LNMP環境搭建與配置

本文轉載自查看原文 2020-10-23 17:04 642

1 安裝MySQL

LNMP中MySQL的安裝步驟和LAMP一樣。

下載軟件包：

# cd /usr/local/src/ # wget http://mirrors.sohu.com/mysql/MySQL-5.6/mysql-5.6.36-linux-glibc2.5-x86_64.tar.gz #下載mysql二進制包

初始化：

# tar zxf mysql-5.6.36-linux-glibc2.5-x86_64.tar.gz #解壓二進制包 # [ -d /usr/local/mysql ] && mv /usr/local/mysql /usr/local/mysql_old # mv mysql-5.6.36-linux-glibc2.5-x86_64 /usr/local/mysql # useradd -s /sbin/nologin mysql #創建用戶mysql # cd /usr/local/mysql # mkdir -p data/mysql #創建datadir，數據庫文件會放到這里 # chown -R mysql:mysql data/mysql #更改權限，否則后面會出問題 # ./scripts/mysql_install_db --user=mysql --datadir=/usr/local/mysql/data/mysql #這里datadir盡量使用絕對路徑，不然后面可能報錯 FATAL ERROR: please install the following Perl modules before executing ./scripts/mysql_install_db: Data::Dumper #有報錯，安裝所缺包 # yum list |grep -i dumper perl-Data-Dumper.x86_64 2.145-3.el7 @base perl-XML-Dumper.noarch 0.81-17.el7 base # yum install -y perl-Data-Dumper.x86_64 # ./scripts/mysql_install_db --user=mysql --datadir=/usr/local/mysql/data/mysql Installing MySQL system tables..../bin/mysqld: error while loading shared libraries: libaio.so.1: cannot open shared object file: No such file or directory #再次報錯，安裝所缺包 # yum install -y libaio-devel # ./scripts/mysql_install_db --user=mysql --datadir=/usr/local/mysql/data/mysql #有兩個OK，就說明初始化成功 # echo $? 0 #檢驗上條命令是否執行成功，0表示執行成功

配置MySQL：

# cp support-files/my-default.cnf /etc/my.cnf cp：是否覆蓋"/etc/my.cnf"？ y # vim /etc/my.cnf #修改配置文件如下

[mysqld] # Remove leading # and set to the amount of RAM for the most important data # cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%. innodb_buffer_pool_size = 128M # Remove leading # to turn on a very important data integrity option: logging # changes to the binary log between backups. # log_bin = # These are commonly set, remove the # and set as required. basedir = /usr/local/mysql #這里做3處修改，basedir 是MySQL包所在的路徑，datadir 是定義的存放數據的地方，port 定義MySQL服務監聽的端口，如果不定義默認就是3306 datadir = /usr/local/mysql/data/mysql port = 3306 # server_id = ..... # socket = ..... # Remove leading # to set options mainly useful for reporting servers.

# cp support-files/mysql.server /etc/init.d/mysqld # chmod 755 /etc/init.d/mysqld # vim /etc/init.d/mysqld basedir=/usr/local/mysql datadir=/usr/local/mysql/data/mysql #修改成這樣 # chkconfig --add mysqld #將mysqld加入系統服務項 # chkconfig mysqld on #設置開機啟動

啟動MySQL：

# service mysqld start #啟動mysqld服務 Starting MySQL.Logging to '/usr/local/mysql/data/mysql/localhost.localdomain.err'. . SUCCESS! #mysqld服務啟動成功 # netstat -lntp |grep 3306 #檢驗mysqld服務是否啟動成功，查看是否在監聽3306端口 tcp6 0 0 :::3306 :::* LISTEN 3655/mysqld

2 安裝PHP

下載源碼包：

# cd /usr/local/src/ # wget http://cn2.php.net/distributions/php-5.6.36.tar.gz

解壓源碼包，創建賬號：

# tar zxf php-5.6.36.tar.gz # useradd -s /sbin/nologin php-fpm

配置編譯選項：

# ./configure \ > --prefix=/usr/local/php-fpm \ > --with-config-file-path=/usr/local/php-fpm/etc \ > --enable-fpm \ > --with-fpm-user=php-fpm \ > --with-fpm-group=php-fpm \ > --with-mysql=/usr/local/mysql \ > --with-mysql-sock=/tmp/mysql.sock \ > --with-libxml-dir \ > --with-gd \ > --with-jpeg-dir \ > --with-png-dir \ > --with-freetype-dir \ > --with-iconv-dir \ > --with-zlib-dir \ > --with-mcrypt \ > --enable-soap \ > --enable-gd-native-ttf \ > --enable-ftp \ > --enable-mbstring \ > --enable-exif \ > --disable-ipv6 \ > --with-pear \ > --with-curl \ > --with-openssl #多了--enable-fpm，如果不加該參數，則不會有php-fpm執行文件生成，更不能啟動php-fpm服務

錯誤1：

checking for cc... no checking for gcc... no configure: error: in `/usr/local/src/php-5.6.36': configure: error: no acceptable C compiler found in $PATH See `config.log' for more details # yum install -y gcc #這里提示安裝gcc，是因為我用了新的虛擬機 # ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #繼續執行這一步

錯誤2：

checking for xml2-config path... configure: error: xml2-config not found. Please check your libxml2 installation. # yum list |grep libxml2 libxml2.x86_64 2.9.1-6.el7_2.3 @anaconda libxml2.i686 2.9.1-6.el7_2.3 base libxml2-devel.i686 2.9.1-6.el7_2.3 base libxml2-devel.x86_64 2.9.1-6.el7_2.3 base libxml2-python.x86_64 2.9.1-6.el7_2.3 base libxml2-static.i686 2.9.1-6.el7_2.3 base libxml2-static.x86_64 2.9.1-6.el7_2.3 base # yum install -y libxml2-devel.x86_64 #安裝libxml-devel # ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #繼續執行這一步

錯誤3：

configure: error: Cannot find OpenSSL's <evp.h> # yum install -y openssl openssl-devel #安裝openssl和openssl-devel # ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #繼續執行這一步

錯誤4：

checking for cURL in default path... not found configure: error: Please reinstall the libcurl distribution - easy.h should be in <curl-dir>/include/curl/ # yum install -y libcurl-devel #安裝libcurl-devel # ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #繼續執行這一步

錯誤5：

configure: error: jpeglib.h not found.

# yum -y install libjpeg-devel #安裝libjpeg-devel # ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #繼續執行這一步

錯誤6：

configure: error: png.h not found.

# yum install -y libpng libpng-devel #安裝libpng-devel # ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #繼續執行這一步

錯誤7：

configure: error: freetype-config not found.

# yum install -y freetype freetype-devel #安裝freetype-devel # ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #繼續執行這一步

錯誤8：

configure: error: mcrypt.h not found. Please reinstall libmcrypt.

# yum install -y epel-release # yum install -y libmcrypt-devel #安裝libmcrypt-devel（安裝之前要安裝epel-release這個擴展源） # ./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl #繼續執行這一步

終於不再提示錯誤，有這樣的信息：

+--------------------------------------------------------------------+
| License: | | This software is subject to the PHP License, available in this | | distribution in the file LICENSE. By continuing this installation | | process, you are bound by the terms of this license agreement. | | If you do not agree with the terms of this license, you must abort | | the installation process at this point. | +--------------------------------------------------------------------+ Thank you for using PHP. config.status: creating php5.spec config.status: creating main/build-defs.h config.status: creating scripts/phpize config.status: creating scripts/man1/phpize.1 config.status: creating scripts/php-config config.status: creating scripts/man1/php-config.1 config.status: creating sapi/cli/php.1 config.status: creating sapi/fpm/php-fpm.conf config.status: creating sapi/fpm/init.d.php-fpm config.status: creating sapi/fpm/php-fpm.service config.status: creating sapi/fpm/php-fpm.8 config.status: creating sapi/fpm/status.html config.status: creating sapi/cgi/php-cgi.1 config.status: creating ext/phar/phar.1 config.status: creating ext/phar/phar.phar.1 config.status: creating main/php_config.h config.status: executing default commands

這就說明PHP配置編譯參數完成。

編譯php：

# make Build complete. Don't forget to run 'make test'. # echo $? 0

編譯完成（在這一步，也有可能會遇到問題）。

安裝php：

# make install Wrote PEAR system config file at: /usr/local/php-fpm/etc/pear.conf You may want to add: /usr/local/php-fpm/lib/php to your php.ini include_path /usr/local/src/php-5.6.36/build/shtool install -c ext/phar/phar.phar /usr/local/php-fpm/bin ln -s -f phar.phar /usr/local/php-fpm/bin/phar Installing PDO headers: /usr/local/php-fpm/include/php/ext/pdo/ # echo $? 0

安裝完成。

修改配置文件：

# cp php.ini-production /usr/local/php-fpm/etc/php.ini # vim /usr/local/php-fpm/etc/php-fpm.conf #這里是新文件，直接復制粘貼下面的腳本內容即可 [global] pid = /usr/local/php-fpm/var/run/php-fpm.pid error_log = /usr/local/php-fpm/var/log/php-fpm.log [www] listen = /tmp/php-fcgi.sock listen.mode = 666 user = php-fpm group = php-fpm pm = dynamic pm.max_children = 50 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 500 rlimit_files = 1024 # /usr/local/php-fpm/sbin/php-fpm -t [01-Jul-2018 21:08:57] NOTICE: configuration file /usr/local/php-fpm/etc/php-fpm.conf test is successful #顯示 test is successful ，說明配置沒有問題

啟動php-fpm：

# cp /usr/local/src/php-5.6.36/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm # chmod 755 /etc/init.d/php-fpm # useradd -s /sbin/nologin php-fpm useradd：用戶“php-fpm”已存在 #如果之前進行過這一步，那這里就可以省略 # service php-fpm start Starting php-fpm done # ps aux |grep php-fpm #檢測php-fpm是否啟動 root 30222 0.0 0.1 123452 4812 ? Ss 21:14 0:00 php-fpm: master process (/usr/local/php-fpm/etc/php-fpm.conf) php-fpm 30223 0.0 0.1 123452 4580 ? S 21:14 0:00 php-fpm: pool www php-fpm 30224 0.0 0.1 123452 4580 ? S 21:14 0:00 php-fpm: pool www php-fpm 30225 0.0 0.1 123452 4580 ? S 21:14 0:00 php-fpm: pool www php-fpm 30226 0.0 0.1 123452 4580 ? S 21:14 0:00 php-fpm: pool www php-fpm 30227 0.0 0.1 123452 4584 ? S 21:14 0:00 php-fpm: pool www php-fpm 30228 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30229 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30230 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30231 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30232 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30233 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30234 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30235 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30236 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30237 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30238 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30239 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30240 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30241 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www php-fpm 30242 0.0 0.1 123452 4588 ? S 21:14 0:00 php-fpm: pool www root 30248 0.0 0.0 112720 980 pts/0 S+ 21:16 0:00 grep --color=auto php-fpm #說明php-fpm成功啟動 # chkconfig php-fpm on #設置php-fpm開機啟動

3 安裝Nginx

下載和解壓Nginx：

# cd /usr/local/src/ # wget http://nginx.org/download/nginx-1.12.1.tar.gz # tar zxf nginx-1.12.1.tar.gz

配置編譯選項：

# cd nginx-1.12.1 # ./configure --prefix=/usr/local/nginx Configuration summary + using system PCRE library + OpenSSL library is not used + using system zlib library nginx path prefix: "/usr/local/nginx" nginx binary file: "/usr/local/nginx/sbin/nginx" nginx modules path: "/usr/local/nginx/modules" nginx configuration prefix: "/usr/local/nginx/conf" nginx configuration file: "/usr/local/nginx/conf/nginx.conf" nginx pid file: "/usr/local/nginx/logs/nginx.pid" nginx error log file: "/usr/local/nginx/logs/error.log" nginx http access log file: "/usr/local/nginx/logs/access.log" nginx http client request body temporary files: "client_body_temp" nginx http proxy temporary files: "proxy_temp" nginx http fastcgi temporary files: "fastcgi_temp" nginx http uwsgi temporary files: "uwsgi_temp" nginx http scgi temporary files: "scgi_temp" # echo $? 0

編譯和安裝Nginx：

# make # echo $? 0 # make install # echo $? 0

編寫Nginx啟動腳本，並加入系統服務：

# vim /etc/init.d/nginx #寫入下面內容

#!/bin/bash # chkconfig: - 30 21 # description: http service. # Source Function Library . /etc/init.d/functions # Nginx Settings NGINX_SBIN="/usr/local/nginx/sbin/nginx" NGINX_CONF="/usr/local/nginx/conf/nginx.conf" NGINX_PID="/usr/local/nginx/logs/nginx.pid" RETVAL=0 prog="Nginx" start() { echo -n $"Starting $prog: " mkdir -p /dev/shm/nginx_temp daemon $NGINX_SBIN -c $NGINX_CONF RETVAL=$? echo return $RETVAL } stop() { echo -n $"Stopping $prog: " killproc -p $NGINX_PID $NGINX_SBIN -TERM rm -rf /dev/shm/nginx_temp RETVAL=$? echo return $RETVAL } reload() { echo -n $"Reloading $prog: " killproc -p $NGINX_PID $NGINX_SBIN -HUP RETVAL=$? echo return $RETVAL } restart() { stop start } configtest() { $NGINX_SBIN -c $NGINX_CONF -t return 0 } case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) restart ;; configtest) configtest ;; *) echo $"Usage: $0 {start|stop|reload|restart|configtest}" RETVAL=1 esac exit $RETVAL

# chmod 755 /etc/init.d/nginx #更改啟動腳本權限 # chkconfig --add nginx #將Nginx加入系統服務項 # chkconfig nginx on #設置Nginx開機啟動

更改Nginx的配置文件：

# > /usr/local/nginx/conf/nginx.conf # > 表示重定向，單獨使用時，可以把一個文本文檔快速清空 # vim /usr/local/nginx/conf/nginx.conf #寫入下面內容

user nobody nobody; worker_processes 2; error_log /usr/local/nginx/logs/nginx_error.log crit; pid /usr/local/nginx/logs/nginx.pid; worker_rlimit_nofile 51200; events { use epoll; worker_connections 6000; } http { include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 3526; server_names_hash_max_size 4096; log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]' ' $host "$request_uri" $status' ' "$http_referer" "$http_user_agent"'; sendfile on; tcp_nopush on; keepalive_timeout 30; client_header_timeout 3m; client_body_timeout 3m; send_timeout 3m; connection_pool_size 256; client_header_buffer_size 1k; large_client_header_buffers 8 4k; request_pool_size 4k; output_buffers 4 32k; postpone_output 1460; client_max_body_size 10m; client_body_buffer_size 256k; client_body_temp_path /usr/local/nginx/client_body_temp; proxy_temp_path /usr/local/nginx/proxy_temp; fastcgi_temp_path /usr/local/nginx/fastcgi_temp; fastcgi_intercept_errors on; tcp_nodelay on; gzip on; gzip_min_length 1k; gzip_buffers 4 8k; gzip_comp_level 5; gzip_http_version 1.1; gzip_types text/plain application/x-javascript text/css text/htm application/xml; server { listen 80; server_name localhost; index index.html index.htm index.php; root /usr/local/nginx/html; location ~ \.php$ { include fastcgi_params; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name; } } }

# /usr/local/nginx/sbin/nginx -t #檢驗配置文件是否有問題 nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful #顯示上面兩行說明配置正確

啟動Nginx：

# service nginx start #啟動Nginx服務 Starting nginx (via systemctl): [ 確定 ] #如果不能啟動，可以查看/usr/local/nginx/logs/error.log文件 # ps aux |grep nginx #檢驗Nginx服務是否啟動 root 32821 0.0 0.0 20540 624 ? Ss 21:47 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf nobody 32822 0.0 0.0 22984 3204 ? S 21:47 0:00 nginx: worker process nobody 32823 0.0 0.0 22984 3204 ? S 21:47 0:00 nginx: worker process root 32825 0.0 0.0 112720 984 pts/0 S+ 21:48 0:00 grep --color=auto nginx

可以看到，Nginx服務成功啟動。

測試是否正確解析PHP：

# vim /usr/local/nginx/html/1.php <?php echo "php解析正常"; ?> # curl localhost/1.php php解析正常[root@localhost nginx-1.12.1]#

說明PHP解析正常。

4 Nginx配置

LNMP環境搭建好之后，其實僅僅是安裝上了軟件，我們還有很多具體的配置工作要做。

默認虛擬主機

默認虛擬主機指的是，任何一個域名指向這台服務器，只要是沒有對應的虛擬主機，就會由這個默認虛擬主機來處理。

與httpd相同，在Nginx中也有默認虛擬主機，並且類似的，第一個被Nginx加載的虛擬主機就是默認主機。但不同的是，它還有一個配置用來標記默認虛擬主機，也就是說，如果沒有這個標記，第一個虛擬主機為默認虛擬主機。

要先修改主配置文件：

# vim /usr/local/nginx/conf/nginx.conf include vhost/*.conf; #在結束符號 } 上面加入這行配置 }

上面那行配置就是加載/usr/local/nginx/conf/vhost/下面的所有以.conf結尾的文件，這樣我們就可以把所有虛擬主機的配置文件放到vhost目錄下面了。

編輯默認主機配置文件：

# mkdir /usr/local/nginx/conf/vhost # cd /usr/local/nginx/conf/vhost # vim default.conf #這里是新文件，寫入下面內容 server { listen 80 default_server; #有這個 default_server 標記的就是默認虛擬主機 server_name 123.com; index index.html index.htm index.php; root /data/nginx/default; }

驗證上面配置：

# /usr/local/nginx/sbin/nginx -t #檢驗上面配置 nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful #說明配置沒有問題 # /usr/local/nginx/sbin/nginx -s reload #重載配置，這樣就不用重啟了 # mkdir -p /data/nginx/default/ # echo "default" > /data/nginx/default/index.html #創建索引頁 # curl -x127.0.0.1:80 123.com default # curl -x192.168.33.128:80 123.com default #這里輸入127.0.0.1和192.168.33.128（linux的IP）都行 # curl -x127.0.0.1:80 aaa.com default #訪問一個沒有定義過的域名，也會訪問到123.com

如果想讓瀏覽器訪問到這個，可以這樣：

# iptables -I INPUT -p tcp --dport 80 -j ACCEPT #打開linux的80端口

然后再在瀏覽器上訪問即可

在這里插入圖片描述

用戶認證

在用戶訪問網站的時候，需要輸入用戶名密碼才能順利訪問，一些重要的站點或網站后台通常會加上用戶認證，目的當然是保障安全。

創建一個新的虛擬主機：

# cd /usr/local/nginx/conf/vhost/ # vim test.com.conf #這是新文件，寫入下面內容 server { listen 80; server_name test.com; index index.html index.htm index.php; root /data/nginx/test.com; location / { auth_basic "Auth"; #auth_basic打開用戶認證 auth_basic_user_file /usr/local/nginx/conf/htpasswd; #指定用戶密碼文件 } }

驗證上面配置：

# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful # /usr/local/nginx/sbin/nginx -s reload # yum install -y httpd #安裝httpd，因為生成密碼文件需要用到htpasswd命令 # htpasswd -c /usr/local/nginx/conf/htpasswd lzx #創建lzx用戶，並設置密碼 New password: Re-type new password: Adding password for user lzx # mkdir /data/nginx/test.com # echo "test" > /data/nginx/test.com/index.html # curl -x127.0.0.1:80 test.com -I HTTP/1.1 401 Unauthorized #狀態碼401說明該網站需要驗證 Server: nginx/1.12.1 Date: Thu, 05 Jul 2018 08:06:39 GMT Content-Type: text/html Content-Length: 195 Connection: keep-alive WWW-Authenticate: Basic realm="Auth"

打開Windows的hosts文件，加入一行：

192.168.33.128  test.com

然后在瀏覽器中訪問test.com

在這里插入圖片描述

點擊取消之后出現

在這里插入圖片描述

輸入賬號密碼

這里寫圖片描述

然后出現

在這里插入圖片描述

另外，如果是針對某個目錄做用戶認證，需要配置location后面的路徑：

location /admin/				#這里以admin目錄為例 { auth_basic "Auth"; auth_basic_user_file /usr/local/nginx/conf/htpasswd; }

域名重定向

Nginx和httpd的域名重定向和httpd的類似。

配置虛擬主機文件：

# vim test.com.conf server { listen 80; server_name test.com test1.com test2.com; #Nginx中，server_name 后面可以跟多個域名 index index.html index.htm index.php; root /data/nginx/test.com; if ($host != 'test.com') { rewrite ^/(.*)$ http://test.com/$1 permanent; #permanent為永久重定向，相當於httpd的R=301；還有個redirect，為臨時重定向，相當於R=302 } }

驗證上面配置：

# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful # /usr/local/nginx/sbin/nginx -s reload # curl -x127.0.0.1:80 test1.com/123.txt -I HTTP/1.1 301 Moved Permanently #301 永久moved Server: nginx/1.12.1 Date: Thu, 05 Jul 2018 08:41:51 GMT Content-Type: text/html Content-Length: 185 Connection: keep-alive Location: http://test.com/123.txt #這里變成test.com/123.txt

Nginx的訪問日志

先查看一下Nginx的日志格式：

# grep -A2 log_format /usr/local/nginx/conf/nginx.conf log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]' ' $host "$request_uri" $status' ' "$http_referer" "$http_user_agent"';

和httpd類似，也是在主配置文件中定義的日志格式

combined_realip		日志格式的名字，后面可以調用它；    
$remote_addr		訪問網站的用戶的出口ip；  
$http_x_forwarded_for		代理服務器的ip，如果使用了代理則會記錄代理的ip；  
$time_local		當前的時間；  
$host		訪問的主機名；  
$request_uri		訪問的URL地址；  
$status		狀態碼；  
$http_referer		referer地址；    
$http_user_agent		user_agent。

指定訪問日志的路徑：

# cd /usr/local/nginx/conf/vhost/ # vim test.com.conf server { listen 80; server_name test.com test1.com test2.com; index index.html index.htm index.php; root /data/nginx/test.com; if ($host != 'test.com') { rewrite ^/(.*)$ http://test.com/$1 permanent; } access_log /tmp/1.log combined_realip; #使用access_log來指定日志的存儲路徑，最后面指定日志的格式名字 }

驗證上面配置：

# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful # /usr/local/nginx/sbin/nginx -s reload # curl -x127.0.0.1:80 test.com/111 <html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>nginx/1.12.1</center> </body> </html> # cat /tmp/1.log 127.0.0.1 - [06/Jul/2018:11:15:12 +0800] test.com "/111" 404 "-" "curl/7.29.0" #curl訪問記錄 192.168.33.1 - [06/Jul/2018:11:18:35 +0800] test.com "/" 200 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" #Windows上面瀏覽器訪問記錄 192.168.33.1 - [06/Jul/2018:11:18:35 +0800] test.com "/favicon.ico" 404 "http://test.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" 192.168.33.1 - [06/Jul/2018:11:18:41 +0800] test.com "/111" 404 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"

Nginx的日志比較簡單，但沒有像httpd那樣自帶的切割工具，要想切割Ngin日志需要借助系統的切割工具或自定義腳本。

這里我們自定義一個日志切割腳本：

# vim /usr/local/sbin/nginx_log_rotate.sh #寫入下面內容

#! /bin/bash d= `data -d "-1 day" +%Y%m%d` logdir="/data/logs" #假設Nginx的日志存放路徑為/data/logs nginx_pid="/usr/local/nginx/logs/nginx.log" cd $logdir for log in `ls *.log` do mv $log $log-$d done /bin/kill -HUP `cat $nginx_pid`

寫完腳本之后，還需要增加任務計划：

0 0 * * * /bin/bash /usr/local/sbin/nginx_log_rotate.sh

配置靜態文件不記錄日志並添加過期時間

修改虛擬主機配置文件：

# vim test.com.conf listen 80; server_name test.com test1.com test2.com; index index.html index.htm index.php; root /data/nginx/test.com; if ($host != 'test.com') { rewrite ^/(.*)$ http://test.com/$1 permanent; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ #指定對於的靜態文件 { expires 7d; #配置過期時間 access_log off; #off就不記錄訪問日志了 } location ~ .*\.(js|css)$ { expires 12h; access_log off; } access_log /tmp/1.log combined_realip; }

驗證上面配置：

# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful # /usr/local/nginx/sbin/nginx -s reload # echo "111" > /data/nginx/test.com/1.js #創建js文件 # echo "222" > /data/nginx/test.com//2.jpg #創建jpg文件 # touch /data/nginx/test.com/3.jss #創建一個對比文件 # curl -x127.0.0.1:80 test.com/1.js -I HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Fri, 06 Jul 2018 03:52:47 GMT Content-Type: application/javascript Content-Length: 4 Last-Modified: Fri, 06 Jul 2018 03:50:55 GMT Connection: keep-alive ETag: "5b3ee71f-4" Expires: Fri, 06 Jul 2018 15:52:47 GMT Cache-Control: max-age=43200 #43200秒即12小時，js文件過期時間為12h Accept-Ranges: bytes # curl -x127.0.0.1:80 test.com/2.jpg -I HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Fri, 06 Jul 2018 03:56:15 GMT Content-Type: image/jpeg Content-Length: 4 Last-Modified: Fri, 06 Jul 2018 03:51:35 GMT Connection: keep-alive ETag: "5b3ee747-4" Expires: Fri, 13 Jul 2018 03:56:15 GMT Cache-Control: max-age=604800 #jpg文件過期時間為7天 Accept-Ranges: bytes # curl -x127.0.0.1:80 test.com/3.jss -I #jss文件無過期時間 HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Fri, 06 Jul 2018 03:57:33 GMT Content-Type: application/octet-stream Content-Length: 0 Last-Modified: Fri, 06 Jul 2018 03:52:00 GMT Connection: keep-alive ETag: "5b3ee760-0" Accept-Ranges: bytes # cat /tmp/1.log 127.0.0.1 - [06/Jul/2018:11:15:12 +0800] test.com "/111" 404 "-" "curl/7.29.0" 192.168.33.1 - [06/Jul/2018:11:18:35 +0800] test.com "/" 200 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" 192.168.33.1 - [06/Jul/2018:11:18:35 +0800] test.com "/favicon.ico" 404 "http://test.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" 192.168.33.1 - [06/Jul/2018:11:18:41 +0800] test.com "/111" 404 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" 127.0.0.1 - [06/Jul/2018:11:57:33 +0800] test.com "/3.jss" 200 "-" "curl/7.29.0"

這里可以看到，並沒有js和jpg文件的訪問日志記錄。

Nginx防盜鏈

修改虛擬主機的配置文件：

# vim test.com.conf server { listen 80; server_name test.com test1.com test2.com; index index.html index.htm index.php; root /data/nginx/test.com; if ($host != 'test.com') { rewrite ^/(.*)$ http://test.com/$1 permanent; } location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com; if ($invalid_referer) { return 403; } access_log off; } access_log /tmp/1.log combined_realip; }

驗證上面配置：

# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful # /usr/local/nginx/sbin/nginx -s reload # curl -x127.0.0.1:80 -e "http://123.com/1.txt" test.com/2.jpg -I #使用-e選項時，必須補全http:// HTTP/1.1 403 Forbidden Server: nginx/1.12.1 Date: Fri, 06 Jul 2018 04:13:19 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive # curl -x127.0.0.1:80 -e "http://test.com/1.txt" test.com/2.jpg -I HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Fri, 06 Jul 2018 04:15:06 GMT Content-Type: image/jpeg Content-Length: 4 Last-Modified: Fri, 06 Jul 2018 03:51:35 GMT Connection: keep-alive ETag: "5b3ee747-4" Expires: Fri, 13 Jul 2018 04:15:06 GMT Cache-Control: max-age=604800 #過期時間為7d Accept-Ranges: bytes

可以看到不僅有過期時間，還有防盜鏈的功能。

訪問控制

Nginx需要限制某些IP不能訪問或只允許某些IP訪問，配置訪問和httpd類似。

使訪問admin目錄的請求只允許192.168.33.128和127.0.0.1訪問：

location /admin/
{ allow 192.168.33.128; allow 127.0.0.1; deny all; }

配置httpd的時候還有個order來先定義allow或deny，在Nginx中沒有，只要逐條匹配規則就結束了。

# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful # /usr/local/nginx/sbin/nginx -s reload # mkdir /data/nginx/test.com/admin/ # echo "123" > /data/nginx/test.com/admin/1.html # curl -x127.0.0.1:80 test.com/admin/1.html 123 # curl -x192.168.33.129:80 test.com/admin/1.html <html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/1.12.1</center> </body> </html>

配置文件中的IP也可以為IP段，比如可以寫成allow 192.168.33.0/24。如果只是拒絕幾個IP，可以寫成這樣：

location /admin/
{ deny 192.168.33.128; deny 127.0.0.1; }

Nginx默認就是允許所有，所以不需要寫allow all。

另外，還可以根據正則匹配來限制：

location ~ .*(abc|image)/.*\.php$ #禁止解析PHP { return 403; }

|為分隔符，表示“或”的意思，這樣就可以把訪問的URL中帶有abc或者image字符串，並且是PHP的請求拒絕訪問。

在Nginx里，也可以針對user_agent做一些限制：

if ($http_user_agent ~ `Spider/3.0|YoudaoBot|Tomato`) { return 403; }

~為匹配符，只要user_agent中含有Spider3.0或者YoudaoBot或者Tomato字符串的，都會被拒絕。

Nginx解析PHP

在LNMP中，PHP是以一個服務（php—fpm)的形式存在的，首先要啟動php-fpm服務，然后Nginx再和php-fpm通信。

下面是相關配置：

# vim test.com.conf server { listen 80; server_name test.com test1.com test2.com; index index.html index.htm index.php; root /data/nginx/test.com; if ($host != 'test.com') { rewrite ^/(.*)$ http://test.com/$1 permanent; } location ~ \.php$ { include fastcgi_params; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/nginx/test.com$fastcgi_script_name; } access_log /tmp/1.log combined_realip; }

其中fastcgi_pass用來指定php-fom的地址，fastcgi_param SCRIPT_FILENAME后面跟的路徑為該站點的根目錄，必須和前面定義的root的路徑保持一致，否則會報502錯誤。

Nginx代理

Nginx的代理功能非常實用，如果一個沒有公網IP的服務器要提供web服務，就可以通過Nginx代理來實現。如果Nginx后面有多台服務器，如果同時代理，那Nginx在這里就起到一個負載均衡的作用。

配置Nginx代理：

# cd /usr/local/nginx/conf/vhost/ # vim proxy.conf #寫入下面內容 server { listen 80; server_name lzx.com; location / { proxy_pass http://61.135.169.125/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }

Proxy_pass		指定要代理的域名所在的服務器IP；

后面的三行為定義發往后端web服務取的請求頭，第二行必須有，否則代理不會成功,它表示后端web服務器的域名和當前配置文件中的server_name保持一致；

$remote_addr		訪問網站的用戶的出口ip；

$http_x_forwarded_for		代理服務器的ip，如果使用了代理則會記錄代理的ip。

配置文件保存后，重新加載Nginx服務並驗證：

# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful # /usr/local/nginx/sbin/nginx -s reload # curl -x127.0.0.1:80 123.com -I

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 LNMP環境搭建與配置 LNMP環境搭建 Linux搭建lnmp環境 Docker LNMP環境搭建從零搭建LNMP環境 CentOS搭建LNMP環境搭建 LNMP 環境 LNMP環境搭建 docker搭建lnmp環境 linux：lnmp環境搭建