千家信息网

NGINX网站服务-LNMP平台及应用

发表于:2024-11-23 作者:千家信息网编辑
千家信息网最后更新 2024年11月23日,实验需求:LNMP实现多个虚拟主机,部署wordpress和phpmyadmin,并为phpmyadmin提供https实验环境:LNMP CentOS 7.2x86_64 IP:172.16.251
千家信息网最后更新 2024年11月23日NGINX网站服务-LNMP平台及应用

实验需求:

LNMP实现多个虚拟主机,部署wordpressphpmyadmin,并为phpmyadmin提供https


实验环境:

LNMP CentOS 7.2x86_64 IP:172.16.251.138

测试端 CentOS 6.7x86_64 IP:172.16.251.164

软件包:

initial-setup-ks.cfg
mariadb-5.5.46-linux-x86_64.tar.gz
nginx-1.10.0.tar.gz
php-5.4.26.tar.bz2
phpMyAdmin-4.4.14.1-all-languages.zip
wordpress-4.3.1-zh_CN.zip


实验准备:

安装开发包组,支持软件,解决依赖关系

[root@station138 ~]# iptables -F

[root@station138 ~]# setenforce 0

[root@station138 ~]# yum groupinstall"Development Tools" "Server Platform Development"

[root@station138 ~]# yum -y installpcre-devel openssl-devel zlib-devel


编译安装nginx:

[root@station138 ~]# tar xfnginx-1.10.0.tar.gz

1.创建程序用户:

[root@station138 nginx-1.10.0]# useradd -rnginx

2.进入目录开始编译:

[root@station138 nginx-1.10.0]# ./configure--prefix=/usr/local/nginx --sbin-path=/usr/sbin/nginx--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid--lock-path=/var/run/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module--with-http_dav_module --with-http_stub_status_module --with-threads--with-file-aio

[root@station138 nginx-1.10.0]# make&& make install

3.检查配置文件:

[root@station138 nginx-1.10.0]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful


4.启动服务:

[root@station138 nginx-1.10.0]# nginx

[root@station138 nginx-1.10.0]# netstat-anpt |grep nginx

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 38873/nginx: master

5.创建虚拟主机:

[root@station138 ~]# mkdir -pv /var/www/v{1,2}

[root@station138 ~]# echo "web1" >> /var/www/v1/index.html

[root@station138 ~]# echo "web2" >> /var/www/v2/index.html

[root@station138 ~]# vim/etc/nginx/nginx.conf

server {

listen 80;

server_name www.a.com;

location / {

root /var/www/v1;

index index.php index.htmlindex.htm;

}

}

server {

listen 80;

server_name www.b.com;

location / {

root /var/www/v2;

index index.php index.html index.htm;

}

}

[root@station138 ~]# nginx -s reload

6.客户端测试:


二进制安装mariadb:

1.建立mysql系统用户

[root@station138~]# useradd -r -M mysql

2.建立数据存放的目录

[root@station138~]# mkdir -p /testdir/mydata

[root@station138~]# chown -R mysql.mysql /testdir/mydata

3.解压mariadb安装包

[root@station138 ~]#tar xf mariadb-5.5.46-linux-x86_64.tar.gz -C /usr/local

[root@station138~]# ln -sv /usr/local/mariadb-5.5.46-linux-x86_64/ mysql

[root@station138~]# chown -R root.mysql /usr/local/mysql/*

4.使用scripts脚本文件mysql_install_db文件来安装数据库

[root@station138mysql]# scripts/mysql_install_db --user=mysql --datadir=/testdir/mydata

5.提供配置文件

[root@station138mysql]# cp support-files/my-large.cnf /etc/my.cnf

[root@station138mysql]# vim /etc/my.cnf

datadir=/testdir/mydata //指明mysql的数据存放路径

innodb_file_per_table = ON //成为独立表空间

skip_name_resolve = ON //跳过名称解析

6.提供mysql服务启动脚本

[root@station138 support-files]# cp mysql.server /etc/rc.d/init.d/mysqld

[root@station138 support-files]# chkconfig --add mysqld

7.添加环境变量

[root@station138 ~]# vim /etc/profile.d/mysql.sh

export PATH=/usr/local/mysql/bin:$PATH

[root@station138 ~]# source /etc/profile.d/mysql.sh

8.导出头文件,导出库文件:

[root@station138 ~]#ln -s /usr/local/include/ /usr/include/mysql

[root@station138 ~]#vim /etc/ld.so.conf.d/mysql.conf

9.启动服务

[root@station138 ~]# systemctl start mysqld

[root@station138 ~]# ss -tnl

LISTEN 0 50 *:3306 *:*


源代码安装PHP:

1.安装支持软件,解决依赖关系:

[root@station138 ~]# yum -y install bzip2-devel libmcrypt-devel libxml2-devel openssl-devel

2.编译php

[root@station138 ~]# tar xf php-5.4.26.tar.bz2 [root@station138 ~]# cd php-5.4.26/

[root@station138 php-5.4.26]# ./configure\

--prefix=/usr/local/php --with-openssl --with-mysql=mysqlnd

--with-pdo-mysql=mysqlnd --with-mysql=mysqlnd --enable-mbstring --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib--with-libxml-dir=/usr --enable-xml --enable-sockets --enable-fpm --with-mcrypt

--with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2

[root@station138 php-5.4.26]# make && make install

3.php提供配置文件

[root@station138 php-5.4.26]# cp php.ini-production /etc/php.ini

4.提供php-fpm脚本

[root@station138 php-5.4.26]# cp sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm[root@station138 php-5.4.26]# chmod +x /etc/rc.d/init.d/php-fpm

[root@station138 php-5.4.26]# chkconfig --add php-fpm

5.提供php-fpm配置文件

[root@station138 php-5.4.26]# cd /usr/local/php

[root@station138 php-5.4.26]# cp etc/php-fpm.conf.default etc/php-fpm.conf

6.启动服务

[root@station138 php-5.4.26]# systemctl start php-fpm[root@station138 php-5.4.26]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port

LISTEN 0 128 127.0.0.1:9000 *:*

7.配置nginx支持php解析:

[root@station138 ~]# vim/etc/nginx/nginx.conf

server {
listen 80;
server_name
www.a.com;

location / {
root /var/www/v1;
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

location ~ \.php$ {
root /var/www/v1;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/v1/$fastcgi_script_name;
include fastcgi_params;
}

}

server {
listen 80;
server_name www.b.com;
location / {
root /var/www/v2;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /var/www/v2;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/v2/$fastcgi_script_name;
include fastcgi_params;
}

}

[root@station138 ~]# nginx -s reload

8.客户端测试php:

9.创建数据库,授权用户

[root@station138 nginx]# mysql -uroot -p


MariaDB [(none)]> create database wpdb;


Query OK, 1 row affected (0.00 sec)


MariaDB [(none)]> grant all on wpdb.* to 'wpuser'@'172.16.%.%' identified by 'wp123';


Query OK, 0 rows affected (0.14 sec)


MariaDB [(none)]> create database pma;


Query OK, 1 row affected (0.00 sec)


MariaDB [(none)]> grant all on pma.* to 'pmauser'@'172.16.%.%' identified by 'pma123';


Query OK, 0 rows affected (0.00 sec)


10.测试mysql-php:

[root@station138 ssl]# cat /var/www/v1/index.php
web1
$link = mysql_connect('localhost','root','123456');
if($link)
echo "OK";
else
echo "no";
?>


部署应用:

1.部署wordpress:

[root@station138 ~]# unzip wordpress-4.3.1-zh_CN.zip


[root@station138 ~]# mv wordpress /var/www/v1/


[root@station138 wordpress]# mv wp-config-sample.php wp-config.php

[root@station138 wordpress]# vim wp-config.php /** WordPress数据库的名称 */define('DB_NAME', 'wpdb');/** MySQL数据库用户名 */define('DB_USER', 'wpuser');/** MySQL数据库密码 */define('DB_PASSWORD', 'wp123');/** MySQL主机 */

define('DB_HOST', '172.16.251.138');

2.部署phpMyAdmin:

[root@station138 ~]# unzip phpMyAdmin-4.4.14.1-all-languages.zip[root@station138 ~]# mv phpMyAdmin-4.4.14.1-all-languages /var/www/v2[root@station138 v2]# ln -sv phpMyAdmin-4.4.14.1-all-languages/ pma[root@station138 v2]# vim phpmyadmin/libraries/config.default.php$cfg['blowfish_secret'] = 'tSQRO02T+grA6rvJHCXr';$cfg['Servers'][$i]['host'] = '172.16.251.138'; $cfg['Servers'][$i]['user'] = 'pmauser';

$cfg['Servers'][$i]['password'] = 'pma123';

3.客户端测试应用:


为phpmyadmin提供https:

1.生成私钥:

[root@station138 CA]# (umask 077; opensslgenrsa -out private/cakey.pem 2048)

2.生成自签证书:

[root@station138 CA]# openssl req -new-x509 -key private/cakey.pem -out cacert.pem

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:bj

Locality Name (eg, city) [Default City]:bj

Organization Name (eg, company) [DefaultCompany Ltd]:yw

Organizational Unit Name (eg, section)[]:Ops

Common Name (eg, your name or your server'shostname) []:www.b.com

Email Address []:admin@b.com

3.提供辅助文件

[root@station138 CA]#touch index.txt

[root@station138 CA]#echo 01 > serial

4.生成私钥:

[root@station138 ssl]# (umask 077; openssl genrsa -out nginx.key1024)

5.生成证书请求:

[root@station138 ssl]# openssl req -new -key nginx.key -outnginx.csr

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:bj

Locality Name (eg, city) [Default City]:bj

Organization Name (eg, company) [DefaultCompany Ltd]:yw

Organizational Unit Name (eg, section)[]:Ops

Common Name (eg, your name or your server'shostname) []:www.b.com

Email Address []:admin@b.com

Please enter the following 'extra'attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

6.签发证书:

[root@station138 ssl]# openssl ca -in /testdir/nginx.csr -out/etc/pki/CA/certs/nginx.crt

[root@station138 ssl]# cp/etc/pki/CA/certs/nginx.crt /etc/nginx/ssl/

7.修改nginx配置文件,添加支持ssl:

[root@station138 ~]# vim /etc/nginx/nginx.conf

server {
listen 443 ssl;
server_name localhost;

ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
root html;
index index.php index.html index.htm;
}
}

8.测试https:

0