服务器环境为Linode预置的Debian 11,因为众所周知的原因。手工安装和配置LNMP( linux, nginx, MySQL, php-fpm, memchched)
安装
先决条件
sudo apt update && sudo apt upgrade -y
reboot
sudo apt install ntp zip unzip wget curl screen build-essential libevent-dev gcc make libc6-dev gpg gnupg2 ca-certificates lsb-release debian-archive-keyring git socat -y
#设置时区
sudo timedatectl set-timezone Asia/Shanghai
#创建用户和分组及wwwroot目录
groupadd www && useradd -M -s /sbin/nologin -g www www
mkdir -p /home/wwwroot/
# 调整内核参数
echo "fs.file-max = 2097152" >> /etc/sysctl.conf
echo "net.core.somaxconn=65536" >> /etc/sysctl.conf
sysctl -p
# 调整systemd限制
echo "DefaultLimitNOFILE=infinity" >> /etc/systemd/system.conf
echo "DefaultLimitNOFILESoft=infinity" >> /etc/systemd/system.conf
echo "DefaultLimitNOFILESoft=infinity" >> /etc/systemd/system.conf
systemctl daemon-reloadNGINX的安装
NGINX官方安装方法
# 导入官方 nginx 签名密钥,以便 apt 可以验证包的真实性
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
# 验证下载的文件是否包含正确的密钥, 输出应包含完整指纹, 如果指纹不同,请删除该文件
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
# 使用稳定包
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
# 设置apt优先使用官方包
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | sudo tee /etc/apt/preferences.d/99nginx
# 安装
sudo apt update
sudo apt install nginx
# 查看nginx 版本
nginx -v
# 检查 Nginx 服务的状态
sudo systemctl status nginx
安装php-fpm
# 导入 Ondřej Surý 维护的 PHP 软件源:
curl -sSL https://packages.sury.org/php/README.txt | sudo bash -x
# 在apt cache中搜索以php8开头的安装包
apt-cache search php8
# 安装php-fpm 8.3
sudo apt install php8.3-fpm php8.3-cli php8.3-mysql php8.3-curl php8.3-gd php8.3-mbstring php8.3-xml php8.3-xmlrpc php8.3-zip php8.3-opcache php8.3-memcached php8.3-apcu php8.3-bcmath php8.3-imagick -y
#查看服务状态
systemctl status php8.3-fpm.service
安装MySQL及优化
ShellSession
# 来自mysql官方步骤 https://dev.mysql.com/doc/mysql-apt-repo-quick-guide/en/
# 下载官方deb包 版本查看: https://dev.mysql.com/downloads/repo/apt/
wget https://dev.mysql.com/get/mysql-apt-config_0.8.29-1_all.deb
# 安装存储库
dpkg -i mysql-apt-config_0.8.29-1_all.deb
# 更新apt
sudo apt-get update && apt-get upgrade
# 搜索
apt search --names-only ^mysql
# 安装mysql
apt install mysql-server -y
# 检查状态
systemctl status mysql
# 查看版本
mysql --version
# 安全相关初始化设置
mysql_secure_installation
# 优化mysql 配置文件
touch /home/wwwroot/mysql_error.log && chown mysql:mysql /home/wwwroot/mysql_error.log
touch /home/wwwroot/mysql_slow.log && chown mysql:mysql /home/wwwroot/mysql_slow.log
echo "[mysqld]" >> /etc/mysql/my.cnf
echo 'log-error = /home/wwwroot/mysql_error.log' >> /etc/mysql/my.cnf
echo 'innodb_buffer_pool_size = 1G' >> /etc/mysql/my.cnf
echo 'slow_query_log = 1' >> /etc/mysql/my.cnf
echo 'slow_query_log_file = /home/wwwroot/mysql_slow.log' >> /etc/mysql/my.cnf
echo 'long_query_time = 5' >> /etc/mysql/my.cnf
echo 'log_timestamps = SYSTEM' >> /etc/mysql/my.cnf
echo "default-time-zone = '+8:00'" >> /etc/mysql/my.cnf
# 优化mysql.service
sed -i 's/LimitNOFILE = 10000/#LimitNOFILE = 10000/g' /usr/lib/systemd/system/mysql.service
systemctl daemon-reload
systemctl restart mysql && systemctl status mysql
# 查看mysql 身份验证方式
SELECT user,authentication_string,plugin,host FROM mysql.user;
# 修改mysql 身份验证方式为 caching_sha2_password
ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'password';
FLUSH PRIVILEGES;
安装memcached
ShellSession
sudo apt install memcached libmemcached-tools -y
# 检查 memcached 服务的状态
systemctl status memcached
# 查看版本
memcached -V
#验证memcached 监听的端口
ps -ef | grep memcached配置LNMP
1.php-fpm (开启4个sock或tcp)
ShellSession
# 从github克隆
cd /root && apt install git -y && git clone https://github.com/janusdjg/lnmp.git
# 更改权限
chown -R www:www /var/lib/php/sessions
# 创建日志文件
touch /home/wwwroot/php_error.log && chown www:www /home/wwwroot/php_error.log
touch /home/wwwroot/fpm.log && chown www:www /home/wwwroot/fpm.log
touch /home/wwwroot/fpm_slow.log && chown www:www /home/wwwroot/fpm_slow.log
# 使用git 的php-fpm配置文件覆盖原文件(socket)
mv /etc/php/8.3/fpm/php.ini /etc/php/8.3/fpm/php.ini.backup
cp /root/lnmp/php/php.ini /etc/php/8.3/fpm/php.ini
mv /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/php-fpm.conf.backup
cp /root/lnmp/php/php-fpm.conf.socket /etc/php/8.3/fpm/php-fpm.conf
# 删除php-fpm服务文件,复制git service文件并启用
systemctl list-units --type=service | grep php
systemctl stop php8.3-fpm.service
systemctl disable php8.3-fpm.service
mv /usr/lib/systemd/system/php8.3-fpm.service /root/php8.3-fpm.service.backup
cp /root/lnmp/php/php-fpm.service /usr/lib/systemd/system/php-fpm.service
systemctl daemon-reload
systemctl enable php-fpm.service
systemctl start php-fpm.service && systemctl status php-fpm.service
# 列出服务
systemctl list-units --type=service | grep php2. 配置NGINX及phpmyadmin
ShellSession
# 备份原nginx配置文件,复制git的nginx配置文件并启用
mkdir -p /root/nginx_backup && mv /etc/nginx/* /root/nginx_backup/
cp -r /root/lnmp/nginx/* /etc/nginx/
touch /home/wwwroot/nginx_error.log && chown www:www /home/wwwroot/nginx_error.log
chown -R www:www /home/wwwroot/
# 验证配置文件
sudo systemctl stop nginx
nginx -t
sudo systemctl start nginx && sudo systemctl status nginx
# 修改phpmyadmin版本号, 下载到default目录中
phpmyadmin_ver=5.2.1
wget https://files.phpmyadmin.net/phpMyAdmin/$phpmyadmin_ver/phpMyAdmin-$phpmyadmin_ver-all-languages.zip
unzip -q phpMyAdmin-$phpmyadmin_ver-all-languages.zip -d /home/wwwroot/default/
mv /home/wwwroot/default/phpMyAdmin-$phpmyadmin_ver-all-languages /home/wwwroot/default/phpmyadmin
# phpmyadmin 配置文件修改
sed -e "s|cfg\['blowfish_secret'\] = ''|cfg['blowfish_secret'] = '$(openssl rand -hex 16)'|" /home/wwwroot/default/phpmyadmin/config.sample.inc.php > /home/wwwroot/default/phpmyadmin/config.inc.php
echo "\$cfg['VersionCheck'] = false;" >> /home/wwwroot/default/phpmyadmin/config.inc.php
echo "\$cfg['ZeroConf'] = false;" >> /home/wwwroot/default/phpmyadmin/config.inc.php
echo "\$cfg['UploadDir'] = 'upload';" >> /home/wwwroot/default/phpmyadmin/config.inc.php
echo "\$cfg['SaveDir'] = 'save';" >> /home/wwwroot/default/phpmyadmin/config.inc.php
# 创建目录, 赋予权限
mkdir -p /home/wwwroot/default/phpmyadmin/tmp
mkdir -p /home/wwwroot/default/phpmyadmin/upload
mkdir -p /home/wwwroot/default/phpmyadmin/save
chown -R www:www /home/wwwroot/
# 为phpmyadmin添加额外验证
# 生成密码文件 https://www.web2generators.com/apache-tools/htpasswd-generator
touch /home/wwwroot/default/phpmyadmin/.htpasswd
echo 'YOUR_HASH' > /home/wwwroot/default/phpmyadmin/.htpasswd
# 修改nginx.conf文件,include enable-php.conf这一行上方添加:
location /phpmyadmin/ {
auth_basic "Admin-Section";
auth_basic_user_file /home/wwwroot/default/phpmyadmin/.htpasswd;
include enable-php.conf;
}
nginx -t
systemctl reload nginx && systemctl status nginx
acme.sh
ShellSession
curl https://get.acme.sh | sh -s email=$myemail
source ~/.bashrc
acme.sh --upgrade --auto-upgrade
mkdir -p /etc/nginx/vhost
mkdir -p /etc/nginx/ssl
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
新建虚拟主机(https)
ShellSession
# 修改这两个变量的值 YOUR_DOMAIN YOUR_EMAIL
mydomain=YOUR_DOMAIN
myemail=YOUR_EMAIL
# 创建虚拟主机http配置文件
cp /root/lnmp/vhost.conf /etc/nginx/vhost/$mydomain.conf
sed -i "s/YOUR_DOMAIN/$mydomain/g" /etc/nginx/vhost/$mydomain.conf
mkdir -p /home/wwwroot/$mydomain
echo "open_basedir=/home/wwwroot/$mydomain:/tmp/:/proc/" > /home/wwwroot/$mydomain/.user.ini
chown -R www:www /home/wwwroot/$mydomain
chattr +i /home/wwwroot/$mydomain/.user.ini
nginx -t && nginx -s reload
systemctl reload nginx && systemctl status nginx
# 2 颁发和安装证书
mkdir -p /etc/nginx/ssl/$mydomain/
acme.sh --issue -d $mydomain -w /home/wwwroot/$mydomain
acme.sh --install-cert -d $mydomain \
--key-file /etc/nginx/ssl/$mydomain/key.pem \
--fullchain-file /etc/nginx/ssl/$mydomain/fullchain.pem \
--reloadcmd "service nginx force-reload"
# 3 修改vhost文件
cat /root/lnmp/vhost_ssl.conf >> /etc/nginx/vhost/$mydomain.conf
sed -i "s/YOUR_DOMAIN/$mydomain/g" /etc/nginx/vhost/$mydomain.conf
nginx -t && service nginx force-reload4. APC及Opcached配置
ShellSession
# 下载apc.php并修改密码, 注意your_passwordn改为你的密码
curl -sSL https://raw.githubusercontent.com/krakjoe/apcu/master/apc.php | sed "s/('ADMIN_PASSWORD','password')/('ADMIN_PASSWORD','your_password')/g" > /home/wwwroot/default/apc.php
# 下载opcache-gui
curl -sSL https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -o /home/wwwroot/default/opcache.php修改php.ini
apc.shm_size = 1024M
apc.entries_hint = 65536Memcached
配置文件: /etc/memcached.conf
# 禁用 UDP
-U 0
# 内存分配256M
-m 256
# 最大项目尺寸
-I 5m
#最大线程数
-t 8
# 空闲超时时间
-o idle_timeout=20防火墙配置
ShellSession
apt install ufw -y
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow http
ufw allow https
ufw enable
ufw status verbose
相关路径
nginx 配置文件目录: /etc/nginx/
php 配置文件目录: /etc/php/8.2/fpm/
mysql 配置文件: /etc/mysql/mysql.cnf
datadir: /var/lib/mysql/
socket: /var/run/mysqld/mysqld.sock
memcached 配置文件: /etc/memcached.conf删除vhost配置文件,移除网站
ShellSession
acme.sh --remove -d example.com
rm -rf /root/.acme.sh/example.com_ecc
rm -rf /etc/nginx/vhost/example.com.conf
rm -rf /etc/nginx/ssl/example.com
chattr -i /home/wwwroot/example.com/.user.ini
mv /home/wwwroot/example.com/ /home/wwwroot/example.com_bak/
systemctl restart nginx一些命令
# 列出 Debian 上所有用户
cat /etc/passwd | cut -d ':' -f 1
# 仅列出人类用户
cat /etc/passwd | grep -E '(/bin/bash)|(/bin/sh)' | cut -d ':' -f 1
# 查找进程
ps -ef | grep mysql
# 根据进程的 PID 查找已打开的文件和目录
lsof -p <进程ID>
# 上述两个命令结合使用
ps -ef | grep mysql | awk '{print $2}' | xargs -I {} lsof -p {}
# 查找php服务单元
systemctl list-units --type=service | grep php
# 显示服务日志
journalctl -u mysql
# 列出已启用的服务
systemctl list-unit-files --state=enabled
###### 重新启动LNMP ######
# 重新启动php-fpm 1-4
for i in {1..4}; do systemctl reload php-fpm-$i.service; done
systemctl list-units --type=service --state=running | grep php
# 重新启动 nginx
systemctl restart nginx.service
# 查看systemctl 配置 /etc/systemd/system.conf
systemctl show配置多PHP实例
修改LNMP管理脚本
MySQL 版本 https://dev.mysql.com/downloads/mysql/
NGINX 版本 http://nginx.org/en/download.html
PHP 版本 http://www.php.net/downloads.php
memcached 版本: https://memcached.org/downloads
phpmyadmin 版本: https://www.phpmyadmin.net/downloads/
NGINX官方指引: https://nginx.org/en/linux_packages.html#Debian
php-fpm指引:https://packages.sury.org/php/README.txt
MySQL官方APT 存储库deb包: https://dev.mysql.com/downloads/repo/apt/
You’re so awesome! I don’t believe I have read a single thing like that before. So great to find someone with some original thoughts on this topic. Really.. thank you for starting this up. This website is something that is needed on the internet, someone with a little originality!
Pretty! This has been a really wonderful post. Many thanks for providing these details.
Very well presented. Every quote was awesome and thanks for sharing the content. Keep sharing and keep motivating others.
I am truly thankful to the owner of this web site who has shared this fantastic piece of writing at at this place.
I do not even understand how I ended up here, but I assumed this publish used to be great
I am truly thankful to the owner of this web site who has shared this fantastic piece of writing at at this place.
Pretty! This has been a really wonderful post. Many thanks for providing these details.
For the reason that the admin of this site is working, no uncertainty very quickly it will be renowned, due to its quality contents.
You’re so awesome! I don’t believe I have read a single thing like that before. So great to find someone with some original thoughts on this topic. Really.. thank you for starting this up. This website is something that is needed on the internet, someone with a little originality!
This is really interesting, You’re a very skilled blogger. I’ve joined your feed and look forward to seeking more of your magnificent post. Also, I’ve shared your site in my social networks!
I appreciate you sharing this blog post. Thanks Again. Cool.
You’re so awesome! I don’t believe I have read a single thing like that before. So great to find someone with some original thoughts on this topic. Really.. thank you for starting this up. This website is something that is needed on the internet, someone with a little originality!
naturally like your web site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I find it very bothersome to tell the truth on the other hand I will surely come again again.
I’m often to blogging and i really appreciate your content. The article has actually peaks my interest. I’m going to bookmark your web site and maintain checking for brand spanking new information.
Awesome! Its genuinely remarkable post, I have got much clear idea regarding from this post
Hi there to all, for the reason that I am genuinely keen of reading this website’s post to be updated on a regular basis. It carries pleasant stuff.
very informative articles or reviews at this time.
naturally like your web site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I find it very bothersome to tell the truth on the other hand I will surely come again again.
This is really interesting, You’re a very skilled blogger. I’ve joined your feed and look forward to seeking more of your magnificent post. Also, I’ve shared your site in my social networks!
I like the efforts you have put in this, regards for all the great content.
This is my first time pay a quick visit at here and i am really happy to read everthing at one place
I do not even understand how I ended up here, but I assumed this publish used to be great
I just like the helpful information you provide in your articles
Good post! We will be linking to this particularly great post on our site. Keep up the great writing
I very delighted to find this internet site on bing, just what I was searching for as well saved to fav
Nice post. I learn something totally new and challenging on websites
Awesome! Its genuinely remarkable post, I have got much clear idea regarding from this post
Hi there to all, for the reason that I am genuinely keen of reading this website’s post to be updated on a regular basis. It carries pleasant stuff.
I like the efforts you have put in this, regards for all the great content.
There is definately a lot to find out about this subject. I like all the points you made
Hi there to all, for the reason that I am genuinely keen of reading this website’s post to be updated on a regular basis. It carries pleasant stuff.
I appreciate you sharing this blog post. Thanks Again. Cool.
For the reason that the admin of this site is working, no uncertainty very quickly it will be renowned, due to its quality contents.
I truly appreciate your technique of writing a blog. I added it to my bookmark site list and will
I truly appreciate your technique of writing a blog. I added it to my bookmark site list and will
I really like reading through a post that can make men and women think. Also, thank you for allowing me to comment!
I appreciate you sharing this blog post. Thanks Again. Cool.
very informative articles or reviews at this time.
This is my first time pay a quick visit at here and i am really happy to read everthing at one place
naturally like your web site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I find it very bothersome to tell the truth on the other hand I will surely come again again.
Awesome! Its genuinely remarkable post, I have got much clear idea regarding from this post
I appreciate you sharing this blog post. Thanks Again. Cool.
This is my first time pay a quick visit at here and i am really happy to read everthing at one place
There is definately a lot to find out about this subject. I like all the points you made
This was beautiful Admin. Thank you for your reflections.
I do not even understand how I ended up here, but I assumed this publish used to be great
Pretty! This has been a really wonderful post. Many thanks for providing these details.
I’m often to blogging and i really appreciate your content. The article has actually peaks my interest. I’m going to bookmark your web site and maintain checking for brand spanking new information.
Awesome! Its genuinely remarkable post, I have got much clear idea regarding from this post
Great information shared.. really enjoyed reading this post thank you author for sharing this post .. appreciated
You’re so awesome! I don’t believe I have read a single thing like that before. So great to find someone with some original thoughts on this topic. Really.. thank you for starting this up. This website is something that is needed on the internet, someone with a little originality!
For the reason that the admin of this site is working, no uncertainty very quickly it will be renowned, due to its quality contents.
I really like reading through a post that can make men and women think. Also, thank you for allowing me to comment!
I really like reading through a post that can make men and women think. Also, thank you for allowing me to comment!
I truly appreciate your technique of writing a blog. I added it to my bookmark site list and will
Very well presented. Every quote was awesome and thanks for sharing the content. Keep sharing and keep motivating others.
This is my first time pay a quick visit at here and i am really happy to read everthing at one place
Awesome! Its genuinely remarkable post, I have got much clear idea regarding from this post
Nice post. I learn something totally new and challenging on websites