connect系 安装docker,dnf不支持connect7,直接用yum命令
yum install -y yum-utilsyum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo- 安装 Docker Engine-Community
yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin- ————————————Debian Docker 安装————————————————————————–
apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg2 \
software-properties-common- 安装最新版本的 Docker Engine-Community 和 containerd
apt-get install docker-ce docker-ce-cli containerd.io————————————Ubuntu Docker 安装————————————————————————–
apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common安装 Docker Engine-Community
apt-get install docker-ce docker-ce-cli containerd.io启动 Docker。
systemctl start docker开机自动启动:
systemctl enable dockerpull 载入 almalinux:9.3 镜像
docker pull almalinux:9.3列出本地主机上的镜像
docker images运行容器,-p 是容器端口映射到本地,–restart=always 开机自启,-v 容器路径下的内容映射到本地路径下,直接在本地/etc/nginx/修改。
docker run --privileged -itd -p 80:80 -p 443:443 --restart=always -v /etc/nginx/ssl:/etc/nginx/ssl -v /etc/nginx/html:/etc/nginx/html -v /etc/nginx/logs:/etc/nginx/logs -v /etc/nginx/conf/conf.d:/etc/nginx/conf/conf.d --restart=always --name almalinux eecc3c913b1e /usr/sbin/init- 安装bbr
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf && echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf && sysctl -p && lsmod | grep bbr查看运行的容器
docker ps停止一个容器
docker stop 容器ID启动一个已停止的容器:
docker start 容器ID进入容器
docker exec -it almalinux /bin/bashdocker修改时间不准
rpm -ivh https://rpmfind.net/linux/almalinux/9.6/BaseOS/x86_64/os/Packages/tzdata-2025b-1.el9.noarch.rpmecho "Asia/Shanghai" > /etc/timezoneln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime退出 docker下镜像还保持镜像运行
键盘:
Ctrl+P+Q进入容器后,进入容器后,进入容器后,手动部署LNMP环境
dnf update && dnf install gcc gcc-c++ zlib zlib-devel pcre pcre-devel openssl openssl-devel libxslt libxslt-devel gd gd-devel make perl perl-devel tar vim nano wgetrpm -ivh https://rpmfind.net/linux/opensuse/distribution/leap/16.0/repo/oss/x86_64/geoipupdate-7.0.1-160000.2.1.x86_64.rpmrpm -ivh https://www.rpmfind.net/linux/opensuse/distribution/leap/15.6/repo/oss/noarch/GeoIP-data-1.6.12-6.3.1.noarch.rpmrpm -ivh https://rpmfind.net/linux/remi/enterprise/9/remi/x86_64/GeoIP-1.6.12-9.el9.remi.x86_64.rpmrpm -ivh https://rpmfind.net/linux/remi/enterprise/9/remi/x86_64/GeoIP-devel-1.6.12-9.el9.remi.x86_64.rpm下载/安装 openssl-3.5.2
wget -nc --no-check-certificate https://github.com/openssl/openssl/releases/download/openssl-3.5.2/openssl-3.5.2.tar.gz && tar -zxvf openssl-3.5.2.tar.gz下载 nginx-1.28.0:
wget -nc --no-check-certificate https://nginx.org/download/nginx-1.28.0.tar.gz && tar -zxvf nginx-1.28.0.tar.gz删除 nginx-1.28.0.tar.gz:
rm -rf nginx-1.28.0.tar.gz && rm -rf openssl-3.5.2.tar.gz && cd nginx-1.28.0添加编译插件:
./configure --prefix=/etc/nginx \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_v3_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-cc-opt='-O3' \
--with-cpu-opt=CPU \
--with-pcre \
--with-stream \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-stream_geoip_module=dynamic \
--with-stream_ssl_preread_module \
--with-compat \
--with-pcre-jit \
--with-openssl-opt=enable-tls1_3 \
--with-openssl=../openssl-3.5.2编译/安装 nginx-1.28.0:
make && make install配置nginx-1.28.0服务:
cat >/etc/systemd/system/nginx.service <<EOF
[Unit]
Description=A high performance web server and a reverse proxy server
Documentation=man:nginx(8)
After=network.target nss-lookup.target
[Service]
Type=forking
PIDFile=/etc/nginx/logs/nginx.pid
ExecStartPre=/etc/nginx/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/etc/nginx/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/etc/nginx/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /etc/nginx/logs/nginx.pid
TimeoutStopSec=5
KillMode=mixed
[Install]
WantedBy=multi-user.target
EOF添加配置文件:
mkdir -p /etc/nginx/ssl /etc/systemd/system/nginx.service.d && printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" > /etc/systemd/system/nginx.service.d/override.conf返回列表删除文件夹
cd .. && rm -rf nginx-1.28.0 openssl-3.5.2安装wordpress
cd /etc/nginx/html && wget https://cn.wordpress.org/latest-zh_CN.zip && unzip latest-zh_CN.zip && mv wordpress/* /etc/nginx/html && rm -rf latest-zh_CN.zip wordpress && cd安装nginx配置文件
vim /etc/nginx/conf/nginx.conf在第一行添加
load_module /etc/nginx/modules/ngx_stream_module.so;
user root;http {
添加
include conf.d/default.conf;include mime.types;
nano /etc/nginx/conf/conf.d/default.conf# generated 2025-09-04, Mozilla Guideline v5.6, nginx 1.28.0, OpenSSL 3.5.2, intermediate config
# https://ssl-config.mozilla.org/#server=nginx&version=1.28.0&config=intermediate&openssl=3.5.2&guideline=5.6
# include conf.d/stream.conf;
# include conf.d/default.conf;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# access_log logs/access.log combined buffer=512k flush=1m;
access_log off;
error_log logs/error.log;
tcp_nopush on;
client_max_body_size 10240M;
# 防止网站被嵌入恶意网页中,避免点击劫持
add_header X-Frame-Options "SAMEORIGIN";
# 启用浏览器XSS防护功能,并在检测到攻击时,停止渲染页面
add_header X-XSS-Protection "1; mode=block";
# 禁止浏览器猜测(嗅探)资源的MIME类型,防止资源类型混淆攻击
add_header X-Content-Type-Options "nosniff";
# 控制引用地址信息的传递,增强隐私保护
add_header Referrer-Policy "strict-origin-origin-when-cross-origin";
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location / {
if ($host ~* "\d+\.\d+\.\d+\.\d+") {
return 500;
}
if ($host != "www.xxxxx.com"){
return 500;
}
root html;
index index.php index.html index.htm;
}
}
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve X25519:prime256v1:secp384r1;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# see also ssl_session_ticket_key alternative to stateful session cache
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/nginx/ssl/dhparam
ssl_dhparam "/etc/nginx/ssl/dhparam";
# HSTS
server {
listen 80 default_server;
listen [::]:80 default_server;
location / {
if ($host ~* "\d+\.\d+\.\d+\.\d+") {
return 500;
}
if ($host != "www.xxxxx.com"){
return 500;
}
return 301 https://$host$request_uri;
}
}安装 php:
运行以下命令以安装EPEL存储库
dnf install -y https://mirrors.aliyun.com/remi/enterprise/remi-release-9.rpm
安装yum utils并使用以下命令启用remi-repository
dnf install -y https://rpms.remirepo.net/enterprise/remi-release-9.rpm安装dnf-utils和Remi-packages之后,通过运行命令搜索可下载的PHP模块。
dnf module list php启用PHP 8.3模块。
dnf module enable php:remi-8.3安装PHP 及扩展
dnf install php php-fpm php-bcmath php-cli php-common php-gd php-imap php-mbstring php-mcrypt php-mysql php-mysqlnd php-pdo php-soap php-tidy php-xml php-xmlrpc php-opcache php-redis php-pecl-mcrypt -y安装完成后检查版本
php --version安装 MariaDB
默认情况下,Rocky9 基础存储库中提供了 MariaDB。现在我们运行以下命令将 MariaDB 安装到您的系统
dnf install mariadb-server安装完成后检查版本:
mariadb --version修改/etc/php-fpm.d/www.conf
vim /etc/php-fpm.d/www.conf- user = apache
- group = apache
- 改为
- user = nginx
- group = nginx
赋予html文件夹权限
chown -R nginx:nginx /etc/nginx/html安装完成后,现在启用 PHP MariaDB(系统启动时自动启动),启动 MariaDB,并使用以下命令验证状态:
开启php:
systemctl start php-fpm开启状态:
systemctl status php-fpm开机自动启动:
systemctl enable php-fpm重新启动:
systemctl restart php-fpm开启mariadb:
systemctl start mariadb开启状态:
systemctl status mariadb开机自动启动:
systemctl enable mariadb重新启动:
systemctl restart mariadbmysql或MariaDB安全加固:
会设置密码,界面1直接回车,剩的都选Y:
mysql_secure_installationroot登录:
mysql -u root -p创建数据库非root用户名密码:
create database wordpress; create user name@localhost identified by 'password';授予权限:
grant all privileges on wordpress.* to name@localhost; flush privileges;- 修改登录密码无效
ALTER USER root@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD("password");- 查看当前的数据库:
show databases;退出:
exit加载单元:
systemctl daemon-reload开启nginx:
systemctl start nginx开启状态:
systemctl status nginx开机自动启动:
systemctl enable nginx重新启动:
systemctl restart nginx停止nginx:
service nginx stop