- 登陆,升级应用,查询和关闭selinux
yum update
getenforce setenforce 0 vi /etc/selinux
- 添加非root用户
adduser deploy passwd deploy usermod -a -G wheel deploy
vi /etc/sudoers
%wheel ALL=(ALL) ALL - ssh配置
ssh deploy@123.456.78.90 ssh-keygen mkdir ~/.ssh scp ~/.ssh/id_rsa.pub deploy@123.456.78.90: touch ~/.ssh/authorized_keys cat ~/id_rsa.pub >> ~/.ssh/authorized_keys chown -R deploy:deploy ~/.ssh chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
- 禁止密码与root登陆,先确定sudo权限,打开 /etc/ssh/sshd_config,修改 PasswordAuthentication 的值为 no,取消注释。修改PermitRootLogin同上。重启SSHD。
service sshd restart
- PHP、PHP-FPM 安装
sudo rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm;
//32位地址 http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
sudo rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm;
sudo yum -y --enablerepo=epel,remi,remi-php56 install php-fpm php-cli php-gd php-mbstring php-mcrypt php-mysqlnd php-opcache php-pdo php-devel; - PHP-FPM配置
sudo vi /etc/php-fpm.conf //修改以下两处,1分钟内子进程失败达到10个就优雅重启 emergency_restart_threshold = 10 emergency_restart_interval = 1m
在配置文件中有 include=/etc/php-fpm.d/*.conf , 表示池定义 pool definition 在php-fpm.d目录下
vi /etc/php-fpm.d/www.conf //修改用户,尽量每个网站一个用户 user = deploy group = deploy //与nginx请求处理的端口 listen = 127.0.0.1:9000 //服务器内存除以进程占用内存 pm.max_children = 50 //开启服务时自动开启的准备进程数 pm.start_servers = 3 //每个池的最大进程数 pm.max_requests = 1000 //慢日志 slowlog = /path/to/slowlog.log request_slowlog_timeout = 5s //最后重启服务 sudo service php-fpm restart
chkconfig php-fpm on - 安装nginx
sudo yum install nginx; sudo systemctl enable nginx.service; sudo systemctl start nginx.service;
- 建立网站目录与日志目录
mkdir -p /home/deploy/apps/example.com/current/public mkdir -p /home/deploy/apps/logs chmod -R +rx /home/deploy
建立 /etc/nginx/conf.d/example.conf
-
server { listen 80; server_name example.com; index index.php; client_max_body_size 50M; error_log /home/deploy/apps/logs/example.error.log; access_log /home/deploy/apps/logs/example.access.log; root /home/deploy/apps/example.com/current/public; location / { try_files $uri $uri/ /index.php$is_args$args; } location ~ \.php { try_files $uri=404; fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_index index.php; fastcgi_pass 127.0.0.1:9000; } }
- 重启
sudo systemctl restart nginx.service
sudo chkconfig nginx on //如果权限失败了, 以root权限启动 sudo /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf - 检查防火墙,检查端口,检查selinux /getenforce ,最后可以编辑一个phpinfo页面放在网站根目录,在主机设置好hosts映射到虚拟机,终于可以在主机浏览器中输入虚拟机地址,见到php页面了。
- 多虚拟机参考http://www.androiddev.net/webserver-apache-to-nginx/
- 配置参考 http://huoding.com/2013/10/23/290
server { listen 80; server_name foo.com; root /path; index index.html index.htm index.php; location / { try_files $uri $uri/ /index.php$is_args$args; } location ~ \.php$ { try_files $uri =404; include fastcgi.conf; fastcgi_pass 127.0.0.1:9000; } }
fastcgi_pass unix:/dev/shm/php-fpm.sock;
server { listen 80; server_name blog.dev www.blog.dev; index index.php; client_max_body_size 50M; error_log /home/lin/log/blog.error.log; # access_log /home/lin/log/my.access.log; root /home/lin/www/blog/public; location / { try_files $uri $uri/ /index.php$is_args$args; } location ~ \.php { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_index index.php; fastcgi_pass unix:/run/php/php7.1-fpm.sock; } }