centos7.9部署LNMP
系统设置
创建应用目录
mkdir -pv /data/apps系统更新
yum -y updatelimits.conf
cat >> /etc/security/limits.conf << EOF
root soft core unlimited
root hard core unlimited
root soft nproc 1000000
root hard nproc 1000000
root soft nofile 100000
root hard nofile 100000
root soft memlock 32000
root hard memlock 32000
root soft msgqueue 8192000
root hard msgqueue 8192000
* soft core unlimited
* hard core unlimited
* soft nproc 1000000
* hard nproc 1000000
* soft nofile 100000
* hard nofile 100000
* soft memlock 32000
* hard memlock 32000
* soft msgqueue 8192000
* hard msgqueue 8192000
EOFsysctl.conf
cat >> /etc/sysctl.conf << EOF
net.core.netdev_max_backlog = 32768
net.core.rmem_default = 8388608
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.ip_local_port_range = 5000 65000
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_reuse = 1
vm.max_map_count = 655360
vm.overcommit_memory = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
net.ipv6.conf.all.disable_ipv6 = 1
kernel.unknown_nmi_panic = 0
kernel.sysrq = 1
fs.file-max = 1000000
vm.swappiness = 10
fs.inotify.max_user_watches = 10000000
net.core.wmem_max = 327679
net.core.rmem_max = 327679
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
fs.inotify.max_queued_events = 327679
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.neigh.default.gc_thresh1 = 2048
net.ipv4.neigh.default.gc_thresh2 = 4096
net.ipv4.neigh.default.gc_thresh3 = 8192
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
EOF部署nginx
安装依赖
yum -y install gcc make pcre-devel openssl-devel gd-devel geoip-devel git创建用户
groupadd -r nginx && useradd -M -N -g nginx -d /data/apps/nginx -r -s /bin/false -c "NGINX Server" nginx下载nginx
wget http://nginx.org/download/nginx-1.22.1.tar.gz解压nginx
tar xf nginx-1.22.1.tar.gz安装nginx
cd nginx-1.22.1./configure --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-poll_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-stream --with-stream_ssl_module --with-cc-opt=-Wno-error --with-ld-opt= --user=nginx --group=nginx --with-threads --with-file-aio --http-client-body-temp-path=/usr/local/nginx/client/ --http-proxy-temp-path=/usr/local/nginx/proxy/ --http-fastcgi-temp-path=/usr/local/nginx/fcgi/ --http-uwsgi-temp-path=/usr/local/nginx/uwsgi --http-scgi-temp-path=/usr/local/nginx/scgi --error-log-path=/usr/local/nginx/logs/error.log --http-log-path=/usr/local/nginx/logs/access.log --pid-path=/usr/local/nginx/nginx.pid --lock-path=/usr/local/nginx/nginx.lock --with-pcremake -j 4 && make installnginx.conf
vim /usr/local/nginx/conf/nginx.conf user nginx;
worker_processes auto;
worker_rlimit_nofile 65535;
events {
worker_connections 65535;
use epoll;
accept_mutex on;
}
http {
include mime.types;
default_type application/octet-stream;
log_format json escape=json '{'
'"@timestamp":"$time_iso8601",'
'"@source":"$server_addr",'
'"@nginx_fields":{'
'"http_x_forwarded_for":"$http_x_forwarded_for",'
'"request":"$request",'
'"status":"$status",'
'"body_bytes_sent":"$body_bytes_sent",'
'"http_referer":"$http_referer",'
'"client":"$remote_addr",'
'"request_time":"$request_time",'
'"upstream_response_time":"$upstream_response_time",'
'"upstream_addr":"$upstream_addr",'
'"request_method":"$request_method",'
'"domain":"$host",'
'"url":"$uri",'
'"args":"$args",'
'"request_body":"$request_body",'
'"http_user_agent":"$http_user_agent",'
'"remote_addr":"$remote_addr",'
'"proxy_add_x_forwarded_for":"$proxy_add_x_forwarded_for"'
'}'
'}';
access_log logs/access.log json;
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
keepalive_timeout 65;
client_header_buffer_size 4k;
client_max_body_size 512M;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
aio on;
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_min_length 1k;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types text/plain application/json application/javascript application/x-javascript application/css application/xml application/xml+rss text/javascript application/x-httpd-php image/jpeg image/gif image/png image/x-ms-bmp;
include /usr/local/nginx/conf/vhosts/*.conf;
server {
listen 80 default_server;
listen 443 ssl http2 default_server;
server_name _;
ssl_certificate /usr/local/nginx/ssl/xxxxx_bundle.crt;
ssl_certificate_key /usr/local/nginx/ssl/xxxxx.key;
return 404;
}
server {
listen 80;
server_name localhost;
location / {
root html;
real_ip_header X-Forwarded-For;
index index.html index.htm index.php;
}
location /basic_status {
stub_status on;
}
location ~ ^/(pm_status|ping)$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}nginx.service
cat >> /lib/systemd/system/nginx.service << EOF
[Unit]
Description=nginx - high performance web server
Documentation=https://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF运行nginx
systemctl enable nginx && systemctl start nginx访问nginx
curl localhost部署mysql
安装依赖
yum -y install libaio创建用户
groupadd -r mysql && useradd -M -N -g mysql -r -d /data/apps/mysql -s /bin/false -c "MySQL Server" mysql下载mysql
wget https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz设置mysql
tar xf mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz -C /usr/local/ln -sv /usr/local/mysql-5.7.22-linux-glibc2.12-x86_64/ /usr/local/mysql创建数据目录
mkdir -pv /data/apps/mysql/{data,logs,tmp}my.cnf
cat >> /data/apps/mysql/my.cnf << EOF
[client]
port=3306
default-character-set = utf8mb4
socket=/data/apps/mysql/mysql.sock
[mysqld]
port=3306
character-set-server=utf8mb4
datadir=/data/apps/mysql/data
pid_file=/data/apps/mysql/mysqld.pid
socket=/data/apps/mysql/mysql.sock
skip-external-locking
key_buffer_size = 16K
max_allowed_packet = 256M
max_connections = 1000
#interactive_timeout = 120
wait_timeout = 3600
user=mysql
local_infile=OFF
#secure_file_priv=/data/apps/mysql/data
table_open_cache = 4
sort_buffer_size = 128K
read_buffer_size = 512K
read_rnd_buffer_size = 512K
net_buffer_length = 2K
thread_stack = 512K
skip-name-resolve=ON
innodb_file_per_table = ON
log-bin=/data/apps/mysql/logs/mysql-bin
binlog_format=row
server-id=1
sync_binlog=1
innodb_flush_log_at_trx_commit=2
innodb_support_xa=1
sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
log_error = /data/apps/mysql/logs/error.log
slow_query_log = 1
slow_query_log_file = /data/apps/mysql/logs/slow.log
long_query_time = 2
#init_connect='SET SQL_SAFE_UPDATES=1'
tmpdir=/data/apps/mysql/tmp
log_timestamps=SYSTEM
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
[myisamchk]
key_buffer_size = 8M
sort_buffer_size = 8M
[mysqlhotcopy]
interactive-timeout
EOF设置权限
chmod 750 /data/apps/mysql/datachmod 644 /data/apps/mysql/my.cnfchown -R mysql.mysql /data/apps/mysql/初始化mysql
/usr/local/mysql/bin/mysqld --defaults-file=/data/apps/mysql/my.cnf --user=mysql --datadir=/data/apps/mysql/data --initializemysqld.service
cat >> /lib/systemd/system/mysqld.service << EOF
[Unit]
Description=MySQL Server
Documentation=man:mysqld(7)
Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html
After=network.target
After=syslog.target
[Install]
WantedBy=multi-user.target
[Service]
User=mysql
Group=mysql
Type=forking
PIDFile=/data/apps/mysql/data/mysqld.pid
# Disable service start and stop timeout logic of systemd for mysqld service.
TimeoutSec=0
# Start main service
ExecStart=/usr/local/mysql/bin/mysqld --defaults-file=/data/apps/mysql/my.cnf --daemonize --pid-file=/data/apps/mysql/data/mysqld.pid $MYSQLD_OPTS
# Use this to switch malloc implementation
EnvironmentFile=-/etc/sysconfig/mysql
# Sets open_files_limit
LimitNOFILE = 50000
Restart=on-failure
RestartPreventExitStatus=1
PrivateTmp=false
EOF运行mysql
systemctl enable mysqld && systemctl start mysqld获取初始密码
grep password /data/apps/mysql/logs/error.log输出如下内容
2023-05-10T18:32:51.460130+08:00 1 [Note] A temporary password is generated for root@localhost: jr?+g5%9#ssK连接mysql
/usr/local/mysql/bin/mysql -S /data/apps/mysql/mysql.sock -uroot -pjr?+g5%9#ssK输出如下内容
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.22-log
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> 修改mysql密码
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('xxxxx');
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql>验证新密码
/usr/local/mysql/bin/mysql -S /data/apps/mysql/mysql.sock -uroot -pxxxxxx输出如下内容
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.22-log MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> 部署php
安装依赖
yum -y install atuoconf gcc libxml2-devel bzip2-devel libcurl-devel gdbm-devel db4-devel libwebp-devel gmp-devel openldap-devel readline-devel libsodium-devel libargon2-devel libxslt-devel gcc-c++
ln -sv /usr/lib64/libldap* /usr/lib/安装cmake
wget https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5.tar.gz
tar xf cmake-3.22.5.tar.gz
cd cmake-3.22.5
./bootstrap --prefix=/usr/local/cmake-3.22.5
make -j 4
make install安装libzip
wget https://libzip.org/download/libzip-1.8.0.tar.gz
tar xf libzip-1.8.0.tar.gz
cd libzip-1.8.0
mkdir build && cd build
/usr/local/cmake-3.22.5/bin/cmake ..
make -j 4
make install
ln -sv /usr/local/lib64/pkgconfig/libzip.pc /usr/lib64/pkgconfig/ld.so.conf
cat >> /etc/ld.so.conf << EOF
/usr/local/lib64
/usr/local/lib
/usr/lib
/usr/lib64
EOFldconfig -v下载软件包
wget https://www.php.net/distributions/php-7.2.8.tar.gz解压包
tar xf php-7.2.8.tar.gz安装php
cd php-7.2.8./configure --prefix=/data/apps/php-7.2.8 --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --with-config-file-path=/data/apps/php-7.2.8/conf --disable-rpath --enable-option-checking=fatal --with-pic --enable-ftp --enable-soap --with-xmlrpc --with-openssl --with-mhash --with-zlib --enable-bcmath --with-bz2 --enable-calendar --with-curl --enable-exif --with-openssl-dir --with-zlib-dir --with-gettext --with-gmp --enable-mbstring --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-readline --enable-shmop --enable-sockets --enable-sysvmsg --with-xsl --with-pear --enable-opcache --enable-session --enable-xml --with-gdbm --with-ldap=shared --with-sodium=shared --with-password-argon2 --with-gd --with-webp-dir --with-jpeg-dir --with-xpm-dir --enable-gd-jis-conv --with-pcre-dir --with-freetype-dir --with-libxml-dir --with-libzip --enable-zipmake -j 4 && make install设置软链接
ln -sv /data/apps/php-7.2.8/ /usr/local/php添加环境变量
echo 'export PATH=/usr/local/php/bin:$PATH' >> /etc/profile.d/php.sh
. /etc/profilephp.ini
mkdir /usr/local/php/conf
cp php.ini-production /usr/local/php/conf/php.ini
sed -i 's@;date.timezone = *@date.timezone = Asia/Shanghai@g' /usr/local/php/conf/php.ini安装扩展
安装imagick
yum install ImageMagick ImageMagick-devel -y
/usr/local/php/bin/pecl install imagick
echo "extension=imagick.so" >> /usr/local/php/conf/php.ini安装memcached
yum -y install libmemcached-devel
/usr/local/php/bin/pecl install memcached
echo "extension=memcached.so" >> /usr/local/php/conf/php.ini安装psr
/usr/local/php/bin/pecl install psr-1.0.1
echo "extension=psr.so" >> /usr/local/php/conf/php.ini安装igbinary
/usr/local/php/bin/pecl install igbinary
echo "extension=igbinary.so" >> /usr/local/php/conf/php.ini安装mcrypt
yum -y install libmcrypt-devel
/usr/local/php/bin/pecl install mcrypt
echo "extension=mcrypt.so" >> /usr/local/php/conf/php.ini安装phalcon
/usr/local/php/bin/pecl install phalcon-4.0.2
echo "extension=phalcon.so" >> /usr/local/php/conf/php.ini安装redis
/usr/local/php/bin/pecl install redis
echo "extension=redis.so" >> /usr/local/php/conf/php.ini配置php-fpm
php-fpm.conf
cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.confwww.conf
cp /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.confphp-fpm.service
cat >> /lib/systemd/system/php-fpm.service << EOF
[Unit]
Description=The PHP FastCGI Process Manager
After=syslog.target network.target
[Service]
Type=forking
PIDFile=/usr/local/php/var/run/php-fpm.pid
ExecStart=/usr/local/php/sbin/php-fpm --daemonize --fpm-config /usr/local/php/etc/php-fpm.conf --pid /usr/local/php/var/run/php-fpm.pid
ExecReload=/bin/kill -USR2 $MAINPID
ExecStop=/bin/kill -SIGINT $MAINPID
[Install]
WantedBy=multi-user.target
EOF运行php-fpm
systemctl enable php-fpm && systemctl start php-fpmphpinfo
cat >> /usr/local/nginx/html/index.php << EOF
<?php
phpinfo();
?>
EOF访问php
curl localhost/index.php -I输出如下内容
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Fri, 12 May 2023 06:14:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.2.8composer
wget -O /usr/local/sbin/composer https://getcomposer.org/download/2.5.5/composer.phar
chmod +x /usr/local/sbin/composer部署node
下载node
wget https://nodejs.org/dist/v12.18.3/node-v12.18.3-linux-x64.tar.xz解压node
tar xf node-v12.18.3-linux-x64.tar.xz -C /data/apps/创建软连接
ln -sv /data/apps/node-v12.18.3-linux-x64/ /usr/local/node设置环境变量
echo 'export PATH=/usr/local/node/bin:$PATH' >> /etc/profile.d/node.sh
. /etc/profile查看node版本
node -v输出如下内容
v12.18.3