急速安装lnmp 编译版本

急速安装lnmp 编译版本

安装msyql+PHP

1. 系统centos6.5
   
2. 安装 开发软件包
   已经改为了163的源须要执行下面的代码
   官网不自带 libmcrypt libmcrypt-devel
   

wget http://www.atomicorp.com/installers/atomic

下载这个yum源,执行

sh ./atomic 
yum -y install libmcrypt libmcrypt-devel
yum -y groupinstall "Development Tools"

报错：提示 kernel-devel须要升级 (这个问题能够忽略)
解决：

wget ftp://rpmfind.net/linux/centos/6.9/os/x86_64/Packages/kernel-devel-2.6.32-696.el6.x86_64.rpm

而后再试下yum -y groupinstall "Development Tools"已经不报错了。

yum -y install libxml2* curl curl-devel libjpeg* libpng* freetype-devel

1. 安装mysql： (注意，若是出现后面mysql不管如何都没法启动的情形，请最早安装mysql，并启动试试)

yum -y install mysql mysql-server mysql-devel

1. 下载PHP-5.6.2

wget http://cn2.php.net/distributions/php-5.6.2.tar.gz

1. 解压

tar -xvf php-5.6.2.tar.gz

1. cd php-5.6.2

2. 编译安装php
   

二种状况 第一种 用了mysql的rpm包用这种方式编译
​``` shell
./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql=mysqlnd --with-mysql-sock=/tmp/mysql.sock --with-pdo-mysql=/usr/local/services/mysql --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl --enable-bcmath --enable-sockets

第二种状况 你使用yum来安装mysql

./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-fpm --with-fpm-user=php-fpm --with-fpm-group=php-fpm --with-mysql --with-mysql-sock=/tmp/mysql.sock --with-pdo-mysql --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --with-pear --with-curl --with-openssl --enable-bcmath --enable-sockets

1. make && make install ，等很久编译完执行一下make test测试下。

2. 若是出现未安装的错误通常使用yum安装便可 记得别忘记libcurl*
   
3. 出现找不到文件路径的状况下 用 find / -name 'name'去查找一下
   
4. 出现warning的情形下大可能是由于版本以及默认安装了，能够去掉该行
   
5. 修改php配置文件
   

cp php.ini-production /usr/local/php/etc/php.ini
cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
cp /root/php-5.6.2/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/init.d/php-fpm

13. 启动php 等安装完nginx后才启动

安装nginx

yum -y install nginx

修改

先备份

cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak

vim /etc/nginx/nginx.conf

user  nginx nginx;

worker_processes 16;

#error_log  /data/logs/nginx_error.log  crit;
error_log /var/log/nginx_error.log crit;
#pid        /usr/local/services/nginx/nginx.pid;
pid /var/run/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;

events
{
  use epoll;
  worker_connections 65535;
}

http
{
  include       mime.types;
  default_type  application/octet-stream;

  #charset  gb2312;

  server_names_hash_bucket_size 128;
  client_header_buffer_size 32k;
  large_client_header_buffers 4 32k;
  client_max_body_size 8m;


  sendfile on;
  tcp_nopush     on;

  keepalive_timeout 60;
  tcp_nodelay on;

  fastcgi_connect_timeout 300;
  fastcgi_send_timeout 300;
  fastcgi_read_timeout 300;
  fastcgi_buffer_size 64k;
  fastcgi_buffers 4 64k;
  fastcgi_busy_buffers_size 128k;
  fastcgi_temp_file_write_size 128k;

  gzip on;
  gzip_min_length  1k;
  gzip_buffers     4 16k;
  gzip_http_version 1.0;
  gzip_comp_level 2;
  gzip_types       text/plain application/x-javascript text/css application/xml;
  gzip_vary on;

  #limit_zone  crawler  $binary_remote_addr  10m;
    log_format  www  '$remote_addr - $remote_user [$time_local] "$request" '
              '$status $body_bytes_sent "$http_referer" '
              '"$http_user_agent" $http_x_forwarded_for';
  server
  {
    listen       80;
    server_name  vagrant-centos65.vagrantup.com;
    index start.php index.htm index.html index.php pengyou.php weibo.php qzone.php;
    root  /usr/share/nginx/html;

    #limit_conn   crawler  20;

    location ~ .*\.(php|php5)?$
    {
      #fastcgi_pass  unix:/tmp/php-cgi.sock;
      fastcgi_pass  127.0.0.1:9000;
      fastcgi_index start.php;
#      include fcgi.conf;
      include fastcgi.conf;
    }
    location ~ .*.(svn|git|cvs)
    {
      deny all;
    }
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
      expires      30d;
    }

    location ~ .*\.(js|css)?$
    {
      expires      1h;
    }

      }



}

启动php-fpm

vim /usr/local/php/etc/php-fpm.conf 
user=nginx group=nginx  
/etc/init.d/php-fpm start

启动nginx

/etc/init.d/nginx start  
vim /usr/share/nginx/html/cc.php

<?php
phpinfo();
?>

127.0.0.1/cc.php

---

LNMP安装完成

---

wiki安装部署

首先登陆进入mysql数据库

mysql -uroot

建立一个wiki库

create database wiki charset utf8;  
grant all on wiki.* to wiki@'localhost' identified by 'wiki';  
flush privileges;

下载wiki软件

http://kaiyuan.hudong.com/

wget http://kaiyuan.hudong.com/download.php?n=HDWiki-v6.0UTF8-20170209.zip
unzip HDWiki-v6.0UTF8-20170209.zip  
mv hdwiki/* /usr/share/nginx/html/

若是使用老师的nginx包安装

mv hdwiki/* /data/htdocs/www/  
chown -R www:wwww /data/htdocs/www

-R 处理指定目录以及其子目录下的全部文件

浏览器http://192.168.1.109/index.php 直接进行配置就能够了

1. 赞成
2. 权限

[root@vagrant-centos65 html]# chmod 0777 ./uploads
[root@vagrant-centos65 html]# chmod 0777 ./uploads/userface
[root@vagrant-centos65 html]# chmod 0777 ./data/
[root@vagrant-centos65 html]# chmod 0777 ./plugins
[root@vagrant-centos65 html]# chmod 0777 ./style/default/logo.gif
[root@vagrant-centos65 html]# chmod 0777 ./config.php

可简写为一条语句：

[root@vagrant-centos65 html]# chmod 0777 ./uploads ./uploads/userface ./data/ ./plugins ./style/default/logo.gif ./config.php

1. mysql

[root@vagrant-centos65 html]# mysqladmin -uroot password '123456'

1. 数据库服务器：把localhost改成127.0.0.1

2. 启动
   重启事后须要重启这些服务：
   能够添加到开机启动脚本里面

[root@vagrant-centos65 ~]# service nginx start
Starting nginx:                                            [  OK  ]
[root@vagrant-centos65 ~]# service mysqld start
Starting mysqld:                                           [  OK  ]
[root@vagrant-centos65 ~]# /etc/init.d/php-fpm start
Starting php-fpm  done

1. Linux 开启容许外网访问端口：

LINUX经过下面的命令能够开启容许对外访问的网络端口：

/sbin/iptables -I INPUT -p tcp --dport 8000 -j ACCEPT #开启8000端口
/etc/rc.d/init.d/iptables save #保存配置
/etc/rc.d/init.d/iptables restart #重启服务
查看端口是否已经开放
/etc/init.d/iptables status

[root@vagrant-centos65 ~]# /sbin/iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
[root@vagrant-centos65 ~]# /etc/rc.d/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@vagrant-centos65 ~]# /etc/rc.d/init.d/iptables restart 
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
[root@vagrant-centos65 ~]# /etc/init.d/iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8000 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

[root@vagrant-centos65 ~]#

1. 添加防火墙，预防cc攻击和暴力破解！

## 脚本文件：drop_ip.sh
#!/bin/bash
## drop_ip1获取nginx日志里面的黑名单ip
drop_ip1=`tail -5000 /var/log/nginx/access.log |awk '{a[$1]++}END{for(i in a)if(a[i]>300)print i}'`
## drop_ip2获取登陆日志的黑名单ip
drop_ip2=`tail -5000 /var/log/secure |grep Failed |awk '{a[$11]++}END{for(i in a)if(a[i]>15)print i}'`
white_ip=('192.168.1.102' '192.168.1.109')
## 经过判断黑名单ip是否是非空、循环遍历判断iptables规则中是否已经有的规则，而后经过插入-s ip DROP操做来防护黑名单ip的进攻
if [ -n $drop_ip1 -o -n $drop_ip2 ];then
  for i in drop_ip1 drop_ip2
  do
    x=`iptables -nv -L |grep $'i'`
    if [ -z "$x" ];then
    for j in $white_ip
    do
      if [ $i != $j ];then
        /sbin/iptables -I INPUT -s $i -j DROP
      fi
    done
    fi
  done
fi

防护结果：

[root@vagrant-centos65 ~]# iptables -nv -L
Chain INPUT (policy ACCEPT 34 packets, 2244 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       192.168.1.105        0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 24 packets, 2912 bytes)
 pkts bytes target     prot opt in     out     source               destination

1. 配置外网访问，内网穿透。 内网访问：http://192.168.1.109/ 外网访问：http://1549v4h967.imwork.net/