一键搭建LNMP
- 未避免网络相关问题,此脚本基于离线安装
- 脚本只对nginx、php-fpm做了基础优化,还请根据自己的需求修改相关配置文件
- 重新登陆后可以使用nginx,mysql,php-fpm等命令
- 关于https,nginx配置文件中已经做了全站https的代码,只是被注释了,请根据自己的域名、证书修改以下配置文件:
- /apps/nginx/conf/nginx.conf
系统环境要求:
- 没有安装过nginx、mysql、php软件以及apache、mariadb
- 没有相关软件生成的文件残留
- 未创建nginx,mysql用户
建议
脚本跑完后,第一次使用域名访问以完成wordpress安装,域名会被记录到数据库中,以后如果更换域名,只要重新做域名解析即可。若第一次使用IP访问,浏览器地址会显示IP地址而不是域名,更换域名及IP都需要手动对数据库修改,因此不建议使用IP访问安装wordpress。
下载源码包
nginx –1.18.0
mysql–5.7.34
php–7.4.21
openssl–1.1.1k
wordpress–5.7.2
#!/bin/bash
#
SRC_DIR='/usr/local/src/'
NGINX='nginx-1.18.0.tar.gz'
MYSQL='mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz'
PHP='php-7.4.21.tar.xz'
APP='wordpress-5.7.2-zh_CN.tar.gz'
OPENSSL='openssl-1.1.1k.tar.gz'
COLOR="echo -e \\033[01;31m"
END='\033[0m'
MYSQL_ROOT_PASSWORD=RedHat@123
MYSQL_WORDPRESS_PASSWORD=wordpress
CPU=`lscpu' awk '/^CPU\(s\):/{print $NF}'`
${COLOR}'开始安装基于LNMP的wordpress'$END
sleep 1
check_file(){
yum repolist ' grep -i epel &> /dev/null;
[ $? -ne 0 ] && { ${COLOR}'需要开启epel源'$END;exit; }
$COLOR"请将相关文件放在${SRC_DIR}目录下"$END
cd $SRC_DIR
if [ ! -e $NGINX ];then
$COLOR"缺少${NGINX}文件"$END
exit
elif [ ! -e $MYSQL ];then
$COLOR"缺少${MYSQL}文件"$END
exit
elif [ ! -e $PHP ];then
$COLOR"缺少${PHP}文件"$END
exit
elif [ ! -e $APP ];then
$COLOR"缺少${APP}文件"$END
exit
elif [ ! -e $OPENSSL ];then
$COLOR"缺少${OPENSSL}文件"$END
exit
else
$COLOR"相关文件已准备好"$END
fi
}
install_mysql(){
$COLOR"开始安装MySQL数据库"$END
tar xf $MYSQL -C $SRC_DIR
if [ -e /usr/local/mysql ];then
$COLOR"数据库已存在,安装失败"$END
exit
fi
local MYSQL_DIR=`echo $MYSQL' sed -nr 's/^(.*[0-9]).*/\1/p'`
ln -s ${SRC_DIR}${MYSQL_DIR} /usr/local/mysql
id mysql &> /dev/null '' { groupadd -g 306 mysql;useradd -u 306 -s /sbin/nologin -g mysql -r mysql;$COLOR"创建mysql用户"$END; }
yum -y -q install numactl-libs ncurses-compat-libs libaio &> /dev/null
echo 'PATH=/usr/local/mysql/bin/:$PATH' > /etc/profile.d/mysql.sh
source /etc/profile.d/mysql.sh
mkdir /etc/my.cnf.d
cat > /etc/my.cnf <<EOF
[mysqld]
server-id=1
basedir=/usr
datadir=/data/mysql
socket=/data/mysql/mysql.sock
log-error=/data/mysql/mysql.log
pid-file=/data/mysql/mysql.pid
character-set-server=utf8mb4
log-bin
[mysql]
default-character-set=utf8mb4
[client]
socket=/data/mysql/mysql.sock
!includedir /etc/my.cnf.d
EOF
cat > /usr/lib/systemd/system/mysqld.service <<EOF
[Unit]
Description=MySQL Server
Documentation=man:mysqld(8)
After=network.target
After=syslog.target
[Install]
WantedBy=multi-user.target
[Service]
User=mysql
Group=mysql
Type=forking
TimeoutSec=0
PermissionsStartOnly=true
ExecStart=/usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --daemonize
LimitNOFILE = 65536
Restart=on-failure
RestartPreventExitStatus=1
PrivateTmp=true
EOF
[ -d /data/ ] '' mkdir /data
/usr/local/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir=/data/mysql
systemctl daemon-reload && systemctl enable --now mysqld
[ $? -ne 0 ] && { $COLOR"数据库启动失败,退出!"$END;exit; }
mysqladmin -uroot password $MYSQL_ROOT_PASSWORD &>/dev/null
$COLOR"数据库安装完成"$END
}
install_nginx(){
${COLOR}"开始安装NGINX"$END
cd $SRC_DIR
id nginx &> /dev/null '' { groupadd -g 80 nginx;useradd -u 80 -s /sbin/nologin -g 80 -r nginx;$COLOR"创建nginx用户"$END; }
$COLOR"安装nginx相关包"$END
yum -q -y install gcc gcc-c++ pcre pcre-devel pcre pcre-devel zlib zlib-devel automake make &> /dev/null
tar xf $NGINX -C $SRC_DIR
NGINX_DIR=`echo $NGINX' sed -nr 's/^(.*[0-9]).*/\1/p'`
tar xf $OPENSSL -C $SRC_DIR
OPENSSL_DIR=`echo $OPENSSL ' sed -nr 's/^(.*).tar.gz/\1/p'`
cd $NGINX_DIR
./configure --prefix=/apps/nginx \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-file-aio \
--with-threads \
--with-openssl=${SRC_DIR}${OPENSSL_DIR}
make -j $CPU && make install
[ $? -eq 0 ] && $COLOR"NGINX编译安装成功"$END '' { $COLOR"NGINX编译安装失败,退出!"$END;exit; }
[ -d /data/nginx ] '' mkdir -pv /data/nginx/
cat > /apps/nginx/conf/nginx.conf <<EOF
user nginx nginx;
#工作进程数量,与cpu核心一致
worker_processes auto;
#CPU亲缘性绑定
worker_cpu_affinity auto;
error_log /apps/nginx/logs/error.log error;
pid logs/nginx.pid;
worker_priority 0;
#打开的最大文件数,应与`ulimit -n`一致
worker_rlimit_nofile 65536;
#线程池
thread_pool pool1 threads=32 max_queue=65536;
events {
#单个工作进程的最大并发连接数
worker_connections 65536;
#使用epoll事件驱动
use epoll;
#同一时刻一个请求轮流由work进程处理,避免"惊群"
accept_mutex on;
#工作进程开启同时接受多个新的网络连接
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
#自定义json日志格式
log_format access_json '{"@timestamp":"\$time_iso8601",'
'"host":"\$server_addr",'
'"clientip":"\$remote_addr",'
'"size":\$body_bytes_sent,'
'"responsetime":\$request_time,'
'"upstreamtime":"\$upstream_response_time",'
'"upstreamhost":"\$upstream_addr",'
'"http_host":"\$host",'
'"uri":"\$uri",'
'"domain":"\$host",'
'"xff":"\$http_x_forwarded_for",'
'"referer":"\$http_referer",'
'"tcp_xff":"\$proxy_protocol_addr",'
'"http_user_agent":"\$http_user_agent",'
'"status":"\$status"}';
#零拷贝,加快静态文件传输
sendfile on;
#合并请求后统一发送给客户端,需开启sendfile
tcp_nopush on;
#异步IO
aio threads=pool1;
directio 4m;
directio_alignment 512;
#开启与客户端长连接
keepalive_timeout 65;
keepalive_requests 500;
#立即发送相应报文
tcp_nodelay on;
#开启与后端fastcgi服务器长连接
fastcgi_keep_conn on;
#开启压缩
gzip on;
gzip_comp_level 9;
gzip_min_length 1k;
gzip_types text/plain application/javascript application/x-javascript
text/cssapplication/xml text/javascript application/x-httpd-php image/jpeg
image/gif image/png;
gzip_vary on;
#响应报文隐藏后端服务器
fastcgi_hide_header X-Powered-By;
#响应报文隐藏nginx版本
server_tokens off;
server {
server_name www.75j.xyz;
listen 80;
root /data/nginx/wordpress;
index index.php;
charset utf-8;
access_log /apps/nginx/logs/access_json.log access_json;
client_max_body_size 20m;
##ssl证书相关
#listen 443 ssl;
#ssl_certificate /apps/nginx/www.75j.xyz.pem;
#ssl_certificate_key /apps/nginx/www.75j.xyz.key;
#ssl_session_cache shared:SSL:10m;
#ssl_session_timeout 5m;
##HSTS 浏览器自己改写http请求为https,而不是先发送http,然后重定向到https
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
##非http请求重写为https请求
#if (\$scheme = http){
# rewrite ^/(.*)$ https://www.75j.xyz/\$1 permanent;
#}
##防盗链
#valid_referers none blocked server_names
# *.75j.xyz www.75j.xyz\/*
# ~\.baidu\.;
#if (\$invalid_referer) {
# return 403;
#}
#仅允许GET
location / {
limit_except GET {
deny all;
}
}
#动静分离
location ~ .*\.(gif'jpg'jpeg'png'bmp'swf'js'css'tiff'tif'wmf'ico)$ {
#root /data/static
expires 365d;
}
#与php服务器使用fastcgi连接
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_send_timeout 30;
fastcgi_read_timeout 30;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
include fastcgi_params;
}
location = /favicon.ico {
root /data/nginx/wordpress;
}
#禁止访问密码等敏感数据文件
location ~ ^/(\.user.ini'\.htaccess'\.git'\.svn'\.project'LICENSE'README.md) {
return 404;
}
#nginx状态页
location /nginx_status {
access_log off;
allow 127.0.0.1;
stub_status;
}
#php状态页
location ~ ^/(pm_status'ping)$ {
access_log off;
allow 127.0.0.1;
deny all;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param PATH_TRANSLATED \$document_root\$fastcgi_script_name;
include fastcgi_params;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
EOF
echo 'PATH=/apps/nginx/sbin:$PATH' >> /etc/profile.d/nginx.sh
cat > /usr/lib/systemd/system/nginx.service <<EOF
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/apps/nginx/logs/nginx.pid
ExecStartPre=/usr/bin/rm -f /apps/nginx/logs/nginx.pid
ExecStartPre=/apps/nginx/sbin/nginx -t
ExecStart=/apps/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=mixed
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now nginx
systemctl is-active nginx &> /dev/null '' { $COLOR"NGINX 启动失败,退出!"$END ; exit; }
$COLOR"NGINX安装完成"
}
install_php(){
${COLOR}"开始安装PHP"$END
yum -y install gcc openssl-devel libxml2-devel bzip2-devel libmcrypt-devel sqlite-devel oniguruma-devel autoconf libpng-devel libjpeg-devel
cd $SRC_DIR
tar xf $PHP
PHP_DIR=`echo $PHP' sed -nr 's/^(.*[0-9]).*/\1/p'`
cd $PHP_DIR
./configure \
--prefix=/apps/php \
--with-fpm-user=nginx \
--with-fpm-group=nginx \
--enable-mysqlnd \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-openssl \
--with-zlib \
--enable-mbstring \
--enable-xml \
--enable-sockets \
--enable-fpm \
--enable-maintainer-zts \
--with-jpeg \
--disable-fileinfo \
--enable-opcache \
--enable-gd \
--with-config-file-path=/apps/php/etc
make -j $CPU && make install
[ $? -eq 0 ] && $COLOR"PHP编译安装成功"$END '' { $COLOR"PHP编译安装失败,退出!"$END;exit; }
cat > /apps/php/etc/php-fpm.d/www.conf<<EOF
[www]
user = nginx
group = nginx
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 10
pm.min_spare_servers = 1
pm.max_spare_servers = 20
pm.max_requests = 1000
pm.status_path = /pm_status
ping.path = /ping
ping.response = pong
EOF
cp php.ini-production /apps/php/etc/php.ini
sed -i -r 's/(upload_max_filesize =).*/\1 20M/' /apps/php/etc/php.ini
sed -i -r 's/^(expose_php =) On/\1 Off/' /apps/php/etc/php.ini
echo -e 'opcache.enable=1\nzend_extension=opcache.so' >> /apps/php/etc/php.ini
echo 'PATH=/apps/php/bin/:/apps/php/sbin/:$PATH' > /etc/profile.d/php-fpm.sh
cp sapi/fpm/php-fpm.service /usr/lib/systemd/system/
cp /apps/php/etc/php-fpm.conf.default /apps/php/etc/php-fpm.conf
systemctl daemon-reload
systemctl start php-fpm
systemctl is-active php-fpm &> /dev/null '' { $COLOR"PHP-FPM 启动失败,退出!"$END ; exit; }
$COLOR"PHP安装完成"
}
install_wordpress(){
cd $SRC_DIR
tar xf $APP -C /data/nginx
chown -R nginx.nginx /data/nginx
cd /data/nginx/wordpress
cp wp-config-sample.php wp-config.php
mysql -uroot -p"$MYSQL_ROOT_PASSWORD" \
-e "create database wordpress;\
create user wordpress@'127.0.0.1' identified by '$MYSQL_WORDPRESS_PASSWORD';\
grant all on wordpress.* to wordpress@'127.0.0.1';" &>/dev/null
sed -i -e 's/database_name_here/wordpress/' \
-e 's/username_here/wordpress/' \
-e "s/password_here/$MYSQL_WORDPRESS_PASSWORD/" \
-e 's/localhost/127.0.0.1/' wp-config.php
$COLOR"WORDPRESS安装完成"
}
check_file
install_mysql
install_nginx
install_php
install_wordpress
本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 Mr.yang 个人博客!
相关推荐
评论