1.准备工作
安装前我们需要设置防护墙,开放端口,更新yum源
# 1.防火墙
systemctl status firewalld 看到active(running)就意味着防火墙打开了
systemctl stop firewalld 看到inactive(dead)就意味着防火墙关闭了
systemctl start firewalld 打开防火墙
systemctl disable firewalld 重启后防火墙还是处于关闭的状态
systemctl enable firewalld 重启不会恢复到原来的状态
systemctl restart firewalld.service 重启防火墙
# 2.防火墙端口开放与关闭
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --zone=public --add-port=21/tcp --permanent
firewall-cmd --zone=public --add-port=53/udp --permanent
firewall-cmd --zone=public --remove-port=80/tcp --permanent
firewall-cmd --zone=public --remove-port=443/tcp --permanent
firewall-cmd --zone=public --remove-port=22/tcp --permanent
firewall-cmd --zone=public --remove-port=21/tcp --permanent
firewall-cmd --zone=public --remove-port=53/udp --permanent
firewall-cmd --zone=public --add-port=4400-4600/udp --permanent
firewall-cmd --zone=public --add-port=4400-4600/tcp --permanent
netstat -ntlp //查看当前所有tcp端口·
netstat -ntulp |grep 80 //查看所有80端口使用情况·
netstat -an | grep 3306 //查看所有3306端口使用情况·
查看一台服务器上面哪些服务及端口
netstat -lanp
查看一个服务有几个端口。比如要查看mysqld
ps -ef |grep mysqld
查看某一端口的连接数量,比如3306端口
netstat -pnt |grep :3306 |wc
查看某一端口的连接客户端IP 比如3306端口
netstat -anp |grep 3306
netstat -an 查看网络端口
# 3.更新yum源 常用安装依赖
yum install epel-release -y
yum update
yum install -y gcc gcc-c++ pcre pcre-devel openssl openssl-devel zlib zlib-devel
yum -y install ncurses-devel
yum -y install wget vim pcre pcre-devel openssl openssl-devel libicu-devel gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel ncurses ncurses-devel curl curl-devel krb5-devel libidn libidn-devel openldap openldap-devel nss_ldap jemalloc-devel cmake boost-devel bison automake libevent libevent-devel gd gd-devel libtool* libmcrypt libmcrypt-devel mcrypt mhash libxslt libxslt-devel readline readline-devel gmp gmp-devel libcurl libcurl-devel openjpeg-devel
yum install -y libaio
yum install vim
yum install gcc-c++2.安装Nginx
2.1 Nginx编译安装
tar -zxvf nginx-1.12.2.tar.gz
cd nginx-1.12.2
./configure --user=www --group=www --prefix=/usr/local/nginx/ --with-http_v2_module --with-http_ssl_module --with-http_sub_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-http_realip_module
make
make install2.2 启动Nginx
cd /usr/local/nginx/sbin
./nginx #启动
./nginx -s reload #重启nginx
./nginx -s stop #停止nginx
./nginx -t #验证配置文件是否正确
/usr/local/nginx/sbin/nginx -s reload2.3 测试是否安装成功
修改家目录 nginx.conf
location / {
root /home/www/;
index index.html index.htm;
}
ps -ef|grep nginx #测试是否允许
curl localhost #Linux下本地测试 2.4 解析php
重点是创建php-cgi.sock存放目录 不解析时查看是否存在
mkdir /var/run/www/
chown -R www:www /var/run/www
/usr/local/php/sbin/php-fpm配置文件修改:nginx.conf
location ~ \.php$ {
root /home/www/; #与原有的一致
fastcgi_pass unix:/var/run/www/php-cgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}2.5 配置站点
-
在安装目录的配置文件目录中新建vhost文件夹
-
在vhost目录中新建多个站点配置文件
-
站点配置文件内容
server {
listen 80; # 监听端口
server_name www.siteA.com siteA.com; # 站点域名
root /home/user/www/blog; # 站点根目录
index index.html index.htm index.php; # 默认导航页location / { # WordPress固定链接URL重写 if (!-e $request_filename) { rewrite (.*) /index.php; } } # PHP配置 location ~ \.php$ { fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include fastcgi_params; }}
-
在nginx.conf 引入多站点配置文件
include /etc/nginx/vhost/*.conf;
2.6 配置SSL证书
server {
listen 443;
server_name localhost; # localhost修改为您证书绑定的域名。
ssl on; #设置为on启用SSL功能。
root html;
index index.html index.htm;
ssl_certificate cert/domain name.pem; #将domain name.pem替换成您证书的文件名。
ssl_certificate_key cert/domain name.key; #将domain name.key替换成您证书的密钥文件名。
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #使用此加密套件。
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #使用该协议进行配置。
ssl_prefer_server_ciphers on;
location / {
root html; #站点目录。
index index.html index.htm;
}
} 2.6 设置自动跳转HTTPS
server {
listen 80;
server_name localhost;
rewrite ^(.*)$ https://$host$1 permanent;
location / {
index index.html index.htm;
}
}2.7 开机启动
创建开机启动文件
cd /lib/systemd/system
vi nginx.service脚本内容
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target2.8 操作命令
# 设置开机启动:
systemctl enable nginx.service
# 停止开机自启动:
systemctl disable nginx.service
# 其它命令:
systemctl start nginx.service
systemctl status nginx.service
systemctl restart nginx.service
systemctl stop nginx.service 3.安装php
3.1 创建运行用户
groupadd www
useradd -g www www3.2 建立软连接
cp -frp /usr/lib64/libldap* /usr/lib/
ln -s /usr/local/lib/libiconv.so.2 /usr/lib64/3.3 编译安装php
tar -zxvf php-7.2.4.tar.gz
cd php-7.2.4
./configure --prefix=/usr/local/php \
--with-config-file-path=/usr/local/php/etc \
--enable-fpm \
--with-fpm-user=www \
--with-fpm-group=www \
--enable-mysqlnd \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--enable-mysqlnd-compression-support \
--with-iconv-dir \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib \
--with-libxml-dir \
--enable-xml \
--disable-rpath \
--enable-bcmath \
--enable-shmop \
--enable-sysvsem \
--enable-inline-optimization \
--with-curl \
--enable-mbregex \
--enable-mbstring \
--enable-intl \
--with-libmbfl \
--enable-ftp \
--with-gd \
--with-openssl \
--with-mhash \
--enable-pcntl \
--enable-sockets \
--with-xmlrpc \
--enable-zip \
--enable-soap \
--with-gettext \
--disable-fileinfo \
--enable-opcache \
--with-pear \
--enable-maintainer-zts \
--with-ldap=shared \
--without-gdbm \
--with-apxs2=/usr/local/apache/bin/apxs\
make -j4
如果编译出现错误使用这个编辑命令代替make ZEND_EXTRA_LIBS='-liconv'
不要 make test 害死人等时间太长
make install3.4 配置php配置文件
cp php.ini-development /usr/local/php/etc/php.ini
cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
cp /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf3.5 配置php.ini
expose_php = Off
short_open_tag = ON
max_execution_time = 300
max_input_time = 300
memory_limit = 128M
post_max_size = 32M
date.timezone = Asia/Shanghai
extension = "/usr/local/php/lib/php/extensions/no-debug-zts-20160303/ldap.so"
[opcache]
zend_extension=/usr/local/php/lib/php/extensions/no-debug-zts-20160303/opcache.so
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.revalidate_freq=60
opcache.fast_shutdown=1
opcache.enable_cli=1
disable_functions=passthru,exec,system,chroot,chgrp,chown,shell_exec,proc_open,proc_get_status,popen,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru3.6 配置www.conf
取消以下注释并修改优化其参数:
listen = /var/run/www/php-cgi.sock
listen.owner = www
listen.group = www
listen.mode = 0660
listen.allowed_clients = 127.0.0.1
pm = dynamic
listen.backlog = -1
pm.max_children = 180
pm.start_servers = 50
pm.min_spare_servers = 50
pm.max_spare_servers = 180
request_terminate_timeout = 120
request_slowlog_timeout = 50
slowlog = var/log/slow.log3.7 运行php-fpm
创建php-cgi.sock存放目录
mkdir /var/run/www/
chown -R www:www /var/run/www
# 配置php-fpm.conf
取下以下注释并填写完整路径:
pid = /usr/local/php/var/run/php-fpm.pid
# 运行php-fpm
/usr/local/php/sbin/php-fpm3.8 开机启动
vim /etc/systemd/system/php-fpm.service
内容:
[Unit]
Description=The PHP FastCGI Process Manager
After=syslog.target network.target
[Service]
Type=simple
PIDFile=/usr/local/php/var/run/php-fpm.pid
ExecStart=/usr/local/php/sbin/php-fpm --nodaemonize --fpm-config /usr/local/php/etc/php-fpm.conf
ExecReload=/bin/kill -USR2 $MAINPID
ExecStop=/bin/kill -SIGINT $MAINPID
[Install]
WantedBy=multi-user.target
#启动php-fpm
systemctl start php-fpm.service
#添加到开机启动
systemctl enable php-fpm.service
#添加一个软链接 重要
ln -s /usr/local/php/bin/php /usr/local/bin/php
# 10.启动与关闭
systemctl enable php-fpm.service #开机运行服务
systemctl disable php-fpm.service #取消开机运行
systemctl start php-fpm.service #启动服务
systemctl restart php-fpm.service #重启服务3.9 Php 加入环境变量
将 /usr/local/php/bin 加到后面,用:隔开
vi /root/.bash_profile
PATH=$PATH:$HOME/bin:/usr/local/mysql/bin:/usr/lcoal/php/bin
重启服务
source /root/.bash_profile 4.安装Composer
4.1 安装composer
cd /usr/local/src
curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer4.2 Composer 使用权限
chmod -R 777 /usr/local/bin/composer4.3 切换国内镜像
composer config -g repo.packagist composer https://packagist.phpcomposer.com
composer config -g repo.packagist composer https://mirrors.aliyun.com/composer/5.安装Git
可以使用yum安装,十分简单。
# yum命令安装与卸载
yum install -y git
yum remove git在工作中推荐编译安装
5.1 安装依赖包
yum install -y wget
yum install -y gcc-c++
yum install -y zlib-devel perl-ExtUtils-MakeMaker5.2 编译安装
# 下载最新git
cd /usr/local/src
wget https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.9.0.tar.gz
# 编译安装git
tar -zxvf git-2.9.0.tar.gz
cd git-2.9.0
./configure --prefix=/usr/local/git
make
make install5.3 环境变量
# 添加环境变量
# 将 /usr/local/git/bin 加到后面,用:隔开
vim /root/.bash_profile
PATH=$PATH:$HOME/bin:/usr/local/git/bin
# 重启
source /root/.bash_profile5.4 配置git用户
# 查看git版本
git --version
# 创建git用户
groupadd git
useradd git -g git
passwd git #设置密码 参数是用户名
su - git //切换git用户5.5 配置证书
-
客户端安装git,设置key
git config --global user.name "dddd"
git config --global user.email "qq@qq.com"
ssh-keygen -t rsa -C "your_email"
该命令会产生两个文件: id_rsa对应私钥,id_rsa.pub对应公钥。将id_rsa.pub中的内容写到服务器的authorized_keys文件中。如果有多个客户端,那么在authorized_keys文件中,一行保存一个客户端的公钥
-
服务器端: 创建authorized_keys文件
cd /home/git
mkdir .ssh
chmod 700 .ssh
touch .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
cd /home
chown -R git:git git -
服务器端配置RSA
进入 /etc/ssh 目录,编辑 sshd_config,打开以下三个配置的注释
RSAAuthentication yes 最新版centos7.4无需配置、没有的不配置
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
#保存并重启 sshd 服务:
service sshd restart-
将客户端公钥导入服务器端
ssh git@192.168.136.00 'cat >>.ssh/authorized_keys' < ~/.ssh/id_rsa.pub
将git设置为默认路径,不然后面克隆时会报错
ln -s /usr/local/git/bin/git-upload-pack /usr/bin/git-upload-pack
ln -s /usr/local/git/bin/git-receive-pack /usr/bin/git-receive-pack
5.6 服务端初始化Git仓库
#进入home目录
cd /home
#创建gitdemo目录
mkdir gitdemo
# 利用 chown 将指定文件的拥有者改为指定的用户或组
# 把仓库所属用户改为git
chown git:git gitdemo/
cd gitdemo
#现有仓库导出为裸仓库------即一个不包含当前工作目录的仓库
git init --bar demo.git
#把仓库所属用户改为git
#-R : 处理指定目录以及其子目录下的所有文件
#将目录下的所有文件与子目录的拥有者皆设为git群体的使用者 git :
chown -R git:git demo.git
#以后每创建一个新的仓库.都需要执行上面的命令(修改仓库所属用户为git)
# 克隆仓库
git clone git@192.168.**.**:/home/gitdemo/demo.git5.7 禁止git用户 Shell登录
vim /etc/passwd
git:x:502:502::/home/git:/usr/local/git/bin/git-shell6.安装Redis
# 安装依赖包
yum install gcc-c++6.1 编译安装
# redis安装
wget http://download.redis.io/releases/redis-5.0.7.tar.gz
tar xzf redis-5.0.7.tar.gz
cd redis-5.0.7
make
make install PREFIX=/usr/local/redis
make install PREFIX=/www/server/redis6
注意:make install 加上需要安装的redis目录地址6.2 配置与启动
# 拷贝配置文件
cp -r redis.conf /usr/local/redis/bin/
# 开启服务端
./redis-server redis.conf
# 客户端连接redis
cd /usr/local/redis/
./redis-cli -h 127.0.0.1 -p 63796.3 环境变量
# 打开bash_profile配置
vim ~/.bash_profile
# 文件中添加:
export REDIS_HOME=/usr/local/redis
export PATH=$PATH:$REDIS_HOME/bin
# 重启
source ~/.bash_profile6.4 设置后台运行
vim redis.conf
daemonize no修改为daemonize yes即可
重启redis:
ps -ef|grep redis
kill -9 20940
./redis-server redis.conf6.5 开机启动
# 创建文件
vim /etc/init.d/redis
# 编辑内容添加:
*******************************************************************
#!/bin/bash
#chkconfig: 22345 10 90
#description: Start and Stop redis
REDISPORT=6379
EXEC=/usr/local/redis/bin/redis-server
CLIEXEC=/usr/local/redis/bin/redis-cli
PIDFILE=/var/run/redis.pid
CONF="/usr/local/redis/bin/redis.conf"
case "$1" in
start)
if [ -f $PIDFILE ];then
echo "$PIDFILE exists,process is already running or crashed"
else
echo "Starting Redis server..."
$EXEC $CONF
fi
;;
stop)
if [ ! -f $PIDFILE ];then
echo "$PIDFILE does not exist,process is not running"
else
PID=$(cat $PIDFILE)
echo "Stopping..."
$CLIEXEC -p $REDISPORT shutdown
while [ -x /proc/${PID} ]
do
echo "Waiting for Redis to shutdown..."
sleep 1
done
echo "Redis stopped"
fi
;;
restart)
"$0" stop
sleep 3
"$0" start
;;
*)
echo "Please use start or stop or restart as first argument"
;;
esac
**************************************************************************************
# 权限及开机启动
chmod +x /etc/init.d/redis
#chkconfig --add redis
#chkconfig redis on
#chkconfig --list //查看所有注册的脚本文件7.安装Apache
这里介绍下Apache的安装,不过最好使用Nginx
7.1 准备工作
# 安装apr
tar -zxvf apr-1.6.3.tar.gz
cd apr-1.6.3
./configure --prefix=/usr/local/apr
make
make install
注意:
cannot remove 'libtoolT': No such file or directory
直接打开configure,把 $RM "$cfgfile" 那行删除掉,重新再运行 ./configure 就可以了
# 安装 Apr-util
tar -zxvf apr-util-1.6.1.tar.gz
cd apr-util-1.6.1
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
make
make install
# 安装pcre
tar -zxvf pcre-8.39.tar.gz
cd pcre-8.39
./configure --prefix=/usr/local/pcrel
make
make install7.2 安装apache
tar -zxvf httpd-2.4.34.tar.gz
cd httpd-2.4.34
./configure \
--prefix=/usr/local/apache \
--enable-ssl \
--enable-rewrite \
--with-apr=/usr/local/apr \
--with-apr-util=/usr/local/apr-util
make
make install7.3 配置
#配置ServerName 进入httpd.conf配置文件
ServerName localhost:80
#修改家目录 进入httpd.conf配置文件
DocumentRoot "/home/www"
<Directory "/home/www">7.4 开机启动
将自己安装目录下的apachect1复制到该目录下并改为httpd
cp /usr/local/apache/bin/apachect1 /etc/init.d/httpd
注:复制时注意安装目录
编辑 vi /etc/init.d/httpd 在 #!/bin/sh 下添加这两句
#chkconfig:345 85 15
#description:Start and stop the Apache HTTP Server
添加启动:
chkconfig --add httpd
启动:
chkconfig httpd on
查看是否成功:
chkconfig --list httpd7.5 启动与关闭常用操作
启动:
/usr/local/apache/bin/apachectl start
重启:
/usr/local/apache/bin/apachectl restart
停止:
/usr/local/apache/bin/apachectl stop
不中断:
/usr/local/apache/bin/apachectl graceful7.6 Apache解析php
首先http.conf中配置
LoadModule php7_module modules/libphp7.so 开启注释
其次在配置文件httpd.conf的<IfModule mime_module></IfModule>块里增加一行
AddType application/x-httpd-php .php
ServerName 127.0.0.1:80
然后搜索<IfModule dir_module>下面这一块添加上index.php
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
重启apache7.7 Apache 禁止目录浏览
打开apache配置文件httpd.conf
找到Options Indexes
<Directory />
Options Indexes
AllowOverride None
Order allow,deny
Allow from all
</Directory>
修改
Options Indexes 修改为Options None
Options Indexes FollowSymLinks,修改为Options None7.8 Apache配置SSL
# 1.检查是否安装OpenSSL
# 查看是否安装
openssl version
# 编译安装 https://www.cnblogs.com/rxbook/p/9367725.html
# yum安装 OpenSSL
yum install openssl yum install openssl-devel
# 在线升级
yum -y update openssl
# 2.配置证书上传目录
在Apache安装目录中新建cert目录,并将下载的Apache证书、 证书链文件和秘钥文件拷贝到cert目录中。如果需要安装多个证书,需在Apache的cert目录中新建对应数量的cert目录,用于存放不同的证书(每个域名证书对应一个文件夹存放)
如果申请证书时选择了手动创建CSR文件,请将手动生成创建的秘钥文件拷贝到cert目录中并命名为domain name.key。
# 3.修改httpd.conf配置文件
# 3.1 httpd.conf配置参数 mod_ssl.so
#LoadModule ssl_module modules/mod_ssl.so
删除行首的配置语句注释符号"#"加载mod_ssl.so模块启用SSL服务,Apache默认是不启用该模块的。如果找不到该配置,请重新编译mod_ssl模块。
# 3.2 引入httpd-ssl.conf
#Include conf/extra/httpd-ssl.conf #删除行首的配置语句注释符号"#"。
# 4.修改httpd-ssl.conf配置文件
# 4.1打开httpd-ssl.conf文件 注释掉默认示例参数
# 4.2 具体配置参数
<VirtualHost *:443>
ServerName www.xx.com。
DocumentRoot /data/www/xxx/public
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
SSLCertificateFile cert/domain name1_public.crt
SSLCertificateKeyFile cert/domain name1.key
SSLCertificateChainFile cert/domain name1_chain.crt
</VirtualHost>
# 4.3根据情况可设置多个,保存 httpd-ssl.conf 文件并退出
# 5.配置httpd-vhosts.conf中站点
# 80与443端口同时存在
<VirtualHost *:443>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/home/www/demo/public/"
ServerName m.ljy.vip
ServerAlias localhost
SSLEngine on
SSLCertificateFile "/usr/local/apache/cert/3087344_m.ljy.vip_public.crt"
SSLCertificateKeyFile "/usr/local/apache/cert/3087344_m.ljy.vip.key"
SSLCertificateChainFile "/usr/local/apache/cert/3087344_m.ljy.vip_chain.crt"
ErrorLog "/usr/local/apache/logs/error_log"
CustomLog "/usr/local/apache/logs/access_log" common
</VirtualHost>
# 设置Apache http自动跳转https
# 在 httpd-vhosts.conf 文件中的<VirtualHost *:80> </VirtualHost>中间,添加以下重定向代码
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [L,R]8.安装mysql
请参考
Linux编译安装Mysql笔记_linux 源码编译安装mysql csdn-CSDN博客
9.最后
明天国庆节,祝大家节日快乐!
感谢大家,请大家多多支持!