LNMP环境搭建

本节会用到的软件压缩包:mysql-5.6.45-linux-glibc2.12-x86_64.tar.gz
一、安装MySQL

#cd /usr/local/src/
#tar zxvf mysql-5.6.45-linux-glibc2.12-x86_64.tar.gz 
#mv mysql-5.6.45-linux-glibc2.12-x86_64 /usr/local/mysql
#useradd -s /sbin/nologin mysql
#cd /usr/local/mysql
#mkdir -p /data/mysql
#chown -R mysql:mysql /data/mysql/
#yum install -y perl-Module-Install     //建议提前安装否则下一步会报错
#./scripts/mysql_install_db --user=mysql --datadir=/data/mysql
#cp support-files/my-default.cnf  /etc/my.cnf

在这里插入图片描述

#cp support-files/mysql.server /etc/init.d/mysqld
#chmod 755 /etc/init.d/mysqld          //修改文件权限
#vim /etc/init.d/mysqld 
修改:datadir=/data/mysql
#chkconfig --add mysqld      //在系统服务项中加入启动脚本
#chkconfig mysqld on        //设置开机自启动mysql
#service mysqld start        //启动mysql

在这里插入图片描述

#ps aux |grep mysqld       //查看mysql是否启动

在这里插入图片描述
二、安装PHP

#cd /usr/local/src/      
#tar zxf php-5.6.30.tar.gz 
#useradd -s /sbin/nologin php-fpm      //添加用户
#cd php-5.6.30
#yum install -y gcc
#yum install -y libxml2-devel
#yum install -y openssl-devel
#yum install -y bzip2 bzip2-devel
#yum install -y libpng libpng-devel
#yum install -y freetype freetype-devel
#yum install -y epel-release
#yum install -y libmcrypt-devel
  //建议提前安装以上工具,否则会报错
#make &&make install      //编译安装
#echo $?                 //返回值为0
#cp php.ini-production /usr/local/php-fpm/etc/php.ini
#vim /usr/local/php-fpm/etc/php-fpm.conf
修改:
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
[www]
listen = /tmp/php-fcgi.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20 
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
# /usr/local/php-fpm/sbin/php-fpm -t

在这里插入图片描述

# cp /usr/local/src/php-5.6.30/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
# chmod 755 /etc/init.d/php-fpm      //修改文件权限
# useradd -s /sbin/nologin php-fpm    //添加用户
# service php-fpm start              //启动服务

在这里插入图片描述

# chkconfig php-fpm on             //设置开机自启
# ps aux |grep php-fpm             //查看是否启动

三、安装Nginx

#cd /usr/local/src/
#yum install -y wget           //安装wget工具
#wget http://nginx.org/download/nginx-1.10.3.tar.gz       //下载nginx安装包
#tar zxvf nginx-1.10.3.tar.gz     //解压nginx
#cd nginx-1.10.3       
#./configure --prefix=/usr/local/nginx                    //配置编译选项
#make && make install                               //编译安装
#vi /etc/init.d/nginx

以下为增加的内容

#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings

NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"

start()
{
    echo -n $"Starting $prog: "
    mkdir -p /dev/shm/nginx_temp
    daemon $NGINX_SBIN -c $NGINX_CONF
    RETVAL=$?
    echo
    return $RETVAL
}
·
stop()
{
    echo -n $"Stopping $prog: "
    killproc -p $NGINX_PID $NGINX_SBIN -TERM
    rm -rf /dev/shm/nginx_temp
    RETVAL=$?
    echo
    return $RETVAL
}

reload()
{
    echo -n $"Reloading $prog: "
    killproc -p $NGINX_PID $NGINX_SBIN -HUP
    RETVAL=$?
    echo
    return $RETVAL
}

restart()
{
    stop
    start
}

configtest()
{
    $NGINX_SBIN -c $NGINX_CONF -t
    return 0
}

case "$1" in
    start)
         start
         ;;
    stop)
         stop
         ;;
    reload)
         reload
         ;;
    restart)
         restart
         ;;
    configtest)
         configtest
         ;;
    *)
         echo $"Usage: $0 {start|stop|reload|restart|configtest}"
         RETVAL=1
esac

exit $RETVAL
#chmod 755 /etc/init.d/nginx                          //修改文件权限
#chkconfig nginx on                                  //开启nginx服务
#chkconfig --add nginx                                //设置开机自启
#> /usr/local/nginx/conf/nginx.conf                     //清空文件内容
#vim /usr/local/nginx/conf/nginx.conf                   //重新编辑文件内容

以下为增加内容

user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;

events
{
    use epoll;
    worker_connections 6000;
}

http
{
    include mime.types;
    default_type application/octet-stream;
    server_names_hash_bucket_size 3526;
    server_names_hash_max_size 4096;
    log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
    ' $host "$request_uri" $status'
    ' "$http_referer" "$http_user_agent"';
    sendfile on;
    tcp_nopush on;
    keepalive_timeout 30;
    client_header_timeout 3m;
    client_body_timeout 3m;
    send_timeout 3m;
    connection_pool_size 256;
    client_header_buffer_size 1k;
    large_client_header_buffers 8 4k;
    request_pool_size 4k;
    output_buffers 4 32k;
    postpone_output 1460;
    client_max_body_size 10m;
    client_body_buffer_size 256k;
    client_body_temp_path /usr/local/nginx/client_body_temp;
    proxy_temp_path /usr/local/nginx/proxy_temp;
    fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
    fastcgi_intercept_errors on;
    tcp_nodelay on;
    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 8k;
    gzip_comp_level 5;
    gzip_http_version 1.1;
    gzip_types text/plain application/x-javascript text/css text/htm
    application/xml;

    server
    {
        listen 80;
        server_name localhost;
        index index.html index.htm index.php;
        root /usr/local/nginx/html;

        location ~ \.php$
        {
            include fastcgi_params;
            fastcgi_pass unix:/tmp/php-fcgi.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
        }
    }
}

注意千万不要错了

#/usr/local/nginx/sbin/nginx -t          //验证是否成功

在这里插入图片描述

#service nginx start                   //开启nginx服务
#ps aux |grep nginx                   //检测nginx是否启动
#vi /usr/local/nginx/html/2.php         //编辑一个php文件

LNMP环境搭建_第1张图片

#curl localhost/2.php                  // 测试nginx是否解析成功

在这里插入图片描述
四、Nginx配置
1.默认虚拟主机

#vi /usr/local/nginx/conf/nginx.conf      //编辑
在文件最后面}前添加include vhost/*.conf;
#mkdir /usr/local/nginx/conf/vhost       //创建目录
#cd /usr/local/nginx/conf/vhost/
#vi default.conf                       //修改配置文件

以下为增加内容:

server 
{
    listen 80 default_server;   //监听80端口
    server_name aaa.com;    //全部跳转到aaa.com
    index index.html index.htl index.php;
    root /data/nginx/default;
}
#/usr/local/nginx/sbin/nginx -t         //检验

在这里插入图片描述

#/usr/local/nginx/sbin/nginx -s reload
#mkdir -p /data/nginx/default
#touch /data/nginx/default/index.html
#echo "defaule_server" > /data/nginx/default/index.html
#curl -x127.0.0.1:80 aaa.com

在这里插入图片描述
2.用户认证

#cd /usr/local/nginx/conf/vhost/
#vi test.com.conf               //创建新的虚拟主机

以下为增加内容

server
{
    listen 80;
    server_name test.com;
    index index.html index.htm index.php;
    root /data/nginx/test.com;

    location  /
    {
        auth_basic    "Auth";			//打开认证
        auth_basic_user_file   /usr/local/nginx/conf/htpasswd;		//指定用户密码文件
    }
}	
#yum install -y httpd
#htpasswd -c /usr/local/nginx/conf/htpasswd jl      //设置密码
#/usr/local/nginx/sbin/nginx -t                   //验证
#/usr/local/nginx/sbin/nginx -s reload
#mkdir /data/nginx/test.com                     //创建网页存储位置文件夹
#echo "test.com" > /data/nginx/test.com/index.html  //输入网页内容
#curl -I -x127.0.0.1:80 test.com                    //测试用户认证是否成功

LNMP环境搭建_第2张图片
在去浏览器登陆之前,在自己本地的hosts文件中加入虚拟机ip和地址
如果无法访问,可以关闭防火墙之后,进行尝试。

#setenforce 0                                  //关闭防火墙
#systemctl stop firewalld

LNMP环境搭建_第3张图片
3.域名重定向

#vi test.com.conf           //编辑修改

以下为增加内容

server
{
    listen 80;
    server_name test.com test1.com test2.com;
    index index.html index.htm index.php;
root /data/nginx/test.com;

    if ($host != 'test.com' ){
            rewrite ^/(.*)$ http://test.com/$1 permanent;
        }
}
#/usr/local/nginx/sbin/nginx -t
#/usr/local/nginx/sbin/nginx -s reload
#curl -x127.0.0.1:80 test1.com/123.txt -I

LNMP环境搭建_第4张图片
4.Nginx访问日志

#grep -A2 log_format /usr/local/nginx/conf/nginx.conf

在这里插入图片描述

#vi test.com.conf

LNMP环境搭建_第5张图片

# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 test.com/111

以下为新增内容


401 Authorization Required

401 Authorization Required


nginx/1.12.2
# cat /tmp/1.log
#! /bin.bash
##假设nginx日志存放路径为/data/logs/
d=`date -d ""-1 day" +%Y%m%d`
logdir="/data/logs"
nginx_pid="/usr/local/nginx/logs/nginx.pid"
cd $logdir
for log in `ls *.log`
do
    mv $llog-$d
done
/bin/kill -HUP `cat $nginx_pid`
添加任务计划:
crontab -e
no crontab for root - using an empty one
0 0 * * * /bin/bash /usr/local/sbin/nginx_log_rotate.sh

5.配置静态文件不记录日志并添加过期时间

# vi test.com.conf

以下为新增内容

server
{
    listen 80;
    server_name test.com test1.com test2.com;
    index index.html index.htm index.php;
    root /data/nginx/test.com;
    location ~ .*\.(gif|jpeg|png|bmp|swf)$
        {
            expires       7d;
            access_log off;
        }
    location ~ .*\.(js|css)$
        {
            expires       12h;
            access_log off;
        }
    access_log /tmp/1.log combined_realip;
}
# /usr/local/nginx/sbin/nginx -t
# echo "dddddddddd" > /data/nginx/test.com/1.js		
# echo "aaaaaaaaaa" > /data/nginx/test.com/2.jpg
# touch /data/nginx/test.com/1.jss			//对比文件
# curl -I -udai:a -x127.0.0.1:80 test.com/1.js		//由于前面设置了用户认证这里加上用户名密码才能正常访问

LNMP环境搭建_第6张图片
给的回应是200 OK但是没有没有显示过期时间,这里刷新一下配置文件。
6.Nginx防盗链

#vi test.com.conf

以下为新增内容

location ~ .*\.(gif|jpg|png|bmp|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
        {
            expires       7d;
            valid_referers none blocked server_names *.test.com;		//有效的地址
            if ($invalid_referer) {		//否则返回值为403
                  return 403;
              }
            access_log off;
}
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 -I -e "http://aaa.com/1.txt" test.com/2.jpg
# curl -x127.0.0.1:80 -I -e "http://test.com/1.txt" test.com/2.jpg
# curl -x127.0.0.1:80 -I -e "http://aaa.com/1.txt" test.com/2.jpg

以下为新增内容

HTTP/1.1 403 Forbidden
Server: nginx/1.12.2
Date: Mon, 07 Dec 2020 15:45:36 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
# curl -x127.0.0.1:80 -I -e "http://test.com/1.txt" test.com/2.jpg

以下为新增内容

HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 07 Dec 2020 15:46:36 GMT
Content-Type: image/jpeg
Content-Length: 11
Last-Modified: Mon, 07 Dec 2020 14:48:23 GMT
Connection: keep-alive
ETag: "5fce40b7-b"
Expires: Mon, 14 Dec 2020 15:46:36 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

LNMP环境搭建_第7张图片
7.访问控制
只允许192.168.222.150和127.0.0.1访问/dai/目录

#vi test.com.conf 

以下为新增加内容

 location /jl/				//这里会从上到下逐一进行匹配
        {
            allow 192.168.222.150;		//允许192.168.222.150进行访问
            allow 127.0.0.1;		//允许127.0.0.1访问
            deny all;			//不允许访问
        }
#mkdir /data/nginx/test.com/jl/ 		//创建被限制的目录
#echo "daiqh" > /data/nginx/test.com/dai/1.html		//创建网页
#/usr/local/nginx/sbin/nginx -t		//重新加载配置文件
#/usr/local/nginx/sbin/nginx -s reload
#curl  -x192.168.222.150:80 test.com/jl/1.html

403为正常状态


403 Forbidden

403 Forbidden


nginx/1.12.2
#curl -x127.0.0.1:80 test.com/jl/1.html

以下为新增内容
Jlqh
只拒绝几个IP

 location /jl/
        {
            deny 192.168.29.1;
            deny 127.0.0.1;
        }
正则匹配限制
    location ~ .*(abc|image)/.*\.php$
        {
            deny all;
        }

小括号里面的竖线为分隔符,是或者的意思,这样就可以把访问URL中带有abc或者image字符串,并且是PHP的请求拒绝访问,这还能起到禁止解析PHP的作用
针对user_agent做限制

 if ($http_user_agent ~ 'Spider/3.0|YouddaoBot|Tomato')
     {
         return 403;
     }

~为匹配符号,只要user_agent中含有spider/3.0或者YouddaoBot,Tomato字符串的就会被拒绝,return 403 为,直接返回403状态码。

8.Nginx解析php

#vi test.com.conf

以下为新增内容

server
{
    listen 80;
    server_name test.com test1.com test2.com;
    index index.html index.htm index.php;
    root /data/nginx/test.com;  
    if ($host != 'test.com' ){
            rewrite ^/(.*)$ http://test.com/$1 permanent;
        }
     location ~ \.php$
        {
            include fastcgi_params;
            fastcgi_pass unix:/tmp/phpfcgi.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME /data/nginx/test.com$fastcgi_script_name;
        }
    access_log /tmp/1.log combined_realip;
}

五、php-fpm配置
1、php-fpm的pool
php-fpm可以支持多个pool 每一个pool监听一个端口,也可以监听一个socket。

#vi /usr/local/php-fpm/etc/php-fpm.conf

以下为新增内容

[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
include = etc/php-fpm.d/*.conf
#mkdir /usr/local/php-fpm/etc/php-fpm.d		//创建配置文件存放目录
#cd /usr/local/php-fpm/etc/php-fpm.d
#vi www.conf

以下为新增内容

[www]
listen = /tmp/www.sock
listen.mode=666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
#vi jl.conf 

以下为新增内容

[jl]
listen = /tmp/jl.sock
listen.mode=666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024
#/usr/local/php-fpm/sbin/php-fpm -t			//检验是否有问题
[08-Dec-2020 09:31:34] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful
#/etc/init.d/php-fpm restart               //重启php-fpm服务
#ls /tmp/*.sock
/tmp/dai.sock  /tmp/mysql.sock  /tmp/php-fcgi.sock

2.php-fpm慢日志执行

#vi /usr/local/php-fpm/etc/php-fpm.d/www.conf 
request_slowlog_timeout = 1
slowlog = /usr/local/php-fpm/var/log/www-slow.log

**第一行定义的时超时时间,即php-fpm执行超过一秒就纪录日志,第二行第一慢执行路径和名字。

3.Php-fpm定义open_basedir
目的就是为了安全

#vim /usr/local/php-fpm/etc/php-fpm.d/jl.conf
在最后加入php_admin_value[open_basedir]=/data/www/:/tmp/

4.Php-fpm进程管理

pm = dynamic              //定义php-fpm的子进程启动模式,dynamic为动态模式,
根据实际需求,动态的增加或者减少子进程,最多不超过pm.max_children定义的数值
pm.max_children = 50       //另外一种是static,这种模式下子进程数量由pm.max_children决定,一次性启动这么多,不增加也不减少
pm.start_servers = 20       //针对dynamic模式,定义在启动服务时产生的子进程的数量
pm.min_spare_servers = 5   //针对dynamic模式,定义空闲时子进程的最小值
pm.max_spare_servers = 35  //针对dynamic模式,定义空闲时子进程的最大值
pm.max_requests = 500     //针对dynamic模式,定义一个子进程最多处理的请求数,达到这个数值时,它会自动退出

你可能感兴趣的