Linux安裝Nginx+PHP+Mysql

安裝Nginx

先更新包、軟件、系統內核

yum update 

安裝ggc

yum install gcc-c++

　安裝pcre-devel

yum install  pcre pcre-devel

　安裝cmake

官網：https://cmake.org

wget https://cmake.org/files/v3.6/cmake-3.14.0.tar.gz
tar -xzvf cmake-3.14.0.tar.gz
cd cmake-3.14.0 
./bootstrap
gmake
gmake install

　　查看編譯后的cmake版本

/usr/local/bin/cmake --version

　　新建軟連接

ln -s /usr/local/bin/cmake /usr/bin/

　　終端查看版本

cmake --version

　　安裝zlib

官網：http://www.zlib.net/

cd /usr/local/src
wget http://zlib.net/zlib-1.2.11.tar.gz
tar -xzvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure
make && make install

　　安裝bzip

官網：http://www.bzip.org/downloads.html
源碼包：https://sourceforge.net/projects/bzip2/

cd /usr/local/src
wget https://nchc.dl.sourceforge.net/project/bzip2/bzip2-1.0.6.tar.gz 
tar -xzvf bzip2-1.0.6.tar.gz
cd bzip2-1.0.6
# 為編譯做准備，創建libbz2.so動態鏈接庫
make -f Makefile-libbz2_so
# 編譯安裝
make && make install

　　安裝ziblip

# 先卸載舊的
yum -y remove libzip-devel
# 找到最新版本的，並下載
# https://libzip.org/ 官網
wget https://libzip.org/download/libzip-1.5.1.tar.gz
tar -zxvf libzip-1.5.1.tar.gz
cd libzip-1.5.1
mkdir build
cd build
cmake ..
make && make install

　　安裝openssl

官網：https://www.openssl.org/ 

cd /usr/local/src
wget https://www.openssl.org/source/openssl-1.1.1b.tar.gz
tar -xzvf openssl-1.1.1b.tar.gz
cd openssl-1.1.1b
# 制定編譯安裝后的位置
./config --prefix=/usr/local/openssl
make && make install

　　查看安裝

which openssl

　　建立軟連接

ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl

　　執行

cd /usr/local/openssl
ldd /usr/local/openssl/bin/openssl

　　查看版本

openssl version
# 找不到動態庫

　　解決動態庫的問題

vim /etc/ld.so.conf
# 在尾部追加
/usr/local/openssl/lib
# 然后執行
ldconfig /etc/ld.so.conf
openssl version
# 這個時候，版本號就出來了

　　安裝 nginx_brotli

https://github.com/google/ngx_brotli

https://github.com/eustas/ngx_brotli

cd /usr/local/src
git clone https://github.com/eustas/ngx_brotli.git 
cd ngx_brotli
git submodule update --init --recursive

　　增加用戶組

 groupadd www
 useradd -g www -M www

vi /etc/passwd
#找到www，將后面的/bin/bash改為/sbin/nologin即可。

　　

   下載安裝nginx

官網：http://nginx.org/en/download.html 

cd /usr/local/src
wget http://nginx.org/download/nginx-1.14.2.tar.gz
tar -xzvf nginx-1.14.2.tar.gz
cd nginx-1.14.2 

　　配置編譯

./configure \
--user=www \
--group=www \
--prefix=/alidata/service/nginx \
--pid-path=/alidata/service/nginx/run/nginx.pid \
--with-http_stub_status_module \ 
--with-threads \
--with-file-aio \
--with-pcre-jit \
--with-http_ssl_module \ 
--with-http_v2_module \ 
--with-http_gzip_static_module \ 
--with-http_sub_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_realip_module \
--with-http_addition_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-stream_realip_module \
--with-http_slice_module \
--with-pcre \
--with-openssl=/usr/local/src/openssl-1.1.1b/  \
--with-openssl-opt=enable-tls1_3 \ 
--add-module=/usr/local/src/ngx_brotli/

　　沒有問題會提示

Configuration summary
  + using threads
  + using system PCRE library
  + using OpenSSL library: /usr/local/src/openssl-1.1.1b
  + using system zlib library

  nginx path prefix: "/alidata/service/nginx"
  nginx binary file: "/alidata/service/nginx/sbin/nginx"
  nginx modules path: "/alidata/service/nginx/modules"
  nginx configuration prefix: "/alidata/service/nginx/conf"
  nginx configuration file: "/alidata/service/nginx/conf/nginx.conf"
  nginx pid file: "/alidata/service/nginx/run/nginx.pid"
  nginx error log file: "/alidata/service/nginx/logs/error.log"
  nginx http access log file: "/alidata/service/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"

　　編譯安裝

make && make install

　　啟動nginx

/alidata/server/nginx/sbin/nginx 
ps -ef|grep nginx
# 查看編譯的模塊
/alidata/service/nginx/sbin/nginx -V

　　配置開機自啟動

cd /lib/systemd/system/
#創建文件
vi nginx.service

　　

[Unit]
Description=nginx 
After=network.target 

[Service] 
Type=forking 
ExecStart=/alidata/service/nginx/sbin/nginx
ExecReload=/alidata/service/nginx/sbin/nginx reload
ExecStop=/alidata/service/nginx/sbin/nginx quit
PrivateTmp=true 

[Install] 
WantedBy=multi-user.target

　　保存並退出，激活自啟動功能

systemctl enable nginx.service

systemctl start nginx.service #啟動nginx
systemctl stop nginx.service #結束nginx
systemctl restart nginx.service #重啟nginx

　　

安裝php
https://blog.vini123.com/303

php官網：https://php.net/downloads.php
迅雷下載后傳到服務器上

准備編譯環境

yum install curl-devel
yum install  libxml2-devel
yum install  libjpeg-devel
yum install  libpng-devel
yum install freetype-devel
yum install libxslt-devel

　　安裝

cd /usr/local/src/php-7.3.4

./configure --prefix=/alidata/service/php \
--with-config-file-path=/alidata/service/php/etc \
--with-config-file-scan-dir=/alidata/service/php/etc/php.d \
--with-fpm-user=www \
--with-fpm-group=www \
--with-curl \
--with-freetype-dir \
--with-gd \
--with-gettext \
--with-iconv-dir \
--with-kerberos \
--with-libdir=lib64 \
--with-libxml-dir \
--with-mysqli \
--with-openssl \
--with-pcre-regex \
--with-pdo-mysql \
--with-pdo-sqlite \
--with-pear \
--with-png-dir \
--with-jpeg-dir \
--with-xmlrpc \
--with-xsl \
--with-zlib \
--with-bz2 \
--with-mhash \
--enable-fpm \
--enable-bcmath \
--enable-libxml \
--enable-inline-optimization \
--enable-mbregex \
--enable-mbstring \
--enable-opcache \
--enable-pcntl \
--enable-shmop \
--enable-soap \
--enable-sockets \
--enable-sysvsem \
--enable-sysvshm \
--enable-xml \
--enable-zip \
--enable-fpm \
--disable-fileinfo

　　安裝

make && make install

　　配置環境變量

vi /etc/profile

　　在末尾追加

PATH=$PATH:/alidata/service/php/bin
export PATH

　　保存，然后source

source /etc/profile
echo $PATH  #看到配置的環境變量了
php -v #查看php的版本信息

　　填充文件

cp /alidata/service/php/etc/php-fpm.conf.default  /alidata/service/php/etc/php-fpm.conf
cp /alidata/service/php/etc/php-fpm.d/www.conf.default /alidata/service/php/etc/php-fpm.d/www.conf
cp /usr/local/src/php-7.3.4/php.ini-production  /alidata/service/php/etc/php.ini
cp /usr/local/src/php-7.3.4/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm

chmod +x /etc/init.d/php-fpm
chkconfig --add php-fpm  #開機自啟動

　　開啟關閉命令

#啟動服務
service php-fpm start 
#停止服務
service php-fpm stop  
#重啟服務
service php-fpm reload

/etc/init.d/php-fpm start   #開啟
/etc/init.d/php-fpm stop  #關閉
/etc/init.d/php-fpm restart  #重啟

php -i|grep php.ini 

 

安裝mysql
https://blog.vini123.com/105

依賴包安裝及清除舊版本

yum groupinstall -y Development Tools
yum -y install gcc gcc-c++ make cmake  readline-devel zlib-devel ncurses ncurses-devel 
yum -y install libevent man  libxml2 libxml2-devel openssl-devel bison bison-devel  libaio-devel

rpm -qa|grep mysql 
rpm -qa|grep mariadb
rpm -e --nodeps  mariadb-libs-5.5.50-1.el7_2.x86_64

　　官網下載：https://downloads.mariadb.org/

cd /usr/local/src/mariadb
wget https://mirrors.tuna.tsinghua.edu.cn/mariadb//mariadb-10.1.22/source/mariadb-10.1.22.tar.gz
tar -xzvf mariadb-10.1.22.tar.gz
cd mariadb-10.1.22

　　創建用戶組及相關目錄

groupadd mysql  #創建mysql用戶組
useradd -s /sbin/nologin -g mysql -M mysql   #創建mysql用戶歸屬mysql組
mkdir /data/server/mariadb/mysql   #創建安裝目錄
mkdir -p /data/server/mariadb/data   #創建數據庫存放目錄
chown -R mysql:mysql  /data/server/mariadb/data   #給予權限

　　編譯源碼包安裝

cmake . -DCMAKE_INSTALL_PREFIX=/data/server/mariadb/mysql -DMYSQL_DATADIR=/data/server/mariadb/data -DSYSCONFDIR=/etc -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITH_READLINE=1 -DWITH_SSL=system -DWITH_ZLIB=system -DWITH_LIBWRAP=0 -DMYSQL_UNIX_ADDR=/tmp/mysql.sock -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DENABLED_LOCAL_INFILE=1 

　簡化版

cmake . -DCMAKE_INSTALL_PREFIX=/alidata/service/mariadb/mysql -DMYSQL_DATADIR=/alidata/service/mariadb/data -DWITHOUT_TOKUDB=1 -DSYSCONFDIR=/etc -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITH_READLINE=1 -DWITH_SSL=system -DWITH_ZLIB=system -DWITH_LIBWRAP=0 -DMYSQL_UNIX_ADDR=/tmp/mysql.sock -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DENABLED_LOCAL_INFILE=1

　　

部分編譯參數解釋：

• -DCMAKE_INSTALL_PREFIX 安裝目錄
• -DMYSQL_DATADIR 數據庫存放目錄
• -DSYSCONFDIR 配置文件目錄（具體 /etc/my.cnf）
• -DWITH_INNOBASE_STORAGE_ENGINE 支持數據庫innobase引擎
• -DWITH_ARCHIVE_STORAGE_ENGINE 支持數據庫archive引擎
• -DWITH_BLACKHOLE_STORAGE_ENGINE 支持數據庫blackhole存儲引擎
• -DDEFAULT_CHARSET 支持字符集
• -DDEFAULT_COLLATION 排序規則 校驗字符
• -DENABLED_LOCAL_INFILE 允許本地導入數據

注意在源碼包里進行cmake。如果遇到錯誤 rm -f CMakeCache.txt 並刪除緩存重新配置。配置完成結果。

 編輯和安裝

make && make install

　　

內存不足錯誤

cc: internal compiler error: Killed (program cc1)
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://bugzilla.redhat.com/bugzilla> for instructions.
make[2]: *** [storage/mroonga/vendor/groonga/lib/CMakeFiles/libgroonga.dir/expr.c.o] Error 4
make[1]: *** [storage/mroonga/vendor/groonga/lib/CMakeFiles/libgroonga.dir/all] Error 2
make: *** [all] Error 2

　　借內存

dd if=/dev/zero of=/home/swap bs=1024 count=1024000   #創建一個1G的分區文件（大小可以自己定）
/sbin/mkswap /home/swap   #將創建的分區格式化為swap
/sbin/swapon /home/swap   #使這個分區立即生效
vi /etc/fstab   #編輯fstab，設置開機自動掛載swap
/home/swap swap swap defaults 0 0   #將此行追加到 /etc/fstab 行尾。然后保存。
free #查看swap大小 

　　刪除CMake緩存文件

rm -f /usr/local/src/mariadb/mariadb-10.1.22/CMakeCache.txt

　　安裝完成后釋放swap

/sbin/swapoff /home/swap   #停止swap分區
rm -f /home/swap   #刪除swap分區文件
vi /etc/fstab   #編輯fstab，取消開機自動掛載swap
/home/swap swap swap defaults 0 0   #將此行注釋掉或刪掉。然后保存。
free #查看swap大小 

　　設置環境變量

cd  /data/server/mariadb/mysql   #進入安裝目錄
scripts/mysql_install_db --user=mysql --datadir=/data/server/mariadb/data/   #初始化系統表
cp support-files/mysql.server /etc/init.d/mysqld   #復制mysql.server
chkconfig --add mysqld   #添加到系統服務
chkconfig mysqld on   #設置開機自啟動   
vi /etc/profile   #編輯環境變量
PATH=$PATH:/data/server/mariadb/mysql/bin   #此行和下一行追加到 /etc/profile文件末尾，並保存退出。
export PATH
source /etc/profile   #使得環境變量生效。

　　復制配置文件

cp -f /usr/local/src/mariadb/mariadb-10.1.22/support-files/my-small.cnf /etc/my.cnf
vi  /etc/my.cnf   #編輯配置文件

　　沒有my-small，則復制

cp /alidata/service/mariadb/mysql/support-files/wsrep.cnf /etc/my.cnf

　　在配置文件中添加如下代碼

basedir=/data/server/mariadb/mysql
datadir=/data/server/mariadb/data
pid-file=/data/server/mariadb/data/mariadb.pid
log-error=/data/log/mariadb/mariadb.err 

　　保存，啟動mysql

/etc/init.d/mysqld start   #啟動mysql。
#重啟 （restart）
#停止（stop）
#啟動（start）

　　

上邊所有步驟都結束后，最好做一次安全初始化。使用mysql_secure_installation來安全初始化。該腳本能：

1. 為數據庫root用戶設置或重置密碼
2. 禁止匿名用戶登錄
3. 禁止root用戶的遠程訪問，只允許本地localhost訪問
4. 刪除test數據庫（任何人都可以訪問的數據庫）
5. 刷新授權表使修改生效。也就是上邊的四項生效。

mysql_secure_installation  #執行這個后，會一步一步來執行初始化安全腳本。需要手動來輸入進行下去的。

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
  #因為之前沒有設置過root的密碼。這里直接回車。
Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
  #輸入y，回車。開始設置密碼（linux下輸入密碼是不可見的）。
Set root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.
  #密碼設置成功后，是否移除匿名用戶。輸入y，回車。移除匿名用戶。
Remove anonymous users? [Y/n] y
... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.
  #是否禁止root用戶遠程登錄。輸入y，回車。為了安全，請禁止。
Disallow root login remotely? [Y/n] y
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.
  #是否移除test數據庫。輸入n，回車。這里不移除。
Remove test database and access to it? [Y/n] n
... skipping.

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
  #是否刷新授權表生效。輸入y，回車。刷新授權表之后，上邊的設置才生效。
Reload privilege tables now? [Y/n] y
... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!重啟 （restart）， 停止（stop）， 啟動（start）

mysql 添加遠程訪問權限

mysql -u root -p
GRANT ALL PRIVILEGES ON *.* TO 'root'@'10.10.11.12' IDENTIFIED BY 'FEFJay' WITH GRANT OPTION; #添加權限
flush privileges;
REVOKE ALL on *.* FROM 'root'@'10.10.11.12'; #刪除權限

root用戶名，10.10.11.12允許訪問ip，FEFJay密碼

 

安裝redis擴展 https://blog.vini123.com/107

安裝memcache https://blog.vini123.com/234

 

Nginx 配置

mkdir nginx/conf/vhost #配置目錄

mkdir nginx/conf/ssl #存放證書目錄

vim www.conf #創建域名配置文件

server {
    listen       80;
    server_name  localhost 【IP地址】;
    index index.html index.htm index.php;
    root 【網站根目錄】;
    
    location ~ .*\.(php|php5)?$
    {
        #fastcgi_pass  unix:/tmp/php-cgi.sock;
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index index.php;  
        include fastcgi.conf;
    }
	
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires 30d;
    }

    location ~ .*\.(js|css)?$
    {
        expires 1h;
    }
}

配置二級域名

server 
{
    listen 80;
    server_name  test.cn  www.test.cn; 
    return 301 https://www.test.cn$request_uri;
}

server 
{
    listen 443 ssl http2; 
    server_name test.cn  www.test.cn;    

    if ( $host = 'test.cn' ){
        return 301 https://www.test.cn$request_uri;
    }           

    ssl_certificate         【證書目錄.crt】;
    ssl_certificate_key    【證書目錄.key】;

    ssl_session_timeout 5m;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=31536000";
    add_header Content-Security-Policy "default-src 'self';script-src * 'unsafe-inline';style-src * 'unsafe-inline';";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Frame-Options 'SAMEORIGIN';

    charset utf-8;
    index index.php index.html index.htm;
    root 【網站根目錄】;
	
    location / {
        try_files $uri $uri/  /index.php?$query_string; 
    }

    location ~ \.php($|/) {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param HTTPS $https if_not_empty;
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
	
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires 30d;
    }
	
    location ~ .*\.(js|css)?$
    {
        expires 1h;
    }
    access_log  nginx/logs/www.test.cn.log;
}