LNMP是Linux + Nginx + MySQL + PHP 四个系统的首字母缩写,相对于 LAMP(Linux + Apache + MySQL + PHP )来说的。曾经在虚拟主机建站界风靡一时,随着新的编程语言和容器技术、微服务等发展,慢慢没落了,尤其是PHP编程语言的使用量急剧下降了。
WordPress是一款能让您建立出色网站、博客或应用程序的开源软件。它具有美观的设计,强大的功能,可以助您自由发挥心中所想。WordPress既是免费的,也是无价的。
# 本实践过程中的系统及环境描述
L:Linux https://mirrors.aliyun.com/centos/
N:Nginx https://nginx.org/en/download.html
M:MySQL https://dev.mysql.com/downloads/mysql/
P:PHP http://php.net/downloads.php
Wordpress https://cn.wordpress.org/latest-zh_CN.tar.gz
#部署规划:
192.168.250.47:Nginx php-fpm 运行web服务
192.168.250.48:运行MySQL数据库,Redis服务
1. 架构拓扑及主机说明
# 三台主机
1 1台 Linux+Nginx+PHP+WordPress (简称 LNP) 服务器 :
主机名:LNP-Server-IP47
CentOS 7.9
IP:192.168.250.47
2 1台 MySQL+Redis 服务器 :
主机名: MySQL-Redis-IP48
CentOS 8.4
IP:192.168.250.48/24
3 1台 client主机 :
WIN10-PC机
2. 准备 MySQL 数据库
# CentOS系统的优化,可以查以前的文章;按照架构图修改好主机名
[root@CentOS84-IP48 ]#hostnamectl set-hostname MySQL-Redis-IP48
[root@CentOS84-IP48 ]#exit
# yum 安装 mysql-server 数据库
[root@MySQL-Redis-IP48 ]#yum info mysql-server
Last metadata expiration check: 19:31:21 ago on Mon 28 Mar 2022 02:34:38 AM CST.
Available Packages
Name : mysql-server
Version : 8.0.26
[root@MySQL-Redis-IP48 ]#yum -y install mysql-server
# 启动服务并开启自启
[root@MySQL-Redis-IP48 ]#systemctl enable --now mysqld
# 进入数据库
[root@MySQL-Redis-IP48 ]#mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.26 Source distribution
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
# 创建 wordpress 库
mysql> create database wordpress;
Query OK, 1 row affected (0.00 sec)
# 创建wordpress的数据库账户名和密码
mysql> create user wordpress@'192.168.250.%' identified by '123456';
Query OK, 0 rows affected (0.01 sec)
# 数据库授权
mysql> grant all on wordpress.* to wordpress@'192.168.250.%';
Query OK, 0 rows affected (0.01 sec)
# 本机登录并验证数据库
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
| wordpress |
+--------------------+
5 rows in set (0.01 sec)
mysql> use wordpress
Database changed
mysql> show tables;
Empty set (0.00 sec)
mysql> quit
Bye
[root@MySQL-Redis-IP48 ]#
3. 网络验证MySQL服务
# 通过网络在另外一台机器上登录上面建好的数据库服务器
# 安装数据库客户端 mysql 包
[root@CentOS84-IP172-48 ]#yum -y install mysql
# 网络方式登录远程数据库
[root@CentOS84-IP172-48 ]#mysql -uwordpress -p123456 -h192.168.250.48
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 8.0.26 Source distribution
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| wordpress |
+--------------------+
2 rows in set (0.00 sec)
mysql>
4. 配置 LNP 服务器
基本任务: 编译安装和部署 php 支持 redis,并准备配置和启动服务文件,启动 php-fpm; 编译安装Nginx ,并准备配置和启动服务文件,启动Nginx
4.1 部署php-fpm服务
# 按照架构图修改好主机名
[root@centos79 <sub>]# hostnamectl set-hostname LNP-Server-IP47
[root@centos79 </sub>]# exit
# 安装编译PHP需要的依赖包
[root@lnp-server-ip47 ]# yum -y install gcc openssl-devel libxml2-devel bzip2-devel libmcrypt-devel sqlite-devel oniguruma-devel
# 下载 php-7.4.28.tar.xz 源码包
[root@lnp-server-ip47 src]# wget https://www.php.net/distributions/php-7.4.28.tar.xz
[root@lnp-server-ip47 src]# ll -h php-7.4.28.tar.xz
-rw-r--r-- 1 root root 10M Feb 15 21:40 php-7.4.28.tar.xz
# 解压源码包,进入源码包所在目录
[root@lnp-server-ip47 src]# tar xf php-7.4.28.tar.xz
[root@lnp-server-ip47 src]# ll
total 11220
drwxr-xr-x 9 1001 1001 186 Mar 28 17:06 nginx-1.20.2
-rw-r--r-- 1 root root 1062124 Nov 16 22:51 nginx-1.20.2.tar.gz
drwxrwxr-x 16 root root 4096 Feb 15 21:23 php-7.4.28
-rw-r--r-- 1 root root 10418352 Feb 15 21:40 php-7.4.28.tar.xz
# 准备编译参数
[root@lnp-server-ip47 src]#cd php-7.4.28/
[root@lnp-server-ip47 php-7.4.28]# ./configure --prefix=/apps/php74 --enable-mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-openssl --with-zlib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --enable-mbstring --enable-xml --enable-sockets --enable-fpm -enable-maintainer-zts --disable-fileinfo
....................................
Thank you for using PHP. # 需要看到这个信息才算成功了
# 查看cpu个数,作为编译参数CPU选项输入
[root@lnp-server-ip47 nginx-1.20.2]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 8
On-line CPU(s) list: 0-7
[root@lnp-server-ip47 php-7.4.28]#
# 编译安装
[root@lnp-server-ip47 php-7.4.28]# make -j 8 && make install
................... #此处删除很多屏显内容,需要看到下面成功信息再进入下一步
Build complete.
Don't forget to run 'make test'.
Installing shared extensions: /apps/php74/lib/php/extensions/no-debug-zts-20190902/
Installing PHP CLI binary: /apps/php74/bin/
Installing PHP CLI man page: /apps/php74/php/man/man1/
Installing PHP FPM binary: /apps/php74/sbin/
Installing PHP FPM defconfig: /apps/php74/etc/
Installing PHP FPM man page: /apps/php74/php/man/man8/
Installing PHP FPM status page: /apps/php74/php/php/fpm/
Installing phpdbg binary: /apps/php74/bin/
Installing phpdbg man page: /apps/php74/php/man/man1/
Installing PHP CGI binary: /apps/php74/bin/
Installing PHP CGI man page: /apps/php74/php/man/man1/
Installing build environment: /apps/php74/lib/php/build/
Installing header files: /apps/php74/include/php/
Installing helper programs: /apps/php74/bin/
program: phpize
program: php-config
Installing man pages: /apps/php74/php/man/man1/
page: phpize.1
page: php-config.1
/usr/local/src/php-7.4.28/build/shtool install -c ext/phar/phar.phar /apps/php74/bin/phar.phar
ln -s -f phar.phar /apps/php74/bin/phar
Installing PDO headers: /apps/php74/include/php/ext/pdo/
##############################################################################
## 准备 php 配置文件
# 从配置文件模板复制,并进行修改
[root@lnp-server-ip47 php-7.4.28]# cp /usr/local/src/php-7.4.28/php.ini-production /etc/php.ini
# 进入当时编译参数内定义的目录 /apps/php74/ 从模板复制创建 php-fpm.conf
[root@lnp-server-ip47 php-7.4.28]# cd /apps/php74/etc
[root@lnp-server-ip47 etc]# cp php-fpm.conf.default php-fpm.conf
# 进入子配置文件目录,从模板 文件创建 www.conf
[root@lnp-server-ip47 etc]# cd php-fpm.d/
[root@lnp-server-ip47 php-fpm.d]# cp www.conf.default www.conf
[root@lnp-server-ip47 php-fpm.d]#
# 按照本实践的思路修改 www.conf
[root@lnp-server-ip47 php-fpm.d]# vim www.conf
;user = nobody
user = www
;group = nobody
group = www
;pm.status_path = /status
pm.status_path = /status
;ping.path = /ping
ping.path = /ping
;access.log = log/$pool.access.log
access.log = log/$pool.access.log
;slowlog = log/$pool.log.slow
slowlog = log/$pool.log.slow
# 修改后的 www.conf 文件去除 ; 注释行的所有文件内容 供比对
[root@lnp-server-ip47 php-fpm.d]# grep '^[^;]' www.conf
[www]
user = www
group = www
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.status_path = /status
ping.path = /ping
access.log = log/$pool.access.log
slowlog = log/$pool.log.slow
[root@lnp-server-ip47 php-fpm.d]#
# 创建 www 用户
[root@lnp-server-ip47 php-fpm.d]# useradd -r -s /sbin/nologin www
# 创建访问日志文件路径
[root@lnp-server-ip47 php-fpm.d]# mkdir /apps/php74/log
[root@lnp-server-ip47 php-fpm.d]#
##############################################################################
## 启动并验证 php-fpm 服务
# 检查配置文件语法等
[root@lnp-server-ip47 php-fpm.d]# /apps/php74/sbin/php-fpm -t
[28-Mar-2022 18:05:51] NOTICE: configuration file /apps/php74/etc/php-fpm.conf test is successful
# 准备启动服务文件
[root@lnp-server-ip47 php-fpm.d]# cp /usr/local/src/php-7.4.28/sapi/fpm/php-fpm.service /usr/lib/systemd/system/
# 启动并开机自启动 php-fpm
[root@lnp-server-ip47 php-fpm.d]# systemctl daemon-reload
[root@lnp-server-ip47 php-fpm.d]# systemctl enable --now php-fpm
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.
# 验证监听端口
[root@lnp-server-ip47 php-fpm.d]# ss -ltn
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 511 127.0.0.1:9000 *:*
# 查看并跟踪 进程信息
[root@lnp-server-ip47 php-fpm.d]# pstree -p |grep php
|-php-fpm(20700)-+-php-fpm(20701)
| `-php-fpm(20702)
[root@lnp-server-ip47 php-fpm.d]# ps -ef |grep php
root 20700 1 0 18:06 ? 00:00:00 php-fpm: master process (/apps/php74/etc/php-fpm.conf)
www 20701 20700 0 18:06 ? 00:00:00 php-fpm: pool www
www 20702 20700 0 18:06 ? 00:00:00 php-fpm: pool www
root 20707 5036 0 18:07 pts/0 00:00:00 grep --color=auto php
[root@lnp-server-ip47 php-fpm.d]#
4.2 部署 Nginx 服务
4.2.1 编译安装 nginx
#### 编译安装 nginx
# 准备Nginx编译安装的依赖包
[root@lnp-server-ip47 <sub>]# yum -y install gcc pcre-devel openssl-devel zlib-devel
# 下载 nginx 1.20.2 源码包 一般/usr/local/src/ 作为源码文件存放目录
[root@lnp-server-ip47 </sub>]# cd /usr/local/src/
[root@lnp-server-ip47 src]# wget http://nginx.org/download/nginx-1.20.2.tar.gz
# 解压源码包
[root@lnp-server-ip47 src]# tar xf nginx-1.20.2.tar.gz
[root@lnp-server-ip47 src]# ll
total 1040
drwxr-xr-x 8 1001 1001 158 Nov 16 22:44 nginx-1.20.2
-rw-r--r-- 1 root root 1062124 Nov 16 22:51 nginx-1.20.2.tar.gz
[root@lnp-server-ip47 src]#
# 进入nginx-1.20.2 目录,准备编译参数
[root@lnp-server-ip47 src]# cd nginx-1.20.2
[root@lnp-server-ip47 nginx-1.20.2]# ./configure --prefix=/apps/nginx \
> --user=www \
> --group=www \
> --with-http_ssl_module \
> --with-http_v2_module \
> --with-http_realip_module \
> --with-http_stub_status_module \
> --with-http_gzip_static_module \
> --with-pcre \
> --with-stream \
> --with-stream_ssl_module \
> --with-stream_realip_module
[root@lnp-server-ip47 nginx-1.20.2]# make -j 8 && make install
##############################################################################
# 准备服务文件并启动 nginx
[root@lnp-server-ip47 nginx-1.20.2]# vim /usr/lib/systemd/system/nginx.service
[root@lnp-server-ip47 nginx-1.20.2]# cat /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/apps/nginx/run/nginx.pid
ExecStart=/apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
[Install]
WantedBy=multi-user.target
[root@lnp-server-ip47 nginx-1.20.2]#
# 创建目录
[root@lnp-server-ip47 nginx-1.20.2]# mkdir /apps/nginx/run/
# 修改配置文件
[root@lnp-server-ip47 nginx-1.20.2]# vim /apps/nginx/conf/nginx.conf
# 仅修改下面这行的内容
pid /apps/nginx/run/nginx.pid;
# 启动并开机自启服务
[root@lnp-server-ip47 wordpress]# systemctl daemon-reload
[root@lnp-server-ip47 wordpress]# systemctl enable --now nginx
[root@lnp-server-ip47 wordpress]# ss -tln
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 511 127.0.0.1:9000 *:*
LISTEN 0 511 *:80 *:*
[root@lnp-server-ip47 wordpress]#
4.2.2 配置 Nginx 支持 fastcgi
##############################################################################
#### 配置 Nginx 支持 fastcgi
[root@lnp-server-ip47 nginx-1.20.2]# vim /apps/nginx/conf/nginx.conf
# 仅仅修改下面这些内容,其他都市默认值
worker_processes auto;
pid /apps/nginx/run/nginx.pid;
server {
listen 80;
server_name blog.shone.cn;
location / {
root /data/nginx/wordpress;
index index.php index.html index.htm;
}
location <sub> \.php$ {
root /data/nginx/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location </sub> ^/(ping|pm_status)$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
}
# 通过命令筛选出有效的配置行
[root@lnp-server-ip47 nginx-1.20.2]# grep -Ev '#|^$' /apps/nginx/conf/nginx.conf
worker_processes auto;
pid /apps/nginx/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name blog.shone.cn; #指定域名
location / {
root /data/nginx/wordpress; #指定数据目录
index index.php index.html index.htm; # 指定默认主页文件
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location <sub> \.php$ { #实现php-fpm
root /data/nginx/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location </sub> ^/(ping|pm_status)$ { #PHP检测状态页
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
}
}
}
[root@lnp-server-ip47 nginx-1.20.2]#
# 重新启动 nginx 让新配置文件生效
[root@lnp-server-ip47 php-fpm.d]# systemctl reload nginx
[root@lnp-server-ip47 php-fpm.d]# ss -ltn
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 511 127.0.0.1:9000 *:*
LISTEN 0 511 *:80 *:*
[root@lnp-server-ip47 php-fpm.d]#
4.2.3 测试PHP工作是否正常
准备测试页面
[root@lnp-server-ip47 php-fpm.d]# mkdir -p /data/nginx/wordpress
[root@lnp-server-ip47 php-fpm.d]# vim /data/nginx/wordpress/phpinfo.php
[root@lnp-server-ip47 php-fpm.d]# cat /data/nginx/wordpress/phpinfo.php
<?php
phpinfo();
?>
测试PHP的ping
查看状态页
5. 部署 WordPress
5.1 准备 WordPress 文件
# 下载源文件,并复制到前面定义的网页目录下,并修改权属
[root@lnp-server-ip47 <sub>]# wget https://cn.wordpress.org/latest-zh_CN.tar.gz
[root@lnp-server-ip47 </sub>]# ll
total 19012
-rw-r--r-- 1 root root 19462197 Mar 19 00:00 latest-zh_CN.tar.gz
[root@lnp-server-ip47 <sub>]# tar xf latest-zh_CN.tar.gz
[root@lnp-server-ip47 </sub>]# ll
total 19016
-rw-r--r-- 1 root root 19462197 Mar 19 00:00 latest-zh_CN.tar.gz
drwxr-xr-x 5 1006 1006 4096 Mar 19 00:00 wordpress
[root@lnp-server-ip47 <sub>]# cp -r wordpress/* /data/nginx/wordpress
[root@lnp-server-ip47 </sub>]# chown -R www.www /data/nginx/wordpress/
[root@lnp-server-ip47 ~]#
5.2 初始化 WordPress
# 修改WIN10的本地hosts文件,路径为 C:\Windows\System32\drivers\etc\hosts 在最后添加一行
192.168.250.47 blog.shone.cn
在浏览器内输入 blog.shone.cn 出现可道云的初始化向导,按照向导完成初始化
在浏览器内输入 http://blog.shone.cn
6. 优化 WordPress
6.1 允许上传大文件
#注意:默认只支持1M以下文件上传,要利用php程序上传大文件,需要修改下面的配置,最大上传由下列项值的最小值决定,直接上传大于1M文件,会出现下面413错误
[root@lnp-server-ip47 wordpress]# vim /apps/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
client_max_body_size 100m; #nginx上传文件大小修改成100M,默认1M
.........
[root@lnp-server-ip47 wordpress]# vim /etc/php.ini
; http://php.net/post-max-size
;post_max_size = 8M # 默认值为8M
post_max_size = 30M
;upload_max_filesize = 2M # 默认值为2M
upload_max_filesize = 20M
[root@lnp-server-ip47 wordpress]# systemctl restart nginx php-fpm
6.2 安全加固
# 关闭版本显示
[root@lnp-server-ip47 wordpress]# grep -Ev '#|^$' /apps/nginx/conf/nginx.conf
worker_processes auto;
pid /apps/nginx/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
client_max_body_size 100m;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name blog.shone.cn;
server_tokens off; # 安全加固选项
location / {
root /data/nginx/wordpress;
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location <sub> \.php$ {
root /data/nginx/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_hide_header X-Powered-By; # 安全加固选项
}
location </sub> ^/(ping|pm_status)$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
}
}
}
[root@lnp-server-ip47 wordpress]#
# 关闭 PHP版本暴露
[root@lnp-server-ip47 wordpress]# vim /etc/php.ini
; http://php.net/expose-php
;expose_php = On # 默认值为ON 可以在客户端看到版本信息
expose_php = Off
6.3 配置 php 开启 opcache 加速
[root@lnp-server-ip47 wordpress]# vim /etc/php.ini
.....................
[opcache]
; Determines if Zend OPCache is enabled
zend_extension=opcache.so
opcache.enable=1
.......................
[root@lnp-server-ip47 wordpress]#systemctl restart php-fpm