搭建LNMP

安装mysql

[root@localhost ~]# yum install -y wget

[root@localhost ~]# cd /usr/local/src/

[root@localhost ~]# wget http://mirrors.sohu.com/mysql/MySQL-5.0/mysql-5.0.96-linux-i686-glibc23.tar.gz

[root@localhost ~]# tar zxvf mysql-5.0.96-linux-i686-glibc23.tar.gz

[root@localhost ~]# mv mysql-5.0.96-linux-i686-glibc23/ /usr/local/mysql

[root@localhost ~]# useradd -s /sbin/nologin mysql

[root@localhost ~]# cd /usr/local/mysql

[root@localhost ~]# mkdir -p /data/mysql

[root@localhost ~]# chown -R mysql:mysql /data/mysql

[root@localhost ~]# ./scripts/mysql_install_db --user=mysql --datadir=/data/mysql

[root@localhost ~]# /bin/cp /usr/local/mysql/support-files/my-large.cnf /etc/my.cnf

[root@localhost ~]# /bin/cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld

[root@localhost ~]# chmod 755 /etc/init.d/mysqld

[root@localhost ~]# vi /etc/init.d/mysqld

basedir=/usr/local/mysql

datadir=/data/mysql

[root@localhost ~]# chkconfig --add mysqld

[root@localhost ~]# chkconfig mysqld on

[root@localhost ~]# /etc/init.d/mysqld restart

[root@localhost ~]# ps aux | grep mysqld

安装PHP

安装PHP需要的组件

[root@localhost ~]# yum install -y gcc zlib-devel perl libxml2-devel openssl openssl-devel bzip2 bzip2-devel libjpeg libjpeg-devel freetype freetype-devel libpng libpng-devel epel-release

以下两个组件需单独安装

[root@localhost ~]# yum install –y libmcrypt libmcrypt-devel

[root@localhost ~]# useradd -s /sbin/nologin php-fpm

[root@localhost ~]# cd /usr/local/src/

[root@localhost src]# tar zxvf php-5.4.37.tar.gz

[root@localhost src]# cd php-5.4.37

[root@localhost php-5.4.37]# ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=/usr/local/mysql/ --with-mysql-sock=/tmp/mysql.sock --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6

[root@localhost ~]# make && make install

[root@localhost ~]# cp /root/php-5.4.37/php.ini-production /usr/local/php/etc/php.ini

[root@localhost ~]# cp /root/php-5.4.37/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm

[root@localhost ~]# chmod 755 /etc/init.d/php-fpm

[root@localhost ~]# cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf

配置PHP

配置文件

[root@localhost ~]# ll /usr/local/php/etc/php-fpm.conf

清空原有内容

[root@localhost ~]# > /usr/local/php/etc/php-fpm.conf

添加内容，注意这个文件内的listen = /tmp/myweb.sock必须要对照/usr/local/nginx/conf/vhosts/myweb.conf文件的fastcgi_pass unix:/tmp/myweb.sock;选项

[root@localhost ~]# vi /usr/local/php/etc/php-fpm.conf

[global]

pid = /usr/local/php/var/run/php-fpm.pid

error_log = /usr/local/php/var/log/php-fpm.log

[www1]

listen = /tmp/www1.sock

user = php-fpm

group = php-fpm

listen.owner = nobody

listen.group= nobody

pm = dynamic

pm.max_children = 50

pm.start_servers = 20

pm.min_spare_servers = 5

pm.max_spare_servers = 35

pm.max_requests = 500

rlimit_files = 1024

slowlog = /tmp/www_slow.log

request_slowlog_timeout = 1

php_admin_value[open_bosedir] = /data/www/:/tmp/

测试语法

[root@localhost ~]# /usr/local/php/sbin/php-fpm -t

[root@localhost ~]# /etc/init.d/php-fpm restart

[root@localhost ~]# chkconfig --add php-fpm

[root@localhost ~]# chkconfig php-fpm on

安装NGINX

[root@localhost ~]# yum install -y gcc pcre-devel zlib-devel

[root@localhost ~]# cd /usr/local/src/

[root@localhost ~]# tar zxvf nginx-1.6.2.tar.gz

[root@localhost ~]# cd nginx-1.6.2

[root@localhost nginx-1.6.2]# ./configure --prefix=/usr/local/nginx --with-pcre

[root@localhost ~]# make && make install

启动

[root@localhost nginx-1.6.2]# /usr/local/nginx/sbin/nginx

重启

[root@localhost nginx-1.6.2]# /usr/local/nginx/sbin/nginx -s reload

网站根目录

[root@localhost nginx-1.6.2]# ll /usr/local/nginx/html/

创建启动脚本

[root@localhost nginx-1.6.2]# vi /etc/init.d/nginx

#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings

NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"

start() {
        echo -n $"Starting $prog: "
        mkdir -p /dev/shm/nginx_temp
        daemon $NGINX_SBIN -c $NGINX_CONF
        RETVAL=$?
        echo
        return $RETVAL
}

stop() {
        echo -n $"Stopping $prog: "
        killproc -p $NGINX_PID $NGINX_SBIN -TERM
        rm -rf /dev/shm/nginx_temp
        RETVAL=$?
        echo
        return $RETVAL
}

reload(){
        echo -n $"Reloading $prog: "
        killproc -p $NGINX_PID $NGINX_SBIN -HUP
        RETVAL=$?
        echo
        return $RETVAL
}

restart(){
        stop
        start
}

configtest(){
    $NGINX_SBIN -c $NGINX_CONF -t
    return 0
}

case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  reload)
        reload
        ;;
  restart)
        restart
        ;;
  configtest)
        configtest
        ;;
  *)
        echo $"Usage: $0 {start|stop|reload|restart|configtest}"
        RETVAL=1
esac

exit $RETVAL

[root@localhost ~]# chmod 755 /etc/init.d/nginx

[root@localhost ~]# chkconfig --add nginx

[root@localhost ~]# chkconfig nginx on

[root@localhost ~]# /etc/init.d/nginx start|stop|reload|restart|configtest  启动|停止|重新加载|重新启动|测试语法

nginx配置文件

[root@localhost ~]# > /usr/local/nginx/conf/nginx.conf

[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf

user nobody nobody;

worker_processes 2;

error_log /usr/local/nginx/logs/nginx_error.log crit;

pid /usr/local/nginx/logs/nginx.pid;

worker_rlimit_nofile 51200;

events

{

    use epoll;

    worker_connections 6000;

}

http

{

    include mime.types;

    default_type application/octet-stream;

    server_names_hash_bucket_size 3526;

    server_names_hash_max_size 4096;

    log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'

    '$host "$request_uri" $status'

    '"$http_referer" "$http_user_agent"';

    sendfile on;

    tcp_nopush on;

    keepalive_timeout 30;

    client_header_timeout 3m;

    client_body_timeout 3m;

    send_timeout 3m;

    connection_pool_size 256;

    client_header_buffer_size 1k;

    large_client_header_buffers 8 4k;

    request_pool_size 4k;

    output_buffers 4 32k;

    postpone_output 1460;

    client_max_body_size 10m;

    client_body_buffer_size 256k;

    client_body_temp_path /usr/local/nginx/client_body_temp;

    proxy_temp_path /usr/local/nginx/proxy_temp;

    fastcgi_temp_path /usr/local/nginx/fastcgi_temp;

    fastcgi_intercept_errors on;

    tcp_nodelay on;

    gzip on;

    gzip_min_length 1k;

    gzip_buffers 4 8k;

    gzip_comp_level 5;

    gzip_http_version 1.1;

    gzip_types text/plain application/x-javascript text/css text/htm application/xml;

    include vhosts/*.conf;

}

nginx默认虚拟主机

[root@localhost ~]# mkdir /usr/local/nginx/conf/vhosts

[root@localhost ~]# mkdir /tmp/1233

[root@localhost ~]# vi /usr/local/nginx/conf/vhosts/default.conf

server

{

    listen 80 default_server;

    server_name localhost;

    index index.html index.htm index.php;

    root /tmp/1233;

    deny all;

}

nginx虚拟主机精简配置，location 模块内为解析php 功能

[root@localhost ~]# vi /usr/local/nginx/conf/vhosts/myweb.conf

server

{

    # 监听端口

    listen 80;

    # 域名

    server_name www.myweb.com;

    # 默认索引页

    index index.html index.htm index.php;

    # 默认网站根目录

    root /usr/local/nginx/html;

    # 日志

    access_log /tmp/access.log combined_realip;

    # location 模块行配置nginx 解析php

    # 当访问的url里匹配到以.php 结尾时，执行location模块内代码

    location ~ \.php$

    {

        include fastcgi_params;

        fastcgi_pass unix:/tmp/www1.sock;

        fastcgi_index index.php;

        fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;

    }

}

测试php文件

[root@localhost ~]# cat /usr/local/nginx/html/1.php

<?php

echo "php ok";

?>

查看nginx错误日志路径

[root@localhost ~]# cat /usr/local/nginx/conf/nginx.conf | grep error_log

error_log /usr/local/nginx/logs/nginx_error.log crit;

nginx日志格式，配置文件内的内容指定内容

[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf

    log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'

    '$host "$request_uri" $status'

    '"$http_referer" "$http_user_agent"';

combined_realip  格式名称

$remote_addr  源IP

$http_x_forwarded_for  代理IP

$time_local  时间

$host  主机名

$request_uri  访问的路径

$status  状态

$http_referer  referrer

$http_user_agent  user_agent

nginx用户认证

[root@localhost ~]# vi /usr/local/nginx/conf/vhosts/myweb.conf

server

{

    # 监听端口

    listen 80;

    # 域名

    server_name www.myweb.com;

    # 默认索引页

    index index.html index.htm index.php;

    # 默认网站根目录

    root /usr/local/nginx/html;

    # 日志

    access_log /tmp/access.log combined_realip;

    # location 模块行配置nginx 解析php

    # 当访问的url里匹配到以.php 结尾时，执行location模块内代码

    location ~ \.php$

    {

        include fastcgi_params;

        fastcgi_pass unix:/tmp/www1.sock;

        fastcgi_index index.php;

        fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;

    }

    # 用户认证模块

    location ~\.txt$

    {

        auth_basic "web auth";

        auth_basic_user_file /usr/local/nginx/conf/.htpasswd;

    }

}

创建认证用户，htpasswd工具需要安装apache，第一次创建用户需要-c参数，以后都不再需要

[root@localhost ~]# /usr/local/apache2/bin/htpasswd -c /usr/local/nginx/conf/.htpasswd user1

nginx域名重定向

[root@localhost ~]# vi /usr/local/nginx/conf/vhosts/myweb.conf

server

{

    # 监听端口

    listen 80;

    # 域名

    # 域名重定向开始，表示访问不是www.myweb.com的域名，自动跳转到www.myweb.com

    server_name www.myweb.com www.test1.com www.test2.com www.test3.com;

    if ($host != 'www.myweb.com')

    {

        rewrite ^/(,*)$ http://www.myweb.com/$1 permanent;

    }

    # 域名重定向结束

    # 默认索引页

    index index.html index.htm index.php;

    # 默认网站根目录

    root /usr/local/nginx/html;

    # 日志

    access_log /tmp/access.log combined_realip;

    # location 模块行配置nginx 解析php

    # 当访问的url里匹配到以.php 结尾时，执行location模块内代码

    location ~ \.php$

    {

        include fastcgi_params;

        fastcgi_pass unix:/tmp/www1.sock;

        fastcgi_index index.php;

        fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;

    }

}

不记录指定类型日志

[root@localhost ~]# vi /usr/local/nginx/conf/vhosts/myweb.conf

server

{

    # 监听端口

    listen 80;

    # 域名

    server_name www.myweb.com;

    # 默认索引页

    index index.html index.htm index.php;

    # 默认网站根目录

    root /usr/local/nginx/html;

    # 日志

    access_log /tmp/access.log combined_realip;

    # location 模块行配置nginx 解析php

    # 当访问的url里匹配到以.php 结尾时，执行location模块内代码

    location ~ \.php$

    {

        include fastcgi_params;

        fastcgi_pass unix:/tmp/www1.sock;

        fastcgi_index index.php;

        fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;

    }

    # 不记录指定类型日志模块

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|txt)$

    {

        access_log off;

    }

}

nginx日志切割脚本，把该脚本加入计划任务即可

[root@localhost ~]# vi nginx_mix_log.sh

#!/bin/bash

d=`date -d "-1 day" +%F`

[ -d /tmp/nginx_log ] || mkdir /tmp/nginx_log

mv /tmp/access.log /tmp/nginx_log/$d.log

/etc/init.d/nginx reload 2> /dev/null

cd /tmp/nginx_log/

gzip -f $d.log

nginx静态文件缓存

[root@localhost ~]#

server

{

    # 监听端口

    listen 80;

    # 域名

    server_name www.myweb.com;

    # 默认索引页

    index index.html index.htm index.php;

    # 默认网站根目录

    root /usr/local/nginx/html;

    # 日志

    access_log /tmp/access.log combined_realip;

    # location 模块行配置nginx 解析php

    # 当访问的url里匹配到以.php 结尾时，执行location模块内代码

    location ~ \.php$

    {

        include fastcgi_params;

        fastcgi_pass unix:/tmp/www1.sock;

        fastcgi_index index.php;

        fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;

    }

    # 静态缓存模块

    location ~ .*\.(js|css|txt)

    {

    access_log off;

    expires 2h;

    }

}

测试，查看结果中的Cache-Control 项，7200秒为2小时，配置文件中配置缓存时间为2h 即2小时

[root@localhost ~]# curl -x127.0.0.1:80 'http://www.myweb.com/11.txt' -I

HTTP/1.1 200 OK

Server: nginx/1.6.2

Date: Tue, 29 Dec 2015 15:59:18 GMT

Content-Type: text/plain

Content-Length: 7

Last-Modified: Tue, 29 Dec 2015 14:04:51 GMT

Connection: keep-alive

ETag: "56829303-7"

Expires: Tue, 29 Dec 2015 17:59:18 GMT

Cache-Control: max-age=7200

Accept-Ranges: bytes

nginx防盗链

[root@localhost ~]# vi /usr/local/nginx/conf/vhosts/myweb.conf

server

{

    # 监听端口

    listen 80;

    # 域名

    server_name www.myweb.com;

    # 默认索引页

    index index.html index.htm index.php;

    # 默认网站根目录

    root /usr/local/nginx/html;

    # 日志

    access_log /tmp/access.log combined_realip;

    # location 模块行配置nginx 解析php

    # 当访问的url里匹配到以.php 结尾时，执行location模块内代码

    location ~ \.php$ {

        include fastcgi_params;

        fastcgi_pass unix:/tmp/www1.sock;

        fastcgi_index index.php;

        fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;    }

    # 防盗链模块，test.com 域名允许调用，即白名单

    location ~ .*\.(jpg|gif|jpeg|png|bmp|swf|txt)$

    {

        valid_referers none blocked *.test.com;

        if ($invalid_referer)

        {

            return 403;

        }

    }

}

测试，伪造访问源，访问结果为403，表示拒绝访问

[root@localhost ~]# curl -e "http://www.baidu.com/111" -I -x127.0.0.1:80 "http://www.myweb.com/1122.jpg"

HTTP/1.1 403 Forbidden

Server: nginx/1.6.2

Date: Tue, 29 Dec 2015 16:18:29 GMT

Content-Type: text/html

Content-Length: 168

Connection: keep-alive

测试，伪造访问源为白名单中的test.com ，访问结果为200，表示访问正常

[root@localhost ~]# curl -e "http://www.test.com/111" -I -x127.0.0.1:80 "http://www.myweb.com/1122.jpg"

HTTP/1.1 200 OK

Server: nginx/1.6.2

Date: Tue, 29 Dec 2015 16:20:53 GMT

Content-Type: p_w_picpath/jpeg

Content-Length: 2116

Last-Modified: Mon, 14 Dec 2015 09:08:58 GMT

Connection: keep-alive

ETag: "566e872a-844"

Accept-Ranges: bytes

访问控制，只允许192.168.10.0/24 网段访问1122.jpg

[root@localhost ~]# vi /usr/local/nginx/conf/vhosts/myweb.conf

server

{

    # 监听端口

    listen 80;

    # 域名

    server_name www.myweb.com;

    # 默认索引页

    index index.html index.htm index.php;

    # 默认网站根目录

    root /usr/local/nginx/html;

    # 日志

    access_log /tmp/access.log combined_realip;

    # location 模块行配置nginx 解析php

    # 当访问的url里匹配到以.php 结尾时，执行location模块内代码

    location ~ \.php$ {

        include fastcgi_params;

        fastcgi_pass unix:/tmp/www1.sock;

        fastcgi_index index.php;

        fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;

    }

    # 访问控制模块

    location ~ .*1122\.jpg$ {

        allow 192.168.10.0/24;

        deny all;

    }

}

测试，伪造访问源192.168.10.29 访问正常

[root@localhost ~]# curl -x192.168.10.29:80 "http://www.myweb.com/1122.jpg" -I

HTTP/1.1 200 OK

Server: nginx/1.6.2

Date: Tue, 29 Dec 2015 16:28:28 GMT

Content-Type: p_w_picpath/jpeg

Content-Length: 2116

Last-Modified: Mon, 14 Dec 2015 09:08:58 GMT

Connection: keep-alive

ETag: "566e872a-844"

Accept-Ranges: bytes

测试，伪造访问源127.0.0.1 访问拒绝

[root@localhost ~]# curl -x127.0.0.1:80 "http://www.myweb.com/1122.jpg" -I

HTTP/1.1 403 Forbidden

Server: nginx/1.6.2

Date: Tue, 29 Dec 2015 16:28:29 GMT

Content-Type: text/html

Content-Length: 168

Connection: keep-alive

禁止指定user_agent

[root@localhost ~]# cat /usr/local/nginx/conf/vhosts/myweb.conf

server

{

    # 监听端口

    listen 80;

    # 域名

    server_name www.myweb.com;

    # 默认索引页

    index index.html index.htm index.php;

    # 默认网站根目录

    root /usr/local/nginx/html;

    # 日志

    access_log /tmp/access.log combined_realip;

    # location 模块行配置nginx 解析php

    # 当访问的url里匹配到以.php 结尾时，执行location模块内代码

    location ~ \.php$ {

        include fastcgi_params;

        fastcgi_pass unix:/tmp/www1.sock;

        fastcgi_index index.php;

        fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;

    }

    if ($http_user_agent ~ 'curl|baidu')

    {

        return 403;

    }

}

测试，伪造源访问user_agent为curl，访问拒绝

[root@localhost ~]# curl -A "curl" -x127.0.0.1:80 "http://www.myweb.com" -I

HTTP/1.1 403 Forbidden

Server: nginx/1.6.2

Date: Tue, 29 Dec 2015 16:32:39 GMT

Content-Type: text/html

Content-Length: 168

Connection: keep-alive

测试，伪造源访问user_agent为web，访问正常

[root@localhost ~]# curl -A "web" -x127.0.0.1:80 "http://www.myweb.com" -I

HTTP/1.1 200 OK

Server: nginx/1.6.2

Date: Tue, 29 Dec 2015 16:32:59 GMT

Content-Type: text/html

Content-Length: 612

Last-Modified: Tue, 29 Dec 2015 11:11:03 GMT

Connection: keep-alive

ETag: "56826a47-264"

Accept-Ranges: bytes