急速安装lnmp 编译版本

急速安装lnmp 编译版本

安装msyql+PHP

  1. 系统centos6.5
  2. 安装 开发软件包

    已经改成了163的源需要执行下面的代码

    官网不自带 libmcrypt libmcrypt-devel
wget http://www.atomicorp.com/installers/atomic

下载这个yum源,执行

sh ./atomic
yum -y install libmcrypt libmcrypt-devel
yum -y groupinstall "Development Tools"

报错:提示 kernel-devel需要升级 (这个问题可以忽略)

解决:

wget ftp://rpmfind.net/linux/centos/6.9/os/x86_64/Packages/kernel-devel-2.6.32-696.el6.x86_64.rpm

然后再试下yum -y groupinstall "Development Tools" 已经不报错了。

yum -y install libxml2* curl curl-devel libjpeg* libpng* freetype-devel
  1. 安装mysql: (注意,如果出现后面mysql无论如何都无法启动的情形,请最先安装mysql,并启动试试)
yum -y install mysql mysql-server mysql-devel
  1. 下载PHP-5.6.2
wget http://cn2.php.net/distributions/php-5.6.2.tar.gz
  1. 解压
tar -xvf php-5.6.2.tar.gz
  1. cd php-5.6.2

  2. 编译安装php

二种情况 第一种 用了mysql的rpm包用这种方式编译
​``` shell
./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=mysqlnd --with-mysql-sock=/tmp/mysql.sock --with-pdo-mysql=/usr/local/services/mysql --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl --enable-bcmath --enable-sockets

第二种情况 你使用yum来安装mysql

 ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql --with-mysql-sock=/tmp/mysql.sock --with-pdo-mysql --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl --enable-bcmath --enable-sockets
  1. make && make install ,等好久编译完执行一下make test测试下。

  2. 如果出现未安装的错误一般使用yum安装即可 记得别忘记libcurl*

  3. 出现找不到文件路径的情况下 用 find / -name 'name'去查找一下

  4. 出现warning的情形下大多是因为版本以及默认安装了,可以去掉该行

  5. 修改php配置文件

cp php.ini-production /usr/local/php/etc/php.ini
cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
cp /root/php-5.6.2/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/init.d/php-fpm
  1. 启动php 等安装完nginx后才启动

安装nginx

yum -y install nginx

修改

先备份

cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak

vim /etc/nginx/nginx.conf
user  nginx nginx;

worker_processes 16;

#error_log  /data/logs/nginx_error.log  crit;
error_log /var/log/nginx_error.log crit;
#pid /usr/local/services/nginx/nginx.pid;
pid /var/run/nginx.pid; #Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535; events
{
use epoll;
worker_connections 65535;
} http
{
include mime.types;
default_type application/octet-stream; #charset gb2312; server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m; sendfile on;
tcp_nopush on; keepalive_timeout 60;
tcp_nodelay on; fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k; gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on; #limit_zone crawler $binary_remote_addr 10m;
log_format www '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
server
{
listen 80;
server_name vagrant-centos65.vagrantup.com;
index start.php index.htm index.html index.php pengyou.php weibo.php qzone.php;
root /usr/share/nginx/html; #limit_conn crawler 20; location ~ .*\.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index start.php;
# include fcgi.conf;
include fastcgi.conf;
}
location ~ .*.(svn|git|cvs)
{
deny all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
} location ~ .*\.(js|css)?$
{
expires 1h;
} } }

启动php-fpm

vim /usr/local/php/etc/php-fpm.conf
user=nginx group=nginx
/etc/init.d/php-fpm start

启动nginx

/etc/init.d/nginx start
vim /usr/share/nginx/html/cc.php
<?php
phpinfo();
?> 127.0.0.1/cc.php

LNMP安装完成


wiki安装部署

首先登录进入mysql数据库

mysql -uroot

创建一个wiki库

create database wiki charset utf8;
grant all on wiki.* to wiki@'localhost' identified by 'wiki';
flush privileges;

下载wiki软件

http://kaiyuan.hudong.com/

wget http://kaiyuan.hudong.com/download.php?n=HDWiki-v6.0UTF8-20170209.zip
unzip HDWiki-v6.0UTF8-20170209.zip
mv hdwiki/* /usr/share/nginx/html/

如果使用老师的nginx包安装

mv hdwiki/* /data/htdocs/www/
chown -R www:wwww /data/htdocs/www

-R 处理指定目录以及其子目录下的所有文件

浏览器http://192.168.1.109/index.php 直接进行配置就可以了

  1. 同意
  2. 权限
[root@vagrant-centos65 html]# chmod 0777 ./uploads
[root@vagrant-centos65 html]# chmod 0777 ./uploads/userface
[root@vagrant-centos65 html]# chmod 0777 ./data/
[root@vagrant-centos65 html]# chmod 0777 ./plugins
[root@vagrant-centos65 html]# chmod 0777 ./style/default/logo.gif
[root@vagrant-centos65 html]# chmod 0777 ./config.php

可简写为一条语句:

[root@vagrant-centos65 html]# chmod 0777 ./uploads ./uploads/userface ./data/ ./plugins ./style/default/logo.gif ./config.php
  1. mysql
[root@vagrant-centos65 html]# mysqladmin -uroot password '123456'
  1. 数据库服务器:把localhost改为127.0.0.1

  2. 启动

    重启过后需要重启这些服务:

    可以添加到开机启动脚本里面

[root@vagrant-centos65 ~]# service nginx start
Starting nginx: [ OK ]
[root@vagrant-centos65 ~]# service mysqld start
Starting mysqld: [ OK ]
[root@vagrant-centos65 ~]# /etc/init.d/php-fpm start
Starting php-fpm done
  1. Linux 开启允许外网访问端口:

LINUX通过下面的命令可以开启允许对外访问的网络端口:

/sbin/iptables -I INPUT -p tcp --dport 8000 -j ACCEPT #开启8000端口

/etc/rc.d/init.d/iptables save #保存配置

/etc/rc.d/init.d/iptables restart #重启服务

查看端口是否已经开放

/etc/init.d/iptables status

[root@vagrant-centos65 ~]# /sbin/iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
[root@vagrant-centos65 ~]# /etc/rc.d/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@vagrant-centos65 ~]# /etc/rc.d/init.d/iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@vagrant-centos65 ~]# /etc/init.d/iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 Chain FORWARD (policy ACCEPT)
num target prot opt source destination Chain OUTPUT (policy ACCEPT)
num target prot opt source destination [root@vagrant-centos65 ~]#
  1. 添加防火墙,预防cc攻击和暴力破解!
## 脚本文件:drop_ip.sh
#!/bin/bash
## drop_ip1获取nginx日志里面的黑名单ip
drop_ip1=`tail -5000 /var/log/nginx/access.log |awk '{a[$1]++}END{for(i in a)if(a[i]>300)print i}'`
## drop_ip2获取登录日志的黑名单ip
drop_ip2=`tail -5000 /var/log/secure |grep Failed |awk '{a[$11]++}END{for(i in a)if(a[i]>15)print i}'`
white_ip=('192.168.1.102' '192.168.1.109')
## 通过判断黑名单ip是不是非空、循环遍历判断iptables规则中是否已经有的规则,然后通过插入-s ip DROP操作来防御黑名单ip的进攻
if [ -n $drop_ip1 -o -n $drop_ip2 ];then
for i in drop_ip1 drop_ip2
do
x=`iptables -nv -L |grep $'i'`
if [ -z "$x" ];then
for j in $white_ip
do
if [ $i != $j ];then
/sbin/iptables -I INPUT -s $i -j DROP
fi
done
fi
done
fi

防御结果:

[root@vagrant-centos65 ~]# iptables -nv -L
Chain INPUT (policy ACCEPT 34 packets, 2244 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 192.168.1.105 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 24 packets, 2912 bytes)
pkts bytes target prot opt in out source destination
  1. 配置外网访问,内网穿透。

    内网访问:http://192.168.1.109/

    外网访问:http://1549v4h967.imwork.net/
上一篇:记录openwrt下补丁apply的过程中出错,但是可以单独打上该补丁


下一篇:RDS MySQL InnoDB 锁等待和锁等待超时的处理