目标:
1,了解 LNMP 的工作原理
2,不依赖在线 yum 源码编译安装 LNMP。
3,保证搭建出和我一样的 LNMP 环境
效果图
下载并安装操作系统
mini 安装
挂载CentOS 1708 镜像
1 |
|
使用 ISO 配置离线 yum
1 |
|
防火墙设置
1 |
|
Nginx 编译
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73相关依赖
[root@localhost ~]# yum install -y gcc
[root@localhost ~]# yum install -y pcre-devel
[root@localhost ~]# yum install -y perl-ExtUtils-Embed
[root@localhost ~]# yum install -y openssl-devel
下载并编译安装
[root@localhost ~]# mkdir nginx
[root@localhost ~]# cd nginx
[root@localhost nginx]# wget http://nginx.org/download/nginx-1.14.0.tar.gz
[root@localhost nginx]# md5sum nginx-1.14.0.tar.gz
2d856aca3dfe1d32e3c9f8c4cac0cc95 nginx-1.14.0.tar.gz
[root@localhost nginx]# tar xf nginx-1.14.0.tar.gz
[root@localhost nginx]# cd nginx-1.14.0
[root@localhost nginx-1.14.0]# \
./configure --prefix=/opt/nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_perl_module
[root@localhost nginx-1.14.0]# make && make install
启动运行,测试
[root@localhost nginx-1.14.0]# chown -R nobody:nobody /opt/nginx/
[root@localhost nginx-1.14.0]# /opt/nginx/sbin/nginx
[root@localhost nginx-1.14.0]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 9283/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1008/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1564/master
tcp6 0 0 :::22 :::* LISTEN 1008/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1564/master
[root@localhost nginx-1.14.0]#
[root@localhost nginx-1.14.0]# curl http://localhost/
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
添加开机自启
[root@localhost ~]# vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStart=/opt/nginx/sbin/nginx -c /opt/nginx/conf/nginx.conf
ExecReload=/opt/nginx/sbin/nginx -s reload
ExecStop=/opt/nginx/sbin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
[root@localhost ~]# pkill -f -9 nginx
[root@localhost ~]# systemctl enable nginx.service #开机自启
[root@localhost ~]# systemctl start nginx.service #启动服务
[root@localhost ~]# systemctl status nginx.service #检查状态
[root@localhost ~]# reboot #重启
[root@localhost ~]# netstat -tnlp #验证,可以看到,开机自启
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3202/nginx: master
[root@localhost ~]#
编译安装 php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73基本依赖:
[root@localhost ~]# yum install -y libxml2-devel
[root@localhost ~]# yum install -y libpng-devel
PHP 编译
[root@localhost ~]# mkdir php
[root@localhost ~]# cd php/
[root@localhost php]# wget http://am1.php.net/get/php-7.2.5.tar.gz/from/this/mirror -O php-7.2.5.tar.gz
[root@localhost php]# md5sum php-7.2.5.tar.gz
e9bede5ea2cbb2e3a2581d38316c9356 php-7.2.5.tar.gz
[root@localhost php]# tar xf php-7.2.5.tar.gz
[root@localhost php]# cd php-7.2.5
[root@localhost php-7.2.5]# \
./configure \
--prefix=/opt/php \
--enable-fpm \
--with-mysql-sock=/tmp/mysql.sock \
--enable-embedded-mysqli \
--with-mysqli \
--with-zlib \
--with-openssl \
--with-iconv \
--with-gd
[root@localhost php-7.2.5]# make && make install
测试 php 程序
[root@localhost php-7.2.5]# echo '<?php phpinfo(); ?>' > /tmp/test.php
[root@localhost php-7.2.5]# /opt/php/bin/php /tmp/test.php
phpinfo()
PHP Version => 7.2.5
System => Linux localhost.localdomain 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64
Build Date => Apr 30 2018 19:27:25
Configure Command => './configure' '--prefix=/opt/php' '--enable-fpm' '--with-mysql-sock=/tmp/mysql.sock' '--enable-embedded-mysqli' '--with-mysqli' '--with-zlib' '--with-openssl' '--with-iconv'
Server API => Command Line Interface
Virtual Directory Support => disabled
Configuration File (php.ini) Path => /opt/php/lib
Loaded Configuration File => (none)
Scan this dir for additional .ini files => (none)
Additional .ini files parsed => (none)
PHP API => 20170718
PHP Extension => 20170718
Zend Extension => 320170718
Zend Extension Build => API320170718,NTS
PHP Extension Build => API20170718,NTS
Debug Build => no
Thread Safety => disabled
Zend Signal Handling => enabled
Zend Memory Manager => enabled
Zend Multibyte Support => disabled
IPv6 Support => enabled
DTrace Support => disabled
php-fpm 开机自启
[root@localhost php-7.2.5]# cp ./sapi/fpm/php-fpm.conf /opt/php/etc/
[root@localhost php-7.2.5]# cp ./sapi/fpm/www.conf /opt/php/etc/php-fpm.d/
[root@localhost php-7.2.5]# cp ./sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[root@localhost php-7.2.5]# chmod +x /etc/init.d/php-fpm
[root@localhost php-7.2.5]# chkconfig --add php-fpm
[root@localhost php-7.2.5]# chkconfig php-fpm on
[root@localhost php-7.2.5]# service php-fpm restart
[root@localhost php-7.2.5]# netstat -tnlp | grep php-fpm
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 84988/php-fpm: mast
[root@localhost php-7.2.5]#
[root@localhost php-7.2.5]# reboot #重启验证
[root@localhost php-7.2.5]# netstat -tnlp #看到 9000 端口监听成功
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 41270/php-fpm: mast
配置nginx 如何使用php-fpm
1 |
|
编译安装 MariaDB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89[root@localhost ~]# yum install -y gcc-c++
[root@localhost ~]# yum install -y cmake
[root@localhost ~]# yum install -y ncurses-devel
编译 MariaDB
[root@localhost ~]# useradd -s /sbin/nologin -M mysql
[root@localhost ~]# mkdir mariadb
[root@localhost ~]# cd mariadb
[root@localhost mariadb]# wget http://mirrors.neusoft.edu.cn/mariadb//mariadb-10.2.14/source/mariadb-10.2.14.tar.gz
[root@localhost mariadb]# md5sum mariadb-10.2.14.tar.gz
d98cce6f3c0e2971afa061fc67183b91 mariadb-10.2.14.tar.gz
[root@localhost mariadb]# tar xf mariadb-10.2.14.tar.gz
[root@localhost mariadb]# cd mariadb-10.2.14
[root@localhost mariadb-10.2.14]# rm -rf CMakeCache.txt
[root@localhost mariadb-10.2.14]# \
cmake . \
-DCMAKE_INSTALL_PREFIX=/opt/mariadb \
-DMYSQL_DATADIR=/opt/mariadb/data \
-DMYSQL_UNIX_ADDR=/tmp/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DWITHOUT_TOKUDB=1 \
-DWITH_SSL=system \
-DWIYH_READLINE=1 \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STPRAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_READLINE=1 \
-DWITH_ZLIB=system \
-DENABLED_LOCAL_INFILE=1
[root@localhost mariadb-10.2.14]# make -j 4 && make install
[root@localhost ~]# cd /opt/mariadb/
[root@localhost mariadb]# rm -rf /etc/my.cnf
[root@localhost mariadb]# cp support-files/my-large.cnf /etc/my.cnf
初始化一个数据库实例
[root@localhost mariadb]# ./scripts/mysql_install_db --user=root --basedir=/opt/mariadb --datadir=/opt/mariadb/data --defaults-file=/etc/my.cnf
启动测试:MySQL 启动 这个实例
[root@localhost ~]# /opt/mariadb/bin/mysqld \
--user=root \
--basedir=/opt/mariadb \
--datadir=/opt/mariadb/data \
--plugin-dir=/opt/mariadb/lib/plugin \
--log-error=/opt/mariadb/data/localhost.err \
--pid-file=/opt/mariadb/data/localhost.pid \
--socket=/tmp/mysql.sock \
--port=3306
[root@localhost mariadb]# netstat -tnlp # MySQL 启动成功
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 :::3306 :::* LISTEN 28662/mysqld
[root@localhost mariadb]# Crtl + \ # 退出 MySQL
MariaDB 开机自启
[root@localhost ~]# chown -R mysql:mysql /opt/mariadb/
[root@localhost ~]# rm -rf /etc/init.d/mysql
[root@localhost ~]# cp /opt/mariadb/support-files/mysql.server /etc/init.d/mysql
[root@localhost ~]# rm -rf /etc/my.cnf
[root@localhost ~]# cp /opt/mariadb/support-files/my-large.cnf /etc/my.cnf
[root@localhost ~]# chkconfig mysql on
[root@localhost ~]# chkconfig mysql on
[root@localhost ~]# service mysql start
[root@localhost ~]# netstat -tnlp |grep mysqld
tcp6 0 0 :::3306 :::* LISTEN 22783/mysqld
[root@localhost ~]#
注意这里有坑:需要创建一个名 为 mysql 的用户,否则 MariaDB 无法启动,
原因是 如果没有 mysql 用户,或者没有/opt/mariadb/的运行权限,无法启动
MariaDB 默认是关联 mysql 用户,所以最省事儿的就是创建 mysql 用户, 并 授权。
登录测试并修改密码
[root@localhost ~]# /opt/mariadb/bin/mysql
MariaDB [(none)]> use mysql;
MariaDB [mysql]> UPDATE user SET password = PASSWORD('new_password') WHERE user = 'root';
MariaDB [mysql]> FLUSH PRIVILEGES;
MariaDB [mysql]> exit
[root@localhost ~]# /opt/mariadb/bin/mysql -p #验证
Enter password: 输入新的密码 new_password
MariaDB [(none)]>
WordPress 安装
安装 WordPress 之前请确定本站域名,否则后期更换比较麻烦1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22[root@localhost ~]# mkdir wordpress
[root@localhost ~]# cd wordpress
[root@localhost wordpress]# wget https://wordpress.org/wordpress-4.9.5.tar.gz
[root@localhost wordpress]# md5sum wordpress-4.9.5.tar.gz
f009061b9d24854bfdc999c7fbeb7579 wordpress-4.9.5.tar.gz
[root@localhost wordpress]# tar xf wordpress-4.9.5.tar.gz
[root@localhost wordpress]# mv wordpress /opt/nginx/html/li-chunli
[root@localhost wordpress]# chown -R nobody:nobody /opt/nginx/html/li-chunli/
[root@localhost wordpress]# /opt/nginx/sbin/nginx -s stop
[root@localhost wordpress]# /opt/nginx/sbin/nginx
wordpress 要求手动创建一个数据库, 比如名为 wordpress
[root@localhost ~]# /opt/mariadb/bin/mysql -p
Enter password: 输入新的密码
MariaDB [(none)]> CREATE DATABASE wordpress CHARACTER SET utf8;
MariaDB [(none)]> exit
网页操作安装
http://your_server_ip/li-chunli/wp-admin/setup-config.php
坑:确保 nginx 能够解析 php, 比如 index index.html index.htm index.php;
启用Crayon Syntax Highlighter
查找并安装 代码高亮插件Crayon Syntax Highlighter
启用主题 leento
此主题非常精简
修改主题页面宽度
1 |
|
leento 主题 禁用缩略图
1 |
|
WordPress 这样就安装好了
优化 nginx 开启 SSL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120nginx 配置文件检测
[root@localhost ~]# /opt/nginx/sbin/nginx -t #nginx 配置文件检测
nginx: the configuration file /opt/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /opt/nginx/conf/nginx.conf test is successful
nginx 配置 SSL
[root@localhost ~]# vim /opt/nginx/conf/nginx.conf
server {
listen 80;
server_name blog.reconnect.top;
rewrite ^(.*)$ https://${server_name}$1 permanent;
...
}
rewrite 80 转转到 443 端口
解除 ssl 注释,并 适当添加
server {
listen 443 ssl;
server_name blog.reconnect.top;
ssl_certificate /opt/nginx/SSL/blog.reconnect.top-ca-bundle.crt;
ssl_certificate_key /opt/nginx/SSL/blog.reconnect.top.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm index.php;
}
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /opt/nginx/html/$fastcgi_script_name;
include fastcgi_params;
}
}
添加:
server_name
ssl_certificate
ssl_certificate_key
location 的 index.php
注意坑:需要一个域名,如: blog.reconnect.top
需要公钥,私钥文件路径
我将PHP也添加到这里了
验证:
[root@localhost ~]# 将域名blog.reconnect.top解析到这台机器上
[root@localhost ~]# curl -v http://blog.reconnect.top/index.php
* About to connect() to blog.reconnect.top port 80 (#0)
* Trying 192.168.1.100...
* Connected to blog.reconnect.top (192.168.1.100) port 80 (#0)
> GET /index.php HTTP/1.1
> User-Agent: curl/7.29.0
> Host: blog.reconnect.top
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.14.0
< Date: Mon, 30 Apr 2018 01:31:08 GMT
< Content-Type: text/html
< Content-Length: 185
< Connection: keep-alive
< Location: https://blog.reconnect.top/index.php
<
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.14.0</center>
</body>
</html>
* Connection #0 to host blog.reconnect.top left intact
[root@localhost ~]#
可以看到,被 Location 到 https://blog.reconnect.top/index.php
[root@localhost ~]# curl -v https://blog.reconnect.top/index.php
* About to connect() to blog.reconnect.top port 443 (#0)
* Trying 192.168.1.100...
* Connected to blog.reconnect.top (192.168.1.100) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Server certificate:
* subject: CN=blog.reconnect.top
* start date: Apr 28 00:00:00 2018 GMT
* expire date: Apr 28 12:00:00 2019 GMT
* common name: blog.reconnect.top
* issuer: CN=Encryption Everywhere DV TLS CA - G2,OU=www.digicert.com,O=DigiCert Inc,C=US
> GET /index.php HTTP/1.1
> User-Agent: curl/7.29.0
> Host: blog.reconnect.top
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.14.0
< Date: Mon, 30 Apr 2018 01:31:56 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Powered-By: PHP/7.2.5
<
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<style type="text/css">
OK HTTPS 完成了。
优化 解除文件上传限制
1 |
|