CentosStream9系手动部署LNMP环境

上张贴Hi:您好一条评论

安装依赖:

dnf update && dnf install gcc gcc-c++ zstd zlib zlib-devel pcre pcre-devel openssl openssl-devel libxslt libxslt-devel gd gd-devel make perl perl-devel tar vim nano wget
rpm -ivh https://rpmfind.net/linux/opensuse/distribution/leap/16.0/repo/oss/x86_64/geoipupdate-7.0.1-160000.2.1.x86_64.rpm
rpm -ivh https://www.rpmfind.net/linux/opensuse/distribution/leap/15.6/repo/oss/noarch/GeoIP-data-1.6.12-6.3.1.noarch.rpm
rpm -ivh https://rpmfind.net/linux/remi/enterprise/9/remi/x86_64/GeoIP-1.6.12-9.el9.remi.x86_64.rpm
rpm -ivh https://rpmfind.net/linux/remi/enterprise/9/remi/x86_64/GeoIP-devel-1.6.12-9.el9.remi.x86_64.rpm

校准时间:

ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && date -R

下载/安装/解压 openssl-3.5.2

wget -nc --no-check-certificate https://github.com/openssl/openssl/releases/download/openssl-3.5.2/openssl-3.5.2.tar.gz && tar -zxvf openssl-3.5.2.tar.gz

下载/解压 nginx-1.28.0:

wget -nc --no-check-certificate https://nginx.org/download/nginx-1.28.0.tar.gz && tar -zxvf nginx-1.28.0.tar.gz

删除 nginx-1.28.0.tar.gz:

rm -rf nginx-1.28.0.tar.gz && rm -rf openssl-3.5.2.tar.gz && cd nginx-1.28.0

添加编译插件:

./configure --prefix=/etc/nginx \
    --with-threads \
    --with-file-aio \
    --with-http_ssl_module \
    --with-http_v2_module \
    --with-http_v3_module \
    --with-http_realip_module \
    --with-http_addition_module \
    --with-http_xslt_module=dynamic \
    --with-http_image_filter_module=dynamic \
    --with-http_geoip_module=dynamic \
    --with-http_sub_module \
    --with-http_dav_module \
    --with-http_flv_module \
    --with-http_mp4_module \
    --with-http_gunzip_module \
    --with-http_gzip_static_module \
    --with-http_auth_request_module \
    --with-http_random_index_module \
    --with-http_secure_link_module \
    --with-http_degradation_module \
    --with-http_slice_module \
    --with-http_stub_status_module \
    --with-cc-opt='-O3' \
    --with-cpu-opt=CPU \
    --with-pcre \
    --with-stream \
    --with-stream=dynamic \
    --with-stream_ssl_module \
    --with-stream_realip_module \
    --with-stream_geoip_module \
    --with-stream_geoip_module=dynamic \
    --with-stream_ssl_preread_module \
    --with-compat \
    --with-pcre-jit \
    --with-openssl-opt=enable-tls1_3 \
    --with-openssl=../openssl-3.5.2

编译/安装 nginx-1.28.0:

make && make install

配置nginx-1.28.0服务:

cat >/etc/systemd/system/nginx.service <<EOF
[Unit]
Description=A high performance web server and a reverse proxy server
Documentation=man:nginx(8)
After=network.target nss-lookup.target

[Service]
Type=forking
PIDFile=/etc/nginx/logs/nginx.pid
ExecStartPre=/etc/nginx/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/etc/nginx/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/etc/nginx/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /etc/nginx/logs/nginx.pid
TimeoutStopSec=5
KillMode=mixed

[Install]
WantedBy=multi-user.target
EOF

添加配置文件:

mkdir -p /etc/nginx/ssl /etc/systemd/system/nginx.service.d && printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" > /etc/systemd/system/nginx.service.d/override.conf

返回列表删除文件夹

cd && rm -rf nginx-1.28.0 openssl-3.5.2

安装wordpress

cd /etc/nginx/html && wget https://cn.wordpress.org/latest-zh_CN.zip && unzip latest-zh_CN.zip && mv wordpress/* /etc/nginx/html && rm -rf latest-zh_CN.zip wordpress && cd

安装nginx配置文件

vim /etc/nginx/conf/nginx.conf

在第一行添加

load_module /etc/nginx/modules/ngx_stream_module.so;
user  root;

http {

添加

include conf.d/default.conf;

添加dhparam

curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/nginx/ssl/dhparam

安装 php:

搜索可下载的PHP模块。

dnf module list php

启用PHP 8.3模块。

dnf module enable php:8.3

安装PHP 及扩展

dnf install php php-fpm php-bcmath php-cli php-common php-gd php-mbstring php-mysqlnd php-pdo php-soap php-xml php-opcache -y

安装完成后检查版本

php --version

安装 MariaDB

默认情况下,Rocky9 基础存储库中提供了 MariaDB。现在我们运行以下命令将 MariaDB 安装到您的系统

dnf install mariadb-server

安装完成后检查版本:

mariadb --version

修改/etc/php-fpm.d/www.conf

vim /etc/php-fpm.d/www.conf
  • user = apache
  • group = apache
  • 改为
  • user = nginx
  • group = nginx

赋予html文件夹权限

chown -R nginx:nginx /etc/nginx/html

安装完成后,现在启用 PHP MariaDB(系统启动时自动启动),启动 MariaDB,并使用以下命令验证状态:

开启php:

systemctl start php-fpm

开启状态:

systemctl status php-fpm

开机自动启动:

systemctl enable php-fpm

重新启动:

systemctl restart php-fpm

开启mariadb:

systemctl start mariadb

开启状态:

systemctl status mariadb

开机自动启动:

systemctl enable mariadb

重新启动:

systemctl restart mariadb

mysql或MariaDB安全加固:
会设置密码,界面1直接回车,剩的都选Y:

mysql_secure_installation

root登录:

mysql -u root -p

查看当前的数据库:

show databases;

创建数据库非root用户名密码:

create database wordpress; create user name@localhost identified by 'password';

授予权限:

grant all privileges on wordpress.* to name@localhost; flush privileges;
  • 修改登录密码无效
ALTER USER root@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD("password");

退出:

exit

开启BBR:

echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf && echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf && sysctl -p && lsmod | grep bbr

加载单元:

systemctl daemon-reload

开启nginx:

systemctl start nginx

开启状态:

systemctl status nginx

开机自动启动:

systemctl enable nginx

重新启动:

systemctl restart nginx

停止nginx:

service nginx stop

CentosStream9系手动部署LNMP环境》有1个想法

  1. dnf –setopt install_weak_deps=TRUE –skip-broken install \
    bash-completion bzip2 file git-core make ncurses-devel patch \
    rsync tar unzip wget which diffutils python3 perl perl-base \
    perl-devel perl-Data-Dumper perl-File-Compare perl-File-Copy perl-FindBin \
    perl-IPC-Cmd perl-JSON-PP perl-lib perl-Thread-Queue perl-Time-Piece \
    gcc gcc-c++ zlib zlib-devel pcre pcre-devel \
    openssl openssl-devel libxslt libxslt-devel gd gd-devel vim nano

    回复

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注