技术解析
1 、安装 LNMP, 参考文档: http://www.luoxiao123.cn/centos-yum-lnmp.html
https://maicong.me/t/188
https://www.v2ex.com/t/258510
yum install -y wget unzip && wget https://git.io/v2OPx -O LNMP.zip && unzip LNMP.zip && cd LNMP-master && bash lnmp.sh
2 、升级 yum yum install gcc yum install zlib-devel
3 、创建下载目录 mkdir -p /down
4 、安装 MaxMind 的 GeoIP 库 cd /down wget http://geolite.maxmind.com/download/geoip/api/c/GeoIP.tar.gz tar -zxvf GeoIP.tar.gz cd GeoIP-1.4.8 ./configure make && make install
5 、刚才安装的库自动安装到 /usr/local/lib 下,所以这个目录需要加到动态链接配置里面以便运行相关程序的时候能自动绑定到这个 GeoIP 库: echo '/usr/local/lib' > /etc/ld.so.conf.d/geoip.conf ldconfig
6 、下载 IP 数据库 cd /down wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz gunzip GeoIP.dat.gz mv /down/GeoIP.dat /etc/nginx/GeoIP.dat
7 、让 Nginx 支持 GEOIP ps -ef | grep nginx pkill -9 nginx yum -y install openssl openssl-devel yum install pcre yum -y install libxml2-devel libxslt-devel yum install gd-devel yum install perl perl-devel perl-ExtUtils-Embed cd /down
nginx -V (查看原来编译时都带了哪些参数) wget http://nginx.org/download/nginx-1.10.2.tar.gz (下载地址: http://nginx.org/en/download.html ) tar zxvf nginx-1.10.2.tar.gz cd nginx-1.10.2/
./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/抗投诉服务器nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' --with-http_geoip_module
make cp /usr/sbin/nginx /usr/sbin/nginx.bak cp ./objs/nginx /usr/sbin/
启动 nginx /usr/sbin/nginx 或 systemctl start nginx.service /usr/sbin/nginx -s reload (重启)
8 、配置 Nginx
vi /etc/nginx/nginx.conf
修改以下内容: http { ...
geoip_country /etc/nginx/GeoIP.dat;
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
... }
vi /etc/nginx/conf.d/nginx-index.conf
server { listen 80; server_name localhost;
location / {
if ($geoip_country_code = JP) {
root /home/wwwroot/index$subdomain;
}
if ($geoip_country_code = CN) {
root /home/wwwroot/index$subdomain;
}
}
}
/usr/sbin/nginx -s reload (重启)
iptables -I INPUT -p tcp --dport 80 -j ACCEPT (开放端口)
7 、配置网站
添加一个标识为 mysite ,域名为 mysite.com 的站点 service vhost add domain domain.com,www.domain.com index.html,index.htm,index.php nomal.conf on
8 、修改 mysql 密码 SET PASSWORD FOR 'root'@'localhost' = PASSWORD('123456');
9 、配置 phpMyAdmin cp /home/wwwroot/index/phpMyAdmin/libraries/config.default.php /home/wwwroot/index/phpMyAdmin/libraries/config.default.php_bak vi /home/wwwroot/index/phpMyAdmin/libraries/config.default.php
$cfg['Servers'][$i]['user'] : mysql 数据库用户名 $cfg['Servers'][$i]['password'] : mysql 数据库密码
$cfg['Servers'][$i]['host'] = 'localhost'; 修改为 $cfg['Servers'][$i]['host'] = '127.0.0.1';
在 phpmyadmin 新建用户账户: user name :name hostname :127.0.0.1 pass : 123456
10 、上传文件: 软件名称: SSHSecureShellClient
11 、安全配置
服务器禁止 ping cp /etc/rc.d/rc.local /etc/rc.d/rc.localbak vi /etc/rc.d/rc.local 在文件末尾增加下面这一行 echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all 参数 0 表示允许 1 表示禁止
更改 SSH 端口 netstat -lntp systemctl status firewall 查看 firewall 服务状态 firewall-cmd --state 查看 firewall 的状态 firewall-cmd --list-all 查看防火墙规则
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_bak vi /etc/ssh/sshd_config 先将 Port 22 前面的 号去掉,并另起一行 添加: Port 9999 firewall-cmd --permanent --zone=public --add-port=9999/tcp firewall-cmd --permanent --zone=public --add-port=8088/tcp firewall-cmd --permanent --zone=public --remove-port=22/tcp systemctl restart sshd.service firewall-cmd --reload service firewalld restart 测试 9999 可以连接后 vi /etc/ssh/sshd_config 将 Port 22 前面的 号加上
启动标识为 domain 的站点 service vhost start domain
停止标识为 domain 的站点 service vhost stop domain
编辑标识为 domain 的站点 service vhost edit domain
删除标识为 domain 的站点 service vhost del domain
列出所有站点 service vhost list
3 、服务管理
启动 MySQL systemctl start mysqld.service
停止 MySQL systemctl stop mysqld.service
重启 MySQL systemctl restart mysqld.service
启动 MariaDB systemctl start mariadb.service
停止 MariaDB systemctl stop mariadb.service
重启 MariaDB systemctl restart mariadb.service
启动 PHP systemctl start php-fpm.service
停止 PHP systemctl stop php-fpm.service
重启 PHP systemctl restart php-fpm.service
启动 Nginx systemctl start nginx.service
停止 Nginx systemctl stop nginx.service
重启 Nginx systemctl restart nginx.service
启动 SVN systemctl start svnserve.service
停止 SVN systemctl stop svnserve.service
重启 SVN systemctl restart svnserve.service