PHP7+MYSQL5.6+NGINX1.9+HTTPS/2环境安装

技术库 小李 2738浏览

1#创建sawap

dd if=/dev/zero of=/var/swap bs=1024 count=512000

(512000个block,1个block为1K,空间是512M)

/sbin/mkswap /var/swap
/sbin/swapon /var/swap

(变成swap分区,使用这个swap分区)

/var/swap   swap   swap    defaults  0 0

(修改/etc/fstab文件,使用swap没有自动启动)

2#下载软件包

wget https://www.openssl.org/source/openssl-1.1.0b.tar.gz
wget http://nchc.dl.sourceforge.net/project/mcrypt/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz
wget http://nginx.org/download/nginx-1.11.5.tar.gz

wget http://mirrors.sohu.com/mysql/MySQL-5.6/mysql-5.6.33.tar.gz #进入网站下载最新版本

wget https://cmake.org/files/v2.8/cmake-2.8.12.tar.gz
wget http://zlib.net/zlib-1.2.11.tar.gz #到官网下载最新版本
git clone https://github.com/php/php-src.git

git clone https://github.com/diafygi/acme-tiny.git

3#安装

安装 locate

yum -y install mlocate
updatedb

安装依赖

yum -y install make pcre pcre-devel openssl openssl-devel  gcc gcc-c++ gcc-g77 cmake bison ncurses-devel  perl-Module-Install.noarch  make autoconf automake libxml2-devel  curl curl-devel gd gd-devel php-mcrypt  libmcrypt  libmcrypt-devel  libxslt-devel curl-devel php-gd

3.1安装nginx (http2.0)

tar zxf zlib-1.2.8.tar.gz
./configure --prefix=/usr/local/zlib
make && make install
/usr/sbin/groupadd -f nginx
/usr/sbin/useradd -g nginx nginx
./configure --prefix=/usr/local/nginx --with-openssl=/root/package/openssl-1.1.0b --with-pcre --with-zlib=/root/package/zlib-1.2.8 --with-stream --with-stream_ssl_module  --with-http_ssl_module --with-http_v2_module --with-threads --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --sbin-path=/usr/sbin/nginx --user=nginx --conf-path=/usr/local/nginx/conf/nginx.conf --group=nginx

make && make install

(with-openssl=/______这个路径指向你的源码安装包路径而不是你安装后的路径!)

去掉版本号:

vi /usr/local/nginx/conf/nginx.conf

server_tokens   off;

配置开机启动文件

vi /etc/rc.d/init.d/nginx #编辑启动文件添加下面内容
#! /bin/sh
# chkconfig: 2345 55 25
# Description: Startup script for nginx webserver on Debian. Place in /etc/init.d and
# run 'update-rc.d -f nginx defaults', or use the appropriate command on your
# distro. For CentOS/Redhat run: 'chkconfig --add nginx'

### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server
# Description: starts nginx using start-stop-daemon
### END INIT INFO

# Author: licess
# website: http://lnmp.org

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=nginx
NGINX_BIN=/usr/sbin/$NAME
CONFIGFILE=/usr/local/nginx/conf/$NAME.conf
PIDFILE=/var/run/$NAME.pid

case "$1" in
 start)
 echo -n "Starting $NAME... "

 if netstat -tnpl | grep -q nginx;then
 echo "$NAME (pid `pidof $NAME`) already running."
 exit 1
 fi

 $NGINX_BIN -c $CONFIGFILE

 if [ "$?" != 0 ] ; then
 echo " failed"
 exit 1
 else
 echo " done"
 fi
 ;;

 stop)
 echo -n "Stoping $NAME... "

 if ! netstat -tnpl | grep -q nginx; then
 echo "$NAME is not running."
 exit 1
 fi

 $NGINX_BIN -s stop

 if [ "$?" != 0 ] ; then
 echo " failed. Use force-quit"
 exit 1
 else
 echo " done"
 fi
 ;;

 status)
 if netstat -tnpl | grep -q nginx; then
 PID=`pidof nginx`
 echo "$NAME (pid $PID) is running..."
 else
 echo "$NAME is stopped"
 exit 0
 fi
 ;;

 force-quit)
 echo -n "Terminating $NAME... "

 if ! netstat -tnpl | grep -q nginx; then
 echo "$NAME is not running."
 exit 1
 fi

 kill `pidof $NAME`

 if [ "$?" != 0 ] ; then
 echo " failed"
 exit 1
 else
 echo " done"
 fi
 ;;

 restart)
 $0 stop
 sleep 1
 $0 start
 ;;

 reload)
 echo -n "Reload service $NAME... "

 if netstat -tnpl | grep -q nginx; then
 $NGINX_BIN -s reload
 echo " done"
 else
 echo "$NAME is not running, can't reload."
 exit 1
 fi
 ;;

 configtest)
 echo -n "Test $NAME configure files... "

 $NGINX_BIN -t
 ;;

 *)
 echo "Usage: $0 {start|stop|force-quit|restart|reload|status|configtest}"
 exit 1
 ;;

esac

chmod 775 /etc/rc.d/init.d/nginx #赋予文件执行权限
chkconfig nginx on #设置开机启动
/etc/rc.d/init.d/nginx restart #重启
service nginx restart

 

3.2安装MYSQL5.6

a)安装cmake

#cd cmake-2.8.12
./bootstrap && make && make install

b)安装mysql

#cd mysql-5.6.36
groupadd mysql
useradd -g mysql mysql -s /bin/false

mkdir -p /data/mysql/db
mkdir -p /var/run/mysql
mkdir -p /usr/local/mysql
chown -R mysql:mysql /data/mysql
chown -R mysql:mysql /var/run/mysql

#cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_UNIX_ADDR=/var/run/mysql/mysql.sock -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_EXTRA_CHARSETS:STRING=utf8,gbk -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_MEMORY_STORAGE_ENGINE=1 -DWITH_READLINE=1 -DENABLED_LOCAL_INFILE=1 -DMYSQL_DATADIR=/data/mysql/db -DMYSQL_USER=mysql -DMYSQL_TCP_PORT=3306 -DSYSCONFDIR=/etc -DINSTALL_SHAREDIR=share

#make && make install
#cp ./support-files/my-default.cnf /etc/my.cnf

vi /etc/my.cnf #下面增加一行

datadir = /data/mysql/db
#cd /usr/local/mysql

./scripts/mysql_install_db --user=mysql  --datadir=/data/mysql/db

cp ./support-files/mysql.server /etc/rc.d/init.d/mysql

chmod 755 /etc/init.d/mysql

chkconfig mysql on
vi /etc/rc.d/init.d/mysql #增加两行

basedir = /usr/local/mysql

datadir = /data/mysql/db
vi /etc/profile   #把mysql服务加入系统环境变量:在最后添加下面这一行

export PATH=$PATH:/usr/local/mysql/bin
ln -s /usr/local/mysql/bin/mysql /usr/bin/mysql #直接使用mysql命令

ln -s /usr/local/mysql/include/mysql /usr/include/mysql
mysql_secure_installation #设置Mysql密码

或者直接修改密码

/usr/local/mysql/bin/mysqladmin -u root -p password "123456"

3.3安装PHP7

a) 安装libmcrypt

cd lnmp/libmcrypt-2.5.8
./configure && make && make install

b) 安装php

./buildconf #源码安装需要先执行

./configure --prefix=/usr/local/php \
--exec-prefix=/usr/local/php \
--bindir=/usr/local/php/bin \
--sbindir=/usr/local/php/sbin \
--includedir=/usr/local/php/include \
--libdir=/usr/local/php/lib/php \
--mandir=/usr/local/php/php/man \
--with-config-file-path=/usr/local/php/etc \
--with-mysql-sock=/var/run/mysql/mysql.sock \
--with-mysqli=/usr/local/mysql/bin/mysql_config \
--with-pdo-mysql=mysqlnd \
--with-mcrypt \
--with-curl \
--with-mhash \
--with-freetype-dir \
--with-gd \
--with-gettext \
--with-iconv-dir \
--with-kerberos \
--with-libdir=lib64 \
--with-libxml-dir \
--with-jpeg-dir \
--with-openssl \
--with-pcre-regex \
--with-pdo-sqlite \
--with-pear \
--with-png-dir \
--with-xmlrpc \
--with-xsl \
--with-zlib \
--enable-fpm \
--enable-bcmath \
--enable-libxml \
--enable-inline-optimization \
--enable-mbregex \
--enable-mbstring \
--enable-opcache \
--enable-pcntl \
--enable-shmop \
--enable-soap \
--enable-sockets \
--enable-sysvsem \
--enable-xml \
--enable-zip \
--enable-session \
--enable-calendar

make && make install

配置php:

cp php.ini-development /usr/local/php/etc/php.ini #复制php配置文件到安装目录

rm -rf /etc/php.ini #删除系统自带配置文件

ln -s /usr/local/php/etc/php.ini /etc/php.ini #添加软链接

cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf #拷贝模板文件为php-fpm配置文件

mv /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf

vi /usr/local/php/etc/php-fpm.conf #编辑
pid = run/php-fpm.pid #取消前面的分号


vi /usr/local/php/etc/php-fpm.d/www.conf

user = nginx
group = nginx

设置 php-fpm开机启动

cp sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm #拷贝php-fpm到启动目录

chmod +x /etc/rc.d/init.d/php-fpm #添加执行权限

chkconfig php-fpm on #设置开机启动


vi /usr/local/php/etc/php.ini #编辑配置文件
date.timezone = PRC #设置时区
expose_php = OFF #禁止显示php版本的信息
short_open_tag = ON #支持php短标签

配置直接使用PHP相关命令

ln -s /usr/local/php/bin/php /usr/bin/php
ln -s /usr/local/php/bin/phpize /usr/bin/phpize
ln -s /usr/local/php/bin/php-config /usr/bin/php-config

3.4升级openssl:

tar zxf openssl-1.1.0b.tar.gz
./config --prefix=/usr/local/openssl
make && make install

mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak

ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
ln -s /usr/local/openssl/lib/libssl.so /usr/lib

echo '/usr/local/openssl/lib' >> /etc/ld.so.conf

ldconfig -v

openssl version -a

3.5生成免费证书

https://github.com/diafygi/acme-tiny

创建两个Let’s Encrypt私钥

openssl genrsa 4096 > account.key

openssl genrsa 4096 > liqy.key

#单个域名

openssl req -new -sha256 -key liqy.key -subj "/CN=liqy.me" > domain.csr

#多个域名(如果你有多个域名,比如:www.ljq.me和liqy.me,使用这种方式)

openssl req -new -sha256 -key liqy.key -subj "/" -reqexts SAN -config <(cat /usr/local/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:liqy.me,DNS:www.ljq.me")) > liqy.csr

创建用于存放验证文件的目录

mkdir -p /data/www/challenges

3.5.1获取网站证书

cp acme_tiny.py /data/www/challenges/liqy

python acme_tiny.py --account-key ./account.key --csr ./liqy.csr --acme-dir /data/www/challenges/ > ./liqy.crt

 

3.5.2安装证书

wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > intermediate.pem

cat liqy.crt intermediate.pem > liqy.pem

 

3.5.3Nginx 中有关证书的配置

server {
   listen 443;
   server_name www.ljq.me;

   ssl on;
   ssl_certificate /data/www/challenges/liqy/liqy.pem;
   ssl_certificate_key /data/www/challenges/liqy/liqy.key;
   ssl_session_timeout 5m;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
   ssl_session_cache shared:SSL:50m;
   ssl_prefer_server_ciphers on;

   ...the rest of your config
}

server {
   listen 80;
   server_name www.ljq.me;

   location /.well-known/acme-challenge/ {
       alias /data/www/challenges/;
       try_files $uri =404;
   }

   ...the rest of your config
}

 

3.5.4创建了一个 renew_cert.sh 并通过 chmod a+x renew_cert.sh

#!/bin/bash

cd /data/www/challenges/liqy

python acme_tiny.py --account-key account.key --csr liqy.csr --acme-dir /data/www/challenges/ > liqy.crt || exit

wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > intermediate.pem

cat liqy.crt intermediate.pem > liqy.pem

service nginx restart

查看:

chrome://net-internals/#http2

3.5.5#每个月执行一次

0 0 1 * * /data/www/challenges/renew_cert.sh 2>&1 >>/var/log/acme_tiny.log

 

转载请注明:清韵逸-博客生活分享 » PHP7+MYSQL5.6+NGINX1.9+HTTPS/2环境安装