共计 10308 个字符,预计需要花费 26 分钟才能阅读完成。
一、环境准备
1、操作系统安装:CentOS 6.5 64 位最小化安装。
2、配置好 IP、DNS、网关、主机名
3、配置防火墙,开启 80、3306 端口
vim /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT #允许 80 端口通过防火墙
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT #允许 3306 端口通过防火墙
特别提示:如果这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的 22 端口。
/etc/init.d/iptables restart #最后重启防火墙使配置生效
4、关闭 SELinux
vi /etc/selinux/configurations
#SELINUX=enforcing #注释掉
#SELINUXTYPE=targeted #注释掉
SELINUX=disabled #增加
:wq! #保存退出
setenforce 0 #使配置立即生效
二、系统约定
硬盘分区:50G(/boot 200M /swap 8192M /)+100G(/opt)
软件源代码包存放位置:/opt/local/src
源码包编译安装位置:/opt/local/ 软件名
数据库数据文件存储路径 /opt/local/MySQL/var
三、软件包下载
1、下载 nginx(目前稳定版):http://nginx.org/download/nginx-1.4.4.tar.gz
2、下载 pcre(支持 nginx 伪静态):ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.34.tar.gz
3、下载 MySQL:http://cdn.mysql.com/Downloads/MySQL-5.5/mysql-5.5.35.tar.gz
4、下载 php:http://cn2.php.net/distributions/php-5.5.7.tar.gz
5、下载 cmake(MySQL 编译工具):http://www.cmake.org/files/v2.8/cmake-2.8.12.1.tar.gz
6、下载 libmcrypt(PHPlibmcrypt 模块):http://nchc.dl.sourceforge.net/project/mcrypt/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz
7、下载 GD 库安装包(php 页面图片验证码支持):https://phpsqq.googlecode.com/files/gd-2.0.36RC1.tar.gz
将以上软件包上传到 /opt/local/src 目录
四、安装编译工具及库文件
使用 CentOS yum 命令一键安装
yum install -y make apr* autoconf automake curl curl-devel gcc gcc-c++ gtk+-devel zlib-devel openssl openssl-devel pcre-devel gd kernel keyutils patch perl kernel-headers compat* cpp glibc libgomp libstdc++-devel keyutils-libs-devel libsepol-devel libselinux-devel krb5-devel libXpm* freetype freetype-devel freetype* fontconfig fontconfig-devel libjpeg* libpng* php-common php-gd gettext gettext-devel ncurses* libtool* libxml2 libxml2-devel patch policycoreutils bison
五、软件安装篇
1、安装 cmake
cd /opt/local/src
tar zxvf cmake-2.8.8.tar.gz
cd cmake-2.8.8
./configure –prefix=/opt/local/cmake
make #编译
make install #安装
vim /etc/profile 在 path 路径中增加 cmake 执行文件路径
export PATH=$PATH:/opt/local/cmake/bin
source /etc/profile 使配置立即生效
2、安装 pcre
cd /opt/local/src
mkdir /usr/local/pcre #创建安装目录
tar zxvf pcre-8.34.tar.gz
cd pcre-8.34
./configure –prefix=/opt/local/pcre #配置
make && make install
3、安装 libmcrypt
cd /opt/local/src
tar zxvf libmcrypt-2.5.8.tar.gz #解压
cd libmcrypt-2.5.8 #进入目录
./configure #配置
make #编译
make install #安装
4、安装 gd 库
cd /opt/local/src
tar zxvf gd-2.0.36RC1.tar.gz
cd gd-2.0.36RC1
./configure –enable-m4_pattern_allow —prefix=/opt/local/gd –with-jpeg=/usr/lib –with-png=/usr/lib –with-xpm=/usr/lib –with-freetype=/usr/lib –with-fontconfig=/usr/lib #配置
make #编译
make install #安装
5、安装 Mysql
groupadd mysql #添加 mysql 组
useradd -g mysql mysql -s /bin/false #创建用户 mysql 并加入到 mysql 组,不允许 mysql 用户直接登录系统
mkdir -p /opt/data/mysql/var #创建 MySQL 数据库存放目录
chown -R mysql:mysql /opt/data/mysql/var #设置 MySQL 数据库目录权限
cd /opt/local/src
tar zxvf mysql-5.5.35.tar.gz #解压
cd mysql-5.5.35
cmake . -DCMAKE_INSTALL_PREFIX=/opt/local/mysql -DMYSQL_DATADIR=/opt/data/mysql/var -DSYSCONFDIR=/etc #配置
make #编译
make install #安装
cd /opt/local/mysql
cp ./support-files/my-huge.cnf /etc/my.cnf #拷贝配置文件(注意:如果 /etc 目录下面默认有一个 my.cnf,直接覆盖即可)
vi /etc/my.cnf #编辑配置文件, 在 [mysqld] 部分增加
datadir = /opt/data/mysql/var #添加 MySQL 数据库路径
./scripts/mysql_install_db –user=mysql #生成 mysql 系统数据库
cp ./support-files/mysql.server /etc/rc.d/init.d/mysqld #把 Mysql 加入系统启动
chmod 755 /etc/init.d/mysqld #增加执行权限
chkconfig mysqld on #加入开机启动
vi /etc/rc.d/init.d/mysqld #编辑
basedir = /opt/local/mysql #MySQL 程序安装路径
datadir = /opt/local/mysql/var #MySQl 数据库存放目录
service mysqld start #启动
vi /etc/profile #把 mysql 服务加入系统环境变量:在最后添加下面这一行
export PATH=$PATH:/opt/local/cmake/bin:/opt/local/mysql/bin
source /etc/profile #使配置立即生效
mkdir /var/lib/mysql #创建目录
ln -s /tmp/mysql.sock /var/lib/mysql/mysql.sock #添加软链接
mysql_secure_installation #设置 Mysql 密码,根据提示按 Y 回车输入 2 次密码
/opt/local/mysql/bin/mysqladmin -u root -p password “123456” #或者直接修改密码
到此,mysql 安装完成!
6、安装 nginx
cd /opt/local/src
groupadd www #添加 www 组
useradd -g www www -s /bin/false #创建 nginx 运行账户 www 并加入到 www 组,不允许 www 用户直接登录系统
tar zxvf nginx-1.4.4.tar.gz
cd nginx-1.4.4
./configure –prefix=/opt/local/nginx –without-http_memcached_module –user=www –group=www –with-http_stub_status_module –with-openssl=/usr/ –with-pcre=/opt/local/src/pcre-8.31
注意:–with-pcre=/opt/local/src/pcre-8.34 指向的是源码包解压的路径,而不是安装的路径,否则会报错
make
make install
/opt/local/nginx/sbin/nginx #启动 nginx
设置 nginx 开启启动
vi /etc/rc.d/init.d/nginx #编辑启动文件添加下面内容
=======================================================
#!/bin/bash
# nginx Startup script for the Nginx HTTP Server
# it is v.0.0.2 version.
# chkconfig: – 85 15
# description: Nginx is a high-performance web and proxy server.
# It has a lot of features, but it’s not for everyone.
# processname: nginx
# pidfile: /var/run/nginx.pid
# config: /usr/local/nginx/conf/nginx.conf
nginxd=/opt/local/nginx/sbin/nginx
nginx_config=/opt/local/nginx/conf/nginx.conf
nginx_pid=/opt/local/nginx/logs/nginx.pid
RETVAL=0
prog=”nginx”
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[${NETWORKING} = “no” ] && exit 0
[-x $nginxd] || exit 0
# Start nginx daemons functions.
start() {
if [-e $nginx_pid];then
echo “nginx already running….”
exit 1
fi
echo -n $”Starting $prog: “
daemon $nginxd -c ${nginx_config}
RETVAL=$?
echo
[$RETVAL = 0] && touch /var/lock/subsys/nginx
return $RETVAL
}
# Stop nginx daemons functions.
stop() {
echo -n $”Stopping $prog: “
killproc $nginxd
RETVAL=$?
echo
[$RETVAL = 0] && rm -f /var/lock/subsys/nginx /usr/local/nginx/logs/nginx.pid
}
reload() {
echo -n $”Reloading $prog: “
#kill -HUP `cat ${nginx_pid}`
killproc $nginxd -HUP
RETVAL=$?
echo
}
# See how we were called.
case “$1” in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
status)
status $prog
RETVAL=$?
;;
*)
echo $”Usage: $prog {start|stop|restart|reload|status|help}”
exit 1
esac
exit $RETVAL
=======================================================
:wq! #保存退出
chmod 775 /etc/rc.d/init.d/nginx #赋予文件执行权限
chkconfig nginx on #设置开机启动
/etc/rc.d/init.d/nginx restart #重新启动 Nginx
service nginx restart
=======================================================
7、安装 php
cd /opt/local/src
tar -zvxf php-5.5.7.tar.gz
cd php-5.5.7.
./configure –prefix=/opt/local/php5 –with-config-file-path=/opt/local/php5/etc –with-mysql=/opt/local/mysql –with-mysql-sock=/tmp/mysql.sock –with-gd –with-iconv –with-zlib –enable-xml –enable-bcmath –enable-shmop –enable-sysvsem –enable-inline-optimization –enable-mbregex –enable-fpm –enable-mbstring –enable-ftp –enable-gd-native-ttf –with-openssl –enable-pcntl –enable-sockets –with-xmlrpc –enable-zip –enable-soap –without-pear –with-gettext –enable-session –with-mcrypt –with-curl –with-jpeg-dir –with-freetype-dir
make #编译
make install #安装
cp php.ini-production /opt/local/php5/etc/php.ini #复制 php 配置文件到安装目录
rm -rf /etc/php.ini #删除系统自带配置文件
ln -s /opt/local/php5/etc/php.ini /etc/php.ini #添加软链接
cp /opt/local/php5/etc/php-fpm.conf.default /opt/local/php5/etc/php-fpm.conf #拷贝模板文件为 php-fpm 配置文件
vi /opt/local/php5/etc/php-fpm.conf #编辑
user = www #设置 php-fpm 运行账号为 www
group = www #设置 php-fpm 运行组为 www
pid = run/php-fpm.pid #取消前面的分号
设置 php-fpm 开机启动
cp /opt/local/src/php-5.5.7/sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm #拷贝 php-fpm 到启动目录
chmod +x /etc/rc.d/init.d/php-fpm #添加执行权限
chkconfig php-fpm on #设置开机启动
vi /opt/local/php5/etc/php.ini #编辑配置文件
找到:disable_functions =
修改为:disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname
# 列出 PHP 可以禁用的函数,如果某些程序需要用到这个函数,可以删除,取消禁用
找到:;date.timezone =
修改为:date.timezone = PRC #设置时区
找到:expose_php = On
修改为:expose_php = OFF #禁止显示 php 版本的信息
找到:short_open_tag = Off
修改为:short_open_tag = ON #支持 php 短标签
八、配置 nginx 支持 php
vi /opt/local/nginx/conf/nginx.conf
修改 /opt/local/nginx/conf/nginx.conf 配置文件, 需做如下修改
user www www; #首行 user 去掉注释, 修改 Nginx 运行组为 www www;必须与 /opt/local/php/etc/php-fpm.conf 中的 user,group 配置相同,否则 php 运行出错
user www www;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.php index.html index.htm;
}
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
/etc/init.d/nginx restart #重启 nginx
六、测试篇
cd /opt/local/nginx/html/ #进入 nginx 默认网站根目录
rm -rf /opt/local/nginx/html/* #删除默认测试页
vi index.php #新建 index.php 文件
phpinfo();
?>
:wq! #保存退出
chown www.www /opt/local/nginx/html/ -R #设置目录所有者
chmod 700 /opt/local/nginx/html/ -R #设置目录权限
七、其它说明
服务器相关操作命令
service nginx restart #重启 nginx
service mysqld restart #重启 mysql
/usr/local/php/sbin/php-fpm #启动 php-fpm
/etc/rc.d/init.d/php-fpm restart #重启 php-fpm
/etc/rc.d/init.d/php-fpm stop #停止 php-fpm
/etc/rc.d/init.d/php-fpm start #启动 php-fpm
nginx 默认站点目录是:/opt/local/nginx/html/
权限设置:chown www.www /opt/local/nginx/html/ -R
MySQL 数据库目录是:/opt/local/mysql/var
权限设置:chown mysql.mysql -R /opt/local/mysql/var
八、安全优化
sherwin@rocnic~$ssh root@172.16.134.141
root@172.16.134.141’s password:
Last login: Sat Jan 18 12:11:57 2014 from 172.16.134.1
-bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory
[root@dev01 ~]# locale
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
LANG=en_US.UTF-8
LC_CTYPE=UTF-8
LC_NUMERIC=”en_US.UTF-8″
LC_TIME=”en_US.UTF-8″
LC_COLLATE=”en_US.UTF-8″
LC_MONETARY=”en_US.UTF-8″
LC_MESSAGES=”en_US.UTF-8″
LC_PAPER=”en_US.UTF-8″
LC_NAME=”en_US.UTF-8″
LC_ADDRESS=”en_US.UTF-8″
LC_TELEPHONE=”en_US.UTF-8″
LC_MEASUREMENT=”en_US.UTF-8″
LC_IDENTIFICATION=”en_US.UTF-8″
LC_ALL=
Ubuntu 14.04 LTS 安装 LNMP Nginx\PHP5 (PHP-FPM)\MySQL http://www.linuxidc.com/Linux/2014-05/102351.htm
Ubuntu 13.04 安装 LAMP\Vsftpd\Webmin\phpMyAdmin 服务及设置 http://www.linuxidc.com/Linux/2013-06/86250.htm
CentOS 6.4 下的 LNMP 生产环境搭建及安装脚本 http://www.linuxidc.com/Linux/2013-11/92428.htm
生产环境实用之 LNMP 架构的编译安装 +SSL 加密实现 http://www.linuxidc.com/Linux/2013-05/85099.htm
LNMP 全功能编译安装 for CentOS 6.3 笔记 http://www.linuxidc.com/Linux/2013-05/83788.htm
CentOS 6.3 安装 LNMP (PHP 5.4,MyySQL5.6) http://www.linuxidc.com/Linux/2013-04/82069.htm
在部署 LNMP 的时候遇到 Nginx 启动失败的 2 个问题 http://www.linuxidc.com/Linux/2013-03/81120.htm
Ubuntu 安装 Nginx php5-fpm MySQL(LNMP 环境搭建) http://www.linuxidc.com/Linux/2012-10/72458.htm
更多 CentOS 相关信息见CentOS 专题页面 http://www.linuxidc.com/topicnews.aspx?tid=14
本文永久更新链接地址:http://www.linuxidc.com/Linux/2015-10/123845.htm