LNMP环境搭建与配置

本文转载自查看原文 2020-10-23 17:04 642

1 安装MySQL

LNMP中MySQL的安装步骤和LAMP一样。

下载软件包：

# cd /usr/local/src/ # wget http://mirrors.sohu.com/mysql/MySQL-5.6/mysql-5.6.36-linux-glibc2.5-x86_64.tar.gz #下载mysql二进制包

初始化：

# tar zxf mysql-5.6.36-linux-glibc2.5-x86_64.tar.gz #解压二进制包 # [ -d /usr/local/mysql ] && mv /usr/local/mysql /usr/local/mysql_old # mv mysql-5.6.36-linux-glibc2.5-x86_64 /usr/local/mysql # useradd -s /sbin/nologin mysql #创建用户mysql # cd /usr/local/mysql # mkdir -p data/mysql #创建datadir，数据库文件会放到这里 # chown -R mysql:mysql data/mysql #更改权限，否则后面会出问题 # ./scripts/mysql_install_db --user=mysql --datadir=/usr/local/mysql/data/mysql #这里datadir尽量使用绝对路径，不然后面可能报错 FATAL ERROR: please install the following Perl modules before executing ./scripts/mysql_install_db: Data::Dumper #有报错，安装所缺包 # yum list |grep -i dumper perl-Data-Dumper.x86_64 2.145-3.el7 @base perl-XML-Dumper.noarch 0.81-17.el7 base # yum install -y perl-Data-Dumper.x86_64 # ./scripts/mysql_install_db --user=mysql --datadir=/usr/local/mysql/data/mysql Installing MySQL system tables..../bin/mysqld: error while loading shared libraries: libaio.so.1: cannot open shared object file: No such file or directory #再次报错，安装所缺包 # yum install -y libaio-devel # ./scripts/mysql_install_db --user=mysql --datadir=/usr/local/mysql/data/mysql #有两个OK，就说明初始化成功 # echo $? 0 #检验上条命令是否执行成功，0表示执行成功

配置MySQL：

# cp support-files/my-default.cnf /etc/my.cnf cp：是否覆盖"/etc/my.cnf"？ y # vim /etc/my.cnf #修改配置文件如下

[mysqld] # Remove leading # and set to the amount of RAM for the most important data # cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%. innodb_buffer_pool_size = 128M # Remove leading # to turn on a very important data integrity option: logging # changes to the binary log between backups. # log_bin = # These are commonly set, remove the # and set as required. basedir = /usr/local/mysql #这里做3处修改，basedir 是MySQL包所在的路径，datadir 是定义的存放数据的地方，port 定义MySQL服务监听的端口，如果不定义默认就是3306 datadir = /usr/local/mysql/data/mysql port = 3306 # server_id = ..... # socket = ..... # Remove leading # to set options mainly useful for reporting servers.

# cp support-files/mysql.server /etc/init.d/mysqld # chmod 755 /etc/init.d/mysqld # vim /etc/init.d/mysqld basedir=/usr/local/mysql datadir=/usr/local/mysql/data/mysql #修改成这样 # chkconfig --add mysqld #将mysqld加入系统服务项 # chkconfig mysqld on #设置开机启动

启动MySQL：

# service mysqld start #启动mysqld服务 Starting MySQL.Logging to '/usr/local/mysql/data/mysql/localhost.localdomain.err'. . SUCCESS! #mysqld服务启动成功 # netstat -lntp |grep 3306 #检验mysqld服务是否启动成功，查看是否在监听3306端口 tcp6 0 0 :::3306 :::* LISTEN 3655/mysqld

2 安装PHP

下载源码包：

# cd /usr/local/src/ # wget http://cn2.php.net/distributions/php-5.6.36.tar.gz

解压源码包，创建账号：

# tar zxf php-5.6.36.tar.gz # useradd -s /sbin/nologin php-fpm

配置编译选项：

# ./configure \ > --prefix=/usr/local/php-fpm \ > --with-config-file-path=/usr/local/php-fpm/etc \ > --enable-fpm \ > --with-fpm-user=php-fpm \ > --with-fpm-group=php-fpm \ > --with-mysql=/usr/local/mysql \ > --with-mysql-sock=/tmp/mysql.sock \ > --with-libxml-dir \ > --with-gd \ > --with-jpeg-dir \ > --with-png-dir \ > --with-freetype-dir \ > --with-iconv-dir \ > --with-zlib-dir \ > --with-mcrypt \ > --enable-soap \ > --enable-gd-native-ttf \ > --enable-ftp \ > --enable-mbstring \ > --enable-exif \ > --disable-ipv6 \ > --with-pear \ > --with-curl \ > --with-openssl #多了--enable-fpm，如果不加该参数，则不会有php-fpm执行文件生成，更不能启动php-fpm服务

错误1：

checking for cc... no checking for gcc... no configure: error: in `/usr/local/src/php-5.6.36': configure: error: no acceptable C compiler found in $PATH See `config.log' for more details # yum install -y gcc #这里提示安装gcc，是因为我用了新的虚拟机 # ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #继续执行这一步

错误2：

checking for xml2-config path... configure: error: xml2-config not found. Please check your libxml2 installation. # yum list |grep libxml2 libxml2.x86_64 2.9.1-6.el7_2.3 @anaconda libxml2.i686 2.9.1-6.el7_2.3 base libxml2-devel.i686 2.9.1-6.el7_2.3 base libxml2-devel.x86_64 2.9.1-6.el7_2.3 base libxml2-python.x86_64 2.9.1-6.el7_2.3 base libxml2-static.i686 2.9.1-6.el7_2.3 base libxml2-static.x86_64 2.9.1-6.el7_2.3 base # yum install -y libxml2-devel.x86_64 #安装libxml-devel # ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #继续执行这一步

错误3：

configure: error: Cannot find OpenSSL's <evp.h> # yum install -y openssl openssl-devel #安装openssl和openssl-devel # ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #继续执行这一步

错误4：

checking for cURL in default path... not found configure: error: Please reinstall the libcurl distribution - easy.h should be in <curl-dir>/include/curl/ # yum install -y libcurl-devel #安装libcurl-devel # ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #继续执行这一步

错误5：

configure: error: jpeglib.h not found.

# yum -y install libjpeg-devel #安装libjpeg-devel # ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #继续执行这一步

错误6：

configure: error: png.h not found.

# yum install -y libpng libpng-devel #安装libpng-devel # ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #继续执行这一步

错误7：

configure: error: freetype-config not found.

# yum install -y freetype freetype-devel #安装freetype-devel # ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #继续执行这一步

错误8：

configure: error: mcrypt.h not found. Please reinstall libmcrypt.

# yum install -y epel-release # yum install -y libmcrypt-devel #安装libmcrypt-devel（安装之前要安装epel-release这个扩展源） # ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #继续执行这一步

终于不再提示错误，有这样的信息：

+--------------------------------------------------------------------+
| License: | | This software is subject to the PHP License, available in this | | distribution in the file LICENSE. By continuing this installation | | process, you are bound by the terms of this license agreement. | | If you do not agree with the terms of this license, you must abort | | the installation process at this point. | +--------------------------------------------------------------------+ Thank you for using PHP. config.status: creating php5.spec config.status: creating main/build-defs.h config.status: creating scripts/phpize config.status: creating scripts/man1/phpize.1 config.status: creating scripts/php-config config.status: creating scripts/man1/php-config.1 config.status: creating sapi/cli/php.1 config.status: creating sapi/fpm/php-fpm.conf config.status: creating sapi/fpm/init.d.php-fpm config.status: creating sapi/fpm/php-fpm.service config.status: creating sapi/fpm/php-fpm.8 config.status: creating sapi/fpm/status.html config.status: creating sapi/cgi/php-cgi.1 config.status: creating ext/phar/phar.1 config.status: creating ext/phar/phar.phar.1 config.status: creating main/php_config.h config.status: executing default commands

这就说明PHP配置编译参数完成。

编译php：

# make Build complete. Don't forget to run 'make test'. # echo $? 0

编译完成（在这一步，也有可能会遇到问题）。

安装php：

# make install Wrote PEAR system config file at: /usr/local/php-fpm/etc/pear.conf You may want to add: /usr/local/php-fpm/lib/php to your php.ini include_path /usr/local/src/php-5.6.36/build/shtool install -c ext/phar/phar.phar /usr/local/php-fpm/bin ln -s -f phar.phar /usr/local/php-fpm/bin/phar Installing PDO headers: /usr/local/php-fpm/include/php/ext/pdo/ # echo $? 0

安装完成。

修改配置文件：

# cp php.ini-production /usr/local/php-fpm/etc/php.ini # vim /usr/local/php-fpm/etc/php-fpm.conf #这里是新文件，直接复制粘贴下面的脚本内容即可 [global] pid = /usr/local/php-fpm/var/run/php-fpm.pid error_log = /usr/local/php-fpm/var/log/php-fpm.log [www] listen = /tmp/php-fcgi.sock listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024 # /usr/local/php-fpm/sbin/php-fpm -t [01-Jul-2018 21:08:57] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful #显示 test is successful ，说明配置没有问题

启动php-fpm：

# cp /usr/local/src/php-5.6.36/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm # chmod 755 /etc/init.d/php-fpm # useradd -s /sbin/nologin php-fpm useradd：用户“php-fpm”已存在 #如果之前进行过这一步，那这里就可以省略 # service php-fpm start Starting php-fpm done # ps aux |grep php-fpm #检测php-fpm是否启动 root 30222 0.0 0.1 123452 4812 ? Ss 21:14 0:00 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf) php-fpm 30223 0.0 0.1 123452 4580 ? S 21:14 0:00 php-fpm: pool www php-fpm 30224 0.0 0.1 123452 4580 ? S 21:14 0:00 php-fpm: pool www php-fpm 30225 0.0 0.1 123452 4580 ? S 21:14 0:00 php-fpm: pool www php-fpm 30226 0.0 0.1 123452 4580 ? S 21:14 0:00 php-fpm: pool www php-fpm 30227 0.0 0.1 123452 4584 ? S 21:14 0:00 php-fpm: pool www php-fpm 30228 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30229 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30230 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30231 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30232 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30233 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30234 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30235 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30236 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30237 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30238 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30239 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30240 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30241 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30242 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www root 30248 0.0 0.0 112720 980 pts/0 S+ 21:16 0:00 grep --color=auto php-fpm #说明php-fpm成功启动 # chkconfig php-fpm on #设置php-fpm开机启动

3 安装Nginx

下载和解压Nginx：

# cd /usr/local/src/ # wget http://nginx.org/download/nginx-1.12.1.tar.gz # tar zxf nginx-1.12.1.tar.gz

配置编译选项：

# cd nginx-1.12.1 # ./configure --prefix=/usr/local/nginx Configuration summary + using system PCRE library + OpenSSL library is not used + using system zlib library nginx path prefix: "/usr/local/nginx" nginx binary file: "/usr/local/nginx/sbin/nginx" nginx modules path: "/usr/local/nginx/modules" nginx configuration prefix: "/usr/local/nginx/conf" nginx configuration file: "/usr/local/nginx/conf/nginx.conf" nginx pid file: "/usr/local/nginx/logs/nginx.pid" nginx error log file: "/usr/local/nginx/logs/error.log" nginx http access log file: "/usr/local/nginx/logs/access.log" nginx http client request body temporary files: "client_body_temp" nginx http proxy temporary files: "proxy_temp" nginx http fastcgi temporary files: "fastcgi_temp" nginx http uwsgi temporary files: "uwsgi_temp" nginx http scgi temporary files: "scgi_temp" # echo $? 0

编译和安装Nginx：

# make # echo $? 0 # make install # echo $? 0

编写Nginx启动脚本，并加入系统服务：

# vim /etc/init.d/nginx #写入下面内容

#!/bin/bash # chkconfig: - 30 21 # description: http service. # Source Function Library . /etc/init.d/functions # Nginx Settings NGINX_SBIN="/usr/local/nginx/sbin/nginx" NGINX_CONF="/usr/local/nginx/conf/nginx.conf" NGINX_PID="/usr/local/nginx/logs/nginx.pid" RETVAL=0 prog="Nginx" start() { echo -n $"Starting $prog: " mkdir -p /dev/shm/nginx_temp daemon $NGINX_SBIN -c $NGINX_CONF RETVAL=$? echo return $RETVAL } stop() { echo -n $"Stopping $prog: " killproc -p $NGINX_PID $NGINX_SBIN -TERM rm -rf /dev/shm/nginx_temp RETVAL=$? echo return $RETVAL } reload() { echo -n $"Reloading $prog: " killproc -p $NGINX_PID $NGINX_SBIN -HUP RETVAL=$? echo return $RETVAL } restart() { stop start } configtest() { $NGINX_SBIN -c $NGINX_CONF -t return 0 } case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) restart ;; configtest) configtest ;; *) echo $"Usage: $0 {start|stop|reload|restart|configtest}" RETVAL=1 esac exit $RETVAL

# chmod 755 /etc/init.d/nginx #更改启动脚本权限 # chkconfig --add nginx #将Nginx加入系统服务项 # chkconfig nginx on #设置Nginx开机启动

更改Nginx的配置文件：

# > /usr/local/nginx/conf/nginx.conf # > 表示重定向，单独使用时，可以把一个文本文档快速清空 # vim /usr/local/nginx/conf/nginx.conf #写入下面内容

user nobody nobody; worker_processes 2; error_log /usr/local/nginx/logs/nginx_error.log crit; pid /usr/local/nginx/logs/nginx.pid; worker_rlimit_nofile 51200; events { use epoll; worker_connections 6000; } http { include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 3526; server_names_hash_max_size 4096; log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]' ' $host "$request_uri" $status' ' "$http_referer" "$http_user_agent"'; sendfile on; tcp_nopush on; keepalive_timeout 30; client_header_timeout 3m; client_body_timeout 3m; send_timeout 3m; connection_pool_size 256; client_header_buffer_size 1k; large_client_header_buffers 8 4k; request_pool_size 4k; output_buffers 4 32k; postpone_output 1460; client_max_body_size 10m; client_body_buffer_size 256k; client_body_temp_path /usr/local/nginx/client_body_temp; proxy_temp_path /usr/local/nginx/proxy_temp; fastcgi_temp_path /usr/local/nginx/fastcgi_temp; fastcgi_intercept_errors on; tcp_nodelay on; gzip on; gzip_min_length 1k; gzip_buffers 4 8k; gzip_comp_level 5; gzip_http_version 1.1; gzip_types text/plain application/x-javascript text/css text/htm application/xml; server { listen 80; server_name localhost; index index.html index.htm index.php; root /usr/local/nginx/html; location ~ \.php$ { include fastcgi_params; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name; } } }

# /usr/local/nginx/sbin/nginx -t #检验配置文件是否有问题 nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful #显示上面两行说明配置正确

启动Nginx：

# service nginx start #启动Nginx服务 Starting nginx (via systemctl): [ 确定 ] #如果不能启动，可以查看/usr/local/nginx/logs/error.log文件 # ps aux |grep nginx #检验Nginx服务是否启动 root 32821 0.0 0.0 20540 624 ? Ss 21:47 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf nobody 32822 0.0 0.0 22984 3204 ? S 21:47 0:00 nginx: worker process nobody 32823 0.0 0.0 22984 3204 ? S 21:47 0:00 nginx: worker process root 32825 0.0 0.0 112720 984 pts/0 S+ 21:48 0:00 grep --color=auto nginx

可以看到，Nginx服务成功启动。

测试是否正确解析PHP：

# vim /usr/local/nginx/html/1.php <?php echo "php解析正常"; ?> # curl localhost/1.php php解析正常[root@localhost nginx-1.12.1]#

说明PHP解析正常。

4 Nginx配置

LNMP环境搭建好之后，其实仅仅是安装上了软件，我们还有很多具体的配置工作要做。

默认虚拟主机

默认虚拟主机指的是，任何一个域名指向这台服务器，只要是没有对应的虚拟主机，就会由这个默认虚拟主机来处理。

与httpd相同，在Nginx中也有默认虚拟主机，并且类似的，第一个被Nginx加载的虚拟主机就是默认主机。但不同的是，它还有一个配置用来标记默认虚拟主机，也就是说，如果没有这个标记，第一个虚拟主机为默认虚拟主机。

要先修改主配置文件：

# vim /usr/local/nginx/conf/nginx.conf include vhost/*.conf; #在结束符号 } 上面加入这行配置 }

上面那行配置就是加载/usr/local/nginx/conf/vhost/下面的所有以.conf结尾的文件，这样我们就可以把所有虚拟主机的配置文件放到vhost目录下面了。

编辑默认主机配置文件：

# mkdir /usr/local/nginx/conf/vhost # cd /usr/local/nginx/conf/vhost # vim default.conf #这里是新文件，写入下面内容 server { listen 80 default_server; #有这个 default_server 标记的就是默认虚拟主机 server_name 123.com; index index.html index.htm index.php; root /data/nginx/default; }

验证上面配置：

# /usr/local/nginx/sbin/nginx -t #检验上面配置 nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful #说明配置没有问题 # /usr/local/nginx/sbin/nginx -s reload #重载配置，这样就不用重启了 # mkdir -p /data/nginx/default/ # echo "default" > /data/nginx/default/index.html #创建索引页 # curl -x127.0.0.1:80 123.com default # curl -x192.168.33.128:80 123.com default #这里输入127.0.0.1和192.168.33.128（linux的IP）都行 # curl -x127.0.0.1:80 aaa.com default #访问一个没有定义过的域名，也会访问到123.com

如果想让浏览器访问到这个，可以这样：

# iptables -I INPUT -p tcp --dport 80 -j ACCEPT #打开linux的80端口

然后再在浏览器上访问即可

在这里插入图片描述

用户认证

在用户访问网站的时候，需要输入用户名密码才能顺利访问，一些重要的站点或网站后台通常会加上用户认证，目的当然是保障安全。

创建一个新的虚拟主机：

# cd /usr/local/nginx/conf/vhost/ # vim test.com.conf #这是新文件，写入下面内容 server { listen 80; server_name test.com; index index.html index.htm index.php; root /data/nginx/test.com; location / { auth_basic "Auth"; #auth_basic打开用户认证 auth_basic_user_file /usr/local/nginx/conf/htpasswd; #指定用户密码文件 } }

验证上面配置：

# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful # /usr/local/nginx/sbin/nginx -s reload # yum install -y httpd #安装httpd，因为生成密码文件需要用到htpasswd命令 # htpasswd -c /usr/local/nginx/conf/htpasswd lzx #创建lzx用户，并设置密码 New password: Re-type new password: Adding password for user lzx # mkdir /data/nginx/test.com # echo "test" > /data/nginx/test.com/index.html # curl -x127.0.0.1:80 test.com -I HTTP/1.1 401 Unauthorized #状态码401说明该网站需要验证 Server: nginx/1.12.1 Date: Thu, 05 Jul 2018 08:06:39 GMT Content-Type: text/html Content-Length: 195 Connection: keep-alive WWW-Authenticate: Basic realm="Auth"

打开Windows的hosts文件，加入一行：

192.168.33.128  test.com

然后在浏览器中访问test.com

在这里插入图片描述

点击取消之后出现

在这里插入图片描述

输入账号密码

这里写图片描述

然后出现

在这里插入图片描述

另外，如果是针对某个目录做用户认证，需要配置location后面的路径：

location /admin/				#这里以admin目录为例 { auth_basic "Auth"; auth_basic_user_file /usr/local/nginx/conf/htpasswd; }

域名重定向

Nginx和httpd的域名重定向和httpd的类似。

配置虚拟主机文件：

# vim test.com.conf server { listen 80; server_name test.com test1.com test2.com; #Nginx中，server_name 后面可以跟多个域名 index index.html index.htm index.php; root /data/nginx/test.com; if ($host != 'test.com') { rewrite ^/(.*)$ http://test.com/$1 permanent; #permanent为永久重定向，相当于httpd的R=301；还有个redirect，为临时重定向，相当于R=302 } }

验证上面配置：

# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful # /usr/local/nginx/sbin/nginx -s reload # curl -x127.0.0.1:80 test1.com/123.txt -I HTTP/1.1 301 Moved Permanently #301 永久moved Server: nginx/1.12.1 Date: Thu, 05 Jul 2018 08:41:51 GMT Content-Type: text/html Content-Length: 185 Connection: keep-alive Location: http://test.com/123.txt #这里变成test.com/123.txt

Nginx的访问日志

先查看一下Nginx的日志格式：

# grep -A2 log_format /usr/local/nginx/conf/nginx.conf log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]' ' $host "$request_uri" $status' ' "$http_referer" "$http_user_agent"';

和httpd类似，也是在主配置文件中定义的日志格式

combined_realip		日志格式的名字，后面可以调用它；    
$remote_addr		访问网站的用户的出口ip；  
$http_x_forwarded_for		代理服务器的ip，如果使用了代理则会记录代理的ip；  
$time_local		当前的时间；  
$host		访问的主机名；  
$request_uri		访问的URL地址；  
$status		状态码；  
$http_referer		referer地址；    
$http_user_agent		user_agent。

指定访问日志的路径：

# cd /usr/local/nginx/conf/vhost/ # vim test.com.conf server { listen 80; server_name test.com test1.com test2.com; index index.html index.htm index.php; root /data/nginx/test.com; if ($host != 'test.com') { rewrite ^/(.*)$ http://test.com/$1 permanent; } access_log /tmp/1.log combined_realip; #使用access_log来指定日志的存储路径，最后面指定日志的格式名字 }

验证上面配置：

# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful # /usr/local/nginx/sbin/nginx -s reload # curl -x127.0.0.1:80 test.com/111 <html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>nginx/1.12.1</center> </body> </html> # cat /tmp/1.log 127.0.0.1 - [06/Jul/2018:11:15:12 +0800] test.com "/111" 404 "-" "curl/7.29.0" #curl访问记录 192.168.33.1 - [06/Jul/2018:11:18:35 +0800] test.com "/" 200 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" #Windows上面浏览器访问记录 192.168.33.1 - [06/Jul/2018:11:18:35 +0800] test.com "/favicon.ico" 404 "http://test.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" 192.168.33.1 - [06/Jul/2018:11:18:41 +0800] test.com "/111" 404 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"

Nginx的日志比较简单，但没有像httpd那样自带的切割工具，要想切割Ngin日志需要借助系统的切割工具或自定义脚本。

这里我们自定义一个日志切割脚本：

# vim /usr/local/sbin/nginx_log_rotate.sh #写入下面内容

#! /bin/bash d= `data -d "-1 day" +%Y%m%d` logdir="/data/logs" #假设Nginx的日志存放路径为/data/logs nginx_pid="/usr/local/nginx/logs/nginx.log" cd $logdir for log in `ls *.log` do mv $log $log-$d done /bin/kill -HUP `cat $nginx_pid`

写完脚本之后，还需要增加任务计划：

0 0 * * * /bin/bash /usr/local/sbin/nginx_log_rotate.sh

配置静态文件不记录日志并添加过期时间

修改虚拟主机配置文件：

# vim test.com.conf listen 80; server_name test.com test1.com test2.com; index index.html index.htm index.php; root /data/nginx/test.com; if ($host != 'test.com') { rewrite ^/(.*)$ http://test.com/$1 permanent; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ #指定对于的静态文件 { expires 7d; #配置过期时间 access_log off; #off就不记录访问日志了 } location ~ .*\.(js|css)$ { expires 12h; access_log off; } access_log /tmp/1.log combined_realip; }

验证上面配置：

# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful # /usr/local/nginx/sbin/nginx -s reload # echo "111" > /data/nginx/test.com/1.js #创建js文件 # echo "222" > /data/nginx/test.com//2.jpg #创建jpg文件 # touch /data/nginx/test.com/3.jss #创建一个对比文件 # curl -x127.0.0.1:80 test.com/1.js -I HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Fri, 06 Jul 2018 03:52:47 GMT Content-Type: application/javascript Content-Length: 4 Last-Modified: Fri, 06 Jul 2018 03:50:55 GMT Connection: keep-alive ETag: "5b3ee71f-4" Expires: Fri, 06 Jul 2018 15:52:47 GMT Cache-Control: max-age=43200 #43200秒即12小时，js文件过期时间为12h Accept-Ranges: bytes # curl -x127.0.0.1:80 test.com/2.jpg -I HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Fri, 06 Jul 2018 03:56:15 GMT Content-Type: image/jpeg Content-Length: 4 Last-Modified: Fri, 06 Jul 2018 03:51:35 GMT Connection: keep-alive ETag: "5b3ee747-4" Expires: Fri, 13 Jul 2018 03:56:15 GMT Cache-Control: max-age=604800 #jpg文件过期时间为7天 Accept-Ranges: bytes # curl -x127.0.0.1:80 test.com/3.jss -I #jss文件无过期时间 HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Fri, 06 Jul 2018 03:57:33 GMT Content-Type: application/octet-stream Content-Length: 0 Last-Modified: Fri, 06 Jul 2018 03:52:00 GMT Connection: keep-alive ETag: "5b3ee760-0" Accept-Ranges: bytes # cat /tmp/1.log 127.0.0.1 - [06/Jul/2018:11:15:12 +0800] test.com "/111" 404 "-" "curl/7.29.0" 192.168.33.1 - [06/Jul/2018:11:18:35 +0800] test.com "/" 200 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" 192.168.33.1 - [06/Jul/2018:11:18:35 +0800] test.com "/favicon.ico" 404 "http://test.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" 192.168.33.1 - [06/Jul/2018:11:18:41 +0800] test.com "/111" 404 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" 127.0.0.1 - [06/Jul/2018:11:57:33 +0800] test.com "/3.jss" 200 "-" "curl/7.29.0"

这里可以看到，并没有js和jpg文件的访问日志记录。

Nginx防盗链

修改虚拟主机的配置文件：

# vim test.com.conf server { listen 80; server_name test.com test1.com test2.com; index index.html index.htm index.php; root /data/nginx/test.com; if ($host != 'test.com') { rewrite ^/(.*)$ http://test.com/$1 permanent; } location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com; if ($invalid_referer) { return 403; } access_log off; } access_log /tmp/1.log combined_realip; }

验证上面配置：

# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful # /usr/local/nginx/sbin/nginx -s reload # curl -x127.0.0.1:80 -e "http://123.com/1.txt" test.com/2.jpg -I #使用-e选项时，必须补全http:// HTTP/1.1 403 Forbidden Server: nginx/1.12.1 Date: Fri, 06 Jul 2018 04:13:19 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive # curl -x127.0.0.1:80 -e "http://test.com/1.txt" test.com/2.jpg -I HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Fri, 06 Jul 2018 04:15:06 GMT Content-Type: image/jpeg Content-Length: 4 Last-Modified: Fri, 06 Jul 2018 03:51:35 GMT Connection: keep-alive ETag: "5b3ee747-4" Expires: Fri, 13 Jul 2018 04:15:06 GMT Cache-Control: max-age=604800 #过期时间为7d Accept-Ranges: bytes

可以看到不仅有过期时间，还有防盗链的功能。

访问控制

Nginx需要限制某些IP不能访问或只允许某些IP访问，配置访问和httpd类似。

使访问admin目录的请求只允许192.168.33.128和127.0.0.1访问：

location /admin/
{ allow 192.168.33.128; allow 127.0.0.1; deny all; }

配置httpd的时候还有个order来先定义allow或deny，在Nginx中没有，只要逐条匹配规则就结束了。

# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful # /usr/local/nginx/sbin/nginx -s reload # mkdir /data/nginx/test.com/admin/ # echo "123" > /data/nginx/test.com/admin/1.html # curl -x127.0.0.1:80 test.com/admin/1.html 123 # curl -x192.168.33.129:80 test.com/admin/1.html <html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/1.12.1</center> </body> </html>

配置文件中的IP也可以为IP段，比如可以写成allow 192.168.33.0/24。如果只是拒绝几个IP，可以写成这样：

location /admin/
{ deny 192.168.33.128; deny 127.0.0.1; }

Nginx默认就是允许所有，所以不需要写allow all。

另外，还可以根据正则匹配来限制：

location ~ .*(abc|image)/.*\.php$ #禁止解析PHP { return 403; }

|为分隔符，表示“或”的意思，这样就可以把访问的URL中带有abc或者image字符串，并且是PHP的请求拒绝访问。

在Nginx里，也可以针对user_agent做一些限制：

if ($http_user_agent ~ `Spider/3.0|YoudaoBot|Tomato`) { return 403; }

~为匹配符，只要user_agent中含有Spider3.0或者YoudaoBot或者Tomato字符串的，都会被拒绝。

Nginx解析PHP

在LNMP中，PHP是以一个服务（php—fpm)的形式存在的，首先要启动php-fpm服务，然后Nginx再和php-fpm通信。

下面是相关配置：

# vim test.com.conf server { listen 80; server_name test.com test1.com test2.com; index index.html index.htm index.php; root /data/nginx/test.com; if ($host != 'test.com') { rewrite ^/(.*)$ http://test.com/$1 permanent; } location ~ \.php$ { include fastcgi_params; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/nginx/test.com$fastcgi_script_name; } access_log /tmp/1.log combined_realip; }

其中fastcgi_pass用来指定php-fom的地址，fastcgi_param SCRIPT_FILENAME后面跟的路径为该站点的根目录，必须和前面定义的root的路径保持一致，否则会报502错误。

Nginx代理

Nginx的代理功能非常实用，如果一个没有公网IP的服务器要提供web服务，就可以通过Nginx代理来实现。如果Nginx后面有多台服务器，如果同时代理，那Nginx在这里就起到一个负载均衡的作用。

配置Nginx代理：

# cd /usr/local/nginx/conf/vhost/ # vim proxy.conf #写入下面内容 server { listen 80; server_name lzx.com; location / { proxy_pass http://61.135.169.125/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }

Proxy_pass		指定要代理的域名所在的服务器IP；

后面的三行为定义发往后端web服务取的请求头，第二行必须有，否则代理不会成功,它表示后端web服务器的域名和当前配置文件中的server_name保持一致；

$remote_addr		访问网站的用户的出口ip；

$http_x_forwarded_for		代理服务器的ip，如果使用了代理则会记录代理的ip。

配置文件保存后，重新加载Nginx服务并验证：

# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful # /usr/local/nginx/sbin/nginx -s reload # curl -x127.0.0.1:80 123.com -I

免责声明！

本站转载的文章为个人学习借鉴使用，本站对版权不负任何法律责任。如果侵犯了您的隐私权益，请联系本站邮箱yoyou2525@163.com删除。

猜您在找 LNMP环境搭建与配置 LNMP环境搭建 Linux搭建lnmp环境 Docker LNMP环境搭建从零搭建LNMP环境 CentOS搭建LNMP环境搭建 LNMP 环境 LNMP环境搭建 docker搭建lnmp环境 linux：lnmp环境搭建