一、环境准备
1、操作系统安装:CentOS 6.5 64位最小化安装。
2、配置好IP、DNS、网关、主机名
3、配置防火墙,开启80、3306端口
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
/etc/rc.d/init.d/iptables save
/etc/init.d/iptables restart
这样就搞定了,查看效果
/etc/init.d/iptables status
/etc/init.d/iptables restart #最后重启防火墙使配置生效
PS:
Centos升级到7之后,发现无法使用iptables控制Linuxs的端口,google之后发现Centos 7使用firewalld代替了原来的iptables。下面记录如何使用firewalld开放Linux端口:
#开启端口
firewall-cmd --zone=public --add-port=80/tcp --permanent
#重启防火墙
firewall-cmd --reload
命令含义:
–zone #作用域
–add-port=80/tcp #添加端口,格式为:端口/通讯协议
–permanent #永久生效,没有此参数重启后失效
4、关闭SELinux
查看selinux状态:
/usr/sbin/sestatus -v
SELinux status: disabled //禁用selinux
getenforce
Disabled //禁用selinux
getenforce
Enforcing //启动
关闭selinux方法: setenforce 0 #设置SELinux 成为permissive模式 setenforce 1 #设置SELinux 成为enforcing模式 第二种方法: vim /etc/selinux/config 编辑文件
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
#permissive - SELinux prints warnings instead of enforcing.
#disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
将SELINUX=enforceing 改为 SELINUX=disabled 重启机器就ok了
二、系统约定
硬盘分区:50G(/boot 200M /swap 8192M /)+100G(/opt)
软件源代码包存放位置:/opt/local/src
源码包编译安装位置:/opt/local/软件名
数据库数据文件存储路径/opt/local/mysql/var
三、软件包下载
将以上软件包上传到/opt/local/src目录
四、安装编译工具及库文件
使用CentOS yum命令一键安装
yum install -y make apr* autoconf automake curl curl-devel gcc gcc-c++ gtk+-devel zlib-devel openssl openssl-devel pcre-devel gd kernel keyutils patch perl kernel-headers compat* cpp glibc libgomp libstdc++-devel keyutils-libs-devel libsepol-devel libselinux-devel krb5-devel libXpm* freetype freetype-devel freetype* fontconfig fontconfig-devel libjpeg* libpng* php-common php-gd gettext gettext-devel ncurses* libtool* libxml2 libxml2-devel patch policycoreutils bison
五、软件安装篇
1、安装cmake
cd /opt/local/src
tar zxvf cmake-2.8.8.tar.gz
cd cmake-2.8.8
./configure --prefix=/opt/local/cmake
make #编译
make install #安装
vim /etc/profile 在path路径中增加cmake执行文件路径
export PATH=$PATH:/opt/local/cmake/bin
source /etc/profile使配置立即生效
2、安装pcre
PS:Pcre版本不能太高,8最好,要不编译不能通过
cd /opt/local/src
mkdir /usr/local/pcre #创建安装目录
tar zxvf pcre-8.34.tar.gz
cd pcre-8.34
./configure --prefix=/opt/local/pcre #配置
make && make install
3、安装libmcrypt
cd /opt/local/src
tar zxvf libmcrypt-2.5.8.tar.gz #解压
cd libmcrypt-2.5.8 #进入目录
./configure #配置
make #编译
make install #安装
4、安装gd库
cd /opt/local/src
tar zxvf gd-2.0.36RC1.tar.gz
cd gd-2.0.36RC1
./configure --enable-m4_pattern_allow --prefix=/opt/local/gd --with-jpeg=/usr/lib --with-png=/usr/lib --with-xpm=/usr/lib --with-freetype=/usr/lib --with-fontconfig=/usr/lib #配置
make #编译
make install #安装
5、安装Mysql
groupadd mysql #添加mysql组
useradd -g mysql mysql -s /bin/false #创建用户mysql并加入到mysql组,不允许mysql用户直接登录系统
mkdir -p /opt/data/mysql/var #创建MySQL数据库存放目录
chown -R mysql:mysql /opt/data/mysql/var #设置MySQL数据库目录权限
cd /opt/local/src
tar zxvf mysql-5.5.35.tar.gz #解压
cd mysql-5.5.35
cmake . -DCMAKE_INSTALL_PREFIX=/opt/local/mysql -DMYSQL_DATADIR=/opt/data/mysql/var -DSYSCONFDIR=/etc #配置
make #编译
make install #安装
cd /opt/local/mysql
cp ./support-files/my-huge.cnf /etc/my.cnf #拷贝配置文件(注意:如果/etc目录下面默认有一个my.cnf,直接覆盖即可)
vi /etc/my.cnf #编辑配置文件,在 [mysqld] 部分增加
datadir = /opt/data/mysql/var #添加MySQL数据库路径
./scripts/mysql_install_db --user=mysql #生成mysql系统数据库
cp ./support-files/mysql.server /etc/rc.d/init.d/mysqld #把Mysql加入系统启动
chmod 755 /etc/init.d/mysqld #增加执行权限
chkconfig mysqld on #加入开机启动
vi /etc/rc.d/init.d/mysqld #编辑
basedir = /opt/local/mysql #MySQL程序安装路径
datadir = /opt/local/mysql/var #MySQl数据库存放目录
service mysqld start #启动
vi /etc/profile #把mysql服务加入系统环境变量:在最后添加下面这一行
export PATH=$PATH:/opt/local/cmake/bin:/opt/local/mysql/bin
source /etc/profile #使配置立即生效
mkdir /var/lib/mysql #创建目录
ln -s /tmp/mysql.sock /var/lib/mysql/mysql.sock #添加软链接
mysql_secure_installation #设置Mysql密码,根据提示按Y 回车输入2次密码
#执行mysql_secure_installation时可能会报错
#ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
#这时检查 /etc/my.cnf里面
#[mysqld]
#socket=/tmp/mysql.sock是否设置正确,这里把这里的目录修改成和报错一样的就可以
/opt/local/mysql/bin/mysqladmin -u root -p password "123456" #或者直接修改密码
到此,mysql安装完成!
6、安装 nginx
cd /opt/local/src
groupadd www #添加www组
useradd -g www www -s /bin/false #创建nginx运行账户www并加入到www组,不允许www用户直接登录系统
tar zxvf nginx-1.4.4.tar.gz
cd nginx-1.4.4
./configure --prefix=/opt/local/nginx --without-http_memcached_module --user=www --group=www --with-http_stub_status_module --with-openssl=/usr/ --with-pcre=/opt/local/src/pcre-8.36
make
make install
/opt/local/nginx/sbin/nginx #启动nginx
注意:–with-pcre=/opt/local/src/pcre-8.64指向的是源码包解压的路径,而不是安装的路径,否则会报错
设置nginx开启启动
vi /etc/rc.d/init.d/nginx #编辑启动文件添加下面内容
#!/bin/bash
# nginx Startup script for the Nginx HTTP Server
# it is v.0.0.2 version.
# chkconfig: - 85 15
# description: Nginx is a high-performance web and proxy server.
# It has a lot of features, but it's not for everyone.
# processname: nginx
# pidfile: /var/run/nginx.pid
# config: /usr/local/nginx/conf/nginx.conf
nginxd=/opt/local/nginx/sbin/nginx
nginx_config=/opt/local/nginx/conf/nginx.conf
nginx_pid=/opt/local/nginx/logs/nginx.pid
RETVAL=0
prog="nginx"
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x $nginxd ] || exit 0
# Start nginx daemons functions.
start() {
if [ -e $nginx_pid ];then
echo "nginx already running...."
exit 1
fi
echo -n $"Starting $prog: "
daemon $nginxd -c ${nginx_config}
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/nginx
return $RETVAL
}
# Stop nginx daemons functions.
stop() {
echo -n $"Stopping $prog: "
killproc $nginxd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /usr/local/nginx/logs/nginx.pid
}
reload() {
echo -n $"Reloading $prog: "
#kill -HUP `cat ${nginx_pid}`
killproc $nginxd -HUP
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
status)
status $prog
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|reload|status|help}"
exit 1
esac
exit $RETVAL
:wq! #保存退出
chmod 775 /etc/rc.d/init.d/nginx #赋予文件执行权限
chkconfig nginx on #设置开机启动
/etc/rc.d/init.d/nginx restart #重新启动Nginx
service nginx restart
7、安装php
cd /opt/local/src
tar -zvxf php-5.5.7.tar.gz
cd php-5.5.7.
./configure --prefix=/opt/local/php --with-config-file-path=/opt/local/php/etc --with-mysql=/opt/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-gd --with-iconv --with-zlib --enable-xml --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --enable-mbregex --enable-fpm --enable-mbstring --enable-ftp --enable-gd-native-ttf --with-openssl --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --without-pear --with-gettext --enable-session --with-mcrypt --with-curl --with-jpeg-dir --with-freetype-dir
make #编译
make install #安装
cp php.ini-production /opt/local/php/etc/php.ini #复制php配置文件到安装目录
rm -rf /etc/php.ini #删除系统自带配置文件
ln -s /opt/local/php/etc/php.ini /etc/php.ini #添加软链接
cp /opt/local/php/etc/php-fpm.conf.default /opt/local/php/etc/php-fpm.conf #拷贝模板文件为php-fpm配置文件
vi /opt/local/php/etc/php-fpm.conf #编辑
user = www #设置php-fpm运行账号为www
group = www #设置php-fpm运行组为www
pid = run/php-fpm.pid #取消前面的分号
设置 php-fpm开机启动
cp /opt/local/src/php-5.5.7/sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm #拷贝php-fpm到启动目录
chmod +x /etc/rc.d/init.d/php-fpm #添加执行权限
chkconfig php-fpm on #设置开机启动
vi /opt/local/php/etc/php.ini #编辑配置文件
修改为:disable_functions= passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname
#列出PHP可以禁用的函数,如果某些程序需要用到这个函数,可以删除,取消禁用
找到:;date.timezone =
修改为:date.timezone = PRC #设置时区
找到:expose_php = On
修改为:expose_php = OFF #禁止显示php版本的信息
找到:short_open_tag = Off
修改为:short_open_tag = ON #支持php短标签
8、配置nginx支持php
vi /opt/local/nginx/conf/nginx.conf
修改/opt/local/nginx/conf/nginx.conf 配置文件,需做如下修改
user www www; #首行user去掉注释,修改Nginx运行组为www www;必须与/opt/local/php/etc/php-fpm.conf中的user,group配置相同,否则php运行出错
user www www;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.php index.html index.htm;
}
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
/etc/init.d/nginx restart #重启nginx
六、测试篇
cd /opt/local/nginx/html/ #进入nginx默认网站根目录
rm -rf /opt/local/nginx/html/* #删除默认测试页
vi index.php #新建index.php文件
<?php
phpinfo();
?>
:wq! #保存退出
chown www.www /opt/local/nginx/html/ -R #设置目录所有者
chmod 700 /opt/local/nginx/html/ -R #设置目录权限
七、其它说明
服务器相关操作命令
service nginx restart #重启nginx
service mysqld restart #重启mysql
/usr/local/php/sbin/php-fpm #启动php-fpm
/etc/rc.d/init.d/php-fpm restart #重启php-fpm
/etc/rc.d/init.d/php-fpm stop #停止php-fpm
/etc/rc.d/init.d/php-fpm start #启动php-fpm
nginx默认站点目录是:/opt/local/nginx/html/
权限设置:chown www.www /opt/local/nginx/html/ -R
MySQL数据库目录是:/opt/local/mysql/var
权限设置:chown mysql.mysql -R /opt/local/mysql/var
重启nginx
cd /lnmp/nginx/sbin
./nginx -s reload