Linux安装Nginx+PHP+Mysql

安装Nginx

先更新包、软件、系统内核

yum update 

安装ggc

yum install gcc-c++

　安装pcre-devel

yum install  pcre pcre-devel

　安装cmake

官网：https://cmake.org

wget https://cmake.org/files/v3.6/cmake-3.14.0.tar.gz
tar -xzvf cmake-3.14.0.tar.gz
cd cmake-3.14.0 
./bootstrap
gmake
gmake install

　　查看编译后的cmake版本

/usr/local/bin/cmake --version

　　新建软连接

ln -s /usr/local/bin/cmake /usr/bin/

　　终端查看版本

cmake --version

　　安装zlib

官网：http://www.zlib.net/

cd /usr/local/src
wget http://zlib.net/zlib-1.2.11.tar.gz
tar -xzvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure
make && make install

　　安装bzip

官网：http://www.bzip.org/downloads.html
源码包：https://sourceforge.net/projects/bzip2/

cd /usr/local/src
wget https://nchc.dl.sourceforge.net/project/bzip2/bzip2-1.0.6.tar.gz 
tar -xzvf bzip2-1.0.6.tar.gz
cd bzip2-1.0.6
# 为编译做准备，创建libbz2.so动态链接库
make -f Makefile-libbz2_so
# 编译安装
make && make install

　　安装ziblip

# 先卸载旧的
yum -y remove libzip-devel
# 找到最新版本的，并下载
# https://libzip.org/ 官网
wget https://libzip.org/download/libzip-1.5.1.tar.gz
tar -zxvf libzip-1.5.1.tar.gz
cd libzip-1.5.1
mkdir build
cd build
cmake ..
make && make install

　　安装openssl

官网：https://www.openssl.org/ 

cd /usr/local/src
wget https://www.openssl.org/source/openssl-1.1.1b.tar.gz
tar -xzvf openssl-1.1.1b.tar.gz
cd openssl-1.1.1b
# 制定编译安装后的位置
./config --prefix=/usr/local/openssl
make && make install

　　查看安装

which openssl

　　建立软连接

ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl

　　执行

cd /usr/local/openssl
ldd /usr/local/openssl/bin/openssl

　　查看版本

openssl version
# 找不到动态库

　　解决动态库的问题

vim /etc/ld.so.conf
# 在尾部追加
/usr/local/openssl/lib
# 然后执行
ldconfig /etc/ld.so.conf
openssl version
# 这个时候，版本号就出来了

　　安装 nginx_brotli

https://github.com/google/ngx_brotli

https://github.com/eustas/ngx_brotli

cd /usr/local/src
git clone https://github.com/eustas/ngx_brotli.git 
cd ngx_brotli
git submodule update --init --recursive

　　增加用户组

 groupadd www
 useradd -g www -M www

vi /etc/passwd
#找到www，将后面的/bin/bash改为/sbin/nologin即可。

　　

   下载安装nginx

官网：http://nginx.org/en/download.html 

cd /usr/local/src
wget http://nginx.org/download/nginx-1.14.2.tar.gz
tar -xzvf nginx-1.14.2.tar.gz
cd nginx-1.14.2 

　　配置编译

./configure \
--user=www \
--group=www \
--prefix=/alidata/service/nginx \
--pid-path=/alidata/service/nginx/run/nginx.pid \
--with-http_stub_status_module \ 
--with-threads \
--with-file-aio \
--with-pcre-jit \
--with-http_ssl_module \ 
--with-http_v2_module \ 
--with-http_gzip_static_module \ 
--with-http_sub_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_realip_module \
--with-http_addition_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-stream_realip_module \
--with-http_slice_module \
--with-pcre \
--with-openssl=/usr/local/src/openssl-1.1.1b/  \
--with-openssl-opt=enable-tls1_3 \ 
--add-module=/usr/local/src/ngx_brotli/

　　没有问题会提示

Configuration summary
  + using threads
  + using system PCRE library
  + using OpenSSL library: /usr/local/src/openssl-1.1.1b
  + using system zlib library

  nginx path prefix: "/alidata/service/nginx"
  nginx binary file: "/alidata/service/nginx/sbin/nginx"
  nginx modules path: "/alidata/service/nginx/modules"
  nginx configuration prefix: "/alidata/service/nginx/conf"
  nginx configuration file: "/alidata/service/nginx/conf/nginx.conf"
  nginx pid file: "/alidata/service/nginx/run/nginx.pid"
  nginx error log file: "/alidata/service/nginx/logs/error.log"
  nginx http access log file: "/alidata/service/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"

　　编译安装

make && make install

　　启动nginx

/alidata/server/nginx/sbin/nginx 
ps -ef|grep nginx
# 查看编译的模块
/alidata/service/nginx/sbin/nginx -V

　　配置开机自启动

cd /lib/systemd/system/
#创建文件
vi nginx.service

　　

[Unit]
Description=nginx 
After=network.target 

[Service] 
Type=forking 
ExecStart=/alidata/service/nginx/sbin/nginx
ExecReload=/alidata/service/nginx/sbin/nginx reload
ExecStop=/alidata/service/nginx/sbin/nginx quit
PrivateTmp=true 

[Install] 
WantedBy=multi-user.target

　　保存并退出，激活自启动功能

systemctl enable nginx.service

systemctl start nginx.service #启动nginx
systemctl stop nginx.service #结束nginx
systemctl restart nginx.service #重启nginx

　　

安装php
https://blog.vini123.com/303

php官网：https://php.net/downloads.php
迅雷下载后传到服务器上

准备编译环境

yum install curl-devel
yum install  libxml2-devel
yum install  libjpeg-devel
yum install  libpng-devel
yum install freetype-devel
yum install libxslt-devel

　　安装

cd /usr/local/src/php-7.3.4

./configure --prefix=/alidata/service/php \
--with-config-file-path=/alidata/service/php/etc \
--with-config-file-scan-dir=/alidata/service/php/etc/php.d \
--with-fpm-user=www \
--with-fpm-group=www \
--with-curl \
--with-freetype-dir \
--with-gd \
--with-gettext \
--with-iconv-dir \
--with-kerberos \
--with-libdir=lib64 \
--with-libxml-dir \
--with-mysqli \
--with-openssl \
--with-pcre-regex \
--with-pdo-mysql \
--with-pdo-sqlite \
--with-pear \
--with-png-dir \
--with-jpeg-dir \
--with-xmlrpc \
--with-xsl \
--with-zlib \
--with-bz2 \
--with-mhash \
--enable-fpm \
--enable-bcmath \
--enable-libxml \
--enable-inline-optimization \
--enable-mbregex \
--enable-mbstring \
--enable-opcache \
--enable-pcntl \
--enable-shmop \
--enable-soap \
--enable-sockets \
--enable-sysvsem \
--enable-sysvshm \
--enable-xml \
--enable-zip \
--enable-fpm \
--disable-fileinfo

　　安装

make && make install

　　配置环境变量

vi /etc/profile

　　在末尾追加

PATH=$PATH:/alidata/service/php/bin
export PATH

　　保存，然后source

source /etc/profile
echo $PATH  #看到配置的环境变量了
php -v #查看php的版本信息

　　填充文件

cp /alidata/service/php/etc/php-fpm.conf.default  /alidata/service/php/etc/php-fpm.conf
cp /alidata/service/php/etc/php-fpm.d/www.conf.default /alidata/service/php/etc/php-fpm.d/www.conf
cp /usr/local/src/php-7.3.4/php.ini-production  /alidata/service/php/etc/php.ini
cp /usr/local/src/php-7.3.4/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm

chmod +x /etc/init.d/php-fpm
chkconfig --add php-fpm  #开机自启动

　　开启关闭命令

#启动服务
service php-fpm start 
#停止服务
service php-fpm stop  
#重启服务
service php-fpm reload

/etc/init.d/php-fpm start   #开启
/etc/init.d/php-fpm stop  #关闭
/etc/init.d/php-fpm restart  #重启

php -i|grep php.ini 

 

安装mysql
https://blog.vini123.com/105

依赖包安装及清除旧版本

yum groupinstall -y Development Tools
yum -y install gcc gcc-c++ make cmake  readline-devel zlib-devel ncurses ncurses-devel 
yum -y install libevent man  libxml2 libxml2-devel openssl-devel bison bison-devel  libaio-devel

rpm -qa|grep mysql 
rpm -qa|grep mariadb
rpm -e --nodeps  mariadb-libs-5.5.50-1.el7_2.x86_64

　　官网下载：https://downloads.mariadb.org/

cd /usr/local/src/mariadb
wget https://mirrors.tuna.tsinghua.edu.cn/mariadb//mariadb-10.1.22/source/mariadb-10.1.22.tar.gz
tar -xzvf mariadb-10.1.22.tar.gz
cd mariadb-10.1.22

　　创建用户组及相关目录

groupadd mysql  #创建mysql用户组
useradd -s /sbin/nologin -g mysql -M mysql   #创建mysql用户归属mysql组
mkdir /data/server/mariadb/mysql   #创建安装目录
mkdir -p /data/server/mariadb/data   #创建数据库存放目录
chown -R mysql:mysql  /data/server/mariadb/data   #给予权限

　　编译源码包安装

cmake . -DCMAKE_INSTALL_PREFIX=/data/server/mariadb/mysql -DMYSQL_DATADIR=/data/server/mariadb/data -DSYSCONFDIR=/etc -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITH_READLINE=1 -DWITH_SSL=system -DWITH_ZLIB=system -DWITH_LIBWRAP=0 -DMYSQL_UNIX_ADDR=/tmp/mysql.sock -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DENABLED_LOCAL_INFILE=1 

　简化版

cmake . -DCMAKE_INSTALL_PREFIX=/alidata/service/mariadb/mysql -DMYSQL_DATADIR=/alidata/service/mariadb/data -DWITHOUT_TOKUDB=1 -DSYSCONFDIR=/etc -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITH_READLINE=1 -DWITH_SSL=system -DWITH_ZLIB=system -DWITH_LIBWRAP=0 -DMYSQL_UNIX_ADDR=/tmp/mysql.sock -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DENABLED_LOCAL_INFILE=1

　　

部分编译参数解释：

• -DCMAKE_INSTALL_PREFIX 安装目录
• -DMYSQL_DATADIR 数据库存放目录
• -DSYSCONFDIR 配置文件目录（具体 /etc/my.cnf）
• -DWITH_INNOBASE_STORAGE_ENGINE 支持数据库innobase引擎
• -DWITH_ARCHIVE_STORAGE_ENGINE 支持数据库archive引擎
• -DWITH_BLACKHOLE_STORAGE_ENGINE 支持数据库blackhole存储引擎
• -DDEFAULT_CHARSET 支持字符集
• -DDEFAULT_COLLATION 排序规则 校验字符
• -DENABLED_LOCAL_INFILE 允许本地导入数据

注意在源码包里进行cmake。如果遇到错误 rm -f CMakeCache.txt 并删除缓存重新配置。配置完成结果。

 编辑和安装

make && make install

　　

内存不足错误

cc: internal compiler error: Killed (program cc1)
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://bugzilla.redhat.com/bugzilla> for instructions.
make[2]: *** [storage/mroonga/vendor/groonga/lib/CMakeFiles/libgroonga.dir/expr.c.o] Error 4
make[1]: *** [storage/mroonga/vendor/groonga/lib/CMakeFiles/libgroonga.dir/all] Error 2
make: *** [all] Error 2

　　借内存

dd if=/dev/zero of=/home/swap bs=1024 count=1024000   #创建一个1G的分区文件（大小可以自己定）
/sbin/mkswap /home/swap   #将创建的分区格式化为swap
/sbin/swapon /home/swap   #使这个分区立即生效
vi /etc/fstab   #编辑fstab，设置开机自动挂载swap
/home/swap swap swap defaults 0 0   #将此行追加到 /etc/fstab 行尾。然后保存。
free #查看swap大小 

　　删除CMake缓存文件

rm -f /usr/local/src/mariadb/mariadb-10.1.22/CMakeCache.txt

　　安装完成后释放swap

/sbin/swapoff /home/swap   #停止swap分区
rm -f /home/swap   #删除swap分区文件
vi /etc/fstab   #编辑fstab，取消开机自动挂载swap
/home/swap swap swap defaults 0 0   #将此行注释掉或删掉。然后保存。
free #查看swap大小 

　　设置环境变量

cd  /data/server/mariadb/mysql   #进入安装目录
scripts/mysql_install_db --user=mysql --datadir=/data/server/mariadb/data/   #初始化系统表
cp support-files/mysql.server /etc/init.d/mysqld   #复制mysql.server
chkconfig --add mysqld   #添加到系统服务
chkconfig mysqld on   #设置开机自启动   
vi /etc/profile   #编辑环境变量
PATH=$PATH:/data/server/mariadb/mysql/bin   #此行和下一行追加到 /etc/profile文件末尾，并保存退出。
export PATH
source /etc/profile   #使得环境变量生效。

　　复制配置文件

cp -f /usr/local/src/mariadb/mariadb-10.1.22/support-files/my-small.cnf /etc/my.cnf
vi  /etc/my.cnf   #编辑配置文件

　　没有my-small，则复制

cp /alidata/service/mariadb/mysql/support-files/wsrep.cnf /etc/my.cnf

　　在配置文件中添加如下代码

basedir=/data/server/mariadb/mysql
datadir=/data/server/mariadb/data
pid-file=/data/server/mariadb/data/mariadb.pid
log-error=/data/log/mariadb/mariadb.err 

　　保存，启动mysql

/etc/init.d/mysqld start   #启动mysql。
#重启 （restart）
#停止（stop）
#启动（start）

　　

上边所有步骤都结束后，最好做一次安全初始化。使用mysql_secure_installation来安全初始化。该脚本能：

1. 为数据库root用户设置或重置密码
2. 禁止匿名用户登录
3. 禁止root用户的远程访问，只允许本地localhost访问
4. 删除test数据库（任何人都可以访问的数据库）
5. 刷新授权表使修改生效。也就是上边的四项生效。

mysql_secure_installation  #执行这个后，会一步一步来执行初始化安全脚本。需要手动来输入进行下去的。

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
  #因为之前没有设置过root的密码。这里直接回车。
Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
  #输入y，回车。开始设置密码（linux下输入密码是不可见的）。
Set root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.
  #密码设置成功后，是否移除匿名用户。输入y，回车。移除匿名用户。
Remove anonymous users? [Y/n] y
... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.
  #是否禁止root用户远程登录。输入y，回车。为了安全，请禁止。
Disallow root login remotely? [Y/n] y
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.
  #是否移除test数据库。输入n，回车。这里不移除。
Remove test database and access to it? [Y/n] n
... skipping.

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
  #是否刷新授权表生效。输入y，回车。刷新授权表之后，上边的设置才生效。
Reload privilege tables now? [Y/n] y
... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!重启 （restart）， 停止（stop）， 启动（start）

mysql 添加远程访问权限

mysql -u root -p
GRANT ALL PRIVILEGES ON *.* TO 'root'@'10.10.11.12' IDENTIFIED BY 'FEFJay' WITH GRANT OPTION; #添加权限
flush privileges;
REVOKE ALL on *.* FROM 'root'@'10.10.11.12'; #删除权限

root用户名，10.10.11.12允许访问ip，FEFJay密码

 

安装redis扩展 https://blog.vini123.com/107

安装memcache https://blog.vini123.com/234

 

Nginx 配置

mkdir nginx/conf/vhost #配置目录

mkdir nginx/conf/ssl #存放证书目录

vim www.conf #创建域名配置文件

server {
    listen       80;
    server_name  localhost 【IP地址】;
    index index.html index.htm index.php;
    root 【网站根目录】;
    
    location ~ .*\.(php|php5)?$
    {
        #fastcgi_pass  unix:/tmp/php-cgi.sock;
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index index.php;  
        include fastcgi.conf;
    }
	
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires 30d;
    }

    location ~ .*\.(js|css)?$
    {
        expires 1h;
    }
}

配置二级域名

server 
{
    listen 80;
    server_name  test.cn  www.test.cn; 
    return 301 https://www.test.cn$request_uri;
}

server 
{
    listen 443 ssl http2; 
    server_name test.cn  www.test.cn;    

    if ( $host = 'test.cn' ){
        return 301 https://www.test.cn$request_uri;
    }           

    ssl_certificate         【证书目录.crt】;
    ssl_certificate_key    【证书目录.key】;

    ssl_session_timeout 5m;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=31536000";
    add_header Content-Security-Policy "default-src 'self';script-src * 'unsafe-inline';style-src * 'unsafe-inline';";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Frame-Options 'SAMEORIGIN';

    charset utf-8;
    index index.php index.html index.htm;
    root 【网站根目录】;
	
    location / {
        try_files $uri $uri/  /index.php?$query_string; 
    }

    location ~ \.php($|/) {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param HTTPS $https if_not_empty;
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
	
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires 30d;
    }
	
    location ~ .*\.(js|css)?$
    {
        expires 1h;
    }
    access_log  nginx/logs/www.test.cn.log;
}