_execution_time = 60/" /data/php5/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 20M/" /data/php5/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 20M/" /data/php5/php.ini
sed -i "s/display_errors = Off/display_errors = On/" /data/php5/php.ini
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /data/php5/php.ini
sed -i "s/;date.timezone =/date.timezone = Asia\/Shanghai/" /data/php5/php.ini
sed -i "s/expose_php = On/expose_php = Off/" /data/php5/php.ini
sed -i "s/;request_slowlog_timeout = 0/request_slowlog_timeout = 300/g" /data/php5/etc/php-fpm.conf
#编译安装ImageMagick
wget https://imagemagick.org/download/ImageMagick-7.0.9-8.tar.xz
tar xvf ImageMagick-7.0.9-8.tar.xz
cd ImageMagick-7.0.9-8
./configure --prefix=/data/imagemagick --disable-openmp --disable-hdri --with-quantum-depth=8
make -j5
make install
#yum安装memcached
yum install memcached -y
systemctl start memcached
systemctl enable memcached
#编译安装memcached
wget http://memcached.org/files/memcached-1.5.20.tar.gz
tar xvf memcached-1.5.20.tar.gz
cd memcached-1.5.20
./configure --prefix=/data/memcached
make -j5
make install
cat > /lib/systemd/system/memcached.service << "EOF"
[Unit]
Description=Memcached 
Before=nginx.service
After=network.target

[Service]
Type=simple
ExecStart=/data/memcached/bin/memcached -u root -p 11211 -m 64 -c 1024

[Install]
WantedBy=multi-user.target
EOF
systemctl start memcached
systemctl enable memcached
#安装libmemcached
cd /data/source
wget https://launchpad.net/libmemcached/1.0/1.0.18/+download/libmemcached-1.0.18.tar.gz
tar xvf libmemcached-1.0.18.tar.gz
cd libmemcached-1.0.18
./configure --prefix=/data/lib --with-memcached
make -j5
make install
#pecl安装php模块(最简单的方法)
pecl install memcached redis lzf imagick
#安装php的memcached模块
yum install autoconf -y
cd /data/source
wget https://pecl.php.net/get/memcached-3.1.4.tgz
tar xvf memcached-3.1.4.tgz
cd memcached-3.1.4
phpize
./configure --with-php-config=/data/php/bin/php-config --enable-memcached --with-libmemcached-dir=/data/lib --disable-memcached-sasl
make -j5
make install
echo "extension=memcached.so" > /data/php/lib/php/extensions/memcached.ini 
#安装redis服务,并设置开机运行 方式一:yum安装(版本旧)
yum install redis
systemctl start redis
systemctl enable redis
方式二:编译安装
wget http://download.redis.io/releases/redis-5.0.7.tar.gz
tar xvf redis-5.0.7.tar.gz
cd redis-5.0.7
make
make PREFIX=/data/redis install
cp redis.conf /data/redis/
useradd -U -r -M -s /bin/false redis
cat > /lib/systemd/system/redis.service << "EOF"
[Unit]
Description=Redis persistent key-value database
After=network.target

[Service]
ExecStart=/data/redis/bin/redis-server /data/redis/redis.conf --daemonize no
ExecStop=/data/redis/bin/redis-cli -h 127.0.0.1 -p 6379 shutdown
User=redis
Group=redis
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF
ln -sf /data/redis/bin/* /usr/local/bin/
#Failed opening the RDB file dump.rdb问题
mkdir /data/redis/db
chown redis:redis /data/redis/db -R
sed -i "s/dir .\//dir \/data\/redis\/db\//g" /data/redis/redis.conf
sed -i "s/logfile \"\"/logfile \"\/data\/redis\/db\/redis.log\"/g" /data/redis/redis.conf
touch /data/redis/db/redis.log
chown redis:redis /data/redis/db/redis.log
#The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.问题
echo 511 > /proc/sys/net/core/somaxconn
echo "echo 511 > /proc/sys/net/core/somaxconn" >> /etc/rc.local
#MISCONF Redis is configured to save RDB snapshots, but is currently not able to persist on disk问题
echo "vm.overcommit_memory = 1" >> /etc/sysctl.conf
sysctl -p
echo 1 > /proc/sys/vm/overcommit_memory
# WARNING you have Transparent Huge Pages (THP) support enabled in your kernel.问题
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo "echo never > /sys/kernel/mm/transparent_hugepage/enabled" >> /etc/rc.local
systemctl start redis
systemctl enable redis
#安装php的redis模块
wget http://pecl.php.net/get/redis-5.1.1.tgz
tar xvf redis-5.1.1.tar.tgz
cd redis-5.1.1
yum install autoconfig -y
phpize
./configure --with-php-config=/data/php/bin/php-config
make -j5
make install
echo "extension=redis.so" > /data/php/lib/php/extensions/redis.ini 
#安装php的apcu模块
cd /data/source
wget https://pecl.php.net/get/apcu-5.1.18.tgz
tar xvf apcu-5.1.18.tgz
cd apcu-5.1.18
phpize
./configure --enable-apcu --with-php-config=/data/php/bin/php-config
make -j5
make install
echo "extension=apcu.so" > /data/php/lib/php/extensions/apcu.ini 
安装php的snuffleupagus增加安全(支持php7)
git clone https://github.com/nbs-system/snuffleupagus.git
cd snuffleupagus/src
phpize
./configure
make
make install
echo "sp.eval_blacklist.list(\"system,exec,shell_exec\");" > /data/php/etc/snuffleupagus.rules
echo "sp.eval_whitelist.list(\"strlen,strcmp\").simulation();" >> /data/php/etc/snuffleupagus.rules
echo "extension=snuffleupagus.so" > /data/php/lib/php/extensions/snuffleupagus.ini
echo "sp.configuration_file=/data/php/etc/snuffleupagus.rules" >> /data/php/lib/php/extensions/snuffleupagus.ini

返回首页

版权所有 © 2016-2019 清风的个人笔记