1#创建sawap
dd if=/dev/zero of=/var/swap bs=1024 count=512000
(512000个block,1个block为1K,空间是512M)
/sbin/mkswap /var/swap /sbin/swapon /var/swap
(变成swap分区,使用这个swap分区)
/var/swap swap swap defaults 0 0
(修改/etc/fstab文件,使用swap没有自动启动)
2#下载软件包
wget https://www.openssl.org/source/openssl-1.1.0b.tar.gz wget http://nchc.dl.sourceforge.net/project/mcrypt/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz wget http://nginx.org/download/nginx-1.11.5.tar.gz wget http://mirrors.sohu.com/mysql/MySQL-5.6/mysql-5.6.33.tar.gz #进入网站下载最新版本 wget https://cmake.org/files/v2.8/cmake-2.8.12.tar.gz wget http://zlib.net/zlib-1.2.11.tar.gz #到官网下载最新版本 git clone https://github.com/php/php-src.git git clone https://github.com/diafygi/acme-tiny.git
3#安装
安装 locate
yum -y install mlocate updatedb
安装依赖
yum -y install make pcre pcre-devel openssl openssl-devel gcc gcc-c++ gcc-g77 cmake bison ncurses-devel perl-Module-Install.noarch make autoconf automake libxml2-devel curl curl-devel gd gd-devel php-mcrypt libmcrypt libmcrypt-devel libxslt-devel curl-devel php-gd
3.1安装nginx (http2.0)
tar zxf zlib-1.2.8.tar.gz ./configure --prefix=/usr/local/zlib make && make install
/usr/sbin/groupadd -f nginx /usr/sbin/useradd -g nginx nginx ./configure --prefix=/usr/local/nginx --with-openssl=/root/package/openssl-1.1.0b --with-pcre --with-zlib=/root/package/zlib-1.2.8 --with-stream --with-stream_ssl_module --with-http_ssl_module --with-http_v2_module --with-threads --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --sbin-path=/usr/sbin/nginx --user=nginx --conf-path=/usr/local/nginx/conf/nginx.conf --group=nginx make && make install
(with-openssl=/______这个路径指向你的源码安装包路径而不是你安装后的路径!)
去掉版本号:
vi /usr/local/nginx/conf/nginx.conf server_tokens off;
配置开机启动文件
vi /etc/rc.d/init.d/nginx #编辑启动文件添加下面内容
#! /bin/sh # chkconfig: 2345 55 25 # Description: Startup script for nginx webserver on Debian. Place in /etc/init.d and # run 'update-rc.d -f nginx defaults', or use the appropriate command on your # distro. For CentOS/Redhat run: 'chkconfig --add nginx' ### BEGIN INIT INFO # Provides: nginx # Required-Start: $all # Required-Stop: $all # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: starts the nginx web server # Description: starts nginx using start-stop-daemon ### END INIT INFO # Author: licess # website: http://lnmp.org PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin NAME=nginx NGINX_BIN=/usr/sbin/$NAME CONFIGFILE=/usr/local/nginx/conf/$NAME.conf PIDFILE=/var/run/$NAME.pid case "$1" in start) echo -n "Starting $NAME... " if netstat -tnpl | grep -q nginx;then echo "$NAME (pid `pidof $NAME`) already running." exit 1 fi $NGINX_BIN -c $CONFIGFILE if [ "$?" != 0 ] ; then echo " failed" exit 1 else echo " done" fi ;; stop) echo -n "Stoping $NAME... " if ! netstat -tnpl | grep -q nginx; then echo "$NAME is not running." exit 1 fi $NGINX_BIN -s stop if [ "$?" != 0 ] ; then echo " failed. Use force-quit" exit 1 else echo " done" fi ;; status) if netstat -tnpl | grep -q nginx; then PID=`pidof nginx` echo "$NAME (pid $PID) is running..." else echo "$NAME is stopped" exit 0 fi ;; force-quit) echo -n "Terminating $NAME... " if ! netstat -tnpl | grep -q nginx; then echo "$NAME is not running." exit 1 fi kill `pidof $NAME` if [ "$?" != 0 ] ; then echo " failed" exit 1 else echo " done" fi ;; restart) $0 stop sleep 1 $0 start ;; reload) echo -n "Reload service $NAME... " if netstat -tnpl | grep -q nginx; then $NGINX_BIN -s reload echo " done" else echo "$NAME is not running, can't reload." exit 1 fi ;; configtest) echo -n "Test $NAME configure files... " $NGINX_BIN -t ;; *) echo "Usage: $0 {start|stop|force-quit|restart|reload|status|configtest}" exit 1 ;; esac
chmod 775 /etc/rc.d/init.d/nginx #赋予文件执行权限 chkconfig nginx on #设置开机启动 /etc/rc.d/init.d/nginx restart #重启 service nginx restart
3.2安装MYSQL5.6
a)安装cmake
#cd cmake-2.8.12 ./bootstrap && make && make install
b)安装mysql
#cd mysql-5.6.36 groupadd mysql useradd -g mysql mysql -s /bin/false mkdir -p /data/mysql/db mkdir -p /var/run/mysql mkdir -p /usr/local/mysql chown -R mysql:mysql /data/mysql chown -R mysql:mysql /var/run/mysql #cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_UNIX_ADDR=/var/run/mysql/mysql.sock -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_EXTRA_CHARSETS:STRING=utf8,gbk -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_MEMORY_STORAGE_ENGINE=1 -DWITH_READLINE=1 -DENABLED_LOCAL_INFILE=1 -DMYSQL_DATADIR=/data/mysql/db -DMYSQL_USER=mysql -DMYSQL_TCP_PORT=3306 -DSYSCONFDIR=/etc -DINSTALL_SHAREDIR=share #make && make install
#cp ./support-files/my-default.cnf /etc/my.cnf vi /etc/my.cnf #下面增加一行 datadir = /data/mysql/db
#cd /usr/local/mysql ./scripts/mysql_install_db --user=mysql --datadir=/data/mysql/db cp ./support-files/mysql.server /etc/rc.d/init.d/mysql chmod 755 /etc/init.d/mysql chkconfig mysql on
vi /etc/rc.d/init.d/mysql #增加两行 basedir = /usr/local/mysql datadir = /data/mysql/db
vi /etc/profile #把mysql服务加入系统环境变量:在最后添加下面这一行 export PATH=$PATH:/usr/local/mysql/bin
ln -s /usr/local/mysql/bin/mysql /usr/bin/mysql #直接使用mysql命令 ln -s /usr/local/mysql/include/mysql /usr/include/mysql
mysql_secure_installation #设置Mysql密码
或者直接修改密码
/usr/local/mysql/bin/mysqladmin -u root -p password "123456"
3.3安装PHP7
a) 安装libmcrypt
cd lnmp/libmcrypt-2.5.8 ./configure && make && make install
b) 安装php
./buildconf #源码安装需要先执行 ./configure --prefix=/usr/local/php \ --exec-prefix=/usr/local/php \ --bindir=/usr/local/php/bin \ --sbindir=/usr/local/php/sbin \ --includedir=/usr/local/php/include \ --libdir=/usr/local/php/lib/php \ --mandir=/usr/local/php/php/man \ --with-config-file-path=/usr/local/php/etc \ --with-mysql-sock=/var/run/mysql/mysql.sock \ --with-mysqli=/usr/local/mysql/bin/mysql_config \ --with-pdo-mysql=mysqlnd \ --with-mcrypt \ --with-curl \ --with-mhash \ --with-freetype-dir \ --with-gd \ --with-gettext \ --with-iconv-dir \ --with-kerberos \ --with-libdir=lib64 \ --with-libxml-dir \ --with-jpeg-dir \ --with-openssl \ --with-pcre-regex \ --with-pdo-sqlite \ --with-pear \ --with-png-dir \ --with-xmlrpc \ --with-xsl \ --with-zlib \ --enable-fpm \ --enable-bcmath \ --enable-libxml \ --enable-inline-optimization \ --enable-mbregex \ --enable-mbstring \ --enable-opcache \ --enable-pcntl \ --enable-shmop \ --enable-soap \ --enable-sockets \ --enable-sysvsem \ --enable-xml \ --enable-zip \ --enable-session \ --enable-calendar make && make install
配置php:
cp php.ini-development /usr/local/php/etc/php.ini #复制php配置文件到安装目录 rm -rf /etc/php.ini #删除系统自带配置文件 ln -s /usr/local/php/etc/php.ini /etc/php.ini #添加软链接 cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf #拷贝模板文件为php-fpm配置文件 mv /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf vi /usr/local/php/etc/php-fpm.conf #编辑 pid = run/php-fpm.pid #取消前面的分号 vi /usr/local/php/etc/php-fpm.d/www.conf user = nginx group = nginx
设置 php-fpm开机启动
cp sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm #拷贝php-fpm到启动目录 chmod +x /etc/rc.d/init.d/php-fpm #添加执行权限 chkconfig php-fpm on #设置开机启动 vi /usr/local/php/etc/php.ini #编辑配置文件 date.timezone = PRC #设置时区 expose_php = OFF #禁止显示php版本的信息 short_open_tag = ON #支持php短标签
配置直接使用PHP相关命令
ln -s /usr/local/php/bin/php /usr/bin/php ln -s /usr/local/php/bin/phpize /usr/bin/phpize ln -s /usr/local/php/bin/php-config /usr/bin/php-config
3.4升级openssl:
tar zxf openssl-1.1.0b.tar.gz ./config --prefix=/usr/local/openssl make && make install mv /usr/bin/openssl /usr/bin/openssl.bak mv /usr/include/openssl /usr/include/openssl.bak ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl ln -s /usr/local/openssl/include/openssl /usr/include/openssl ln -s /usr/local/openssl/lib/libssl.so /usr/lib echo '/usr/local/openssl/lib' >> /etc/ld.so.conf ldconfig -v openssl version -a
3.5生成免费证书
https://github.com/diafygi/acme-tiny
创建两个Let’s Encrypt私钥
openssl genrsa 4096 > account.key openssl genrsa 4096 > liqy.key
#单个域名
openssl req -new -sha256 -key liqy.key -subj "/CN=liqy.me" > domain.csr
#多个域名(如果你有多个域名,比如:www.ljq.me和liqy.me,使用这种方式)
openssl req -new -sha256 -key liqy.key -subj "/" -reqexts SAN -config <(cat /usr/local/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:liqy.me,DNS:www.ljq.me")) > liqy.csr
创建用于存放验证文件的目录
mkdir -p /data/www/challenges
3.5.1获取网站证书
cp acme_tiny.py /data/www/challenges/liqy python acme_tiny.py --account-key ./account.key --csr ./liqy.csr --acme-dir /data/www/challenges/ > ./liqy.crt
3.5.2安装证书
wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > intermediate.pem cat liqy.crt intermediate.pem > liqy.pem
3.5.3Nginx 中有关证书的配置
server {
listen 443;
server_name www.ljq.me;
ssl on;
ssl_certificate /data/www/challenges/liqy/liqy.pem;
ssl_certificate_key /data/www/challenges/liqy/liqy.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
...the rest of your config
}
server {
listen 80;
server_name www.ljq.me;
location /.well-known/acme-challenge/ {
alias /data/www/challenges/;
try_files $uri =404;
}
...the rest of your config
}
3.5.4创建了一个 renew_cert.sh 并通过 chmod a+x renew_cert.sh
#!/bin/bash cd /data/www/challenges/liqy python acme_tiny.py --account-key account.key --csr liqy.csr --acme-dir /data/www/challenges/ > liqy.crt || exit wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > intermediate.pem cat liqy.crt intermediate.pem > liqy.pem service nginx restart
查看:
chrome://net-internals/#http2
3.5.5#每个月执行一次
0 0 1 * * /data/www/challenges/renew_cert.sh 2>&1 >>/var/log/acme_tiny.log