乐趣区

关于linux:Centos7-Web服务搭建完整过程

一、装置前筹备

资源附件:
https://download.csdn.net/download/u011159821/13119645

下载后搁置:/usr/local/src 目录下

环境依赖:

groupadd www;
useradd -g www -s /sbin/nologin -M www;
yum -y install gcc gcc-c++ openssl openssl-devel libxml2 libxml2-devel bzip2 bzip2-devel libcurl libcurl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel sqlite-devel screen autoconf;
mkdir -p /opt/nginx/1.19;
mkdir -p /opt/php/7.4;
mkdir -p /data/mysql/data;
mkdir -p /opt/redis/6.0;
mkdir -p /opt/mongodb/4.4;

二、装置 Nginx 1.19

cd /usr/local/src;
tar -zxvf nginx-1.19.4.tar.gz;
cd nginx-1.19.4;
./configure --prefix=/opt/nginx/1.19 --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre --with-http_realip_module --with-stream --with-http_v2_module;
make -j;
make install;
ln -s /opt/nginx/1.19/sbin/nginx /usr/local/bin/nginx;

编辑 Nginx.conf,复制以下内容:

user  www www;
worker_processes auto;
error_log  logs/error.log crit;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
pid        logs/nginx.pid;
worker_rlimit_nofile 51200;

events {
    use epoll;
    worker_connections 51200;
    multi_accept on;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local]"$request" '
    #                  '$status $body_bytes_sent"$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    log_format  access  '$remote_addr - $remote_user [$time_local]"$request"''$status $body_bytes_sent "$http_referer" "$request_body" ''"$http_user_agent"$http_x_forwarded_for';

    #access_log  logs/access.log  main;

    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 50m;

    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 256k;

    gzip on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
    gzip_vary on;
    gzip_proxied   expired no-cache no-store private auth;
    gzip_disable   "MSIE [1-6]\.";

    #server {
        #listen       80;
        #server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        #location / {
        #    root   html;
        #    index  index.html index.htm;
        #}

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        #error_page   500 502 503 504  /50x.html;
        #location = /50x.html {
        #    root   html;
        #}

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    #}


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

    include vhost/*.conf;
    # 见 vhost 附件

}

服务命令

nginx # 启动服务
nginx -s reload # 重启服务
nginx -s stop # 进行服务

三、装置 PHP 7.4

cd /usr/local/src;
tar -xvf php-7.4.12.tar.gz;
cd php-7.4.12;

配置 PHP:

./configure \
--prefix=/opt/php/7.4 \
--with-config-file-path=/opt/php/7.4/etc \
--enable-fpm \
--with-fpm-user=nginx  \
--with-fpm-group=nginx \
--enable-inline-optimization \
--disable-debug \
--disable-rpath \
--enable-shared  \
--enable-soap \
--with-libxml-dir \
--with-xmlrpc \
--with-openssl \
--with-mcrypt \
--with-mhash \
--with-pcre-regex \
--with-sqlite3 \
--with-zlib \
--enable-bcmath \
--with-iconv \
--with-bz2 \
--enable-calendar \
--with-curl \
--with-cdb \
--enable-dom \
--enable-exif \
--enable-fileinfo \
--enable-filter \
--with-pcre-dir \
--enable-ftp \
--with-gd \
--with-openssl-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib-dir  \
--with-freetype-dir \
--enable-gd-native-ttf \
--enable-gd-jis-conv \
--with-gettext \
--with-gmp \
--with-mhash \
--enable-json \
--enable-mbregex \
--enable-mbregex-backtrack \
--with-libmbfl \
--with-onig \
--enable-pdo \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-zlib-dir \
--with-pdo-sqlite \
--with-readline \
--enable-session \
--enable-shmop \
--enable-simplexml \
--enable-sockets  \
--enable-sysvmsg \
--enable-sysvsem \
--enable-sysvshm \
--enable-wddx \
--with-libxml-dir \
--with-xsl \
--enable-zip \
--enable-mysqlnd-compression-support \
--with-pear \
--enable-opcache

编译装置:

make && make install;

惯例设置:

# 批改 fpm 配置 php-fpm.conf.default 文件名称
mv /opt/php/7.4/etc/php-fpm.conf.default /opt/php/7.4/etc/php-fpm.conf;

# 复制 php.ini 配置文件
cp php.ini-production /opt/php/7.4/etc/php.ini;

# 复制 php-fpm 启动脚本到 init.d
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm;

# 复制 www.conf 配置文件
cp /opt/php/7.4/etc/php-fpm.d/www.conf.default /opt/php/7.4/etc/php-fpm.d/www.conf;
# 批改 www.conf 配置文件
vim /opt/php/7.4/etc/php-fpm.d/www.conf;
// 23、24 行,nginx 批改为 www

# 赋予执行权限
chmod +x /etc/init.d/php-fpm;

# 增加为启动项
chkconfig --add php-fpm;

# 设置开机启动
chkconfig php-fpm on;

# 建设软链接
ln -s /opt/php/7.4/bin/php /usr/local/bin/php;
ln -s /opt/php/7.4/bin/phpize /usr/local/bin/phpize;
ln -s /opt/php/7.4/bin/php-config /usr/local/bin/php-config;

php.ini 根底批改

vim /opt/php/7.4/etc/php.ini

# 找到 expose_php = On,批改为:expose_php = Off

# 找到;extension_dir = "./",批改为:extension_dir = "/opt/php/7.4/lib/php/extensions/no-debug-non-zts-20190902"

# 找到 disable_functions = 批改为:disable_functions = passthru,system,chroot,chgrp,chown,shell_exec,popen,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,popepassthru,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv

# 找到;date.timezone = 批改为:date.timezone = PRC

服务命令

service php-fpm start # 启动 PHP
service php-fpm reload # 重启 PHP
service php-fpm stop   # 进行 PHP

四、装置 MySQL 5.7

cd /usr/local/src;
yum -y install mysql57-community-release-el7-10.noarch.rpm;
yum -y install mysql-community-server;

呈现以下,至此 MySql 就装置实现了;

批改 /etc/my.cnf

[client]
#password    = your_password
port        = 4363
socket        = /tmp/mysql.sock
[mysqld]
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M

#skip-grant-tables
#wait_timeout=500
#interactive_timeout=500
port        = 4363
socket        = /tmp/mysql.sock
datadir         = /data/mysql/data
default_storage_engine = InnoDB
performance_schema_max_table_instances = 400
table_definition_cache = 400
skip-external-locking
key_buffer_size = 256M
max_allowed_packet = 100G
table_open_cache = 1024
sort_buffer_size = 4M
net_buffer_length = 4K
read_buffer_size = 4M
read_rnd_buffer_size = 256K
myisam_sort_buffer_size = 64M
thread_cache_size = 128
query_cache_size = 128M
tmp_table_size = 128M
sql-mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
pid-file=/data/mysql/mysqld.pid

explicit_defaults_for_timestamp = true
#skip-name-resolve
max_connections = 500
max_connect_errors = 500
open_files_limit = 65535

log-bin=mysql-bin
binlog_format=mixed
server-id = 1
expire_logs_days = 10
slow_query_log=1
slow-query-log-file=/data/mysql/logs/mysql-slow.log
long_query_time=3
#log_queries_not_using_indexes=on
early-plugin-load = ""

character_set_server=utf8
init_connect='SET NAMES utf8'

innodb_data_home_dir = /data/mysql/data
innodb_data_file_path = ibdata1:10M:autoextend
innodb_log_group_home_dir = /data/mysql/data
innodb_buffer_pool_size = 1024M
innodb_log_file_size = 512M
innodb_log_buffer_size = 128M
innodb_flush_log_at_trx_commit = 1
innodb_lock_wait_timeout = 50
innodb_max_dirty_pages_pct = 90
innodb_read_io_threads = 4
innodb_write_io_threads = 4

# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

log-error=/data/mysql/logs/mysqld.error.log

[mysqld_safe]  
log-error=/data/mysql/logs/mysqld.error.log
pid-file=/data/mysql/mysqld.pid

[mysqldump]
quick
max_allowed_packet = 500M

[mysql]
no-auto-rehash

[myisamchk]
key_buffer_size = 256M
sort_buffer_size = 4M
read_buffer = 2M
write_buffer = 2M

[mysqlhotcopy]
interactive-timeout

初始化明码:

grep "password" /var/log/mysqld.log

命令行进入数据库,批改初始化明码

mysql -uroot -p
mysql>ALTER USER 'root'@'localhost' IDENTIFIED BY 'qoL5P*49KIlJ';

开启近程拜访

mysql>use mysql;
mysql>select 'host' from user where user='root';
mysql>update user set host = '%' where user ='root';
mysql>flush privileges;
mysql>select 'host' from user where user='root';
mysql>exit;

服务命令

# 首次服务启动前,确认 /data/mysql 目录权限为:mysql:mysql
# chown -R mysql:mysql /data/mysql;

systemctl start mysqld.service # 启动 Mysql
systemctl restart mysqld #重启 Mysql
systemctl stop mysqld #进行 Mysql

为 Firewalld 增加凋谢端口
增加 mysql 端口

firewall-cmd --zone=public --add-port=4363/tcp --permanent

而后再从新载入

firewall-cmd --reload

注:若提醒 FirewallD is not running,则服务未开启:

# 开启 Firewall 防火墙服务
systemctl start firewalld.service

五、装置 Redis 6.0

# 为了防止报错先执行以下命令:yum -y install gcc tcl;
yum -y install centos-release-scl;
yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++ devtoolset-9-binutils;
echo "source /opt/rh/devtoolset-9/enable" >> /etc/profile;

# 重连 Shell 后执行
cd /usr/local/src;
tar xzf redis-6.0.9.tar.gz;
mv ./redis-6.0.9 /opt/redis/6.0;
cd /opt/redis/6.0;
make;

# 批改 redis.conf 配置
# 找到 port 6379,批改为:port 6397

# 找到# requirepass foobared,批改为:# 此次批改的是 Redis 明码
requirepass AmYQn2Hv6AytY4Ux

# 创立软链接
ln -s /opt/redis/6.0/src/redis-cli /usr/local/bin/redis-cli;

创立虚拟空间运行 Redis 服务

# 创立 Screen 环境
screen -R RedisServe;
[RedisServe]:src/redis-server /opt/redis/6.0/redis.conf;
# CTRL + A + D 退出 Screen 环境

# 进入已创立的 Screen 环境
screen -r RedisServe;

PHP 退出 Redis 扩大

cd /usr/local/src/;
tar zxvf redis-5.3.2.tgz;
cd redis-5.3.2/;
phpize # 或 /opt/php/7.4/bin/phpize;
./configure --with-php-config=/opt/php/7.4/bin/php-config;
make;
make install;

# 批改 php.ini
vim /opt/php/7.4/etc/php.ini;
extension=redis.so # 949 行,;extension=xsl 前面追加

# 重启 PHP 服务
service php-fpm reload;

六、装置 MongoDB 4.4

cd /usr/local/src;
tar -zxvf mongodb-linux-x86_64-rhel70-4.4.1.tgz;
mv /usr/local/src/mongodb-linux-x86_64-rhel70-4.4.1/* /opt/mongodb/4.4/
export PATH=/opt/mongodb/4.4/bin:$PATH;

# 设置开机启动
systemctl enable mongod.service

启动前配置

mkdir -p /data/mongo/data/db;
cd /data/mongo;
mkdir logs;
touch mongodb.log;
mkdir etc;
touch mongodb.conf;

# 编辑 mongodb.conf
# 更多配置项,可通过 mongod --help 查看
dbpath=/data/mongo/data/db             # 指定数据存储目录
logpath=/data/mongo/logs/mongodb.log   # 指定日志文件存储目录
logappend=true                         # 应用追加形式写日志
port=27017                             # 端口
fork=true                              # 以守护过程形式运行
auth=true                              # 启用验证
bind_ip=0.0.0.0                        # 容许任意内部地址拜访

# 启动服务
mongod --config /data/mongo/etc/mongodb.conf;

# 进入 mongo 命令行下创立超级管理员
# root@dev-PC:~# mongo
db.createUser({user:"root",pwd:"K8gEBx05@F$9#jUe",roles:["root"]})

服务命令

# 启动 mongodb
mongod --config /data/mongo/etc/mongodb.conf;

# 进行 mongodb
ps -ef | grep mongodb;
kill -9 [对应 MongoDB 过程 ID]

六、SSH 端口批改

vi /etc/ssh/sshd_config
# 找到上面的 Port 指定批改

#Port 22 
Port 2063 #本人新设的端口

# 批改防火墙,减少对方才的端口拜访
# 重启使 ssh 配置失效
systemctl restart sshd.service 
# 若防火墙服务有开启,则须要将新端口退出端口名单中,并重启服务器
退出移动版