设置防火墙
允许http/https通信,开放80/8080/443端口,然后重载防火墙配置(firewall-cmd --reload)
firewall-cmd --zone=public --add-service=http --permanent firewall-cmd --zone=public --add-service=https --permanent firewall-cmd --zone=public --add-port=80/tcp --permanent firewall-cmd --zone=public --add-port=443/tcp --permanent firewall-cmd --zone=public --add-port=8080/tcp --permanent
加个数据库端口:
firewall-cmd --zone=public --add-port=3306/tcp --permanent
安装nginx
安装PCRE正则表达式库(yum install pcre pcre-devel)
安装提供数据压缩的函式库zlib(yum install zlib zlib-devel)
安装OpenSSL库(yum install openssl openssl-devel)
配置nginx官方源(rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm)
安装nginx(yum install nginx)
修改nginx配置文件
nginx配置文件位置:/etc/nginx/nginx.conf
可以在这里配置网站目录和访问端口,此外也可以在:/etc/nginx/conf.d目录中直接添加一个配置文件来对应一个网站,nginx会在访问nginx.conf文件时遍历/etc/nginx/conf.d目录中的配置文件来获取配置,默认配置文件default.conf文件中默认为80端口
此时启动nginx(systemctl start nginx),浏览器访问服务器ip会访问到nginx默认页面,我们尝试修改default.conf,把默认端口改为8080
重启nginx服务(systemctl restart nginx)后访问,成功访问如下
安装PHP
安装epel-release配置yum软件仓库(yum install epel-release -y)
安装php7及一些常用的类库(yum install php72w php72w-cli php72w-common php72w-devel php72w-embedded php72w-fpm php72w-gd php72w-mbstring php72w-mysqlnd php72w-opcache php72w-pdo php72w-xml)
启动PHP,并设置开机启动
让nginx支持PHP,修改default.conf中的以下部分:
location ~ \.php$ { root /usr/share/nginx/html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; }
重启nginx,并新建info.php文件用于输出php信息
成功输出,说明安装成功
安装mysql数据库
配置Mariadb源(国内)vim /etc/yum.repos.d/MariaDB.repo
[mariadb] name = MariaDB baseurl = https://mirrors.ustc.edu.cn/mariadb/yum/10.1/centos7-amd64/ gpgkey=https://mirrors.ustc.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB gpgcheck=1
更新源(yum clean&&yum update)并执行安装操作(yum install MariaDB-client MariaDB-server)
启动数据库(systemctl start mariadb)并设置开机启动(systemctl enable mariadb)
初始化mariadb
数据库安全配置(mysql_secure_installation):
服务器本地登录数据库(mysql -u root -p)
分别配置mysql服务端( vi /etc/my.cnf.d/server.cnf)和客户端(vi /etc/my.cnf.d/mysql-clients.cnf)如下
重启并登录数据库查看设置是否成功(show variables like "%character%";show variables like "%collation%";)
配置远程登录用户权限
这里我不限制权限和ip,给了最大权限和对所有ip开放
# 针对ip create user 'root'@'192.168.10.10' identified by 'password'; #全部 create user 'root'@'%' identified by 'password'; 授权用户: # 给用户最大权限 grant all privileges on *.* to 'root'@'%' identified by 'password'; # 给部分权限(test 数据库) grant all privileges on test.* to 'root'@'%' identified by 'password' with grant option; # 刷新权限表 flush privileges;
配置完重启数据库,远程连接正常执行!
如果是tp5或者laravrl项目,在部署时配置文件应该配置如下:
server { listen 8080; server_name localhost; charset utf-8; access_log logs/host.access.log main; root /data/default/tp5/public; index index.html index.htm index.php; location / { if (!-e $request_filename) { rewrite ^(.*)$ /index.php?s=$1 last; break; } } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; set $real_script_name $fastcgi_script_name; if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") { set $real_script_name $1; set $path_info $2; } fastcgi_param SCRIPT_FILENAME $document_root$real_script_name; fastcgi_param SCRIPT_NAME $real_script_name; fastcgi_param PATH_INFO $path_info; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } }
参考文章:
