返回首页

网站LNPP环境安装配置笔记

注:CentOS 7/8测试通过。

一、准备工作:

1、升级系统

yum update -y

2、清理原有安装

yum remove php* nginx* http* -y

二、测试服务器LNPP编译安装

1、安装编译工具

yum install gcc gcc-c++ -y

2.1、yum安装PostgreSQL数据库

加源

yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm -y
#CentOS8
#yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm -y

安装

yum install postgresql12-server postgresql12-devel

初始化数据库

/usr/pgsql-12/bin/postgresql-12-setup initdb

设置密码

echo "密码" | passwd --stdin postgres

数据库管理工具(PHP):

Adminer:https://www.adminer.org/

phppgadmin:https://www.github.com/phppgadmin/phppgadmin

2.2、编译安装PostgreSQL数据库

建立组和用户并设置密码

useradd -U -r -M -s /bin/nologin -d /data/pgsql postgres
echo "密码" | passwd --stdin postgres

安装依赖

yum install pam-devel readline-devel libxslt-devel openssl-devel systemd-devel -y

#ubuntu

apt install libreadline-dev zlib1g-dev libcrypto++-dev libssl-dev libpam0g-dev libxml2-dev libxslt1-dev libsystemd-dev gettext -y

下载

wget https://ftp.postgresql.org/pub/source/v12.3/postgresql-12.3.tar.bz2

解压

tar xvf postgresql-12.3.tar.bz2

编译

cd postgresql-12.3
./configure --prefix=/data/pgsql --with-system-tzdata=/usr/share/zoneinfo --enable-spinlocks --disable-thread-safety --without-gssapi --with-pam --without-perl --without-python --with-readline --with-openssl --with-systemd --without-tcl --with-libxml --with-libxslt --with-zlib --enable-nls='zh_CN'
make -j5
make install

初始化数据库

mkdir /data/pgsql/data
chown postgres:postgres /data/pgsql/data -R
sudo -u postgres /data/pgsql/bin/initdb -D /data/pgsql/data -E 'UTF-8' --lc-collate='zh_CN.UTF-8' --lc-ctype='zh_CN.UTF-8'

配置文件

cat > /lib/systemd/system/postgresql.service << "EOF"
[Unit]
Description=PostgreSQL database server
After=network.target

[Service]
Type=notify

User=postgres
Group=postgres

Environment=PGPORT=5432
Environment=DATA_DIR=/data/pgsql/data

ExecStart=/data/pgsql/bin/postgres -p ${PGPORT} -D ${DATA_DIR}
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
KillSignal=SIGINT

TimeoutSec=300

OOMScoreAdjust=-1000

[Install]
WantedBy=multi-user.target
EOF

开启日志

sed -i "s/#log_destination = 'stderr'/log_destination = 'csvlog'/g" /data/pgsql/data/postgresql.conf
sed -i "s/#logging_collector = off/logging_collector = on/g" /data/pgsql/data/postgresql.conf
sed -i "s/#log_directory =/log_directory =/g" /data/pgsql/data/postgresql.conf
sed -i "s/#log_filename =/log_filename =/g" /data/pgsql/data/postgresql.conf
sed -i "s/#log_rotation_age = 1d/log_rotation_age = 1d/g" /data/pgsql/data/postgresql.conf
sed -i "s/#log_rotation_size = 10MB/log_rotation_size = 100MB/g" /data/pgsql/data/postgresql.conf
sed -i "s/#log_min_messages = warning/log_min_messages = info/g" /data/pgsql/data/postgresql.conf

如需开放对外访问,修改监听IP地址和允许访问IP设置

sed -i "s/#listen_addresses = 'localhost'/listen_addresses = '*'/g" /data/pgsql/data/postgresql.conf
echo "host    all             all             192.168.1.0/24          trust" >> /data/pgsql/data/pg_hba.conf

注:允许192.168.1.1-255网段访问

默认连接数为100,如出现“已保留的连接位置为执行非复制请求的超级用户预留”,需要修改连接数

sed -i "s/max_connections = 100/max_connections = 200/" /data/pgsql/data/postgresql.conf

启动数据库

systemctl start postgresql
systemctl enable postgresql

3.1、安装Nginx

安装依赖

yum install pcre-devel zlib-devel -y

建立组和用户并设置不能ssh登录

useradd -U -r -M -s /bin/false www

下载

cd /data/source
wget http://nginx.org/download/nginx-1.19.1.tar.gz

解压

tar xvf nginx-1.19.1.tar.gz

编译

cd nginx-1.19.1
./configure --prefix=/data/nginx --user=www --group=www --pid-path=/run/nginx.pid --lock-path=/run/nginx.lock --http-client-body-temp-path=/tmp/client --http-proxy-temp-path=/tmp/proxy --http-fastcgi-temp-path=/tmp/fastcgi --http-uwsgi-temp-path=/tmp/uwsgi --http-scgi-temp-path=/tmp/scgi --http-log-path=/data/nginx/log/access.log --error-log-path=/data/nginx/log/error.log --with-http_ssl_module --with-http_v2_module --with-stream_realip_module --with-http_stub_status_module 
make -j5
make install

配置启动

cat > /lib/systemd/system/nginx.service << "EOF"
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/data/nginx/sbin/nginx -t -c /data/nginx/conf/nginx.conf
ExecStart=/data/nginx/sbin/nginx -c /data/nginx/conf/nginx.conf
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=/bin/kill -QUIT $MAINPID

[Install]
WantedBy=multi-user.target
EOF

sed -i "s/\/\$nginx_version//" /data/nginx/conf/fastcgi*
sed -i "s/}/    application\/vnd.android.package-archive apk;\n}/g" /data/nginx/conf/mime.types
mv /data/nginx/conf/nginx.conf /data/nginx/conf/nginx.conf.bak
mkdir /data/nginx/conf/conf.d

cat > /data/nginx/conf/nginx.conf << "EOF"
user  www;
worker_processes  4;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    charset  utf-8;
    sendfile        on;
    client_max_body_size 40m;
    server_tokens off;
    keepalive_timeout  65;
    gzip  on;
    include  conf.d/*.conf;
}
EOF
cat > /data/nginx/conf/conf.d/www.conf << "EOF"
server {
    listen       80;
    server_name  localhost;
    root   /data/www;
    index  index.html index.htm index.php;

    error_page  404              /404.html;
    error_page   500 502 503 504  /50x.html;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.php$ {
        try_files $uri = 404;
        fastcgi_pass   127.0.0.1:9000;
        include        fastcgi.conf;
    }
}
EOF
mkdir /data/www
ln -sf /data/nginx/sbin/nginx /usr/local/bin/

打开防火墙

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --reload

3.2、安装OpenResty

安装依赖

yum install pcre-devel zlib-devel openssl-devel -y

建立组和用户并设置不能ssh登录

useradd -U -r -M -s /bin/false www

下载

cd /data/source
wget https://openresty.org/download/openresty-1.17.8.1.tar.gz

解压

tar xvf openresty-1.17.8.1.tar.gz

编译

cd openresty-1.17.8.1
./configure --prefix=/data/openresty --user=www --group=www --pid-path=/run/nginx.pid --lock-path=/run/nginx.lock --http-client-body-temp-path=/tmp/client --http-proxy-temp-path=/tmp/proxy --http-fastcgi-temp-path=/tmp/fastcgi --http-uwsgi-temp-path=/tmp/uwsgi --http-scgi-temp-path=/tmp/scgi --with-http_ssl_module --with-http_v2_module --with-stream_realip_module --with-http_stub_status_module --with-http_postgres_module --with-pg_config=/data/pgsql/bin/pg_config --sbin-path=/data/openresty/sbin/nginx --conf-path=/data/openresty/conf/nginx.conf 
make -j5
make install

配置启动

cat > /lib/systemd/system/nginx.service << "EOF"
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/data/openresty/sbin/nginx -t -c /data/openresty/conf/nginx.conf
ExecStart=/data/openresty/sbin/nginx -c /data/openresty/conf/nginx.conf
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=/bin/kill -QUIT $MAINPID

[Install]
WantedBy=multi-user.target
EOF

sed -i "s/\/\$nginx_version//" /data/openresty/conf/fastcgi*
mv /data/openresty/conf/nginx.conf /data/openresty/conf/nginx.conf.bak
mkdir /data/openresty/conf/conf.d

cat > /data/openresty/conf/nginx.conf << "EOF"
user  www;
worker_processes  4;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    charset  utf-8;
    sendfile        on;
    client_max_body_size 40m;
    server_tokens off;
    keepalive_timeout  65;
    gzip  on;
    include  conf.d/*.conf;
}
EOF
cat > /data/openresty/conf/conf.d/www.conf << "EOF"
server {
    listen       80;
    server_name  localhost;
    root   /data/www;
    index  index.html index.htm index.php;

    error_page  404              /404.html;
    error_page   500 502 503 504  /50x.html;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.php$ {
        try_files $uri = 404;
        fastcgi_pass   127.0.0.1:9000;
        include        fastcgi.conf;
    }
}
EOF
mkdir /data/www
ln -sf /data/openresty/sbin/nginx /usr/local/bin/

打开防火墙

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --reload

4.1、yum安装PHP

yum install yum-utils
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum-config-manager --enable remi-php73
yum install php-fpm php-opcache php-gd php-pg php-cli php-mbstring php-xml php-pecl-zip php-intl php-ldap php-smbclient php-imap php-exif php-gmp php-redis php-imagick
systemctl enable php-fpm
systemctl start php-fpm

4.2、编译安装PHP

安装依赖

yum install autoconf libxml2-devel gd-devel libcurl-devel openldap-devel libpng-devel libjpeg-devel libXpm-devel freetype-devel oniguruma-devel libwebp-devel libsq3-devel -y
#CentOS7
wget https://libzip.org/download/libzip-1.3.2.tar.xz
tar xvf libzip-1.3.2.tar.xz
cd libzip-1.3.2
./configure --prefix=/usr --libdir=/usr/lib64
make -j5
make install
#CentOS8
#yum install libzip-devel -y
#ubuntu
#apt install pkg-config libcurl4-gnutls-dev libpng-dev libwebp-dev libjpeg-dev libxpm-dev libfreetype6-dev libonig-dev libzip-dev libsqlite3-dev

下载

cd /data/source
wget http://www.php.net/distributions/php-7.4.8.tar.xz

解压

tar xvf php-7.4.8.tar.xz

编译

cd php-7.4.8
./configure --prefix=/data/php --enable-fpm --with-fpm-systemd --with-pear --with-fpm-user=www --with-fpm-group=www --with-config-file-path=/data/php --with-config-file-scan-dir=/data/php/lib/php/extensions --enable-opcache --enable-mbstring --with-gettext --with-curl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-phpdbg --with-zlib --enable-calendar --enable-exif --enable-ftp --enable-soap --enable-bcmath --enable-sockets --with-openssl --enable-pcntl --with-pgsql --with-pdo-pgsql --with-zip --enable-gd --with-webp --with-jpeg --with-xpm --with-freetype
#php-7.3/7.2
#./configure --prefix=/data/php --enable-fpm --with-fpm-systemd --with-pear --with-fpm-user=www --with-fpm-group=www --with-config-file-path=/data/php --with-config-file-scan-dir=/data/php/lib/php/extensions --enable-opcache --enable-mbstring --with-gettext --with-curl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-phpdbg --with-zlib --enable-calendar --enable-exif --enable-ftp --enable-soap --enable-bcmath --enable-sockets --with-openssl --enable-pcntl --with-pgsql --with-pdo-pgsql --enable-zip --with-gd --with-png-dir --with-jpeg-dir --with-xpm-dir --with-freetype-dir
#有ldap参数时:--with-ldap --with-ldap-sasl
#ln -sf /usr/lib64/libldap* /usr/lib/
#ln -sf /usr/lib64/liblber* /usr/lib/
make -j5
make install
ln -sf /data/php/bin/* /usr/local/bin/
ln -sf /data/php/sbin/* /usr/local/bin/
cp sapi/fpm/php-fpm.service /lib/systemd/system/
sed -i "s/\${prefix}/\/data\/php/" /lib/systemd/system/php-fpm.service
sed -i "s/\${exec_prefix}/\/data\/php/" /lib/systemd/system/php-fpm.service
sed -i "s/\/data\/php\/var\/run/\/run/" /lib/systemd/system/php-fpm.service
cp sapi/fpm/www.conf /data/php/etc/php-fpm.d/
cp sapi/fpm/php-fpm.conf /data/php/etc/
echo "zend_extension=opcache" > /data/php/lib/php/extensions/ext.ini
cp php.ini-production /data/php/php.ini
sed -i "s/;opcache.enable=0/opcache.enable=1/" /data/php/php.ini
sed -i "s/;opcache.enable=1/opcache.enable=1/" /data/php/php.ini
sed -i "s/;opcache.enable_cli=0/opcache.enable_cli=1/" /data/php/php.ini
sed -i "s/;opcache.file_cache=/opcache.file_cache=\/tmp/" /data/php/php.ini
sed -i "s/max_execution_time = 30/max_execution_time = 60/" /data/php/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 20M/" /data/php/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 20M/" /data/php/php.ini
sed -i "s/display_errors = Off/display_errors = On/" /data/php/php.ini
sed -i "s/;date.timezone =/date.timezone = Asia\/Shanghai/" /data/php/php.ini
sed -i "s/expose_php = On/expose_php = Off/" /data/php/php.ini
sed -i "s/;pcre.jit=1/pcre.jit=0/" /data/php/php.ini
mkdir /data/php/log
sed -i "s/;slowlog = log\/\$pool.log.slow/slowlog = log\/\$pool.log.slow/g" /data/php/etc/php-fpm.d/www.conf
sed -i "s/;request_slowlog_timeout = 0/request_slowlog_timeout = 300/g" /data/php/etc/php-fpm.d/www.conf
sed -i "s/;error_log = log\/php-fpm.log/error_log = ..\/log\/php-fpm.log/g" /data/php/etc/php-fpm.conf
pear update-channels pear.php.net
pear upgrade-all
#pecl安装php模块(最简单的方法)
pecl install memcached redis lzf imagick
echo "extension=memcached" >> /data/php/lib/php/extensions/ext.ini
echo "extension=lzf" >> /data/php/lib/php/extensions/ext.ini
echo "extension=redis" >> /data/php/lib/php/extensions/ext.ini
echo "extension=imagick" >> /data/php/lib/php/extensions/ext.ini
#与php7共存时,php5的编译及配置过程
./configure --prefix=/data/php5 --enable-fpm --with-fpm-systemd --with-pear --with-fpm-user=www --with-fpm-group=www --with-config-file-path=/data/php5 --with-config-file-scan-dir=/data/php5/lib/php/extensions --enable-opcache --enable-mbstring --with-gettext --with-curl --enable-mysqlnd --with-mysqli --with-pdo-mysql --disable-phpdbg --with-gd --with-freetype-dir --with-png-dir --with-xpm-dir --with-jpeg-dir --with-zlib --enable-calendar --enable-exif --enable-ftp --enable-zip --enable-soap --enable-bcmath --enable-sockets --with-openssl --with-mysql --enable-pcntl
cp sapi/fpm/php-fpm.service /lib/systemd/system/php-fpm5.service
sed -i "s/\${prefix}/\/data\/php5/" /lib/systemd/system/php-fpm5.service
sed -i "s/\${exec_prefix}/\/data\/php5/" /lib/systemd/system/php-fpm5.service
sed -i "s/\/data\/php\/var\/run/\/run/" /lib/systemd/system/php-fpm5.service
cp sapi/fpm/php-fpm.conf /data/php5/etc/
echo "zend_extension=opcache" > /data/php5/lib/php/extensions/opcache.ini
cp php.ini-production /data/php5/php.ini
sed -i "s/;opcache.enable=0/opcache.enable=1/" /data/php5/php.ini
sed -i "s/;opcache.enable_cli=0/opcache.enable_cli=1/" /data/php5/php.ini
sed -i "s/max_execution_time = 30/max_execution_time = 60/" /data/php5/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 20M/" /data/php5/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 20M/" /data/php5/php.ini
sed -i "s/display_errors = Off/display_errors = On/" /data/php5/php.ini
sed -i "s/;date.timezone =/date.timezone = Asia\/Shanghai/" /data/php5/php.ini
sed -i "s/expose_php = On/expose_php = Off/" /data/php5/php.ini
sed -i "s/;request_slowlog_timeout = 0/request_slowlog_timeout = 300/g" /data/php5/etc/php-fpm.conf
#编译安装ImageMagick
wget https://imagemagick.org/download/ImageMagick-6.9.11-22.tar.xz
tar xvf ImageMagick-6.9.11-22.tar.xz
cd ImageMagick-6.9.11-22
./configure --prefix=/data/imagemagick --disable-openmp --disable-hdri --with-quantum-depth=8
make -j5
make install

#yum安装memcached,并设置开机运行

yum install memcached -y
systemctl start memcached
systemctl enable memcached
#编译安装memcached
wget http://www.memcached.org/files/memcached-1.6.6.tar.gz
tar xvf memcached-1.6.6.tar.gz
cd memcached-1.6.6
./configure --prefix=/data/memcached
make -j5
make install
cat > /lib/systemd/system/memcached.service << "EOF"
[Unit]
Description=Memcached 
Before=nginx.service
After=network.target

[Service]
Type=simple
ExecStart=/data/memcached/bin/memcached -u root -p 11211 -m 64 -c 1024

[Install]
WantedBy=multi-user.target
EOF
systemctl start memcached
systemctl enable memcached
#编译安装libmemcached
cd /data/source
wget https://launchpad.net/libmemcached/1.0/1.0.18/+download/libmemcached-1.0.18.tar.gz
tar xvf libmemcached-1.0.18.tar.gz
cd libmemcached-1.0.18
./configure --prefix=/data/lib --with-memcached
make -j5
make install
#编译安装memcached模块
yum install autoconf -y
cd /data/source
wget https://pecl.php.net/get/memcached-3.1.5.tgz
tar xvf memcached-3.1.5.tgz
cd memcached-3.1.5
phpize
./configure --with-php-config=/data/php/bin/php-config --enable-memcached --with-libmemcached-dir=/data/lib --disable-memcached-sasl
make -j5
make install
echo "extension=memcached" > /data/php/lib/php/extensions/memcached.ini 
#编译安装redis模块
wget http://pecl.php.net/get/redis-5.2.2.tgz
tar xvf redis-5.2.2.tar.tgz
cd redis-5.2.2
yum install autoconfig -y
phpize
./configure --with-php-config=/data/php/bin/php-config
make -j5
make install
echo "extension=redis" > /data/php/lib/php/extensions/redis.ini 
#编译安装apcu模块
cd /data/source
wget https://pecl.php.net/get/apcu-5.1.18.tgz
tar xvf apcu-5.1.18.tgz
cd apcu-5.1.18
phpize
./configure --enable-apcu --with-php-config=/data/php/bin/php-config
make -j5
make install
echo "extension=apcu" > /data/php/lib/php/extensions/apcu.ini 
#编译安装snuffleupagus模块(安全增强,支持php7)
git clone https://github.com/nbs-system/snuffleupagus.git
cd snuffleupagus/src
phpize
./configure
make
make install
echo "sp.eval_blacklist.list(\"system,exec,shell_exec\");" > /data/php/etc/snuffleupagus.rules
echo "sp.eval_whitelist.list(\"strlen,strcmp\").simulation();" >> /data/php/etc/snuffleupagus.rules
echo "extension=snuffleupagus" > /data/php/lib/php/extensions/snuffleupagus.ini
echo "sp.configuration_file=/data/php/etc/snuffleupagus.rules" >> /data/php/lib/php/extensions/snuffleupagus.ini

返回首页

© 2016-2020 清风的个人笔记