一、 安装MySQL
二、 安装PHP
一、下载PHP源码包,命令如下:
cd /usr/local/
wget http://cn2.php.net/distributions/php-5.6.30.tar.gz
解压源码包,创建账号,命令如下:
tar zxf php-5.6.30.tar.gz
useradd -s /sbin/nologin php-fpm
配置编译选项,命令如下:
./configure --prefix=/usr/local/php-fpm --with-config-file-path=/usr/local/php-fpm/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl
编译和安装
make
make install
常见几个错误及解决办法:
错误一:configure: error: xml2-config not found. Please check your 11bxml2 installation.
解决办法:# yum install -y 11bxml2-devel
错误二:configure: error: Cannot find OpenSSL's <evp.h>
解决办法:# yum install y openssl openssl-devel
错误三:checking for BZip2 in default path... not found
configure: error: Please reinstall the BZip2 distribution
解决办法:# yum install -y bzip2 bzip2-devel
错误四:configure: error: png.h not found.
解决办法:# yum install -y libpng libpng-devel
错误五:configure: error: freetype.h not found.
解决办法:# yum install -y freetype freetype-devel
错误六:configure: error: mcrypt.h not found. Please reinstall libmcrypt.
解决办法:# yum install -y epel-release
# yum install -y libmcrypt-devel
修改配置文件,命令如下:
cp php.ini-production /usr/local/php-fpm/etc/php.ini
在vim /usr/local/php-fpm/etc/php-fpm.conf中加入
[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
[www]
listen = /tmp/php-fcgi.sock
listen.mode = 666
user = php-fpm
group = php-fpm
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
limit_files = 1024
保存配置文件后,检验配置是否正确的方法如下:
/usr/local/php-fpm/sbin/php-fpm -t
启动php-fpm,命令如下:
cp /usr/local/src/php-5.6.30/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod 755 /etc/init.d/php-fpm
useradd -s /sbin/nologin php-fpm
service php-fpm start
设置php- fpm开机启动的命令如下:
chkconfig php-fpm on
检测php-fpm是否启动的命令如下:
ps aux |grep php-fpm
执行这条命令,可以看到启动了很多个进程(大概二十多个)。
三、 安装Nginx
1 、下载
#cd /usr/local/src/
2、解压
#tar zxf nginx-1.10.3.tar.gz
3、配置安装
#cd nginx-1.10.3/
#/configure --prefix=/usr/local/ngin
#make && make install
4、编写Nginx启动脚本,并加入系统服务,命令如下:
#在vi /etc/init.d/nginx加入:
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL}
restart(){
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
5、保存该脚本后更改权限,命令如下:
#chmod 755 /etc//init.d/nginx
#chkconfig --add nginx
6、如果想开机启动Nginx,请执行如下命令:
#chkconfig nginx on
7、更改Nginx的配置文件。
首先把原来的配置文件清空,操作方法如下:
#> /usr/local/nginx/conf/nginx.conf
#vim /usr/local/nginx/conf/nginx.conf //写入以下内容
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ .php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
检验配置是否正确
#/usr/local/nginx/sbin/nginx -t
#vim /usr/local/nginx/conf/nginx.conf
#/usr/local/nginx/sbin/nginx -t
#service nginx start
#ps aux |grep nginx
8、测试是否正确解析
#vi /usr/local/nginx/html/2.php
<?php
echo "test php scripts";
?>
#curl localhost/2.php
test php scripts //证明解析成功
四、 Nginx配置
(一) 默认虚拟主机
1.1配置
首先修改配置文件
#vi /usr/local/nginx/conf/nginx.conf
在最后一个结束符号}前加一行配置include vhost/*.conf; 意思就是/usr/local/nginx/conf/host下面的所有以.conf结尾的文件都会被加载
#mkdir /usr/local/nginx/conf/vhost
#cd /usr/local/nginx/conf/vhost
#vim default.conf
server
{
listen 80 default_server;
server_name aaa.com;
index index.html index.htm index.php;
root /data/nginx/default;
}
#/usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
#/usr/local/nginx/sbin/nginx -s reload
#echo "default_server" > /data/nginx/default/index.html
//创建索引页
1.2检验测试
#curl -x127.0.0.1:80 aaa.com
//访问aaa.com
default_server
#curl -x127.0.0.1:80 1212.com
//访问一个没有定义过的域名,也会访问aaa.com
default_server
(二) 用户认证
2.1配置
再来创建一个新的虚拟主机
#cd /usr/local/nginx/conf/vhost
#vi test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm
index.php;
root /data/nginx/test.com;
location /
{
auth_basic "Auth";
//打开认证 auth_basic_user_file /ust/local/nginx/conf/htpasswd;
//指定用户密码文件 }
}
#yum install -y httpd
//安装httpd,也可以使用之前编译安装的Apache2.4
#htpasswd -c /usr/local/nginx/conf/htpasswd aming
new password:
re-type new password:
Adding password for user aming
#/usr/local/nginx/sbin/nginx -s reload
#mkdir /data/nginx/test.com
#echo "test.com" > /data/nginx/test.com/index.html
2.2 测试检测
#curl -I -x127.0.0.1:80 test.com
状态码401
打开hosts文件,加上“你的IP test.com”
然后在浏览器访问test.com
如针对目录做用户认证则要修改location后面的路径:
location /admin/
{
auth_ basic "Auth" ;
auth_basic_user_file
/usr/local/nginx/conf/htpasswd;
}
(三) 域名重定向
3.1配置
#vi /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com
//是server_name后面可以跟多个域名
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com' ){
rewrite ^(.*)$ http://test.com/$1 permanent;
//permanent为永久重定向,相当于httpd的R=301
}
}
#/susr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
#/usr/local/nginx/sbin/nginx -s reload
3.2检验测试
#curl -x127.0.0.1:80 test1.com/123.txt -I
状态码301
(四) Nginx的访问日志
4.1配置
先来看看Nginx的日志格式
#grep -A2 log_format /usr/local/nginx/conf/nginx.conf
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
//combined_realip为日志格式名字,$remote_addr为访问网站的用户的出口IP;
//$http_x_forwarded_for 为代理服务器的IP,如果使用了代理,则会记录IP
//$time_local为当前时间;$host为访问的主机名;$request_uri为访问的URL地址
//$status为状态码,$http_referer为referer地址,$http_user_agent为user_agent
修改配置文件
#vi /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com' ){
access_log /tmp/1.log combined_realip;
}
}
//使用access_log来指定日志的存储路径,最后面为日志的格式名字
#/usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
#/usr/local/nginx/sbin/nginx -s reload
4.2 检验测试
#curl -x127.0.0.1:80 test.com/111
状态码404
#cat /tmp/1.log
(五) 配置静态文件不记录日志并添加过期时间
5.1配置
#vi /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 7d;
access_log off;
}
location ~ .*.(js|css)$
{
expires 12h;
}
access_log /tmp/1.log combined_realip;
}
#/usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
#echo "11111" > /data/nginx/test.com/1.js
//创建js文件
#echo "22222" > /data/nginx/test.com/2.jpg
//创建jpg文件
#touch /data/nginx/test.com/1.jss
//创建一个对比的文件
5.2检验测试
#curl -I -x127.0.0.1:80 test.com/1.js
状态码200
#curl -I -x127.0.0.1:80 test.com/2.jpg
状态码200
#curl -I -x127.0.0.1:80 test.com/1.jss
状态码200
#cat /tmp/1.log
查看日志
5.3测试成功
(六) Nginx防盗链
6.1配置
#vi /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
location ~* ^.+.(gifljpglpng|swf|flv|rar|zipldoclpdf|gz|bz2ljpeglbmplxls)$
{
expires 7d;
valid_referers none blocked server_names *. test.com ;
if ($invalid_referer) {
return 403;
}
access_log off;
}
#/usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
#/usr/local/nginx/sbin/nginx -s reload
6.2检验测试
#curl -x127.0.0.1:80 -e "http://test.com/1.txt" test.com/2.jpg -I
状态码200
#curl -x127.0.0.1:80 -e "http://aaa.com/1.txt" test.com/2.jpg -I
状态码403
(七) 访问控制
7.1配置
#vi /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
location /admin/
{
allow 192.168.188.1;
allow 127.0.0.1;
deny all;
}
}
//使访问admin目录下只允许192.168.188.1和127.0.0.1访问
#mkdir /data/nginx/test.com/admin
#echo "123" > /data/nginx/test.com/admin/1.html
7.2检验测试
#curl -x127.0.0.1:80 test.com/admin/1.html
123
#curl -x192.168.188.128:80 test.com/admin/1.html
状态码403