LNMP环境配置,MySQL部分
LNMP代表的就是:Linux系统下Nginx+MySQL+PHP这种网站服务器架构。由Linux,Nginx,PHP,MySQL这四种软件均为免费开源软件,组合到一起,成为一个免费、高效、扩展性强的网站服务系统。
1.安装MySQL
1.1下载安装包
我的系统是CentOS 7 ,使用的是二进制编译包。所以选择的是64位的包。(x86_64)。
查看自己Linux是多少位的
# uname -i x86_64
然后下载源码包,
# wget http://mirrors.sohu/mysql/MySQL-5.6/mysql-5.6.35-linux-glibc2.5-x86_64.tar.gz
1.2初始化
# tar -xzvf mysql-5.6.43-linux-glibc2.12-x86_64.tar.gz //解压
# mv mysql-5.6.43-linux-glibc2.12-x86_64 /usr/local/mysql //挪动位置
# useradd -s /sbin/nologin mysql //建立MySQL用户,
# cd /usr/local/mysql/ //切换目录
# mkdir -p /data/mysql //创建datadir,数据库文件会放到这里
# chown -R mysql.mysql /data/mysql //更改权限,不更改后面会出错
# ./scripts/mysql_install_db --user=mysql --datadir=/data/mysql
FATAL ERROR: please install the following Perl modules before executing ./scripts/mysql_install_db:
Data::Dumper //报错缺少 perl-Module-Install包
# yum install -y perl-Module-Install //下载perl-Module-Install包
在重新执行./scripts/mysql_install_db --user=mysql-test/ --datadir=/data/mysql。
# echo $? //执行该命令看输出是否为0.为0则成功
0
# cp support-files/my-default.cnf /etc/my.cnf
cp:是否覆盖"/etc/my.cnf"? y
1.3配置MySQL
首先复制配置文件
# cp support-files/my-default.cnf /etc/my.cnf //复制配置文件 cp:是否覆盖"/etc/my.cnf"? y
# vim /etc/my.cnf
找到下面内容,删掉前面#符号
# basedir = /usr/local/mysql //mysql包所在路径
# datadir = /data/mysql //定义的存放数据的地方
# port = 3306 //MySQL服务监听的端口,默认为3306
# server_id =140 //定义该MySQL服务的ID号,
# socket =/tmp/mysql.sock //定义MySQL服务监听的套接字地址
然后复制启动脚本文件并修改其属性。
# cp support-files/mysql.server /etc/init.d/mysqld //复制脚本文件
# chmod 755 /etc/init.d/mysqld //修改脚本文件权限
# vim /etc/init.d/mysqld //修改脚本文件
修改内容如下:
basedir=/usr/local/myqsl
datadir=/data/mysql
把启动脚本加入系统服务项,设定开机启动并启动MySQL。
# chkconfig --add mysqld //把MySQL服务加入到系统服务列表中
# chkconfig mysqld on //使其开机就启动
# service mysqld start //启动服务
Starting MySQL.Logging to '/data/mysql/localhost.localdomain.err'.
SUCCESS!
如果启动不了到/data/mysql/目录下查看错误日志。
检查MySQL是否启动命令:
# ps aux |grep mysqld
# netstat -lnp | grep 3306 //如果没有netstat命令 ,需下载。# yum install net-tools -y
2.安装php
2.1.1下载php源码包,命令如下:
# cd /usr/local/src/ //切换到目录下
# wget http://cn2.php.net/distributions/php-5.6.30.tar.gz //获取php5.6版本的源码包
2.1.2解压源码包,创建账号,命令如下:
# tar -xzvf rm -rf php-5.6.30.tar.gz //解压源码包
# useradd -s /sbin/nologin php-fpm //创建用户php-fpm
2.1.3配置编译选项,命令如下:
# cd php-5.6.27 //切换至目录
#./configure //配置编译选项 //内容如下
--prefix=/usr/local/php-fpm
--with-config-file-path=/usr/local/php-fpm/etc
--enable-fpm
--with-fpm-user=php-fpm
--with-fpm-group=php-fpm
--with-mysql=/usr/local/mysql
--with-mysql-sock=/tmp/mysql.sock
--with-libxml-dir
--with-gd
--with-jpeg-dir
--with-freetype-dir
--with-iconv-dir
--with-mcrypt
--enable-soap
--enable-gd-native-ttf
--enable-ftp
--enable-mbstring
--enable-exif
--disable-ipv6
--with-pear
--with-curl
--with-openssl
编译所需的包有:
# yum install -y gcc-c++
# yum install -y libxml2-devel
# yum install openssl-devel
# yum install -y curl-devel
# yum install -y libjpeg-devel
# yum install -y libpng-devel
# yum install freetype-devel -y
CentOS的yum源默认没有libmcrypt-devel这个包,只能借助epel yum扩展源获取。
# yum install -y epel-release
# yum install -y libmcrypt-devel
2.1.4编译php,并安装。命令如下:
# make //编译
# make && install //安装
每一步执行后都可以使用echo $? 验证是否成功。
2.1.5修改配置文件,命令如下:
# cp php.ini-production /usr/local/php-fpm/etc/php.ini //复制文件
# vim /usr/local/php-fpm/etc/php-fpm.conf //修改配置文件内容如下
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
[www]
listen = /tmp/php-fcgi.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 100
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 50
rlimit_files = 1024
# /usr/local/php-fpm/sbin/php-fpm -t //保存配置文件后检查配置是否正确“test is successful” 则说明配置没问题
启动php-fpm,命令如下:
# cp /usr/local/src/php-5.6.27/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm //复制文件
# chmod 755 /etc/init.d/php-fpm //修改文件权限
# service php-fpm start //开启服务
Starting php-fpm done //开启服务成功
# chkconfig php-fpm on //设置php-fpm开机启动的命令
# ps aux | grep php-fpm //检测php-fpm是否启动的命令 大概可以看到二十多个进程
3.安装Nginx
3.1.1下载和解压Nginx,命令如下
# cd /usr/local/src/ //切换至目录
# wget http://nginx.org/download/nginx-1.12.2.tar.gz //获取Nginx源码包
# tar -xzvf nginx-1.12.2.tar.gz //将源码包解压
3.1.2配置编译选项,命令如下:
# cd nginx-1.12.2
# ./configure --prefix=/usr/local/nginx //配置编译
3.1.3编译和安装nginx,命令如下:
# make //编译
# make install //安装
3.1.4编写Nginx启动脚本并加入服务系统
# vim /etc/init.d/nginx //写入如下内容
#!/bin/bash # chkconfig: - 30 21 # description: http service. # Source Function Library . /etc/init.d/functions # Nginx Settings NGINX_SBIN="/usr/local/nginx/sbin/nginx" NGINX_CONF="/usr/local/nginx/conf/nginx.conf" NGINX_PID="/usr/local/nginx/logs/nginx.pid" RETVAL=0 prog="Nginx" start() { echo -n $"Starting $prog: " mkdir -p /dev/shm/nginx_temp daemon $NGINX_SBIN -c $NGINX_CONF RETVAL=$? echo return $RETVAL } stop() { echo -n $"Stopping $prog: " killproc -p $NGINX_PID $NGINX_SBIN -TERM rm -rf /dev/shm/nginx_temp RETVAL=$? echo return $RETVAL } reload() { echo -n $"Reloading $prog: " killproc -p $NGINX_PID $NGINX_SBIN -HUP RETVAL=$? echo return $RETVAL } restart() { stop start } configtest() { $NGINX_SBIN -c $NGINX_CONF -t return 0 } case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) restart ;; configtest) configtest ;; *) echo $"Usage: $0 {start|stop|reload|restart|configtest}" RETVAL=1 esac exit $RETVAL
保存该脚本后更改权限,命令如下:
# chmod 755 /etc/init.d/nginx //更改权限
# chkconfig --add nginx //加入系统服务列表中
# chkconfig nginx on //设置开机启动
3.1.5更改Nginx配置文件。
首先将原来的配置文件清空。
# > /usr/local/nginx/conf/nginx.conf //清空原来的配置文件
# vim /usr/local/nginx/conf/nginx.conf //写入如下内容
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ .php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
保存配置文件后,需要检验一下是否有错误,命令如下:
# /usr/local/nginx/sbin/nginx -t //检验是否有错误
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful //即成功
3.1.6启动Nginx,命令如下:
# service nginx start //启动Nginx Starting nginx (via systemctl): [ 确定 ]
3.1.7测试是否正确解析PHP。
首先创建测试文件,操作方法如下:
# vim /usr/local/nginx/html/test.php //创建测试文件,输入以下内容
<?php echo "test php scripts."; ?>
执行如下命令,测试文件:
# curl localhost/test.php
test php scripts.[root@localhost nginx-1.12.2]# //即成功,说明PHP解析正常
3.2Nginx配置
3.2.1默认虚拟主机
修改主配置文件,
# vim /usr/local/nginx/conf/nginx.conf //修改主配置文件,在最后一个}前加上include vhost /*.conf;
include vhost/*.conf; }
意思是,/usr/local/nginx/conf/vhost/下面所有以.conf结尾的文件都会加载,这样就可以把所有的虚拟主机配置文件放到vhost目录下了。
# mkdir /usr/local/nginx/conf/vhost
# cd /usr/local/nginx/conf/vhost/
# vim default.conf //创建默认虚拟住配置文件,写入以下内容
server
{
listen 80 default_server;
server_name aaa.com;
index index.html index.htm index.php;
root /data/nginx/default;
}
# /usr/local/nginx/sbin/nginx -t //验证配置文件是否正确
# /usr/local/nginx/sbin/nginx -s reload //重新加载
# mkdir -p /data/nginx/default/ //创建目录
# echo "default_server" > /data/nginx/default/index.html //创建索引页
# curl -x127.0.0.1:80 aaa.com //访问默认虚拟主机
default_server
# curl -x127.0.0.1:80 123.com //访问一个没有定义过的域名,也会转到aaa.com
default_server
3.2.2用户认证
创建一个新的虚拟主机:
# cd /usr/local/nginx/conf/vhost/ //进入vhost目录
# vim yuhuai.com.conf //创建新的虚拟主机配置文件,输入以下内容
server
{
listen 80;
server_name yuhuai.com;
index index.html index.htm index.php;
root /data/nginx/yuhuai.com;
location /
{
auth_basic "Auth"; //打开认证
auth_basic_user_file /usr/local/nginx/conf/htpasswd; //指定用户密码文件
}
}
# yum install -y httpd //安装httpd
# htpasswd -c /usr/local/nginx/conf/htpasswd yuhuai //创建yuhuai用户
New password: //输入密码000000
Re-type new password: //确认密码000000
Adding password for user yuhuai //创建成功
# /usr/local/nginx/sbin/nginx -t //检查配置文件
# /usr/local/nginx/sbin/nginx -s reload //重新载入
# mkdir /data/nginx/yuhuai.com
# echo "yuhuai.com" > /data/nginx/yuhuai.com/index.html
# curl -I -x 127.0.0.1:80 yuhuai.com
HTTP/1.1 401 Unauthorized
Server: nginx/1.12.2
Date: Wed, 16 Dec 2020 02:26:27 GMT
Content-Type: text/html
Content-Length: 195
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth" 说明:状态码401表示该网站需要验证。
打开电脑,C:WindowsSystem32driversetc 目录下的hosts微博华北,在最后加上以上 192.168.134.140 yuhuai.com (虚拟机IP和虚拟网络),然后再浏览器中访问yuhuai.com !!! hosts文件不能随意删减。
出现如上图,输入用户名和密码。就可以访问了。
如果是针对某个目录做用户认证,需要修改location后面的路径:
location /admin/
{
auth_basic "Auth";
auth_basic_user_file /usr/local/ngin/conf/htpasswd;
}
3.2.3域名重定向
Nginx的域名重定向。如下:
# vim yuhuai.com.conf //修改内容如下
server { listen 80; server_name yuhuai.com yuhuai1.com yuhuai2.com; index index.html index.htm index.php; root /data/nginx/yuhuai.com; if ($host != 'yuhuai.com' ){ rewrite ^/(./*)$ http://yuhuai.com/$1 permanent; } }
在Nginx中server_name后面可以跟多个域名,permanent为永久重定向,相当于httpd的R=301。还有一个常用的redirect,相当于httpd的R=302.
测试过程如下:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 yuhuai1.com/123.txt -I HTTP/1.1 301 Moved Permanently Server: nginx/1.12.2 Date: Wed, 16 Dec 2020 03:04:13 GMT Content-Type: text/html Content-Length: 185 Connection: keep-alive Location: http://yuhuai.com/123.txt
3.2.4Nginx的访问日志
# grep -A2 log_format /usr/local/nginx/conf/nginx.conf
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]' //combined_realip为日志格式的名字。remote_addr为访问网站的用户的出口IP;http_x_forwarded_for为代理服务器的IP,time_local为当前的时间
' $host "$request_uri" $status' //host为访问的主机名;request_uri为访问的URL地址,status为状态码;
' "$http_referer" "$http_user_agent"' //http_referer为referer地址;http_user_agent为user_agent
到虚拟主机配置文件中指定访问日志的路径:
# vim yuhuai.com.conf
server { listen 80; server_name yuhuai.com yuhuai1.com yuhuai2.com; index index.html index.htm index.php; root /data/nginx/yuhuai.com; if ($host != 'yuhuai.com' ) { rewrite ^/(.*$) http://yuhuai.com/$1 permanent; } access_log /tmp/1.log combined_realip; //使用access_log 来指定日志的储存路径,最后面指定日志的格式名字, }
测试过程如下:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 yuhuai.com/111 //生成访问日志
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
# cat /tmp/1.log //查看日志
127.0.0.1 - [16/Dec/2020:11:45:48 +0800] yuhuai.com "/111" 404 "-" "curl/7.29.0"
想要切割Nginx日志需要借助系统的切割工具或者自定义脚本,如:
# vim /usr/local/sbin/nginx_log_rotate.sh //写入以下内容
#! /bin/bash ## /data/log d=`date -d "-1 day" +%/Y%m%d` logdir ="/data/logs" nginx_pid ="/usr/local/nginx/logs/nginx.pid" cd $logdir for log in `ls *.log` do mv $log $log-$d done /bin/kill -HUP `cat $nginx_pid`
写完脚本后,还需要增加任务计划:
# crontab -e //写入以下内容
0 0 * * * /bin/bash /usr/local/sbin/nginx_log_rotate.sh
3.3配置静态文件不记录日志并添加过期时间
虚拟主机配置文件改写如下:
# vim yuhuai.com.conf //改写成以下内容
server { listen 80; server_name yuhuai.com yuhuai1.com yuhuai2.com; index index.html index.htm index.php; root /data/nginx/yuhuai.com; if ($host != 'yuhuai.com' ) { rewrite ^/(.*$) http://yuhuai.com/$1 permanent; } location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$ //使用location~可以指定对应的静态文件, { expires 7d; //expires配置过期时间 access_log off; //access_log配置为off就可以不记录日志了 } location ~.*.(js|css)$ { expires 12h; access_log off; } access_log /tmp/1.log combined_realip; }
测试:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
# echo "111" > /data/nginx/yuhuai.com/1.js //创建js文件
# echo "222" > /data/nginx/yuhuai.com/1.jpg //创建jpg文件
# touch /data/nginx/yuhuai.com/1.jss //创建一个对比文件
# curl -x127.0.0.1:80 yuhuai.com/1.js -I //访问js类型的文件,缓存过期时间为12小时
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 16 Dec 2020 06:15:00 GMT
Content-Type: application/javascript
Content-Length: 4
Last-Modified: Wed, 16 Dec 2020 03:59:45 GMT
Connection: keep-alive
ETag: "5fd98631-4"
Expires: Wed, 16 Dec 2020 18:15:00 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
# curl -x127.0.0.1:80 yuhuai.com/2.jpg -I //访问jpg类型的文件,缓存过期时间为7小时
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 16 Dec 2020 06:16:05 GMT
Content-Type: image/jpeg
Content-Length: 4
Last-Modified: Wed, 16 Dec 2020 04:00:00 GMT
Connection: keep-alive
ETag: "5fd98640-4"
Expires: Wed, 23 Dec 2020 06:16:05 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
# curl -x127.0.0.1:80 yuhuai.com/1.jss -I
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 16 Dec 2020 06:17:14 GMT
Content-Type: application/octet-stream
Content-Length: 0
Last-Modified: Wed, 16 Dec 2020 04:00:27 GMT
Connection: keep-alive
ETag: "5fd9865b-0"
Accept-Ranges: bytes
可以很清楚的看到Cache-Control对应的时间大小(秒为单位),还可以查看日志。
# cat /tmp/1.log 127.0.0.1 - [16/Dec/2020:11:45:48 +0800] yuhuai.com "/111" 404 "-" "curl/7.29.0" 127.0.0.1 - [16/Dec/2020:12:02:36 +0800] yuhuai.com "/1.jss" 200 "-" "curl/7.29.0" 127.0.0.1 - [16/Dec/2020:12:02:42 +0800] yuhuai.com "/1.jss" 200 "-" "curl/7.29.0"
3.4Nginx防盗链
把防盗链,过期时间、不记录日志组合在一起。
# vim yuhuai.com.conf
location ~* ^.+.(gif|jpg|jpeg|png|bmp|swf|flv|rar|zip|doc|pdf|gz|bz2|xls)$
{
expires 7d;
valid_referers none blocked server_names *.yuhuai.com;
if ($invalid_referer ) {
return 403;
}
测试:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 -I -e "httpd://yuhuai.com/1.txt" yuhuai.com/2.jpg
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 16 Dec 2020 07:18:22 GMT
Content-Type: image/jpeg
Content-Length: 4
Last-Modified: Wed, 16 Dec 2020 04:00:00 GMT
Connection: keep-alive
ETag: "5fd98640-4"
Expires: Wed, 23 Dec 2020 07:18:22 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
可也i看到不仅仅有过期时间还有防盗链功能。
3.5访问控制
例:“是访问yu目录得请求只允许192.168.134.140和127.0.0.1访问”配置文件如下:
# vim yuhuai.com.conf
location /yu/ { allow 192.168.134.140; allow 127.0.0.1; deny all; }
测试:
# mkdir /data/nginx/yuhuai.com/yu
# echo "123" > /data/nginx/yuhuai.com/yu/1.html
# curl -x127.0.0.1:80 yuhuai.com/yu/1.html
123
配置文件中的IP也可以为IP段,比如可以写成allow192.168.134.0/24.如果拒绝几个IP可以写成:
location /yu/
{
deny 192.168.134.140
deny 127.0.0.1;
}
除了简单的限制目录还可以根据正则匹配来限制“
location ~.*(abc|image)/.*.php$
{
deny all; //管道符在他们之间是”或者“的意思,这样就能把访问你得URL中带有abc或者image字符串,而且是php的请求拒绝访问。
}
把上传文件的目录禁止解析php,目的是保证安全。在Nginx配置里,可以针对user_agent做一些限制。
if ($http_user_agent ~`Spider/3.0|YoudaoBot|Tomato')
{
return 403;
}
3.6Nginx解析PHP
location ~ .php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/nginx/yuhuai.com$fastcgi_script_name;
}
其中fastcgi_pass用来指定php-fpm的地址,
factcgi_param SCRIPT_FILENAME后面跟的路径为该站点的根目录,和前面定义的root那个路径保持一致。
如果配置不对,访问php界面会出现404。
Nginx代理和配置SSL因为特殊原因就没有在这进行阐述了。