硬件配置
硬盘:1个,20GB
网卡:1 个,1Gbps
CPU:1个
内存1GB
软件版本
centos 8.0 64bit
mysql 8.0.26
nginx 1.23.2 安装ngx_log_if, ngx_http_substitutions_filter_module, http_ssl_module等模块
php 8.0.26 安装php-fpm zend mcrypt openssl opcache gd等模块
用户环境配置
SSH登陆系统,修改centos 8的安装源,使yum可以正常使用
# sudo sed -i -e "s|mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-*
# sudo sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*
修改时区,更新时间
# vi /etc/sysconfig/clock //更改时区
ZONE=Asia/Shanghai
UTC=false
ARC=false
# rm /etc/localtime
# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
# hwclock --set --date="11/17/12 09:10:30" //更新时间
# hwclock --hctosys//把硬件时钟同步到系统时钟
安装NTP服务
# yum -y install chrony
# systemctl start chronyd.service
# systemctl status chronyd.service
# date
启用系统日志
# yum install rsyslog -y
# systemctl start rsyslog.service
# systemctl enable rsyslog.service
# vi /etc/selinux/config 修改 SELINUX=enforcing
# vi /etc/locale.conf #修改为以下内容,防止vi中文乱码
LANG=en_US.UTF-8
添加用户和组
# /usr/sbin/groupadd www
# /usr/sbin/useradd -g www www
# passwd www #修改密码为客户VPS的密码
# echo "AllowUsers www" >> /etc/ssh/sshd_config
# systemctl restart sshd.service
# /usr/sbin/groupadd mysql
# /usr/sbin/useradd -g mysql mysql
# mkdir -p /data/htdocs
# chcon -R -t usr_t /data/htdocs
# chcon -R -t httpd_sys_rw_content_t /data/htdocs/ //php selinux写文件权限
# chown -R www:www /data/htdocs
# yum -y install wget crontabs
# systemctl start crond.service
# systemctl enable crond.service
安装mysql
# rpm -qa | grep mysql //找到系统自带的包,用rpm -e全部删除
# rpm -e mysql-libs-5.1.73-3.el6_5.x86_64
# yum -y install perl libaio
# cd ~
# rpm -ivh http://repo.mysql.com/mysql80-community-release-el8.rpm
# yum -y install mysql-server
# vi /etc/my.cnf.d/mysql-server.cnf添加如下内容:
[mysqld]
log-bin=mysql-bin
binlog_format=mixed
performance_schema_max_table_instances=4000
table_definition_cache=2048
table_open_cache=1024
slow_query_log
long_query_time = 2
#slow_query_log_file="/tmp/mysql_slow.log"
#log_slave_updates
#gtid-mode=ON
#enforce-gtid-consistency=ON
explicit_defaults_for_timestamp=true
# systemctl start mysqld.service
# systemctl enable mysqld.service
安装nginx
# yum -y install wget zip unzip gcc make pcre-devel openssl-devel git
# cd ~
# wget -c http://nginx.org/download/nginx-1.23.2.tar.gz
# tar -zxf nginx-1.23.2.tar.gz
# mkdir -p /usr/local/nginx/
# cd /usr/local/nginx
# wget -O ngx_log_if-master.zip https://github.com/cfsego/ngx_log_if/archive/master.zip
# wget -O ngx_http_substitutions_filter_module-master.zip \
https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/master.zip
# unzip ngx_log_if-master.zip
# unzip ngx_http_substitutions_filter_module-master.zip
# cd ~/nginx-1.23.2
# ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module --with-pcre --with-http_realip_module --add-module=/usr/local/nginx/ngx_log_if-master --add-module=/usr/local/nginx/ngx_http_substitutions_filter_module-master
# make && make install
# vi /etc/init.d/nginx //创建service服务脚本,可以去网上搜索内容,比如http://blog.csdn.net/baiquan17/article/details/53304456
# cp /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx-conf.bk
# >/usr/local/nginx/conf/nginx.conf
# vi /usr/local/nginx/conf/nginx.conf //编辑nginx配置,内容可以到网上搜,比如http://www.cnblogs.com/chenjiahe/p/5956002.html,或者回复本文留下邮箱索取
# mkdir -p /usr/local/nginx/conf/conf.d/
# chmod +x /etc/init.d/nginx
# chkconfig --add nginx
# chkconfig --level 2345 nginx on
# mkdir /var/log/nginx
# touch /var/log/nginx/error.log
# chown -R www:www /var/log/nginx/
# mv /usr/local/nginx/conf /etc/nginx
# ln -s /etc/nginx /usr/local/nginx/conf
# systemctl restart nginx.service
# systemctl enable nginx.service
安装php
# cd ~
# rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-8.rpm --nodeps --force
# dnf module enable php:remi-8.0
# dnf info php
# yum -y install php php-cli php-common php-opcache php-fpm php-gd php-mcrypt php-mysql php-xml php-xmlrpc php-mbstring
# rpm -qa | grep httpd
# yum -y remove httpd
# setsebool -P httpd_can_network_connect=1 //selinux文件权限
# vi /etc/php.ini 修改时区
date.timezone = PRC
# vi /etc/php-fpm.d/www.conf 修改以下参数:
user=www
group=www
listen= 127.0.0.1:9000
request_terminate_timeout = 30s
pm.max_children = 25
pm.start_servers = 10
pm.min_spare_servers = 10
pm.max_spare_servers = 20
# vi /etc/php.d/10-opcache.ini 修改如下参数:
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=256
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=2000
opcache.revalidate_freq=2
opcache.fast_shutdown=1
# mkdir -p /var/lib/php/session
# mkdir -p /var/lib/php/wsdlcache
# chown -R www:www /var/lib/php/
# chown -R www:www /var/log/php-fpm/
# chown www:www /var/log/php_errors.log
# chown www:www /run/php-fpm/www.sock
# systemctl restart php-fpm.service
# systemctl enable php-fpm.service
安全配置
# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
# vi /etc/ssh/sshd_config //修改Port为222
# semanage port -a -t ssh_port_t -p tcp 222 //selinux
# systemctl restart sshd.service
# systemctl stop firewalld.service
# systemctl disable firewalld.service
# service iptables stop
# iptables -L -n
# iptables -F
# iptables -X
# iptables -L -n
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 222 -j ACCEPT
# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
# iptables -A INPUT -s 11.22.33.44 -p tcp --dport 3306 -j ACCEPT
# iptables -A INPUT -i lo -j ACCEPT
# iptables -A OUTPUT -o lo -j ACCEPT
# iptables -P INPUT DROP
# iptables -P FORWARD DROP
# iptables -A INPUT -p icmp -j ACCEPT
# iptables -A INPUT -i lo -p all -j ACCEPT
# iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
# iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
# iptables -L -n
# yum -y install iptables-services
# service iptables save
# systemctl restart iptables.service
# systemctl enable iptables.service
# echo "/bin/systemctl restart mysql.service" >> /etc/rc.local
# echo "/bin/systemctl restart php-fpm.service" >> /etc/rc.local
# echo "/bin/systemctl restart nginx.service" >> /etc/rc.local
# echo "/bin/systemctl restart iptables.service " >> /etc/rc.local
# reboot
配置测试网站
# su - www
# cd /data/htdocs
# wget https://wordpress.org/latest.zip
# unzip latest.zip
# cd wordpress
# echo "<?php phpinfo(); ?>" > php.php
# mysql -u root
# mysql> create database wordpress;
# mysql> exit
# su -
# vi /etc/nginx/conf.d/wordpress.conf 编辑为以下内容:
server {
listen 80 default;
root /data/htdocs/wordpress/;
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000; #unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# systemctl restart nginx.service
打开php.php页面和测试WordPress,确认网站的水印和URL转发没有问题后,删除网站:
# rm -rf /data/htdocs/wordpress
# rm -rf /etc/nginx/conf.d/wordress.conf
# mysql -u root -p
# mysql> drop database wordpress;
# mysql> exit
结束