{"id":727,"date":"2022-12-04T09:21:48","date_gmt":"2022-12-04T01:21:48","guid":{"rendered":"http:\/\/pony.xin\/?p=727"},"modified":"2023-04-12T08:25:05","modified_gmt":"2023-04-12T00:25:05","slug":"lnmp%e7%8e%af%e5%a2%83%e6%90%ad%e5%bb%ba%ef%bc%9acentos8-0-64bit-nginx1-23-2-mysql8-0-26-php8-0-26","status":"publish","type":"post","link":"https:\/\/lnmp.ivan.xin\/?p=727","title":{"rendered":"LNMP\u73af\u5883\u642d\u5efa\uff1acentos8.0 64bit + nginx1.23.2 + mysql8.0.26 + php8.0.26"},"content":{"rendered":"

\u786c\u4ef6\u914d\u7f6e<\/strong>
\n\u786c\u76d8\uff1a1\u4e2a\uff0c20GB
\n\u7f51\u5361\uff1a1 \u4e2a\uff0c1Gbps
\nCPU\uff1a1\u4e2a
\n\u5185\u5b581GB<\/p>\n

\u8f6f\u4ef6\u7248\u672c<\/strong>
\ncentos 8.0 64bit
\nmysql 8.0.26
\nnginx 1.23.2 \u5b89\u88c5ngx_log_if, ngx_http_substitutions_filter_module, http_ssl_module\u7b49\u6a21\u5757
\nphp 8.0.26 \u5b89\u88c5php-fpm zend mcrypt openssl opcache gd\u7b49\u6a21\u5757<\/p>\n

\u7528\u6237\u73af\u5883\u914d\u7f6e<\/strong>
\nSSH\u767b\u9646\u7cfb\u7edf\uff0c\u4fee\u6539centos 8\u7684\u5b89\u88c5\u6e90\uff0c\u4f7fyum\u53ef\u4ee5\u6b63\u5e38\u4f7f\u7528
\n# sudo sed -i -e \"s|mirrorlist=|#mirrorlist=|g\" \/etc\/yum.repos.d\/CentOS-*
\n# sudo sed -i -e \"s|#baseurl=http:\/\/mirror.centos.org|baseurl=http:\/\/vault.centos.org|g\" \/etc\/yum.repos.d\/CentOS-*<\/p>\n

\u4fee\u6539\u65f6\u533a\uff0c\u66f4\u65b0\u65f6\u95f4<\/strong>
\n# vi \/etc\/sysconfig\/clock \/\/\u66f4\u6539\u65f6\u533a
\nZONE=Asia\/Shanghai
\nUTC=false
\nARC=false<\/p>\n

# rm \/etc\/localtime
\n# ln -sf \/usr\/share\/zoneinfo\/Asia\/Shanghai \/etc\/localtime
\n# hwclock --set --date=\"11\/17\/12 09:10:30\" \/\/\u66f4\u65b0\u65f6\u95f4
\n# hwclock --hctosys\/\/\u628a\u786c\u4ef6\u65f6\u949f\u540c\u6b65\u5230\u7cfb\u7edf\u65f6\u949f<\/p>\n

\u5b89\u88c5NTP\u670d\u52a1<\/strong>
\n# yum -y install chrony
\n# systemctl start chronyd.service
\n# systemctl status chronyd.service
\n# date
\n# hwclock --hctosys\/\/\u5982\u679c\u65f6\u95f4\u4e0d\u5bf9\uff0c\u518d\u540c\u6b65\u4e00\u904d<\/p>\n

\u542f\u7528\u7cfb\u7edf\u65e5\u5fd7<\/strong>
\n# yum install rsyslog -y
\n# systemctl start rsyslog.service
\n# systemctl enable rsyslog.service<\/p>\n

# vi \/etc\/selinux\/config \u4fee\u6539 SELINUX=enforcing
\n# vi \/etc\/locale.conf #\u4fee\u6539\u4e3a\u4ee5\u4e0b\u5185\u5bb9\uff0c\u9632\u6b62vi\u4e2d\u6587\u4e71\u7801
\nLANG=en_US.UTF-8<\/p>\n

\u6dfb\u52a0\u7528\u6237\u548c\u7ec4<\/strong>
\n# \/usr\/sbin\/groupadd www
\n# \/usr\/sbin\/useradd -g www www
\n# passwd www #\u4fee\u6539\u5bc6\u7801\u4e3a\u5ba2\u6237VPS\u7684\u5bc6\u7801
\n# echo \"AllowUsers www\" >> \/etc\/ssh\/sshd_config
\n# systemctl restart sshd.service
\n# \/usr\/sbin\/groupadd mysql
\n# \/usr\/sbin\/useradd -g mysql mysql
\n# mkdir -p \/data\/htdocs
\n# chcon -R -t usr_t \/data\/htdocs
\n# chcon -t usr_t \/etc\/hosts
\n# chcon -t usr_t \/etc\/resolv.conf \/\/\u589e\u52a0\u6587\u4ef6\u7684selinux\u6743\u9650\uff0c\u4ee5\u514d\u7a0b\u5e8f\u4e2d\u51fa\u73b0\u5bf9\u57df\u540d\u7684\u89e3\u6790\u9519\u8bef
\n# chcon -R -t httpd_sys_rw_content_t \/data\/htdocs\/ \/\/php selinux\u5199\u6587\u4ef6\u6743\u9650
\n# chown -R www:www \/data\/htdocs<\/p>\n

# yum -y install wget crontabs
\n# systemctl start crond.service
\n# systemctl enable crond.service<\/p>\n

\u5b89\u88c5mysql<\/strong>
\n# rpm -qa | grep mysql \/\/\u627e\u5230\u7cfb\u7edf\u81ea\u5e26\u7684\u5305\uff0c\u7528rpm -e\u5168\u90e8\u5220\u9664
\n# rpm -e mysql-libs-5.1.73-3.el6_5.x86_64
\n# yum -y install perl libaio
\n# cd ~
\n# rpm -ivh http:\/\/repo.mysql.com\/mysql80-community-release-el8.rpm
\n# yum -y install mysql-server
\n# vi \/etc\/my.cnf.d\/mysql-server.cnf\u6dfb\u52a0\u5982\u4e0b\u5185\u5bb9\uff1a<\/p>\n

[mysqld]
\nlog-bin=mysql-bin
\nbinlog_format=mixed
\nperformance_schema_max_table_instances=4000
\ntable_definition_cache=2048
\ntable_open_cache=1024
\nslow_query_log
\nlong_query_time = 2
\n#slow_query_log_file=\"\/tmp\/mysql_slow.log\"
\n#log_slave_updates
\n#gtid-mode=ON
\n#enforce-gtid-consistency=ON
\nexplicit_defaults_for_timestamp=true<\/p><\/blockquote>\n

# systemctl start mysqld.service
\n# systemctl enable mysqld.service<\/p>\n

\u5b89\u88c5nginx<\/strong>
\n# yum -y install wget zip unzip gcc make pcre-devel openssl-devel git
\n# cd ~
\n# wget -c http:\/\/nginx.org\/download\/nginx-1.23.2.tar.gz
\n# tar -zxf nginx-1.23.2.tar.gz
\n# mkdir -p \/usr\/local\/nginx\/
\n# cd \/usr\/local\/nginx
\n# wget -O ngx_log_if-master.zip https:\/\/github.com\/cfsego\/ngx_log_if\/archive\/master.zip
\n# wget -O ngx_http_substitutions_filter_module-master.zip \\
\nhttps:\/\/github.com\/yaoweibin\/ngx_http_substitutions_filter_module\/archive\/master.zip
\n# unzip ngx_log_if-master.zip
\n# unzip ngx_http_substitutions_filter_module-master.zip
\n# cd ~\/nginx-1.23.2
\n# .\/configure --prefix=\/usr\/local\/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module --with-pcre --with-http_realip_module --add-module=\/usr\/local\/nginx\/ngx_log_if-master --add-module=\/usr\/local\/nginx\/ngx_http_substitutions_filter_module-master
\n# make && make install
\n# vi \/etc\/init.d\/nginx \/\/\u521b\u5efaservice\u670d\u52a1\u811a\u672c\uff0c\u53ef\u4ee5\u53bb\u7f51\u4e0a\u641c\u7d22\u5185\u5bb9\uff0c\u6bd4\u5982http:\/\/blog.csdn.net\/baiquan17\/article\/details\/53304456<\/a><\/p>\n

# cp \/usr\/local\/nginx\/conf\/nginx.conf \/usr\/local\/nginx\/conf\/nginx-conf.bk
\n# >\/usr\/local\/nginx\/conf\/nginx.conf
\n# vi \/usr\/local\/nginx\/conf\/nginx.conf \/\/\u7f16\u8f91nginx\u914d\u7f6e\uff0c\u5185\u5bb9\u53ef\u4ee5\u5230\u7f51\u4e0a\u641c\uff0c\u6bd4\u5982http:\/\/www.cnblogs.com\/chenjiahe\/p\/5956002.html<\/a>\uff0c\u6216\u8005\u56de\u590d\u672c\u6587\u7559\u4e0b\u90ae\u7bb1\u7d22\u53d6<\/p>\n

# mkdir -p \/usr\/local\/nginx\/conf\/conf.d\/
\n# chmod +x \/etc\/init.d\/nginx
\n# chkconfig --add nginx
\n# chkconfig --level 2345 nginx on
\n# mkdir \/var\/log\/nginx
\n# touch \/var\/log\/nginx\/error.log
\n# chown -R www:www \/var\/log\/nginx\/
\n# mv \/usr\/local\/nginx\/conf \/etc\/nginx
\n# ln -s \/etc\/nginx \/usr\/local\/nginx\/conf
\n# systemctl restart nginx.service
\n# systemctl enable nginx.service<\/p>\n

\u5b89\u88c5php<\/strong>
\n# cd ~
\n# rpm -ivh https:\/\/dl.fedoraproject.org\/pub\/epel\/epel-release-latest-8.noarch.rpm
\n# rpm -Uvh https:\/\/rpms.remirepo.net\/enterprise\/remi-release-8.rpm --nodeps --force
\n# dnf module enable php:remi-8.0
\n# dnf info php
\n# yum -y install php php-cli php-common php-opcache php-fpm php-gd php-mcrypt php-mysql php-xml php-xmlrpc php-mbstring<\/p>\n

# rpm -qa | grep httpd
\n# yum -y remove httpd
\n# setsebool -P httpd_can_network_connect=1 \/\/selinux\u6587\u4ef6\u6743\u9650
\n# vi \/etc\/php.ini \u4fee\u6539\u65f6\u533a
\ndate.timezone = PRC
\n# vi \/etc\/php-fpm.d\/www.conf \u4fee\u6539\u4ee5\u4e0b\u53c2\u6570\uff1a<\/p>\n

user=www
\ngroup=www
\nlisten= 127.0.0.1:9000
\nrequest_terminate_timeout = 30s
\npm.max_children = 25
\npm.start_servers = 10
\npm.min_spare_servers = 10
\npm.max_spare_servers = 20<\/p><\/blockquote>\n

# vi \/etc\/php.d\/10-opcache.ini \u4fee\u6539\u5982\u4e0b\u53c2\u6570\uff1a<\/p>\n

opcache.enable=1
\nopcache.enable_cli=1
\nopcache.memory_consumption=256
\nopcache.interned_strings_buffer=8
\nopcache.max_accelerated_files=2000
\nopcache.revalidate_freq=2
\nopcache.fast_shutdown=1<\/p><\/blockquote>\n

# mkdir -p \/var\/lib\/php\/session
\n# mkdir -p \/var\/lib\/php\/wsdlcache
\n# chown -R www:www \/var\/lib\/php\/
\n# chown -R www:www \/var\/log\/php-fpm\/
\n# chown www:www \/var\/log\/php_errors.log
\n# chown www:www \/run\/php-fpm\/www.sock
\n# systemctl restart php-fpm.service
\n# systemctl enable php-fpm.service<\/p>\n

\u5b89\u5168\u914d\u7f6e<\/strong>
\n# echo 1 > \/proc\/sys\/net\/ipv4\/icmp_echo_ignore_all
\n# vi \/etc\/ssh\/sshd_config \/\/\u4fee\u6539Port\u4e3a222
\n# semanage port -a -t ssh_port_t -p tcp 222 \/\/selinux
\n# systemctl restart sshd.service<\/p>\n

# systemctl stop firewalld.service
\n# systemctl disable firewalld.service
\n# service iptables stop
\n# iptables -L -n
\n# iptables -F
\n# iptables -X
\n# iptables -L -n
\n# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
\n# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 222 -j ACCEPT
\n# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
\n# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
\n# iptables -A INPUT -s 11.22.33.44 -p tcp --dport 3306 -j ACCEPT
\n# iptables -A INPUT -i lo -j ACCEPT
\n# iptables -A OUTPUT -o lo -j ACCEPT
\n# iptables -P INPUT DROP
\n# iptables -P FORWARD DROP
\n# iptables -A INPUT -p icmp -j ACCEPT
\n# iptables -A INPUT -i lo -p all -j ACCEPT
\n# iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
\n# iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
\n# iptables -L -n<\/p>\n

# yum -y install iptables-services
\n# service iptables save
\n# systemctl restart iptables.service
\n# systemctl enable iptables.service
\n# echo \"\/bin\/systemctl restart mysql.service\" >> \/etc\/rc.local
\n# echo \"\/bin\/systemctl restart php-fpm.service\" >> \/etc\/rc.local
\n# echo \"\/bin\/systemctl restart nginx.service\" >> \/etc\/rc.local
\n# echo \"\/bin\/systemctl restart iptables.service \" >> \/etc\/rc.local
\n# reboot<\/p>\n

\u914d\u7f6e\u6d4b\u8bd5\u7f51\u7ad9<\/strong>
\n# su - www
\n# cd \/data\/htdocs
\n# wget https:\/\/wordpress.org\/latest.zip
\n# unzip latest.zip
\n# cd wordpress
\n# echo \"<?php phpinfo(); ?>\" > php.php
\n# mysql -u root
\n# mysql> create database wordpress;
\n# mysql> exit
\n# su -
\n# vi \/etc\/nginx\/conf.d\/wordpress.conf \u7f16\u8f91\u4e3a\u4ee5\u4e0b\u5185\u5bb9\uff1a<\/p>\n

server {
\nlisten 80 default;
\nroot \/data\/htdocs\/wordpress\/;
\nlocation \/ {
\nindex index.php;
\n}<\/p>\n

 <\/p>\n

location ~ \\.php$ {
\nfastcgi_pass 127.0.0.1:9000; #unix:\/run\/php-fpm\/www.sock;
\nfastcgi_index index.php;
\nfastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
\ninclude fastcgi_params;
\n}
\n}<\/p><\/blockquote>\n

# systemctl restart nginx.service<\/p>\n

\u6253\u5f00php.php\u9875\u9762\u548c\u6d4b\u8bd5WordPress\uff0c\u786e\u8ba4\u7f51\u7ad9\u7684\u6c34\u5370\u548cURL\u8f6c\u53d1\u6ca1\u6709\u95ee\u9898\u540e\uff0c\u5220\u9664\u7f51\u7ad9\uff1a
\n# rm -rf \/data\/htdocs\/wordpress
\n# rm -rf \/etc\/nginx\/conf.d\/wordress.conf
\n# mysql -u root -p
\n# mysql> drop database wordpress;
\n# mysql> exit<\/p>\n

\u7ed3\u675f<\/p>\n","protected":false},"excerpt":{"rendered":"

\u786c\u4ef6\u914d\u7f6e \u786c\u76d8\uff1a1\u4e2a\uff0c20GB \u7f51\u5361\uff1a1 \u4e2a\uff0c1Gbps CPU\uff1a1\u4e2a \u5185\u5b581GB \u8f6f\u4ef6\u7248\u672c centos 8...<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19510,7,15330,15329,15331],"tags":[],"class_list":["post-727","post","type-post","status-publish","format-standard","hentry","category-lnmp","category-linux","category-mysql","category-nginx","category-php"],"_links":{"self":[{"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=\/wp\/v2\/posts\/727","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=727"}],"version-history":[{"count":5,"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=\/wp\/v2\/posts\/727\/revisions"}],"predecessor-version":[{"id":736,"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=\/wp\/v2\/posts\/727\/revisions\/736"}],"wp:attachment":[{"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=727"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=727"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}