急速安装lnmp 编译版本
安装msyql+PHP
- 系统centos6.5
- 安装 开发软件包
已经改成了163的源需要执行下面的代码
官网不自带 libmcrypt libmcrypt-devel
wget http://www.atomicorp.com/installers/atomic
下载这个yum源,执行
sh ./atomic
yum -y install libmcrypt libmcrypt-devel
yum -y groupinstall "Development Tools"
报错:提示 kernel-devel需要升级 (这个问题可以忽略)
解决:
wget ftp://rpmfind.net/linux/centos/6.9/os/x86_64/Packages/kernel-devel-2.6.32-696.el6.x86_64.rpm
然后再试下yum -y groupinstall "Development Tools" 已经不报错了。
yum -y install libxml2* curl curl-devel libjpeg* libpng* freetype-devel
- 安装mysql: (注意,如果出现后面mysql无论如何都无法启动的情形,请最先安装mysql,并启动试试)
yum -y install mysql mysql-server mysql-devel
- 下载PHP-5.6.2
wget http://cn2.php.net/distributions/php-5.6.2.tar.gz
- 解压
tar -xvf php-5.6.2.tar.gz
cd php-5.6.2编译安装php
二种情况 第一种 用了mysql的rpm包用这种方式编译
``` shell
./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=mysqlnd --with-mysql-sock=/tmp/mysql.sock --with-pdo-mysql=/usr/local/services/mysql --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl --enable-bcmath --enable-sockets
第二种情况 你使用yum来安装mysql
./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql --with-mysql-sock=/tmp/mysql.sock --with-pdo-mysql --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl --enable-bcmath --enable-sockets
make && make install,等好久编译完执行一下make test测试下。如果出现未安装的错误一般使用yum安装即可 记得别忘记libcurl*
出现找不到文件路径的情况下 用 find / -name 'name'去查找一下
出现warning的情形下大多是因为版本以及默认安装了,可以去掉该行
修改php配置文件
cp php.ini-production /usr/local/php/etc/php.ini
cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
cp /root/php-5.6.2/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/init.d/php-fpm
- 启动php 等安装完nginx后才启动
安装nginx
yum -y install nginx
修改
先备份
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
vim /etc/nginx/nginx.conf
user nginx nginx;
worker_processes 16;
#error_log /data/logs/nginx_error.log crit;
error_log /var/log/nginx_error.log crit;
#pid /usr/local/services/nginx/nginx.pid;
pid /var/run/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;
events
{
use epoll;
worker_connections 65535;
}
http
{
include mime.types;
default_type application/octet-stream;
#charset gb2312;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
#limit_zone crawler $binary_remote_addr 10m;
log_format www '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
server
{
listen 80;
server_name vagrant-centos65.vagrantup.com;
index start.php index.htm index.html index.php pengyou.php weibo.php qzone.php;
root /usr/share/nginx/html;
#limit_conn crawler 20;
location ~ .*\.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index start.php;
# include fcgi.conf;
include fastcgi.conf;
}
location ~ .*.(svn|git|cvs)
{
deny all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 1h;
}
}
}
启动php-fpm
vim /usr/local/php/etc/php-fpm.conf
user=nginx group=nginx
/etc/init.d/php-fpm start
启动nginx
/etc/init.d/nginx start
vim /usr/share/nginx/html/cc.php
<?php
phpinfo();
?>
127.0.0.1/cc.php
LNMP安装完成
wiki安装部署
首先登录进入mysql数据库
mysql -uroot
创建一个wiki库
create database wiki charset utf8;
grant all on wiki.* to wiki@'localhost' identified by 'wiki';
flush privileges;
下载wiki软件
wget http://kaiyuan.hudong.com/download.php?n=HDWiki-v6.0UTF8-20170209.zip
unzip HDWiki-v6.0UTF8-20170209.zip
mv hdwiki/* /usr/share/nginx/html/
如果使用老师的nginx包安装
mv hdwiki/* /data/htdocs/www/
chown -R www:wwww /data/htdocs/www
-R 处理指定目录以及其子目录下的所有文件
浏览器http://192.168.1.109/index.php 直接进行配置就可以了
- 同意
- 权限
[root@vagrant-centos65 html]# chmod 0777 ./uploads
[root@vagrant-centos65 html]# chmod 0777 ./uploads/userface
[root@vagrant-centos65 html]# chmod 0777 ./data/
[root@vagrant-centos65 html]# chmod 0777 ./plugins
[root@vagrant-centos65 html]# chmod 0777 ./style/default/logo.gif
[root@vagrant-centos65 html]# chmod 0777 ./config.php
可简写为一条语句:
[root@vagrant-centos65 html]# chmod 0777 ./uploads ./uploads/userface ./data/ ./plugins ./style/default/logo.gif ./config.php
- mysql
[root@vagrant-centos65 html]# mysqladmin -uroot password '123456'
数据库服务器:把
localhost改为127.0.0.1启动
重启过后需要重启这些服务:
可以添加到开机启动脚本里面
[root@vagrant-centos65 ~]# service nginx start
Starting nginx: [ OK ]
[root@vagrant-centos65 ~]# service mysqld start
Starting mysqld: [ OK ]
[root@vagrant-centos65 ~]# /etc/init.d/php-fpm start
Starting php-fpm done
- Linux 开启允许外网访问端口:
LINUX通过下面的命令可以开启允许对外访问的网络端口:
/sbin/iptables -I INPUT -p tcp --dport 8000 -j ACCEPT #开启8000端口
/etc/rc.d/init.d/iptables save #保存配置
/etc/rc.d/init.d/iptables restart #重启服务
查看端口是否已经开放
/etc/init.d/iptables status
[root@vagrant-centos65 ~]# /sbin/iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
[root@vagrant-centos65 ~]# /etc/rc.d/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@vagrant-centos65 ~]# /etc/rc.d/init.d/iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@vagrant-centos65 ~]# /etc/init.d/iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[root@vagrant-centos65 ~]#
- 添加防火墙,预防cc攻击和暴力破解!
## 脚本文件:drop_ip.sh
#!/bin/bash
## drop_ip1获取nginx日志里面的黑名单ip
drop_ip1=`tail -5000 /var/log/nginx/access.log |awk '{a[$1]++}END{for(i in a)if(a[i]>300)print i}'`
## drop_ip2获取登录日志的黑名单ip
drop_ip2=`tail -5000 /var/log/secure |grep Failed |awk '{a[$11]++}END{for(i in a)if(a[i]>15)print i}'`
white_ip=('192.168.1.102' '192.168.1.109')
## 通过判断黑名单ip是不是非空、循环遍历判断iptables规则中是否已经有的规则,然后通过插入-s ip DROP操作来防御黑名单ip的进攻
if [ -n $drop_ip1 -o -n $drop_ip2 ];then
for i in drop_ip1 drop_ip2
do
x=`iptables -nv -L |grep $'i'`
if [ -z "$x" ];then
for j in $white_ip
do
if [ $i != $j ];then
/sbin/iptables -I INPUT -s $i -j DROP
fi
done
fi
done
fi
防御结果:
[root@vagrant-centos65 ~]# iptables -nv -L
Chain INPUT (policy ACCEPT 34 packets, 2244 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 192.168.1.105 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 24 packets, 2912 bytes)
pkts bytes target prot opt in out source destination
- 配置外网访问,内网穿透。
内网访问:http://192.168.1.109/
外网访问:http://1549v4h967.imwork.net/