CentOS 6.5 生產環境編譯安裝LNMP

一、環境準備1、作業系統安裝：CentOS 6.5 64位迷你安裝。2、配置好IP、DNS、網關、主機名稱3、配置防火牆，開啟80、3306連接埠vim /etc/sysconfig/iptables-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT #允許80連接埠通過防火牆-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT #允許3306連接埠通過防火牆特別提示：如果這兩條規則添加到防火牆配置的最後一行，導致防火牆啟動失敗，正確的應該是添加到預設的22連接埠 。/etc/init.d/iptables restart #最後重啟防火牆使配置生效4、關閉SELinuxvi /etc/selinux/configurations#SELINUX=enforcing #注釋掉#SELINUXTYPE=targeted #注釋掉SELINUX=disabled #增加:wq! #儲存退出setenforce 0 #使配置立即生效二、系統約定硬碟分區：50G(/boot 200M /swap 8192M /)+100G(/opt)軟體原始碼包存放位置：/opt/local/src源碼包編譯安裝位置：/opt/local/軟體名資料庫資料檔案儲存路徑/opt/local/mysql/var三、軟體包下載1、下載nginx（目前穩定版）：http://nginx.org/download/nginx-1.4.4.tar.gz2、下載pcre （支援nginx偽靜態）：ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.34.tar.gz3、下載MySQL：http://cdn.mysql.com/Downloads/MySQL-5.5/mysql-5.5.35.tar.gz4、下載php：http://cn2.php.net/distributions/php-5.5.7.tar.gz5、下載cmake（MySQL編譯工具）：http://www.cmake.org/files/v2.8/cmake-2.8.12.1.tar.gz6、下載libmcrypt（PHPlibmcrypt模組）：http://nchc.dl.sourceforge.net/project/mcrypt/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz7、下載GD庫安裝包（php頁面圖片驗證碼支援）：https://phpsqq.googlecode.com/files/gd-2.0.36RC1.tar.gz將以上軟體包上傳到/opt/local/src目錄四、安裝編譯工具及庫檔案使用CentOS yum命令一鍵安裝yum install -y make apr* autoconf automake curl curl-devel gcc gcc-c++ gtk+-devel zlib-devel openssl openssl-devel pcre-devel gd kernel keyutils patch perl kernel-headers compat* cpp glibc libgomp libstdc++-devel keyutils-libs-devel libsepol-devel libselinux-devel krb5-devel libXpm* freetype freetype-devel freetype* fontconfig fontconfig-devel libjpeg* libpng* php-common php-gd gettext gettext-devel ncurses* libtool* libxml2 libxml2-devel patch policycoreutils bison五、軟體安裝篇1、安裝cmakecd /opt/local/srctar zxvf cmake-2.8.8.tar.gzcd cmake-2.8.8./configure --prefix=/opt/local/cmakemake #編譯make install #安裝vim /etc/profile 在path路徑中增加cmake執行檔案路徑export PATH=$PATH:/opt/local/cmake/binsource /etc/profile使配置立即生效2、安裝pcrecd /opt/local/srcmkdir /usr/local/pcre #建立安裝目錄tar zxvf pcre-8.34.tar.gzcd pcre-8.34./configure --prefix=/opt/local/pcre #配置make && make install3、安裝libmcryptcd /opt/local/srctar zxvf libmcrypt-2.5.8.tar.gz #解壓cd libmcrypt-2.5.8 #進入目錄./configure #配置make #編譯make install #安裝4、安裝gd庫cd /opt/local/srctar zxvf gd-2.0.36RC1.tar.gzcd gd-2.0.36RC1./configure --enable-m4_pattern_allow —prefix=/opt/local/gd --with-jpeg=/usr/lib --with-png=/usr/lib --with-xpm=/usr/lib --with-freetype=/usr/lib --with-fontconfig=/usr/lib #配置make #編譯make install #安裝5、安裝Mysqlgroupadd mysql #添加mysql組useradd -g mysql mysql -s /bin/false #建立使用者mysql並加入到mysql組，不允許mysql使用者直接登入系統mkdir -p /opt/data/mysql/var #建立MySQL資料庫存放目錄chown -R mysql:mysql /opt/data/mysql/var #設定MySQL資料庫目錄許可權cd /opt/local/srctar zxvf mysql-5.5.35.tar.gz #解壓cd mysql-5.5.35cmake . -DCMAKE_INSTALL_PREFIX=/opt/local/mysql -DMYSQL_DATADIR=/opt/data/mysql/var -DSYSCONFDIR=/etc #配置make #編譯make install #安裝cd /opt/local/mysqlcp ./support-files/my-huge.cnf /etc/my.cnf #拷貝設定檔（注意：如果/etc目錄下面預設有一個my.cnf，直接覆蓋即可）vi /etc/my.cnf #編輯設定檔,在 [mysqld] 部分增加datadir = /opt/data/mysql/var #添加MySQL資料庫路徑./scripts/mysql_install_db --user=mysql #產生mysql系統資料庫cp ./support-files/mysql.server /etc/rc.d/init.d/mysqld #把Mysql加入系統啟動chmod 755 /etc/init.d/mysqld #增加執行許可權chkconfig mysqld on #加入開機啟動vi /etc/rc.d/init.d/mysqld #編輯basedir = /opt/local/mysql #MySQL程式安裝路徑datadir = /opt/local/mysql/var #MySQl資料庫存放目錄service mysqld start #啟動vi /etc/profile #把mysql服務加入系統內容變數：在最後添加下面這一行export PATH=$PATH:/opt/local/cmake/bin:/opt/local/mysql/binsource /etc/profile #使配置立即生效mkdir /var/lib/mysql #建立目錄ln -s /tmp/mysql.sock /var/lib/mysql/mysql.sock #添加軟連結mysql_secure_installation #設定Mysql密碼，根據提示按Y 斷行符號輸入2次密碼/opt/local/mysql/bin/mysqladmin -u root -p password "123456" #或者直接修改密碼到此，mysql安裝完成。6、安裝 nginxcd /opt/local/srcgroupadd www #添加www組useradd -g www www -s /bin/false #建立nginx運行賬戶www並加入到www組，不允許www使用者直接登入系統tar zxvf nginx-1.4.4.tar.gzcd nginx-1.4.4./configure --prefix=/opt/local/nginx --without-http_memcached_module --user=www --group=www --with-http_stub_status_module --with-openssl=/usr/ --with-pcre=/opt/local/src/pcre-8.31注意:--with-pcre=/opt/local/src/pcre-8.34指向的是源碼包解壓的路徑，而不是安裝的路徑，否則會報錯makemake install/opt/local/nginx/sbin/nginx #啟動nginx設定nginx開啟啟動vi /etc/rc.d/init.d/nginx #編輯開機檔案添加下面內容=======================================================#!/bin/bash# nginx Startup script for the Nginx HTTP Server# it is v.0.0.2 version.# chkconfig: - 85 15# description: Nginx is a high-performance web and proxy server.# It has a lot of features, but it's not for everyone.# processname: nginx# pidfile: /var/run/nginx.pid# config: /usr/local/nginx/conf/nginx.confnginxd=/opt/local/nginx/sbin/nginxnginx_config=/opt/local/nginx/conf/nginx.confnginx_pid=/opt/local/nginx/logs/nginx.pidRETVAL=0prog="nginx"# Source function library.. /etc/rc.d/init.d/functions# Source networking configuration.. /etc/sysconfig/network# Check that networking is up.[ ${NETWORKING} = "no" ] && exit 0[ -x $nginxd ] || exit 0# Start nginx daemons functions.start() {if [ -e $nginx_pid ];thenecho "nginx already running...."exit 1fiecho -n $"Starting $prog: "daemon $nginxd -c ${nginx_config}RETVAL=$?echo[ $RETVAL = 0 ] && touch /var/lock/subsys/nginxreturn $RETVAL}# Stop nginx daemons functions.stop() {echo -n $"Stopping $prog: "killproc $nginxdRETVAL=$?echo[ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /usr/local/nginx/logs/nginx.pid}reload() {echo -n $"Reloading $prog: "#kill -HUP `cat ${nginx_pid}`killproc $nginxd -HUPRETVAL=$?echo}# See how we were called.case "$1" instart)start;;stop)stop;;reload)reload;;restart)stopstart;;status)status $progRETVAL=$?;;*)echo $"Usage: $prog {start|stop|restart|reload|status|help}"exit 1esacexit $RETVAL=======================================================:wq! #儲存退出chmod 775 /etc/rc.d/init.d/nginx #賦予檔案執行許可權chkconfig nginx on #設定開機啟動/etc/rc.d/init.d/nginx restart #重新啟動Nginxservice nginx restart=======================================================7、安裝phpcd /opt/local/srctar -zvxf php-5.5.7.tar.gzcd php-5.5.7../configure --prefix=/opt/local/php5 --with-config-file-path=/opt/local/php5/etc --with-mysql=/opt/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-gd --with-iconv --with-zlib --enable-xml --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --enable-mbregex --enable-fpm --enable-mbstring --enable-ftp --enable-gd-native-ttf --with-openssl --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --without-pear --with-gettext --enable-session --with-mcrypt --with-curl --with-jpeg-dir --with-freetype-dirmake #編譯make install #安裝cp php.ini-production /opt/local/php5/etc/php.ini #複製php設定檔到安裝目錄rm -rf /etc/php.ini #刪除系統內建設定檔ln -s /opt/local/php5/etc/php.ini /etc/php.ini #添加軟連結cp /opt/local/php5/etc/php-fpm.conf.default /opt/local/php5/etc/php-fpm.conf #拷貝模板檔案為php-fpm設定檔vi /opt/local/php5/etc/php-fpm.conf #編輯user = www #設定php-fpm運行帳號為wwwgroup = www #設定php-fpm運行組為wwwpid = run/php-fpm.pid #取消前面的分號設定 php-fpm開機啟動cp /opt/local/src/php-5.5.7/sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm #拷貝php-fpm到啟動目錄chmod +x /etc/rc.d/init.d/php-fpm #添加執行許可權chkconfig php-fpm on #設定開機啟動vi /opt/local/php5/etc/php.ini #編輯設定檔找到：disable_functions =修改為：disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname#列出PHP可以禁用的函數，如果某些程式需要用到這個函數，可以刪除，取消禁用找到：;date.timezone =修改為：date.timezone = PRC #設定時區找到：expose_php = On修改為：expose_php = OFF #禁止顯示php版本的資訊找到：short_open_tag = Off修改為：short_open_tag = ON #支援php短標籤八、配置nginx支援phpvi /opt/local/nginx/conf/nginx.conf修改/opt/local/nginx/conf/nginx.conf 設定檔,需做如下修改user www www; #首行user去掉注釋,修改Nginx運行組為www www；必須與/opt/local/php/etc/php-fpm.conf中的user,group配置相同，否則php運行出錯user www www;worker_processes 1;events {worker_connections 1024;}http {include mime.types;default_type application/octet-stream;sendfile on;keepalive_timeout 65;server {listen 80;server_name localhost;location / {root html;index index.php index.html index.htm;}location ~ \.php$ {root html;fastcgi_pass 127.0.0.1:9000;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;include fastcgi_params;}}}/etc/init.d/nginx restart #重啟nginx六、測試篇cd /opt/local/nginx/html/ #進入nginx預設網站根目錄rm -rf /opt/local/nginx/html/* #刪除預設測試頁vi index.php #建立index.php檔案phpinfo();?>:wq! #儲存退出chown www.www /opt/local/nginx/html/ -R #設定目錄所有者chmod 700 /opt/local/nginx/html/ -R #設定目錄許可權七、其它說明伺服器相關操作命令service nginx restart #重啟nginxservice mysqld restart #重啟mysql/usr/local/php/sbin/php-fpm #啟動php-fpm/etc/rc.d/init.d/php-fpm restart #重啟php-fpm/etc/rc.d/init.d/php-fpm stop #停止php-fpm/etc/rc.d/init.d/php-fpm start #啟動php-fpmnginx預設網站目錄是：/opt/local/nginx/html/使用權限設定：chown www.www /opt/local/nginx/html/ -RMySQL資料庫目錄是：/opt/local/mysql/var使用權限設定：chown mysql.mysql -R /opt/local/mysql/var八、安全最佳化sherwin@rocnic~$ssh root@172.16.134.141root@172.16.134.141's password:Last login: Sat Jan 18 12:11:57 2014 from 172.16.134.1-bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory[root@dev01 ~]# localelocale: Cannot set LC_CTYPE to default locale: No such file or directorylocale: Cannot set LC_ALL to default locale: No such file or directoryLANG=en_US.UTF-8LC_CTYPE=UTF-8LC_NUMERIC="en_US.UTF-8"LC_TIME="en_US.UTF-8"LC_COLLATE=&qu