LNMP 系列教學文:https://3cyber.com/category/teach/lnmp
點我觀看上一篇 CentOS 6 LNMP 的文章 https://3cyber.com/1125
為什麼要自行編譯呢?其實就是因為除了版本可以自由選擇,如果有高危險性漏洞也能即時解決、而且自訂彈性極高。
眾所皆知,CentOS 的 yum repo 很多東西版本都很老…
※建議 VPS、實體主機的記憶體至少需要有 4GB 以上,否則可能會編譯失敗。
Step 1. 更新系統到最新版本
yum update -y
Step 2. 安裝 EPEL 源及增加 PowerTools repo
yum install -y epel-release && yum config-manager --set-enabled PowerTools && yum update -y
Step 3. 安裝所需要用到的 lib
yum install -y wget curl nano gcc make unzip autoconf cmake git gcc-c++ bison rpm-build pkgconfig re2c openssl-devel bzip2-devel curl-devel libxml2-devel libevent-devel libpng-devel libjpeg-devel libwebp-devel libXpm-devel freetype-devel gmp-devel libmcrypt-devel aspell-devel recode-devel libicu-devel yum-utils pcre pcre-devel ncurses-devel sqlite sqlite-devel oniguruma oniguruma-devel libsodium libsodium-devel libxslt libxslt-devel libzip libzip-devel && yum groupinstall -y 'Development Tools'
Step 4. 編譯 Nginx + OpenSSL 最新版
Nginx 請到 https://nginx.org/en/download.html 下載最新的版本,本文使用 1.17.9
OpenSSL 請到 https://www.openssl.org/source/ 下載最新的版本,本文使用 1.1.1d
cd /root
wget https://nginx.org/download/nginx-1.17.9.tar.gz
wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz
git clone https://github.com/google/ngx_brotli.git
tar -xvf nginx-1.17.9.tar.gz
tar -xvf openssl-1.1.1d.tar.gz
cd /root/ngx_brotli && git submodule update --init
cd /root/nginx-1.17.9
./configure --user=nginx --group=nginx --prefix=/usr --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --http-log-path=/var/log/nginx/access_log --error-log-path=/var/log/nginx/error_log --without-mail_imap_module --without-mail_smtp_module --with-http_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_dav_module --with-http_v2_module --add-module=/root/ngx_brotli --with-openssl=/root/openssl-1.1.1d
make && make install
adduser nginx -r -U
Step 5. 添加 Nginx systemd conf 到系統
nano /lib/systemd/system/nginx.service
將以下內容複製進去
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/usr/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
官方範例 https://www.nginx.com/resources/wiki/start/topics/examples/systemd/
Step 6. 設定 Nginx 開機自動啟動
systemctl daemon-reload
systemctl enable nginx
systemctl start nginx
Step 7. 允許防火牆通過 port 80 / 443
firewall-cmd --zone=public --permanent --add-port=80/tcp
firewall-cmd --zone=public --permanent --add-port=443/tcp
firewall-cmd --reload
Step 8. 安裝 MariaDB,本文使用 MariaDB 10.4
MariaDB 請到 https://downloads.mariadb.org/ 下載最新的版本,本文使用 10.4
mkdir /root/mariadb && cd /root/mariadb
yum-builddep mariadb-server
git clone --branch 10.4 https://github.com/MariaDB/server.git
cmake -DRPM=centos8 server/
make && make install
adduser mysql -r -U
mysql_install_db --user=mysql --basedir=/usr/ --ldata=/var/lib/mysql/
chown -R mysql:mysql /var/lib/mysql
Step 9. 添加 MariaDB systemd conf 到系統
nano /lib/systemd/system/mariadb.service
將以下內容複製進去
# USED FOR MARIADB >=10.1
#
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Thanks to:
# Daniel Black
# Erkan Yanar
# David Strauss
# and probably others
[Unit]
Description=MariaDB database server
After=network.target
After=syslog.target
[Install]
WantedBy=multi-user.target
Alias=mysql.service
Alias=mysqld.service
Alias=mariadb.service
[Service]
##############################################################################
## Core requirements
##
Type=notify
# Setting this to true can break replication and the Type=notify settings
# See also bind-address mysqld option.
PrivateNetwork=false
##############################################################################
## Package maintainers
##
User=mysql
Group=mysql
# To allow memlock to be used as non-root user if set in configuration
CapabilityBoundingSet=CAP_IPC_LOCK
NoNewPrivileges=true
PrivateDevices=true
# Execute pre and post scripts as root, otherwise it does it as User=
PermissionsStartOnly=true
# Perform automatic wsrep recovery. When server is started without wsrep,
# galera_recovery simply returns an empty string. In any case, however,
# the script is not expected to return with a non-zero status.
# It is always safe to unset _WSREP_START_POSITION environment variable.
ExecStartPre=/bin/sh -c "systemctl unset-environment _WSREP_START_POSITION"
ExecStartPre=/bin/sh -c "[ -x /usr/bin/galera_recovery ] || exit 0; VAR=`/usr/bin/galera_recovery`; [ $? -eq 0 ] && \
systemctl set-environment _WSREP_START_POSITION=$VAR || exit 1"
# Needed to create system tables etc.
# ExecStartPre=/usr/bin/mysql_install_db -u mysql
# Start main service
# MYSQLD_OPTS here is for users to set in /etc/systemd/system/mariadb.service.d/MY_SPECIAL.conf
# Use the [service] section and Environment="MYSQLD_OPTS=...".
# This isn't a replacement for my.cnf.
# _WSREP_NEW_CLUSTER is for the exclusive use of the script galera_new_cluster
ExecStart=/usr/sbin/mysqld $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION
# Unset _WSREP_START_POSITION environment variable.
ExecStartPost=/bin/sh -c "systemctl unset-environment _WSREP_START_POSITION"
KillMode=process
KillSignal=SIGTERM
# Don't want to see an automated SIGKILL ever
SendSIGKILL=no
# Restart crashed server only, on-failure would also restart, for example, when
# my.cnf contains unknown option
Restart=on-abort
RestartSec=5s
##############################################################################
## USERs can override
##
##
## by creating a file in /etc/systemd/system/mariadb.service.d/MY_SPECIAL.conf
## and adding/setting the following will override this file's settings.
# Useful options not previously available in [mysqld_safe]
# Kernels like killing mysqld when out of memory because its big.
# Lets temper that preference a little.
# OOMScoreAdjust=-600
# Explicitly start with high IO priority
# BlockIOWeight=1000
# If you don't use the /tmp directory for SELECT ... OUTFILE and
# LOAD DATA INFILE you can enable PrivateTmp=true for a little more security.
PrivateTmp=true
##
## Options previously available to be set via [mysqld_safe]
## that now needs to be set by systemd config files as mysqld_safe
## isn't executed.
##
# Number of files limit. previously [mysqld_safe] open-file-limit
LimitNOFILE=655350
# Maximium core size. previously [mysqld_safe] core-file-size
# LimitCore=
# Nice priority. previously [mysqld_safe] nice
# Nice=-5
# Timezone. previously [mysqld_safe] timezone
# Environment="TZ=UTC"
# Library substitutions. previously [mysqld_safe] malloc-lib with explict paths
# (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD).
# Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD=
# Flush caches. previously [mysqld_safe] flush-caches=1
# ExecStartPre=sync
# ExecStartPre=sysctl -q -w vm.drop_caches=3
# numa-interleave=1 equalivant
# Change ExecStart=numactl --interleave=all /usr/sbin/mysqld......
# crash-script equalivent
# FailureAction=
Step 10. 設定 MariaDB 開機自動啟動
systemctl daemon-reload
systemctl enable mariadb
systemctl start mariadb
Step 11. 編譯安裝 PHP
PHP 請到 https://www.php.net/downloads 下載最新的版本,本文使用 PHP 7.4.3
開始編譯 PHP
cd /root
wget https://www.php.net/distributions/php-7.4.3.tar.gz
wget https://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.16.tar.gz
tar -xvf php-7.4.3.tar.gz
tar -xvf libiconv-1.16.tar.gz
cd /root/libiconv-1.16
./configure --prefix=/usr/local
make && make install
cd /root/php-7.4.3
./configure --prefix=/usr/local/php --enable-fpm --with-curl --enable-gd --with-gettext --with-jpeg --with-freetype --with-kerberos --with-openssl --with-mhash --with-mysql-sock=/var/lib/mysql/mysql.sock --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-sodium=/usr/local --with-webp --with-xsl --with-zlib --with-zip --with-iconv=/usr/local --enable-bcmath --enable-calendar --enable-exif --enable-ftp --enable-sockets --enable-soap --enable-mbstring --enable-intl --enable-opcache --with-fpm-user=www-data --with-fpm-group=www-data
make && make install
adduser www-data -r -U
cp php.ini-development /usr/local/php/lib/php.ini
cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
cp /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf
cp sapi/fpm/php-fpm /usr/local/bin
Step 12. 更改 PHP 預設時區至台北標準時間。
sed -i 's/;date.timezone =/date.timezone = "Asia\/Taipei"/g' /usr/local/php/lib/php.ini
Step 13. 避免 Nginx 將不存在的文件丟給 PHP 處理造成任意腳本注入,請執行以下指令。
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /usr/local/php/lib/php.ini
Step 14. 將 php 加入全域命令方便使用
nano ~/.bashrc
加入此行
export PATH="/usr/local/php/bin:$PATH"
Step 15. 添加 PHP systemd conf 到系統
nano /lib/systemd/system/php-fpm.service
[Unit]
Description=The PHP 7.4 FastCGI Process Manager
After=network.target
[Service]
Type=simple
PIDFile=/var/run/php-fpm.pid
ExecStart=/usr/local/php/sbin/php-fpm --nodaemonize --fpm-config /usr/local/php/etc/php-fpm.conf
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
Step 16. 設定 PHP 開機自動啟動
systemctl daemon-reload
systemctl enable php-fpm
systemctl start php-fpm
恭喜你已經編譯完成 LNMP~
未經允許不得轉載:三號科技報 » CentOS 7 / CentOS 8 架設 LNMP (自行編譯)