风飞花

博客园 首页 新随笔 联系 订阅 管理

急速安装lnmp 编译版本

安装msyql+PHP

  1. 系统centos6.5
  2. 安装 开发软件包
    已经改成了163的源需要执行下面的代码
    官网不自带 libmcrypt libmcrypt-devel
wget http://www.atomicorp.com/installers/atomic

下载这个yum源,执行

sh ./atomic 
yum -y install libmcrypt libmcrypt-devel
yum -y groupinstall "Development Tools"  

报错:提示 kernel-devel需要升级 (这个问题可以忽略)
解决:

wget ftp://rpmfind.net/linux/centos/6.9/os/x86_64/Packages/kernel-devel-2.6.32-696.el6.x86_64.rpm

然后再试下yum -y groupinstall "Development Tools" 已经不报错了。

yum -y install libxml2* curl curl-devel libjpeg* libpng* freetype-devel
  1. 安装mysql: (注意,如果出现后面mysql无论如何都无法启动的情形,请最先安装mysql,并启动试试)
yum -y install mysql mysql-server mysql-devel  
  1. 下载PHP-5.6.2
wget http://cn2.php.net/distributions/php-5.6.2.tar.gz  
  1. 解压
tar -xvf php-5.6.2.tar.gz  
  1. cd php-5.6.2

  2. 编译安装php

二种情况 第一种 用了mysql的rpm包用这种方式编译
​``` shell
./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=mysqlnd --with-mysql-sock=/tmp/mysql.sock --with-pdo-mysql=/usr/local/services/mysql --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl --enable-bcmath --enable-sockets  

第二种情况 你使用yum来安装mysql

 ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql --with-mysql-sock=/tmp/mysql.sock --with-pdo-mysql --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl --enable-bcmath --enable-sockets
  1. make && make install ,等好久编译完执行一下make test测试下。

  2. 如果出现未安装的错误一般使用yum安装即可 记得别忘记libcurl*

  3. 出现找不到文件路径的情况下 用 find / -name 'name'去查找一下

  4. 出现warning的情形下大多是因为版本以及默认安装了,可以去掉该行

  5. 修改php配置文件

cp php.ini-production /usr/local/php/etc/php.ini
cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
cp /root/php-5.6.2/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/init.d/php-fpm
  1. 启动php 等安装完nginx后才启动

安装nginx

yum -y install nginx

修改

先备份

cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak

vim /etc/nginx/nginx.conf  
user  nginx nginx;

worker_processes 16;

#error_log  /data/logs/nginx_error.log  crit;
error_log /var/log/nginx_error.log crit;
#pid        /usr/local/services/nginx/nginx.pid;
pid /var/run/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;

events
{
  use epoll;
  worker_connections 65535;
}

http
{
  include       mime.types;
  default_type  application/octet-stream;

  #charset  gb2312;

  server_names_hash_bucket_size 128;
  client_header_buffer_size 32k;
  large_client_header_buffers 4 32k;
  client_max_body_size 8m;


  sendfile on;
  tcp_nopush     on;

  keepalive_timeout 60;
  tcp_nodelay on;

  fastcgi_connect_timeout 300;
  fastcgi_send_timeout 300;
  fastcgi_read_timeout 300;
  fastcgi_buffer_size 64k;
  fastcgi_buffers 4 64k;
  fastcgi_busy_buffers_size 128k;
  fastcgi_temp_file_write_size 128k;

  gzip on;
  gzip_min_length  1k;
  gzip_buffers     4 16k;
  gzip_http_version 1.0;
  gzip_comp_level 2;
  gzip_types       text/plain application/x-javascript text/css application/xml;
  gzip_vary on;

  #limit_zone  crawler  $binary_remote_addr  10m;
    log_format  www  '$remote_addr - $remote_user [$time_local] "$request" '
              '$status $body_bytes_sent "$http_referer" '
              '"$http_user_agent" $http_x_forwarded_for';
  server
  {
    listen       80;
    server_name  vagrant-centos65.vagrantup.com;
    index start.php index.htm index.html index.php pengyou.php weibo.php qzone.php;
    root  /usr/share/nginx/html;

    #limit_conn   crawler  20;

    location ~ .*\.(php|php5)?$
    {
      #fastcgi_pass  unix:/tmp/php-cgi.sock;
      fastcgi_pass  127.0.0.1:9000;
      fastcgi_index start.php;
#      include fcgi.conf;
      include fastcgi.conf;
    }
    location ~ .*.(svn|git|cvs)
    {
      deny all;
    }
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
      expires      30d;
    }

    location ~ .*\.(js|css)?$
    {
      expires      1h;
    }

      }



}

启动php-fpm

vim /usr/local/php/etc/php-fpm.conf 
user=nginx group=nginx  
/etc/init.d/php-fpm start 

启动nginx

/etc/init.d/nginx start  
vim /usr/share/nginx/html/cc.php  
<?php
phpinfo();
?>

127.0.0.1/cc.php

LNMP安装完成


wiki安装部署

首先登录进入mysql数据库

mysql -uroot

创建一个wiki库

create database wiki charset utf8;  
grant all on wiki.* to wiki@'localhost' identified by 'wiki';  
flush privileges; 

下载wiki软件

http://kaiyuan.hudong.com/

wget http://kaiyuan.hudong.com/download.php?n=HDWiki-v6.0UTF8-20170209.zip
unzip HDWiki-v6.0UTF8-20170209.zip  
mv hdwiki/* /usr/share/nginx/html/

如果使用老师的nginx包安装

mv hdwiki/* /data/htdocs/www/  
chown -R www:wwww /data/htdocs/www  

-R 处理指定目录以及其子目录下的所有文件

浏览器http://192.168.1.109/index.php 直接进行配置就可以了

  1. 同意
  2. 权限
[root@vagrant-centos65 html]# chmod 0777 ./uploads
[root@vagrant-centos65 html]# chmod 0777 ./uploads/userface
[root@vagrant-centos65 html]# chmod 0777 ./data/
[root@vagrant-centos65 html]# chmod 0777 ./plugins
[root@vagrant-centos65 html]# chmod 0777 ./style/default/logo.gif
[root@vagrant-centos65 html]# chmod 0777 ./config.php

可简写为一条语句:

[root@vagrant-centos65 html]# chmod 0777 ./uploads ./uploads/userface ./data/ ./plugins ./style/default/logo.gif ./config.php
  1. mysql
[root@vagrant-centos65 html]# mysqladmin -uroot password '123456'
  1. 数据库服务器:把localhost改为127.0.0.1

  2. 启动
    重启过后需要重启这些服务:
    可以添加到开机启动脚本里面

[root@vagrant-centos65 ~]# service nginx start
Starting nginx:                                            [  OK  ]
[root@vagrant-centos65 ~]# service mysqld start
Starting mysqld:                                           [  OK  ]
[root@vagrant-centos65 ~]# /etc/init.d/php-fpm start
Starting php-fpm  done
  1. Linux 开启允许外网访问端口:

LINUX通过下面的命令可以开启允许对外访问的网络端口:

/sbin/iptables -I INPUT -p tcp --dport 8000 -j ACCEPT #开启8000端口
/etc/rc.d/init.d/iptables save #保存配置
/etc/rc.d/init.d/iptables restart #重启服务
查看端口是否已经开放
/etc/init.d/iptables status

[root@vagrant-centos65 ~]# /sbin/iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
[root@vagrant-centos65 ~]# /etc/rc.d/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@vagrant-centos65 ~]# /etc/rc.d/init.d/iptables restart 
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
[root@vagrant-centos65 ~]# /etc/init.d/iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8000 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

[root@vagrant-centos65 ~]# 
  1. 添加防火墙,预防cc攻击和暴力破解!
## 脚本文件:drop_ip.sh
#!/bin/bash
## drop_ip1获取nginx日志里面的黑名单ip
drop_ip1=`tail -5000 /var/log/nginx/access.log |awk '{a[$1]++}END{for(i in a)if(a[i]>300)print i}'`
## drop_ip2获取登录日志的黑名单ip
drop_ip2=`tail -5000 /var/log/secure |grep Failed |awk '{a[$11]++}END{for(i in a)if(a[i]>15)print i}'`
white_ip=('192.168.1.102' '192.168.1.109')
## 通过判断黑名单ip是不是非空、循环遍历判断iptables规则中是否已经有的规则,然后通过插入-s ip DROP操作来防御黑名单ip的进攻
if [ -n $drop_ip1 -o -n $drop_ip2 ];then
  for i in drop_ip1 drop_ip2
  do
    x=`iptables -nv -L |grep $'i'`
    if [ -z "$x" ];then
    for j in $white_ip
    do
      if [ $i != $j ];then
        /sbin/iptables -I INPUT -s $i -j DROP
      fi
    done
    fi
  done
fi

防御结果:

[root@vagrant-centos65 ~]# iptables -nv -L
Chain INPUT (policy ACCEPT 34 packets, 2244 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       192.168.1.105        0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 24 packets, 2912 bytes)
 pkts bytes target     prot opt in     out     source               destination 
  1. 配置外网访问,内网穿透。
    内网访问:http://192.168.1.109/
    外网访问:http://1549v4h967.imwork.net/
posted on 2017-06-21 13:58  风飞花  阅读(312)  评论(0编辑  收藏  举报