lnmp是一个基于centos/debian编写的nginx、php、mysql、phpmyadmin、eaccelerator 独立主机上轻松的安装lnmp生产环境
lnmp代表的就是:linux系统下nginx+mysql+php这种网站服务器架构。
linux是一类unix计算机操作系统的统称,是目前最流行的免费操作系统。代表版本有:debian、centos、ubuntu、fedora、gentoo等。
nginx是一个高性能的http和反向代理服务器,也是一个imap/pop3/smtp代理服务器。
mysql是一个小型关系型数据库管理系统。
php是一种在服务器端执行的嵌入html文档的脚本语言。
这四种软件均为免费开源软件,组合到一起,成为一个免费、高效、扩展性强的网站服务系统
实验环境
centos6.5_x64
实验软件
cmake-3.7.2.tar.gz
libiconv-1.14.tar.gz
libmcrypt-2.5.8.tar.gz
mcrypt-2.6.8.tar.gz
mhash-0.8.15.tar.gz
mysql-5.6.24.tar.gz
nginx-1.10.2.tar.gz
php-5.6.30.tar.gz
redis-2.2.5.tgz php_redis插件
navicat.exe mysql windows管理工具
软件安装
rpm -ivh epel-release-6-8.noarch.rpm
sed -i 's/^mirrorlist=https/mirrorlist=http/' /etc/yum.repos.d/epel.repo
echo "服务器ip 服务器主机名" > /etc/hosts
yum -y install gcc gcc-c++ autoconf automake libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel libtool-ltdl-devel* openldap openldap-devel openldap-clients openldap-servers make zlib-devel pcre-devel* openssl-devel libtool* git tree bison* perl gd gd-devel fiex*
tar zxvf libiconv-1.14.tar.gz
cd libiconv-1.14 && ./configure --prefix=/usr/local/libiconv && make -j4 && make install
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8 && ./configure && make -j4 && make install
tar zxvf mhash-0.8.15.tar.gz
cd mhash-0.8.15 && ./configure && make -j4 && make install
echo /usr/local/lib/ >> /etc/ld.so.conf && ldconfig
tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8 && ./configure && make -j4 && make install
tar zxvf cmake-3.7.2.tar.gz
cd cmake-3.7.2 && ./bootstrap && gmake -j4 && gmake install
groupadd mysql && useradd -g mysql mysql && touch /var/log/mysql
tar zxvf mysql-5.6.24.tar.gz
cd mysql-5.6.24
cmake \
-dcmake_install_prefix=/usr/local/mysql \
-dmysql_datadir=/usr/local/mysql/data \
-dmysql_user=mysql \
-dwith_myisam_storage_engine=1 \
-dwith_innobase_storage_engine=1 \
-dwith_archive_storage_engine=1 \
-dwith_memory_storage_engine=1 \
-dwith_readline=1 \
-dmysql_unix_addr=/var/lib/mysql/mysql.sock \
-dmysql_tcp_port=3306 \
-denabled_local_infile=1 \
-denable_downloads=1 \
-dwith_partition_storage_engine=1 \
-dextra_charsets=all \
-ddefault_charset=utf8 \
-ddefault_collation=utf8_general_ci \
-dwith_debug=0 \
-dmysql_maintainer_mode=0 \
-dwith_ssl:string=bundled \
-dwith_zlib:string=bundled \
make -j4 && make install
cp -pv /root/mysql-5.6.24/support-files/my-default.cnf /usr/local/mysql/my.cnf
cp -pv /root/mysql-5.6.24/support-files/mysql.server /etc/init.d/mysqld
chown -r mysql:mysql /usr/local/mysql
chmod +x /etc/init.d/mysqld && chkconfig --level 35 mysqld on
touch /var/log/mysql/mysql-error.log && touch /var/log/mysql/slow.log 开启错误和慢查询日志
cp -pv /usr/local/mysql/my.cnf /usr/local/mysql/my.cnf.bak
cat /usr/local/mysql/my.cnf
[mysqld]
basedir = /usr/local/mysql
datadir = /usr/local/mysql/data
log-error = /var/log/mysql/mysql-error.log mysql-error.log必须是文件 权限和mysql 代码目录相同
skip_host_cache
skip-name-resolve=1
slow_query_log = on
slow_query_log_file = /var/log/mysql/slow.log
long_query_time = 2
/usr/local/mysql/scripts/mysql_install_db --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --user=mysql &
service mysqld start && chkconfig --level 35 mysqld on
cp -pv /etc/profile /etc/profile.bak
echo 'path=/usr/local/mysql/bin:$path' >> /etc/profile
echo 'export path' >> /etc/profile && source /etc/profile
mysqladmin -uroot password 数据库密码
mysql -uroot -p 数据库密码
cat /usr/local/mysql/my.cnf 第二种方案修改mysql修改登入密码
skip-grant-tables 加入此行 设置密码后必须删除
#mysql
mysql> use mysql;
mysql> update user set password=password("数据库密码") where user="root";
mysql> flush privileges;
mysql> quit
mysql -uroot -p数据库密码
mysql>
mysql> grant all privileges on *.* to 'root'@'%' identified by '数据库密码' with grant option; 允许root远程登入
mysql> flush privileges; 刷新权限
mysql> select user, password, host from user; 查看用户权限
| root | *ac241830ffddc8943ab31cbd47d758e79f7953ea | % |
tar zxvf php-5.6.30.tar.gz
cd php-5.6.30
./configure \
--prefix=/usr/local/php \
--with-config-file-path=/usr/local/php/etc \
--with-mhash --with-mcrypt --enable-bcmath \
--enable-mysqlnd --with-mysql --with-mysqli --with-pdo-mysql \
--with-gd --enable-gd-native-ttf --with-jpeg-dir --with-png-dir --with-freetype-dir \
--enable-fpm \
--enable-mbstring \
--enable-pcntl \
--enable-sockets \
--enable-opcache \
--with-openssl \
--with-zlib \
--with-curl \
--with-libxml-dir \
--with-iconv-dir
cp -pv /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
cp -pv php.ini-production /usr/local/php/etc/php.ini
cp -pv sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/init.d/php-fpm
chkconfig --level 35 php-fpm on
cp -pv /usr/local/php/etc/php-fpm.conf /usr/local/php/etc/php-fpm.conf.bak
sed -i 's/pm.max_children = 5/pm.max_children = 64/g' /usr/local/php/etc/php-fpm.conf
sed -i 's/pm.start_servers = 2/pm.start_servers = 20/g' /usr/local/php/etc/php-fpm.conf
sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 5/g' /usr/local/php/etc/php-fpm.conf
sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 35/g' /usr/local/php/etc/php-fpm.conf
sed -i 's/;pm.max_requests = 500/pm.max_requests = 1024/g' /usr/local/php/etc/php-fpm.conf
/usr/local/php/sbin/php-fpm -t
[22-jul-2013 09:57:45] notice: configuration file /usr/local/php/etc/php-fpm.conf test is successful 如果看到这个提示,证明测试成功
service php-fpm restart && chkconfig --level 35 php-fpm on
echo 'path=/usr/local/php/bin:$path' >> /etc/profile && echo 'export path' >> /etc/profile && source /etc/profile
mkdir -pv /var/log/php && touch /var/log/php/{php-fpm.conf,slow.log} 配置php-fpm 日志
cat /usr/local/php/etc/php-fpm.conf
[global]
error_log = /var/log/php/php-fpm.log
log_level = notice
catch_workers_output = yes
slowlog = /var/log/php/slow.log 配置php慢查询日志
request_slowlog_timeout = 1
tar zxvf nginx-1.10.2.tar.gz
cd nginx-1.10.2
--prefix=/usr/local/nginx \
--sbin-path=/usr/local/nginx/sbin/nginx \
--conf-path=/usr/local/nginx/conf/nginx.conf \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_realip_module \
--without-http_geo_module \
--with-http_geoip_module=dynamic \
--without-http_map_module \
--without-http_memcached_module \
--without-http_limit_conn_module \
--without-http_limit_req_module \
--without-http_rewrite_module \
--without-http_fastcgi_module \
--with-http_proxy_module \
--with-pcre \
--without-http-cache \
--with-stream \
--with-stream=dynamic \
make -j8 && make install
cp -pv /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak
nginx配置私有证书
mkdir -pv /usr/local/nginx/conf/ca
cd /usr/local/nginx/conf/ca
openssl genrsa -des3 -out server.key 1024
mv /usr/local/nginx/conf/ca/server.key /usr/local/nginx/conf/ca/server.key.org
openssl rsa -in server.key.org -out server.key 取消证书密码
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.pem 自签ssl证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
ll /usr/local/nginx/conf/ca | grep server
server.csr
server.key
server.pem
server.crt
cat /usr/local/nginx/conf/nginx.conf
#user nobody;
worker_processes 8;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid logs/nginx.pid;
events {
use epoll;
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#access_log logs/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
server {
#listen 80;
listen 443;
ssl on;
server_name 192.168.10.13; 此处为ip 生产环境为域名(域名提前和dns绑定 ca绑定域名)
ssl_session_timeout 10m;
ssl_session_cache shared:ssl:10m;
ssl_certificate ca/server.pem;
ssl_certificate_key ca/server.key;
ssl_protocols tlsv1 tlsv1.1 tlsv1.2;
ssl_ciphers high:!anull:!md5;
location /status{
stub_status on;
access_log on;
}
location / {
root html;
index index.html index.htm;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param script_filename $document_root$fastcgi_script_name;
include fastcgi_params;
#location ~ /\.ht {
# deny all;
#}
}
ln -s /usr/local/nginx/sbin/nginx /bin/ && nginx -c /usr/local/nginx/conf/nginx.conf
nginx -t && nginx -s reload 检测并从新加载配置
nginx -s stop && 平滑重启
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
nginx -v
nginx version: nginx/1.10.2
nginx配置虚拟主机
mkdir -pv /data/wwwroot/www.oa.com
mkdir -pv /data/wwwroot/www.crm.com 代码目录域名为开头为了管理方便
mkdir -pv /usr/local/nginx/conf/vhost 创建虚拟主机配置文件目录
touch /data/wwwroot/www.oa.com/index.html && echo ca_test > /data/wwwroot/www.oa.com/index.html
touch /data/wwwroot/www.crm.com/index.html && echo crm_test > /data/wwwroot/www.crm.com/index.html 建立测试文件
cp -pv /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak
cat /usr/local/nginx/conf/nginx.conf
worker_processes 4;
worker_connections 99877;
include vhost/*.conf;
} 为了管理方便分离 nginx.conf
cp -pv /usr/local/nginx/conf/vhost/www.oa.com.conf /usr/local/nginx/conf/vhost/www.oa.com.conf.bak
cat /usr/local/nginx/conf/vhost/www.oa.com.conf
server{
listen 80;
server_name www.oa.com;
index index.html;
root /data/wwwroot/www.oa.com;
cp -pv /usr/local/nginx/conf/vhost/www.crm.com.conf /usr/local/nginx/conf/vhost/www.crm.com.conf.bak
cat /usr/local/nginx/conf/vhost/www.crm.com.conf
server_name www.crm.com;
root /data/wwwroot/www.crm.com;
cp -pv /usr/local/nginx/conf/vhost/default.conf /usr/local/nginx/conf/vhost/default.conf.bak
cat /usr/local/nginx/conf/vhost/default.conf
listen 80 default_server;
listen 443 default_server;
allow 192.168.10.0/24;
deny all;
nginx -c /usr/local/nginx/conf/nginx.conf
nginx -s stop && nginx 停止nginx从新启动服务
nginx -t && nginx -s reload 检测语法
curl http://www.oa.com
oa_test
curl http://www.crm.com
crm_test
cp -pv /etc/hosts /etc/hosts.bak
echo 服务器ip www.oa.com >> /etc/hosts
echo 服务器ip www.crm.com >> /etc/hosts 添加host解析
开始-所有程序-附件-命令行提示符
echo 服务器ip www.oa.com >> c:\windows\system32\drivers\etc\hosts
echo 服务器ip www.crm.com >> c:\windows\system32\drivers\etc\hosts windows添加本机host解析
netstat -tuplna | grep php-fpm
tcp 0 0 127.0.0.1:9000 0.0.0.0:* listen 30540/php-fpm
tcp 0 0 0.0.0.0:3306 0.0.0.0:* listen 3
[1]+ done /usr/local/php/sbin/php-fpm
netstat -tuplna | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* listen 7458/nginx
netstat -tuplna | grep mysqld
tcp 0 0 :::3306 :::* listen 22246/mysqld
ps -ef | grep mysqld
netstat -tuplna | grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* listen 6937/nginx
echo 'welcome to nginx server' > /usr/local/nginx/html/index.html
curl http://localhost/index.html
welcome to nginx!
touch /usr/local/nginx/html/index.php
echo '<?php phpinfo(); ?>' > /usr/local/nginx/html/index.php 建立php测试页
https://servrip/index.php
php添加扩展模块
tar zxvf redis-2.2.5.tgz
cd redis-2.2.5
/usr/local/php/bin/phpize
/configure --with-php-config=/usr/local/php/bin/php-config --enable-redis
nginx -t && nginx -s reload && service php-fpm restart
php message: php warning: module 'redis' already loaded in unknown on line 0
cp -pv /etc/php.ini /etc/php.ini.bak
extension_dir = /usr/local/php/lib/php/extensions/no-debug-non-zts-20170718/ 最后一行写入配置
extension = redis.so
php -m | grep redis 查看模块加载
php warning: module 'redis' already loaded in unknown on line 0
redis