系统的版本信息:
[root@centos8 ~]# cat /etc/redhat-release
CentOS Linux release 8.2.2004 (Core)
[root@centos8 ~]#
[root@centos8 ~]# uname -r
4.18.0-193.el8.x86_64
这里安装的是LNMPA,服务器IP为 192.168.168.154/24
tar -zxvf lnmp1.7-full.tar.gz
cd lnmp1.7-full
CheckMirror=n ./install.sh lnmpa
注释:CheckMirror=n 使用本地光盘作为Yum源,不需要连公网。
选择数据库版本:
设置数据库用户root@localhost的密码:(以下是把密码设置为 888 )
启用InnoDB Storage Engine,输入 Y 再按回车键:
选择PHP版本:
选择是否安装内存优化:
需要设置管理员邮箱,该邮箱会在报错时显示在错误页面上:
选择Apache的版本:
安装或取消安装:
下面是全自动安装的^_^ ^_^
安装成功了:(安装好后,最好重启一下服务器)
LNMPA架构的安装日志:
[root@centos8 ~]# pwd
/root
[root@centos8 ~]# ls
anaconda-ks.cfg lnmp1.7-full lnmp1.7-full.tar.gz lnmp-install.log
[root@centos8 ~]# tail -8 lnmp-install.log
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:88 0.0.0.0:*
LISTEN 0 128 *:3306 *:*
LISTEN 0 128 [::]:22 [::]:*
Install lnmp takes 90 minutes.
Install lnmp V1.7 completed! enjoy it.
自动关闭SELinux的:
默认启用防火墙netfilter,禁用防火墙firewalld:
[root@centos8 ~]# systemctl is-enabled iptables
enabled
[root@centos8 ~]# systemctl is-enabled firewalld
disabled
自动修改、保存防火墙规则的:
[root@centos8 ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.8.4 on Sun Jul 4 17:55:25 2021
*filter
:INPUT ACCEPT [913994:951103745]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [235443:17899763]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j DROP
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
COMMIT
# Completed on Sun Jul 4 17:55:25 2021
# Generated by iptables-save v1.8.4 on Sun Jul 4 17:55:25 2021
*security
:INPUT ACCEPT [914003:951104105]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [235443:17899763]
COMMIT
# Completed on Sun Jul 4 17:55:25 2021
# Generated by iptables-save v1.8.4 on Sun Jul 4 17:55:25 2021
*raw
:PREROUTING ACCEPT [914003:951104105]
:OUTPUT ACCEPT [235443:17899763]
COMMIT
# Completed on Sun Jul 4 17:55:25 2021
# Generated by iptables-save v1.8.4 on Sun Jul 4 17:55:25 2021
*mangle
:PREROUTING ACCEPT [914003:951104105]
:INPUT ACCEPT [914003:951104105]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [235443:17899763]
:POSTROUTING ACCEPT [235443:17899763]
COMMIT
# Completed on Sun Jul 4 17:55:25 2021
# Generated by iptables-save v1.8.4 on Sun Jul 4 17:55:25 2021
*nat
:PREROUTING ACCEPT [2:144]
:INPUT ACCEPT [2:144]
:POSTROUTING ACCEPT [222:16282]
:OUTPUT ACCEPT [222:16282]
COMMIT
# Completed on Sun Jul 4 17:55:25 2021
操作系统的“进程最大可打开文件数”的查询方法:
[root@centos8 ~]# ulimit -n
65535
操作系统的“进程最大可打开文件数”的修改方法:(已自动修改)
[root@centos8 ~]# tail -5 /etc/security/limits.conf
# End of file
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
Nginx默认会开机自动启动:
[root@centos8 ~]# systemctl is-enabled nginx
enabled
Apache默认会开机自动启动:
[root@centos8 ~]# systemctl is-enabled httpd
enabled
MariaDB默认会开机自动启动:
[root@centos8 ~]# systemctl is-enabled mariadb
enabled
MariaDB的主配置文件:
[root@centos8 ~]# cat /etc/my.cnf |grep -v "^$"
[client]
#password = your_password
port = 3306
socket = /tmp/mysql.sock
[mysqld]
port = 3306
socket = /tmp/mysql.sock
user = mariadb
basedir = /usr/local/mariadb
datadir = /usr/local/mariadb/var
log_error = /usr/local/mariadb/var/mariadb.err
pid-file = /usr/local/mariadb/var/mariadb.pid
skip-external-locking
key_buffer_size = 32M
max_allowed_packet = 1M
table_open_cache = 128
sort_buffer_size = 768K
net_buffer_length = 8K
read_buffer_size = 768K
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M
thread_cache_size = 16
query_cache_size = 16M
tmp_table_size = 32M
explicit_defaults_for_timestamp = true
#skip-networking
max_connections = 500
max_connect_errors = 100
open_files_limit = 65535
log-bin=mysql-bin
binlog_format=mixed
server-id = 1
expire_logs_days = 10
default_storage_engine = InnoDB
innodb_file_per_table = 1
innodb_data_home_dir = /usr/local/mariadb/var
innodb_data_file_path = ibdata1:10M:autoextend
innodb_log_group_home_dir = /usr/local/mariadb/var
innodb_buffer_pool_size = 128M
innodb_log_file_size = 32M
innodb_log_buffer_size = 8M
innodb_flush_log_at_trx_commit = 1
innodb_lock_wait_timeout = 50
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
[myisamchk]
key_buffer_size = 32M
sort_buffer_size = 768K
read_buffer = 2M
write_buffer = 2M
[mysqlhotcopy]
interactive-timeout
重启MariaDB:
[root@centos8 ~]# systemctl restart mariadb
登录MariaDB:
mysql -u"root" -p"888"
PHP的主配置文件:
[root@centos8 ~]# find / -name "php.ini"
/usr/local/php/etc/php.ini
查看PHP的版本信息:
[root@centos8 ~]# php -v
PHP 7.2.34 (cli) (built: Jul 4 2021 17:51:02) ( ZTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
客户端直接访问服务器IP( http://192.168.168.154 )可以看到这个页面:
PHP测试页:
http://192.168.168.154/phpinfo.php
客户端远程访问phpMyAdmin:
http://192.168.168.154/phpmyadmin/
注释:数据库的默认字符集是 utf8mb4_general_ci
phpMyAdmin使用的是Apache:
phpMyAdmin的默认版本是5.0.4,与PHP7.2匹配:
Apache的主配置文件:
[root@centos8 ~]# find / -name "httpd.conf"
/usr/local/apache/conf/original/httpd.conf
/usr/local/apache/conf/httpd.conf
[root@centos8 ~]# cat /usr/local/apache/conf/httpd.conf |grep 88
Listen 127.0.0.1:88
ServerName 127.0.0.1:88
注释:Apache监听TCP 88端口。
[root@centos8 ~]# tail -1 /usr/local/apache/conf/httpd.conf
IncludeOptional conf/vhost/*.conf
注释:Apache会加载/usr/local/apache/conf/vhost/下后缀为.conf的配置文件(即虚拟主机的Apache配置文件)
查看Nginx的版本:
[root@centos8 ~]# nginx -v
nginx version: nginx/1.18.0
Nginx的主配置文件:
[root@centos8 ~]# find / -name "nginx.conf"
/root/lnmp1.7-full/conf/nginx.conf
/usr/local/nginx/conf/nginx.conf
[root@centos8 ~]# head -19 /usr/local/nginx/conf/nginx.conf
user www www;
worker_processes auto;
worker_cpu_affinity auto;
error_log /home/wwwlogs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
multi_accept off;
accept_mutex off;
}
[root@centos8 ~]# cat /usr/local/nginx/conf/nginx.conf |grep 80
listen 80 default_server reuseport;
注释:Nginx监听TCP 80端口。
[root@centos8 ~]# tail -4 /usr/local/nginx/conf/nginx.conf
}
include vhost/*.conf;
}
注释:Nginx会加载/usr/local/nginx/conf/vhost/下后缀为.conf的配置文件(即虚拟主机的Nginx配置文件)
重启LNMPA:
Nginx、Apache、MariaDB会随着系统的启动而启动:
[root@centos8 ~]# systemctl is-enabled nginx
enabled
[root@centos8 ~]# systemctl is-enabled httpd
enabled
[root@centos8 ~]# systemctl is-enabled mariadb
enabled
######
添加基于域名的虚拟主机(站点):( 用于 HTTP站点 )
lnmp vhost add
这里不添加SSL证书了:
站点 www.zhuohua.store 的配置信息:
一个站点有两个配置文件,Nginx、Apache各有一个:
站点 www.zhuohua.store 的Nginx配置文件:
[root@centos8 ~]# cat /usr/local/nginx/conf/vhost/www.zhuohua.store.conf |grep -v ^$
server
{
listen 80;
#listen [::]:80;
server_name www.zhuohua.store ww.zhuohua.store;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/www.zhuohua.store;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include proxy-pass-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/www.zhuohua.store.log;
}
站点 www.zhuohua.store 的Apache配置文件:
[root@centos8 ~]# cat /usr/local/apache/conf/vhost/www.zhuohua.store.conf |grep -v ^$
<VirtualHost *:88>
ServerAdmin 2270168881@qq.com
php_admin_value open_basedir "/home/wwwroot/www.zhuohua.store:/tmp/:/var/tmp/:/proc/"
DocumentRoot "/home/wwwroot/www.zhuohua.store"
ServerName www.zhuohua.store
ServerAlias ww.zhuohua.store
ErrorLog "/home/wwwlogs/www.zhuohua.store-error_log"
CustomLog "/home/wwwlogs/www.zhuohua.store-access_log" combined
<Directory "/home/wwwroot/www.zhuohua.store">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All #开启此站点的伪静态功能
Order allow,deny
Allow from all
DirectoryIndex index.html index.php
</Directory>
</VirtualHost>
把目录/home/wwwroot/default/phpmyadmin/里的所有东西都复制到站点 www.zhuohua.store 的根目录:
[root@centos8 ~]# cp -rfp /home/wwwroot/default/phpmyadmin/* /home/wwwroot/www.zhuohua.store/
笺注:站点目录下的文件和文件夹的属主和属组都要设置为 www
环境支持htm、html、php这三种网页 ^_^ ^_^ ^_^
###
Windows客户端使用域名的方式访问phpMyAdmin:
在没有DNS服务器解析域名的情况下,可以在文件hosts里绑定:
记得设置文件hosts的权限:
http://www.zhuohua.store
######
######
先检测Nginx是否支持SSL:
[root@centos8 ~]# nginx -V
nginx version: nginx/1.18.0
built by gcc 8.3.1 20191121 (Red Hat 8.3.1-5) (GCC)
built with OpenSSL 1.1.1g 21 Apr 2020
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module --with-stream --with-stream_ssl_module --with-openssl=/root/lnmp1.7-full/src/openssl-1.1.1g --with-openssl-opt='enable-weak-ssl-ciphers'
上传SSL证书文件:
[root@centos8 ~]# ll /usr/local/nginx/conf/zhuohua.*
-rw-r--r-- 1 root root 798 6月 25 2020 /usr/local/nginx/conf/zhuohua.crt
-rw-r--r-- 1 root root 887 6月 25 2020 /usr/local/nginx/conf/zhuohua.key
添加基于域名的虚拟主机(站点):( 用于 HTTPS站点 )
lnmp vhost add
给此站点添加SSL证书:
注释:
Please enter full path to SSL Certificate file: /usr/local/nginx/conf/zhuohua.crt
Please enter full path to SSL Certificate Key file: /usr/local/nginx/conf/zhuohua.key
站点 ssl.zhuohua.store 的配置信息:
站点 ssl.zhuohua.store 的Nginx配置文件:
[root@centos8 ~]# cat /usr/local/nginx/conf/vhost/ssl.zhuohua.store.conf |grep -v ^$
server
{
listen 80;
#listen [::]:80;
server_name ssl.zhuohua.store ;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/ssl.zhuohua.store;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include proxy-pass-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log off;
}
server
{
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name ssl.zhuohua.store ;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/ssl.zhuohua.store;
ssl_certificate /usr/local/nginx/conf/zhuohua.crt;
ssl_certificate_key /usr/local/nginx/conf/zhuohua.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include proxy-pass-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log off;
}
站点 ssl.zhuohua.store 的Apache配置文件:
[root@centos8 ~]# cat /usr/local/apache/conf/vhost/ssl.zhuohua.store.conf |grep -v ^$
<VirtualHost *:88>
ServerAdmin 2270168881@qq.com
php_admin_value open_basedir "/home/wwwroot/ssl.zhuohua.store:/tmp/:/var/tmp/:/proc/"
DocumentRoot "/home/wwwroot/ssl.zhuohua.store"
ServerName ssl.zhuohua.store
#ErrorLog "/home/wwwlogs/ssl.zhuohua.store-error_log"
#CustomLog "/home/wwwlogs/ssl.zhuohua.store-access_log" combined
<Directory "/home/wwwroot/ssl.zhuohua.store">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
DirectoryIndex index.html index.php
</Directory>
</VirtualHost>
把目录/home/wwwroot/default/phpmyadmin/里的所有东西都复制到站点 ssl.zhuohua.store 的根目录:
[root@centos8 ~]# cp -rfp /home/wwwroot/default/phpmyadmin/* /home/wwwroot/ssl.zhuohua.store/
在没有DNS服务器解析域名的情况下,客户端可以在文件hosts里绑定:
客户端使用Firefox浏览器远程测试:
https://ssl.zhuohua.store/
############
OPcache是Zend开发的闭源但可以免费使用的PHP优化加速缓存组件。
运行脚本,安装Zend OPcache:(不用连公网)
Zend OPcache安装成功:
服务器本地测试Zend OPcache:
[root@centos8 ~]# php -v
PHP 7.2.34 (cli) (built: Jul 4 2021 17:51:02) ( ZTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.34, Copyright (c) 1999-2018, by Zend Technologies
查询OPcache的配置文件:
php -i |grep opcache
OPcache的配置文件的默认内容:
[root@centos8 ~]# cat /usr/local/php/conf.d/004-opcache.ini
[Zend Opcache]
zend_extension="opcache.so"
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.revalidate_freq=60
opcache.fast_shutdown=1
opcache.enable_cli=1
查看PHP测试页:
http://192.168.168.154/phpinfo.php
######
运行脚本,卸载Zend OPcache:
[root@centos8 ~]# cd lnmp1.7-full
[root@centos8 lnmp1.7-full]# ./addons.sh uninstall opcache
Zend OPcache卸载成功:
[root@centos8 ~]# php -v
PHP 7.2.34 (cli) (built: Jul 4 2021 17:51:02) ( ZTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
相关文章:
CentOS8_lnmp1.7_单独安装数据库(MariaDB)
CentOS8_lnmp1.7_LNMP
LNMP一键安装包(lnmpa_CentOS6.9) |