Centos生产环境编译安装LNMP

一、环境准备

1、操作系统安装：CentOS 6.564位最小化安装。

2、配置好IP、DNS、网关、主机名

3、配置防火墙，开启80、3306端口

vim /etc/sysconfig/iptables

-A RH-Firewall-1-INPUT -mstate --state NEW -m tcp -p tcp --dport 80 -j ACCEPT #允许80端口通过防火墙

-A RH-Firewall-1-INPUT -mstate --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT #允许3306端口通过防火墙

特别提示：如果这两条规则添加到防火墙配置的最后一行，导致防火墙启动失败，正确的应该是添加到默认的22端口 。

/etc/init.d/iptables restart #最后重启防火墙使配置生效4、关闭SELinux

vi /etc/selinux/configurations

#SELINUX=enforcing #注释掉#SELINUXTYPE=targeted #注释掉

SELINUX=disabled #增加

:wq! #保存退出

setenforce 0#使配置立即生效

二、系统约定

硬盘分区：50G(/boot 200M /swap8192M /)+100G(/opt)

软件源代码包存放位置：/opt/local/src

源码包编译安装位置：/opt/local/软件名

数据库数据文件存储路径/opt/local/MysqL/var

三、软件包下载

1、下载Nginx（目前稳定版）：http://Nginx.org/download/Nginx-1.4.4.tar.gz

2、下载pcre （支持Nginx伪静态）：ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.34.tar.gz

3、下载MysqL：http://cdn.MysqL.com/Downloads/MysqL-5.5/MysqL-5.5.35.tar.gz

4、下载PHP：http://cn2.PHP.net/distributions/PHP-5.5.7.tar.gz

5、下载cmake（MysqL编译工具）：http://www.cmake.org/files/v2.8/cmake-2.8.12.1.tar.gz

6、下载libmcrypt（PHPlibmcrypt模块）：http://nchc.dl.sourceforge.net/project/mcrypt/libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz

7、下载GD库安装包（PHP页面图片验证码支持）：https://PHPsqq.googlecode.com/files/gd-2.0.36RC1.tar.gz

将以上软件包上传到/opt/local/src目录

四、安装编译工具及库文件

使用CentOS yum命令一键安装

yum install -y make apr* autoconf automake curl curl-devel gcc gcc-c++ gtk+-devel zlib-devel openssl openssl-devel pcre-devel gd kernel keyutils patch perl kernel-headers compat* cpp glibc libgomp libstdc++-devel keyutils-libs-devel libsepol-devel libselinux-devel krb5-devel libXpm* freetype freetype-devel freetype* fontconfig fontconfig-devel libjpeg* libpng* PHP-common PHP-gd gettext gettext-devel ncurses* libtool* libxml2 libxml2-devel patch policycoreutils bison

五、软件安装篇

1、安装cmake

cd /opt/local/src

tar zxvf cmake-2.8.8.tar.gz

cd cmake-2.8.8

./configure --prefix=/opt/local/cmake

make #编译

make install #安装

vim /etc/profile 在path路径中增加cmake执行文件路径

export PATH=$PATH:/opt/local/cmake/bin

source /etc/profile使配置立即生效

2、安装pcre

cd /opt/local/src

mkdir /usr/local/pcre #创建安装目录

tar zxvf pcre-8.34.tar.gz

cd pcre-8.34

./configure --prefix=/opt/local/pcre#配置

make && make install

3、安装libmcrypt

cd /opt/local/src

tar zxvf libmcrypt-2.5.8.tar.gz #解压

cd libmcrypt-2.5.8#进入目录

./configure #配置

make #编译

make install #安装

4、安装gd库

cd /opt/local/src

tar zxvf gd-2.0.36RC1.tar.gz

cd gd-2.0.36RC1

./configure --enable-m4_pattern_allow ―prefix=/opt/local/gd --with-jpeg=/usr/lib --with-png=/usr/lib --with-xpm=/usr/lib --with-freetype=/usr/lib --with-fontconfig=/usr/lib#配置

make #编译

make install #安装5、安装MysqL

groupadd MysqL #添加MysqL组

useradd -g MysqL MysqL -s /bin/false #创建用户MysqL并加入到MysqL组，不允许MysqL用户直接登录系统mkdir -p /opt/data/MysqL/var #创建MysqL数据库存放目录chown -R MysqL:MysqL /opt/data/MysqL/var #设置MysqL数据库目录权限

cd /opt/local/src

tar zxvf MysqL-5.5.35.tar.gz #解压

cd MysqL-5.5.35

cmake . -DCMAKE_INSTALL_PREFIX=/opt/local/MysqL -DMysqL_DATADIR=/opt/data/MysqL/var -DSYSconfdIR=/etc#配置

make #编译

make install #安装

cd /opt/local/MysqL

cp ./support-files/my-huge.cnf /etc/my.cnf #拷贝配置文件（注意：如果/etc目录下面默认有一个my.cnf，直接覆盖即可）

vi /etc/my.cnf #编辑配置文件,在 [MysqLd] 部分增加

datadir = /opt/data/MysqL/var#添加MysqL数据库路径

./scripts/MysqL_install_db --user=MysqL #生成MysqL系统数据库

cp ./support-files/MysqL.server /etc/rc.d/init.d/MysqLd #把MysqL加入系统启动chmod755 /etc/init.d/MysqLd #增加执行权限

chkconfig MysqLd on #加入开机启动

vi /etc/rc.d/init.d/MysqLd #编辑

basedir = /opt/local/MysqL #MysqL程序安装路径

datadir = /opt/local/MysqL/var #MysqL数据库存放目录

service MysqLd start #启动

vi /etc/profile #把MysqL服务加入系统环境变量：在最后添加下面这一行

export PATH=$PATH:/opt/local/cmake/bin:/opt/local/MysqL/bin

source /etc/profile #使配置立即生效

mkdir /var/lib/MysqL#创建目录

ln -s /tmp/MysqL.sock /var/lib/MysqL/MysqL.sock #添加软链接

MysqL_secure_installation #设置MysqL密码，根据提示按Y 回车输入2次密码

/opt/local/MysqL/bin/MysqLadmin -u root -p password "123456"#或者直接修改密码

到此，MysqL安装完成！

6、安装 Nginx

cd /opt/local/src

groupadd www #添加www组

useradd -g www www -s /bin/false #创建Nginx运行账户www并加入到www组，不允许www用户直接登录系统

tar zxvf Nginx-1.4.4.tar.gz

cd Nginx-1.4.4

./configure --prefix=/opt/local/Nginx --without-http_memcached_module --user=www --group=www --with-http_stub_status_module --with-openssl=/usr/ --with-pcre=/opt/local/src/pcre-8.31

注意:--with-pcre=/opt/local/src/pcre-8.34指向的是源码包解压的路径，而不是安装的路径，否则会报错

make

make install

/opt/local/Nginx/sbin/Nginx #启动Nginx

设置Nginx开启启动

vi /etc/rc.d/init.d/Nginx #编辑启动文件添加下面内容

=======================================================

#!/bin/bash# Nginx Startup script for the Nginx HTTP Server# it is v.0.0.2 version.# chkconfig: - 85 15# description: Nginx is a high-performance web and proxy server.# It has a lot of features,but it's not for everyone.# processname: Nginx# pidfile: /var/run/Nginx.pid# config: /usr/local/Nginx/conf/Nginx.conf

Nginxd=/opt/local/Nginx/sbin/Nginx

Nginx_config=/opt/local/Nginx/conf/Nginx.conf

Nginx_pid=/opt/local/Nginx/logs/Nginx.pid

RETVAL=0

prog="Nginx"

# Source function library.

. /etc/rc.d/init.d/functions

# Source networking configuration.

. /etc/sysconfig/network

# Check that networking is up.

[ ${NETWORKING} = "no" ] && exit 0

[ -x $Nginxd ] || exit 0

# Start Nginx daemons functions.

start() {

if [ -e $Nginx_pid ];then

echo "Nginx already running...."

exit 1

fi

echo -n $"Starting $prog: "

daemon $Nginxd -c ${Nginx_config}

RETVAL=$?

echo

[ $RETVAL = 0 ] && touch /var/lock/subsys/Nginx

return $RETVAL

}

# Stop Nginx daemons functions.

stop() {

echo -n $"Stopping $prog: "

killproc $Nginxd

RETVAL=$?

echo

[ $RETVAL = 0 ] && rm -f /var/lock/subsys/Nginx /usr/local/Nginx/logs/Nginx.pid

}

reload() {

echo -n $"Reloading $prog: "

#kill -HUP `cat ${Nginx_pid}`

killproc $Nginxd -HUP

RETVAL=$?

echo

}

# See how we were called.

case "$1" in

start)

start

;;

stop)

stop

;;

reload)

reload

;;

restart)

stop

start

;;

status)

status $prog

RETVAL=$?

;;

*)

echo $"Usage: $prog {start|stop|restart|reload|status|help}"exit1

esac

exit$RETVAL

=======================================================

:wq! #保存退出chmod775 /etc/rc.d/init.d/Nginx #赋予文件执行权限

chkconfig Nginx on #设置开机启动

/etc/rc.d/init.d/Nginx restart #重新启动Nginx

service Nginx restart

=======================================================

7、安装PHP

cd /opt/local/src

tar -zvxf PHP-5.5.7.tar.gz

cd PHP-5.5.7.

./configure --prefix=/opt/local/PHP5 --with-config-file-path=/opt/local/PHP5/etc --with-MysqL=/opt/local/MysqL --with-MysqL-sock=/tmp/MysqL.sock --with-gd --with-iconv --with-zlib --enable-xml --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --enable-mbregex --enable-fpm --enable-mbstring --enable-ftp --enable-gd-native-ttf --with-openssl --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --without-pear --with-gettext --enable-session --with-mcrypt --with-curl --with-jpeg-dir --with-freetype-dir

make #编译

make install #安装

cp PHP.ini-production /opt/local/PHP5/etc/PHP.ini #复制PHP配置文件到安装目录

rm -rf /etc/PHP.ini #删除系统自带配置文件

ln -s /opt/local/PHP5/etc/PHP.ini /etc/PHP.ini #添加软链接

cp /opt/local/PHP5/etc/PHP-fpm.conf.default /opt/local/PHP5/etc/PHP-fpm.conf #拷贝模板文件为PHP-fpm配置文件

vi /opt/local/PHP5/etc/PHP-fpm.conf #编辑

user = www #设置PHP-fpm运行账号为www

group = www #设置PHP-fpm运行组为www

pid = run/PHP-fpm.pid #取消前面的分号

设置 PHP-fpm开机启动

cp /opt/local/src/PHP-5.5.7/sapi/fpm/init.d.PHP-fpm /etc/rc.d/init.d/PHP-fpm #拷贝PHP-fpm到启动目录chmod +x /etc/rc.d/init.d/PHP-fpm #添加执行权限

chkconfig PHP-fpm on #设置开机启动

vi /opt/local/PHP5/etc/PHP.ini #编辑配置文件

找到：disable_functions =

修改为：disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname

#列出PHP可以禁用的函数，如果某些程序需要用到这个函数，可以删除，取消禁用

找到：;date.timezone =

修改为：date.timezone = PRC #设置时区

找到：expose_PHP = On

修改为：expose_PHP = OFF #禁止显示PHP版本的信息

找到：short_open_tag = Off

修改为：short_open_tag = ON #支持PHP短标签

八、配置Nginx支持PHP

vi /opt/local/Nginx/conf/Nginx.conf

修改/opt/local/Nginx/conf/Nginx.conf 配置文件,需做如下修改

user www www; #首行user去掉注释,修改Nginx运行组为www www；必须与/opt/local/PHP/etc/PHP-fpm.conf中的user,group配置相同，否则PHP运行出错

user www www;

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

server {

listen80;

server_name localhost;

location / {

root html;

indexindex.PHP index.html index.htm;

}

location ~ \.PHP$ {

root html;

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.PHP;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

include fastcgi_params;

}

}

}

/etc/init.d/Nginx restart #重启Nginx

六、测试篇

cd /opt/local/Nginx/html/ #进入Nginx默认网站根目录

rm -rf /opt/local/Nginx/html/* #删除默认测试页

vi index.PHP #新建index.PHP文件

PHPinfo();

?>

:wq! #保存退出chown www.www /opt/local/Nginx/html/ -R #设置目录所有者chmod700 /opt/local/Nginx/html/ -R #设置目录权限

七、其它说明

服务器相关操作命令

service Nginx restart #重启Nginx

service MysqLd restart #重启MysqL

/usr/local/PHP/sbin/PHP-fpm #启动PHP-fpm

/etc/rc.d/init.d/PHP-fpm restart #重启PHP-fpm

/etc/rc.d/init.d/PHP-fpm stop #停止PHP-fpm

/etc/rc.d/init.d/PHP-fpm start #启动PHP-fpm

Nginx默认站点目录是：/opt/local/Nginx/html/

权限设置：chown www.www /opt/local/Nginx/html/ -R

MysqL数据库目录是：/opt/local/MysqL/var

权限设置：chown MysqL.MysqL -R /opt/local/MysqL/var

八、安全优化

sherwin@rocnic~$ssh root@172.16.134.141

root@172.16.134.141's password:

Last login: Sat Jan 18 12:11:57 2014 from 172.16.134.1

-bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory

[root@dev01 ~]# locale

locale: Cannot set LC_CTYPE to default locale: No such file or directory

locale: Cannot set LC_ALL to default locale: No such file or directory

LANG=en_US.UTF-8

LC_CTYPE=UTF-8

LC_NUMERIC="en_US.UTF-8"

LC_TIME="en_US.UTF-8"

LC_COLLATE="en_US.UTF-8"

LC_MONETARY="en_US.UTF-8"

LC_MESSAGES="en_US.UTF-8"

LC_PAPER="en_US.UTF-8"

LC_NAME="en_US.UTF-8"

LC_ADDRESS="en_US.UTF-8"

LC_TELEPHONE="en_US.UTF-8"

LC_MEASUREMENT="en_US.UTF-8"

LC_IDENTIFICATION="en_US.UTF-8"

LC_ALL=