lnmp应用服务器安装手册

环境准备

yum -y install vim wget zip unzip lrzsz gcc gcc-c++ autoconf automake libtool make openssl openssl-devel pcre-devel libxml2-devel libcurl-devel libicu-devel openldap openldap-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libpng libpng-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses curl gdbm-devel db4-devel libXpm-devel libX11-devel gd-devel gmp-devel readline-devel libxslt-devel expat-devel xmlrpc-c xmlrpc-c-devel libvpx-devel libzip libzip-devel
cd /opt

[1]安装nginx

cd /opt
wget https://github.com/alibaba/nginx-http-concat/archive/master.zip
unzip master.zip
wget http://nginx.org/download/nginx-1.12.1.tar.gz
groupadd -r nginx
useradd -s /sbin/nologin -g nginx -r nginx
tar -zxvf nginx-1.12.1.tar.gz
cd nginx-1.12.1

完整+nginx-http-concat
./configure 
--prefix=/usr/local/webserver/nginx  
--user=nginx 
--group=nginx 
--with-http_ssl_module 
--with-http_flv_module 
--with-http_gzip_static_module 
--with-http_stub_status_module 
--add-module=/opt/nginx-http-concat-master

只安装nginx
./configure 
--prefix=/usr/local/webserver/nginx  
--user=nginx 
--group=nginx 
--with-http_ssl_module 
--with-http_flv_module 
--with-http_gzip_static_module 
--with-http_stub_status_module

make && make install

[2]安装nginx lua

yum install readline-devel pcre-devel openssl-devel
wget https://github.com/alibaba/nginx-http-concat/archive/master.zip
unzip master.zip
wget https://github.com/openresty/lua-nginx-module/archive/v0.10.10.tar.gz
tar -zxvf lua-nginx-module-0.10.10.tar.gz
wget https://openresty.org/download/openresty-1.11.2.4.tar.gz
tar -zxvf openresty-1.11.2.4.tar.gz
cd /opt/openresty-1.11.2.4

./configure 
--prefix=/usr/local/webserver/nginx  
--user=nginx 
--group=nginx 
--with-http_ssl_module 
--with-http_flv_module 
--with-http_gzip_static_module 
--with-http_stub_status_module 
--add-module=/opt/nginx-http-concat-master 
--add-module=/opt/openresty-1.11.2.4/bundle/ngx_devel_kit-0.3.0 
--add-module=/opt/lua-nginx-module-0.10.10

make && make install

安装imagemagick

wget http://www.imagemagick.org/download/ImageMagick-7.0.8-9.tar.gz
tar -zvxf ImageMagick-7.0.8-9.tar.gz
cd ImageMagick-7.0.8-9

./configure 
--with-bzlib=yes 
--with-autotrace=yes 
--with-djvu=yes         
--with-dps=yes           
--with-fftw=yes 
--with-flif=yes 
--with-fpx=yes 
--with-fontconfig=yes   
--with-freetype=yes         
--with-gslib=no            
--with-gvc=yes              
--with-jbig=yes             
--with-jpeg=yes             
--with-lcms=yes             
--with-lqr=yes              
--with-ltdl=yes             
--with-lzma=yes             
--with-magick-plus-plus=yes 
--with-openexr=yes          
--with-openjp2=yes          
--with-pango=yes            
--with-perl=no             
--with-png=yes              
--with-raqm=yes             
--with-raw=yes              
--with-rsvg=no             
--with-tiff=yes             
--with-webp=yes             
--with-wmf=yes              
--with-x=                  
--with-xml=yes              
--with-zlib=yes

安装mysql

cd /opt
wget https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.18-linux-glibc2.5-x86_64.tar.gz
tar zxvf mysql-5.7.18-linux-glibc2.5-x86_64.tar.gz
mv mysql-5.7.18-linux-glibc2.5-x86_64 /usr/local/webserver/mysql
cd /usr/local/webserver/mysql
groupadd -r mysql
useradd -s /sbin/nologin -g mysql -r mysql
mv /etc/my.cnf ./ #移动默认my.cnf配置
vim my.cnf #设置基本配置basedir、datadir等,参考一下案例
cd support-files/
vim mysql.server #修改basedir、datadir与my.cnf保持一致
cd /usr/local/webserver
chown mysql.mysql ./mysql -R
mkdir -p /data/mysql3306/data
chown mysql.mysql /data/mysql3306/ -R
mysql/bin/mysqld --initialize --user=mysql --basedir=/opt/mysql/ --datadir=/data/mysql3306/data
（注：这时候会显示出root的默认密码，需要记录下来）
#记录初始化root密码
/usr/local/webserver/mysql/support-files/mysql.server start
/usr/local/webserver/mysql/bin/mysql -uroot -p -S/data/mysql3306/mysql.sock --default-character-set=utf8
mysql> set password for root@localhost = password('root'); #初始化root密码
mysql> grant select,update,delete,insert on erp_doraemon.* to erp_doraemon@localhost identified by 'qz0OYN5ANiZuT7aV#c';
mysql> flush privileges;
mysql> q
/usr/local/webserver/mysql/support-files/mysql.server restart

#创建有所有权限的用户（慎用）

mysql> CREATE USER 'yuzhenque'@'%'IDENTIFIED BY '88888888'; //添加用户
mysql> GRANT ALL ON . TO 'yuzhenque'@'%'; //赋值权限
mysql> GRANT ALL ON . TO 'yuzhenque'@'%'; GRANT ALL ON . TO 'yuzhenque'@'%'; GRANT ALL ON . TO 'yuzhenque'@'%'; //刷新权限
mysql> SHOW GRANTS FOR 'yuzhenque'@'%'; //验证用户权限是否赋值成功
附：my.cnf 配置如下

# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html
# *** DO NOT EDIT THIS FILE. It's a template which will be copied to the
# *** default location during install, and will be replaced if you
# *** upgrade to a newer version of MySQL.

[mysqld]

# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M

# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin

# These are commonly set, remove the # and set as required.
# basedir = .....
# datadir = .....
# port = .....
# server_id = .....
# socket = .....

# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M 
basedir = /usr/local/webserver/mysql
datadir = /data/mysql3306/data
port = 3306
# server_id = .....
#socket = /data/mysql3306/mysql3306.sock
pid-file = /data/mysql3306/mysql.pid

max_connections=200
key_buffer_size=200M
low_priority_updates=1
table_open_cache = 8000
back_log=1500
query_cache_type=0
table_open_cache_instances=16

innodb_buffer_pool_size=4000M
innodb_buffer_pool_instances=32
innodb_log_buffer_size=64M
join_buffer_size=32K
sort_buffer_size=32K

innodb_file_per_table=1
innodb_checksums=0
innodb_doublewrite=0
innodb_support_xa=0
innodb_thread_concurrency=0
innodb_flush_log_at_trx_commit=2
innodb_max_dirty_pages_pct=50
innodb_use_native_aio=1
innodb_stats_persistent=1

slow_query_log = 1
slow_query_log_file = /data/logs/mysql3306_slow_query.log
long_query_time = 5
log_queries_not_using_indexes = ON

server-id = 1
log-bin=mysql-bin
expire_logs_days=15

sql_mode=NO_ENGINE_SUBSTITUTION

安装libmcrypt

cd /opt
wget ftp://mcrypt.hellug.gr/pub/crypto/mcrypt/libmcrypt/libmcrypt-2.5.7.tar.gz
tar zxvf libmcrypt-2.5.7.tar.gz
cd libmcrypt-2.5.7
./configure
make && make install

安装php5.6

cd /opt
wget http://cn.php.net/distributions/php-5.6.31.tar.gz
wget http://downloads.zend.com/guard/7.0.0/zend-loader-php5.6-linux-x86_64_update1.tar.gz
tar zxvf zend-loader-php5.6-linux-x86_64_update1.tar.gz
tar -zxvf php-5.6.31.tar.gz
groupadd -r www
useradd -s /sbin/nologin -g www -r www

vi /etc/ld.so.conf.d/local.conf     # 编辑库文件
/usr/local/lib                                 # 添加该行
/usr/local/lib64                             # 添加该行
:wq                                              # 保存退出
ldconfig -v

cd php-5.6.31

./configure 
--prefix=/usr/local/webserver/php5.6 
--with-config-file-path=/usr/local/webserver/php5.6/etc 
--enable-fpm 
--with-fpm-user=www 
--with-fpm-group=www 
--enable-soap 
--enable-gd-native-ttf 
--enable-ftp 
--enable-mbstring 
--enable-exif 
--enable-pdo 
--enable-mbstring 
--enable-opcache 
--enable-sockets 
--enable-pcntl 
--enable-zip 
--enable-calendar 
--enable-bcmath 
--enable-intl 
--with-pdo-mysql 
--with-mysql 
--with-mysqli 
--with-libxml-dir 
--with-pcre-dir 
--with-gd 
--with-vpx-dir 
--with-jpeg-dir 
--with-png-dir 
--with-freetype-dir 
--with-xpm-dir 
--with-iconv-dir 
--with-zlib-dir 
--with-mcrypt 
--with-zlib 
--with-curl 
--with-openssl 
--with-gettext 
--with-mhash 
--with-ldap 
--with-libdir=lib64 
--without-pear 
--disable-phar

make && make install
cd /usr/local/webserver/php5.6/etc
cp /opt/zend-loader-php5.6-linux-x86_64/ZendGuardLoader.so ../lib/php/extensions/no-debug-non-zts-20131226/
###cp /opt/zend-loader-php5.6-linux-x86_64/opcache.so ./lib/php/extensions/no-debug-non-zts-20131226/
cp /opt/php-5.6.37/php.ini-development php.ini
cp php-fpm.conf.default php-fpm.conf
编辑php.ini，在末尾加入

zend_extension= /usr/local/webserver/php5.6/lib/php/extensions/no-debug-non-zts-20131226/ZendGuardLoader.so
zend_loader.enable=3
zend_loader.disable_licensing=0
zend_loader.obfuscation_level_support=3

部署应用

mkdir -p /data/www/erp_doraemon/sitedata

root防护

useradd tripdc
passwd tripdc
vi /etc/ssh/sshd_config
port/PermitRootLogin
service sshd restart

附：配置笔记

nginx配置

文件/usr/local/webserver/nginx/conf/nginx.conf 末添加

include /usr/local/webserver/nginx/conf/vhost/*.conf;

文件/usr/local/webserver/nginx/conf/nginx.conf参考配置
其中 worker_processes 根据cpu核数配置，多少核就配置多少，可通过命令top，按1查看

user  www www;
worker_processes  8;
#worker_cpu_affinity auto;
error_log  /data/logs/nginx_error.log;
pid        /usr/local/webserver/nginx/nginx.pid;

worker_rlimit_nofile 65535;
events {
    use epoll;
    worker_connections  1024;
}


http {
  include       mime.types;
  default_type  application/octet-stream;

      
  server_names_hash_bucket_size 128;
  client_header_buffer_size 32k;
  large_client_header_buffers 4 32k;
  client_max_body_size 16m;
      
  sendfile on;
  tcp_nopush     on;

  keepalive_timeout 10;

  tcp_nodelay on;

  fastcgi_connect_timeout 300;
  fastcgi_send_timeout 300;
  fastcgi_read_timeout 300;
  fastcgi_buffer_size 64k;
  fastcgi_buffers 8 128k;
  fastcgi_busy_buffers_size 128k;
  fastcgi_temp_file_write_size 128k;

  gzip on;
  gzip_min_length  1k;
  gzip_buffers     4 16k;
  gzip_http_version 1.0;
  gzip_comp_level 6;
  gzip_types       text/plain application/x-javascript text/css application/xml;
  gzip_vary on;

  #limit_zone  crawler  $binary_remote_addr  10m;


  log_format combined_hx '$remote_addr - $server_addr [$time_local] $request_method $http_host $request_uri $request_time $status $body_bytes_sent "$http_referer" '  '"$http_user_agent" $http_x_forwarded_for';
  log_not_found off;  
  #access_log off; 
  access_log /data/logs/nginx_access.log combined_hx;

  #server{
  #      listen 80;
  #      root /data/www/test/;
  #      index index.php index.html;
  #     include php_ci.conf;

  #}

  include vhosts/*.conf;
}

-创建配置文件目录/usr/local/webserver/nginx/conf/vhosts

mkdir /usr/local/webserver/nginx/conf/vhosts

目录/usr/local/webserver/nginx/conf添加文件php_ci.conf

location ~ ^(.*)/.svn/
{
    deny all;
}
location ~ .*.php?
{
    #fastcgi_pass  unix:/tmp/php-cgi.sock;
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_index index.php;

    if ($request_filename ~* (.*).php) {
        set $php_url $1;
    }
    if (!-e $php_url.php) {
        return 403;
    }

    fastcgi_split_path_info ^(.+.php)(.*)$;
    fastcgi_param   PATH_INFO         $fastcgi_path_info;

    fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
    fastcgi_param  SERVER_SOFTWARE    nginx;

    fastcgi_param  QUERY_STRING       $query_string;
    fastcgi_param  REQUEST_METHOD     $request_method;
    fastcgi_param  CONTENT_TYPE       $content_type;
    fastcgi_param  CONTENT_LENGTH     $content_length;

    fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
    fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
    fastcgi_param  REQUEST_URI        $request_uri;
    fastcgi_param  DOCUMENT_URI       $document_uri;
    fastcgi_param  DOCUMENT_ROOT      $document_root;
    fastcgi_param  SERVER_PROTOCOL    $server_protocol;

    fastcgi_param  REMOTE_ADDR        $remote_addr;
    fastcgi_param  REMOTE_PORT        $remote_port;
    fastcgi_param  SERVER_ADDR        $server_addr;
    fastcgi_param  SERVER_PORT        $server_port;
    fastcgi_param  SERVER_NAME        $server_name;

    # PHP only, required if PHP was built with --enable-force-cgi-redirect
    fastcgi_param  REDIRECT_STATUS    200;

}

目录/usr/local/webserver/nginx/conf添加文件extra.conf

 location ~ .*.(gif|jpg|ico|png)$
    {
        expires      7d;
        access_log off;
    }

    location ~ .*.(js|css)?$
    {
        expires      6h;
        access_log off;
    }

目录/usr/local/webserver/nginx/conf/vhost添加文件erp.conf

server
{
    listen  80;
    server_name erp.domain.com;
    index index.html index.php;
    root  /data/www/erp_doraemon/webapp;

    include php_ci.conf;
    include extra.conf;

    location /static/ {
        location ~ .*.(php)?$
        {
            deny all;
        }
    }
    location /static_m/ {
        location ~ .*.(php)?$
        {
            deny all;
        }
    }

    location / {
        if (!-e $request_filename) {
            rewrite ^/(.*)$ /index.php/$1 last;
        }
    }
    access_log /data/logs/web/erp_doraemon.log combined_hx;
}

lnmp应用服务器安装手册

环境准备

[1]安装nginx

[2]安装nginx lua

安装imagemagick

安装mysql

安装libmcrypt

安装php5.6

部署应用

相关文件路径

root防护

附：配置笔记

nginx配置