Debian9+PHP7.3+Nginx+MariaDB的网站环境配置
# 因为有些时候v6的apt很慢,所以设置apt只用ipv4:
echo 'Acquire::ForceIPv4 "true";' > /etc/apt/apt.conf.d/99force-ipv4
# 禁用IPv6
方法1
# 编辑/etc/sysctl.conf文件。 sudo nano /etc/sysctl.conf # 放置以下条目以禁用所有适配器的IPv6。 net.ipv6.conf.all.disable_ipv6 = 1 # 对于特定的适配器(如果网卡名称为enp0s3)。 net.ipv6.conf.ens4.disable_ipv6 = 1 要反映更改,请执行以下命令。 sudo sysctl -p
方法2
# 在/etc/sysctl.d目录中创建一个名为70-disable-ipv6.conf的文件。 sudo nano /etc/sysctl.d/70-disable-ipv6.conf # 添加以下条目以禁用所有适配器的IPv6。 net.ipv6.conf.all.disable_ipv6 = 1 # 对于特定的适配器(如果网卡名称为enp0s3)。 net.ipv6.conf.ens4.disable_ipv6 = 1 运行以下命令以执行更改。 sudo sysctl -p -f /etc/sysctl.d/70-disable-ipv6.conf
# 设置源:
echo "deb http://ftp.us.debian.org/debian stretch main contrib non-free" >/etc/apt/sources.list echo "deb http://ftp.us.debian.org/debian stretch-updates main contrib non-free" >>/etc/apt/sources.list echo "deb http://security.debian.org stretch/updates main contrib non-free" >>/etc/apt/sources.list echo "deb-src http://ftp.us.debian.org/debian stretch main contrib non-free" >>/etc/apt/sources.list echo "deb-src http://ftp.us.debian.org/debian stretch-updates main contrib non-free" >>/etc/apt/sources.list echo "deb-src http://security.debian.org stretch/updates main contrib non-free" >>/etc/apt/sources.list
# 习惯性的ll和用不上的服务:
alias ll='ls -al' echo "alias ll='ls -al'" >> /root/.bashrc systemctl disable postfix systemctl disable rsyslog
# 为了超大并发而优化的
echo "net.ipv4.tcp_syncookies = 1">>/etc/sysctl.conf echo "net.ipv4.tcp_tw_reuse = 1">>/etc/sysctl.conf echo "net.ipv4.tcp_tw_recycle = 1">>/etc/sysctl.conf echo "net.ipv4.tcp_fin_timeout = 30">>/etc/sysctl.conf sysctl -p
# 改成中国时区,看着舒服:
timedatectl set-timezone 'Asia/Shanghai' echo "UTC=no" >> /etc/default/rcS
# 更新系统现有的核心和已安装组件:
apt-get update && apt-get upgrade -y && apt-get -u dist-upgrade -y
# 先重启一次:
reboot
# 最新版php和nginx的源
apt-get -y install apt-transport-https lsb-release ca-certificates sh -c 'echo "deb https://packages.sury.org/nginx/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/nginx.list' wget -O /etc/apt/trusted.gpg.d/nginx.gpg https://packages.sury.org/nginx/apt.gpg sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list' wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg apt-get update # debian 11 sudo sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list' wget -qO - https://packages.sury.org/php/apt.gpg | sudo apt-key add -
# 安装nginx+php+mariadb,注意,因为装php的时候会自动带上apache,所以我这里分几次处理这个问题。
apt-get install -y nginx nginx-extras net-tools nload update-inetd sysv-rc-conf proftpd # ========== # mariadb 安装 # Install all required dependencies sudo apt update sudo apt-get install software-properties-common dirmngr # Add MariaDB 10.3 repository # For Debian 9 sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xF1656F24C74CD1D8 sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://mirror.zol.co.zw/mariadb/repo/10.3/debian stretch main' # For Debian 8 sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://mirror.zol.co.zw/mariadb/repo/10.3/debian jessie main' # 更新源 apt-get update # mariadb10.3 安装 apt-get install -y mariadb-server-10.3 apt-get install -y mariadb-client-10.3 # mariadb10.1 安装 apt-get install -y mariadb-client-10.1 libmariadbclient-dev apt-get install -y mariadb-server-10.1 # ========== /etc/init.d/nginx stop # php7.3安装 apt-get install -y php7.3-fpm php7.3-cgi php7.3-gd php7.3-imap php7.3-xmlrpc php7.3-xsl php7.3-mysql php7.3-curl php7.3-common php7.3-dev php7.3-imagick php7.3-memcache php7.3-recode php7.3-tidy php7.3-mbstring php7.3-db php7.3-apcu # php5.6安装 apt-get install -y php5.6 php5.6-mysql php5.6-xml php5.6-zip php5.6-bcmath php5.6-cli php5.6-mbstring php5.6-common php5.6-curl php5.6-fpm php5.6-gd php5.6-json php5.6-memcache php5.6-readline # ========== # 删除apache服务 systemctl disable apache2 && /etc/init.d/apache2 stop && apt remove -y --purge apache2 && apt -y autoremove # php7.3-fpm设置 sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/php/7.3/fpm/php.ini # php多版本切换 update-alternatives --config php
# 设置mysql,这里是用我自己的配置文件,你可以自己修改
数据库配置文件路径 /etc/mysql/mariadb.conf.d/50-server.cnf
# 数据库登陆和授权
mysql -u root -pmysql密码
set password for root@localhost = password('mysql密码');
# 数据库登陆授权,"%"是允许所有IP登陆
grant all privileges on *.* to root@"%" identified by 'mysql密码' with grant option;
exit;
/etc/init.d/mysql restart# 设置proftpd:
wget https://soft.tingtao.org/debian9/proftpd/proftpd_nossl.txt -O /etc/proftpd/proftpd.conf /etc/init.d/proftpd restart
# 设置nginx:
mkdir -p /cachedisk/staticfile mkdir -p /dev/shm/cachemem/phpfile mkdir -p /dev/shm/cachemem/fastcgi mkdir -p /cachemem/phpfile mkdir -p /cachemem/fastcgi cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.default vi /etc/nginx/nginx.conf mkdir /var/www/logs cp /etc/nginx/fastcgi_params /etc/nginx/fastcgi_params.default cp /etc/nginx/fastcgi.conf /etc/nginx/fastcgi.conf.default cp /etc/php/7.3/fpm/php-fpm.conf /etc/php/7.3/fpm/php-fpm.conf.default echo 'fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root/:/tmp/:/proc/:/usr/share/php/";' >> /etc/nginx/fastcgi_params echo 'fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root/:/tmp/:/proc/:/usr/share/php/";' >> /etc/nginx/fastcgi.conf echo "php_admin_value[open_basedir]=/var/www/:/proc/:/tmp/:/usr/share/php/" >> /etc/php/7.3/fpm/php-fpm.conf /etc/init.d/nginx restart
推荐nginx.conf 配置
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 2000;
}
http {
include /etc/nginx/mime.types;
default_type text/html;
log_format main '"$remote_addr","$server_addr","$fmt_localtime","$scheme","$server_protocol","$request_method","$server_name","$status","$sent_http_content_type","$body_bytes_sent","$request_uri","$http_referer","$http_user_agent"';
map $host $fmt_localtime {
default '';
}
log_by_lua_block {
ngx.var.fmt_localtime = ngx.localtime();
}
more_set_headers "Server: Nginx By FreeBSD_K";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
# access_log /var/log/nginx/access.log;
# error_log /var/log/nginx/error.log;
error_log /dev/null;
access_log /dev/null;
#sendfile 指令指定 nginx 是否调用 sendfile 函数(zero copy 方式)来输出文件,
#对于普通应用,必须设为 on,
#如果用来进行下载等应用磁盘IO重负载应用,可设置为 off,
#以平衡磁盘与网络I/O处理速度,降低系统的uptime.
sendfile on;
#tcp_nopush on;
#连接超时时间
#keepalive_timeout 0;
keepalive_timeout 120;
tcp_nodelay on;
types_hash_max_size 2048;
# 开启gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types image/svg+xml text/plain text/xml text/css text/javascript application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript application/x-font-ttf application/vnd.ms-fontobject font/opentype font/ttf font/eot font/otf;
gzip_disable "MSIE [1-6]\.";
#设定请求缓冲
# client_header_buffer_size 128k;
# large_client_header_buffers 4 128k;
server_names_hash_bucket_size 1024; #服务器名字的hash表大小
proxy_headers_hash_max_size 51200; #设置头部哈希表的最大值,不能小于你后端服务器设置的头部总数
proxy_headers_hash_bucket_size 6400;#设置头部哈希表大小
#levels设置目录层次
#keys_zone设置缓存名字和共享内存大小
#inactive在指定时间内没人访问则被删除在这里是1天
#max_size最大缓存空间
#proxy_cache_path /cachedisk/staticfile levels=1:2 keys_zone=staticfile:10m inactive=1d max_size=3000m;
#proxy_cache_path /dev/shm/cachemem/phpfile levels=1:2 keys_zone=phpfile:10m inactive=1d max_size=500m;
#proxy_cache_key $scheme$host$request_uri;
#fastcgi_cache_path /dev/shm/cachemem/fastcgi levels=1:2 keys_zone=wp_fastcgi:10m inactive=1d max_size=500m;
#fastcgi_cache_key "$scheme$request_method$host$request_uri";
#fastcgi_cache_valid 200 302 2h;
#fastcgi_cache_min_uses 1;
#fastcgi_cache_use_stale error timeout invalid_header http_500;
#fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
#fastcgi_temp_path /tmp/fcgi_cache_tmp;
send_timeout 600;
server_tokens off;
client_max_body_size 50m;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
##tcp proxy
#stream {
# upstream win_work {
# server 192.168.0.188:3389;
# }
# upstream win_send {
# server 192.168.0.168:3389;
# }
# server {
# listen 3389;
# proxy_connect_timeout 1s;
# proxy_timeout 3s;
# proxy_pass win_work;
# }
# server {
# listen 55888 ;
# proxy_responses 1;
# proxy_timeout 20s;
# proxy_pass win_send;
# }
#}注意,因为唯一的示例文件删掉了,所以php在这里重启是肯定会失败的,等以后创建了网站就正常了。
#####################################################
创建站点的过程:
以本站为例,ftp用户名为www.helloworld.com,网站位于 /var/www/www.helloworld.com,密码为“ftp密码”
# 创建站点目录和ftp账号什么的:
useradd www.tingtao.org -s /sbin/nologin echo www.tingtao.org:ftp密码|chpasswd groupadd -f www.helloworld.com usermod -G www.helloworld.com -a www-data usermod -G www.helloworld.com -a proftpd mkdir /var/www/www.helloworld.com usermod -d /var/www/www.helloworld.com www.helloworld.com chown -R www.tingtao.org:www.helloworld.com /var/www/www.helloworld.com chmod -R 755 /var/www/www.helloworld.com
# php配置:
cat > /etc/php/7.3/fpm/pool.d/www.helloworld.com.conf <<- _EOF1_ [www.helloworld.com] user = www.helloworld.com group = www.helloworld.com listen = /var/run/php7-fpm-www.helloworld.com.sock listen.owner = www-data listen.group = www-data php_admin_value[include_path] = .:/var/www/globals/helloworld.com/lib php_admin_value[open_basedir] = /dev/shm/www/www.helloworld.com:/tmp:/var/www/www.helloworld.com php_admin_value[upload_max_filesize] = 50M php_admin_value[max_execution_time] = 30 php_admin_value[max_input_time] = 60 php_admin_value[memory_limit] = 256M php_admin_value[output_buffering] = 4096 php_admin_value[disable_functions] = system,exec,shell_exec,passthru,error_log,dl,sys_getloadavg,pfsockopen,openlog,syslog,readlink,symlink,link,leak,popen,escapeshellcmd,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,escapeshellarg,pcntl_exec,show_source,highlight_file,ini_restore,apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,virtual,mb_send_mail,set_time_limit,max_execution_time,php_uname,disk_free_space,diskfreespace,stream_copy_to_stream php_admin_flag[allow_url_fopen] = off php_admin_flag[expose_php] = Off php_admin_flag[display_errors] = Off pm = dynamic pm.max_children = 5 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 3 chdir = / _EOF1_
# 站点配置是 /etc/nginx/sites-enabled/www.helloword.com.conf ,注意证书路径:
#######################################################
# www.helloworld.com
server {
listen 80;
listen [::]:80;
server_name helloworld.com www.helloworld.com;
keepalive_timeout 120;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /var/www/ca/helloworld.com/fullchain.pem;
ssl_certificate_key /var/www/ca/helloworld.com/privkey.pem;
##############################################
error_log /dev/null;
access_log /dev/null;
root /var/www/www.helloworld.com;
set $skip_cache 0;
#post访问不缓存
if ($request_method = POST) {
set $skip_cache 1;
}
#动态查询不缓存
if ($query_string != "") {
set $skip_cache 1;
}
#后台等特定页面不缓存(其他需求请自行添加即可)
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
}
#对登录用户、评论过的用户不展示缓存
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
location ~ ^.+\.php {
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/var/run/php7-fpm-www.tingtao.org.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param PHP_ADMIN_VALUE "cgi.fix_pathinfo=1";
fastcgi_param PHP_ADMIN_VALUE "include_path= .:/var/www/globals/v.haote.net/lib:/usr/share/php/";
fastcgi_param PHP_ADMIN_VALUE "open_basedir= $document_root/:/tmp:/usr/share/php/";
fastcgi_param PHP_ADMIN_VALUE "upload_max_filesize= 50M";
fastcgi_param PHP_ADMIN_VALUE "max_execution_time= 30";
fastcgi_param PHP_ADMIN_VALUE "max_input_time= 60";
fastcgi_param PHP_ADMIN_VALUE "memory_limit= 128M";
fastcgi_param PHP_ADMIN_VALUE "output_buffering= 4096";
fastcgi_param PHP_ADMIN_VALUE "disable_functions= system,exec,shell_exec,passthru,error_log,dl,sys_getloadavg,pfsockopen,openlog,syslog,readlink,symlink,link,leak,popen,escapeshellcmd,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,escapeshellarg,pcntl_exec,show_source,highlight_file,ini_restore,apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,virtual,mb_send_mail,set_time_limit,max_execution_time,php_uname,disk_free_space,diskfreespace,stream_copy_to_stream";
fastcgi_param PHP_ADMIN_VALUE "allow_url_fopen= off";
fastcgi_param PHP_ADMIN_VALUE "expose_php= Off";
fastcgi_param PHP_ADMIN_VALUE "display_errors= Off";
fastcgi_param PHP_ADMIN_VALUE "post_max_size= 50M";
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort on;
fastcgi_read_timeout 180;
# add_header Fastcgi-Cache $upstream_cache_status;
# fastcgi_cache_bypass $skip_cache;
# fastcgi_no_cache $skip_cache;
# fastcgi_cache wp_fastcgi;
# fastcgi_cache_valid 2h;
}
location / {
#定义首页索引文件的名称
index index.php index.html index.htm;
#下面这行和后面的跟wordpress有关
try_files $uri $uri/ /index.php?$args;
}
# rewrite /wp-admin$ $scheme://$host$uri/ permanent;
}#数据库名和用户名为 helloworld:
CREATE DATABASE 数据库名
CREATE USER '数据库用户名'@'localhost' IDENTIFIED BY '数据库密码';
set password for 数据库用户名@localhost=password('密码');
grant all privileges on 数据库名.* to '数据库用户名'@'localhost';
flush privileges;# 站点创建以后需要重启php和nginx:
/etc/init.d/nginx restart /etc/init.d/php7.3-fpm restart
至此,所有相关环境创建完成,只有nginx的站点配置和mysql建库需要编辑器或者mysql来执行,其他的都是复制即可。
猜你喜欢
Centos免费Let's Encrypt SSL证书申请和自动续签
阅读 474免费Let's Encrypt SSL证书申请和自动续签
iptables防火墙规则的添加、删除、修改、保存
阅读 485iptables防火墙规则的添加、删除、修改、保存
RedHat 7.0及CentOS 7.0禁止Ping的三种方法
阅读 401RedHat 7.0及CentOS 7.0禁止Ping的三种方法
服务器性能测试一键脚本和对比汇总
阅读 309服务器性能测试一键脚本和对比汇总
Linux下Swap交换分区创建 - Swap Size Failed错误问题解决
阅读 403Linux下Swap交换分区创建 - Swap Size Failed错误问题解决
Linux流量监控工具 - iftop (最全面的iftop教程)
阅读 335Linux流量监控工具 - iftop (最全面的iftop教程)
一个极简的HTTP Server: Caddy一键安装脚本,带网站配置教程
阅读 909一个极简的HTTP Server: Caddy一键安装脚本,带网站配置教程
LNAMP上php无法获取$_SERVER['HTTPS']的解决办法
阅读 322LNAMP上php无法获取$_SERVER['HTTPS']的解决办法