CentOS 7 / CentOS 8 架設 LNMP (自行編譯)-三號科技報

LNMP 系列教學文：https://3cyber.com/category/teach/lnmp

點我觀看上一篇 CentOS 6 LNMP 的文章 https://3cyber.com/1125

為什麼要自行編譯呢？其實就是因為除了版本可以自由選擇，如果有高危險性漏洞也能即時解決、而且自訂彈性極高。
眾所皆知，CentOS 的 yum repo 很多東西版本都很老…

※建議 VPS、實體主機的記憶體至少需要有 4GB 以上，否則可能會編譯失敗。

Step 1. 更新系統到最新版本

yum update -y

Step 2. 安裝 EPEL 源及增加 PowerTools repo

yum install -y epel-release && yum config-manager --set-enabled PowerTools && yum update -y

Step 3. 安裝所需要用到的 lib

yum install -y wget curl nano gcc make unzip autoconf cmake git gcc-c++ bison rpm-build pkgconfig re2c openssl-devel bzip2-devel curl-devel libxml2-devel libevent-devel libpng-devel libjpeg-devel libwebp-devel libXpm-devel freetype-devel gmp-devel libmcrypt-devel aspell-devel recode-devel libicu-devel yum-utils pcre pcre-devel ncurses-devel sqlite sqlite-devel oniguruma oniguruma-devel libsodium libsodium-devel libxslt libxslt-devel libzip libzip-devel && yum groupinstall -y 'Development Tools'

Step 4. 編譯 Nginx + OpenSSL 最新版

Nginx 請到 https://nginx.org/en/download.html 下載最新的版本，本文使用 1.17.9
OpenSSL 請到 https://www.openssl.org/source/ 下載最新的版本，本文使用 1.1.1d

cd /root 
wget https://nginx.org/download/nginx-1.17.9.tar.gz 
wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz
git clone https://github.com/google/ngx_brotli.git
tar -xvf nginx-1.17.9.tar.gz 
tar -xvf openssl-1.1.1d.tar.gz 
cd /root/ngx_brotli && git submodule update --init
cd /root/nginx-1.17.9
./configure --user=nginx --group=nginx --prefix=/usr --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --http-log-path=/var/log/nginx/access_log --error-log-path=/var/log/nginx/error_log --without-mail_imap_module --without-mail_smtp_module --with-http_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_dav_module --with-http_v2_module --add-module=/root/ngx_brotli --with-openssl=/root/openssl-1.1.1d
make && make install
adduser nginx -r -U

Step 5. 添加 Nginx systemd conf 到系統

nano /lib/systemd/system/nginx.service

將以下內容複製進去

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/usr/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

官方範例 https://www.nginx.com/resources/wiki/start/topics/examples/systemd/

Step 6. 設定 Nginx 開機自動啟動

systemctl daemon-reload
systemctl enable nginx
systemctl start nginx

Step 7. 允許防火牆通過 port 80 / 443

firewall-cmd --zone=public --permanent --add-port=80/tcp
firewall-cmd --zone=public --permanent --add-port=443/tcp
firewall-cmd --reload

Step 8. 安裝 MariaDB，本文使用 MariaDB 10.4

MariaDB 請到 https://downloads.mariadb.org/ 下載最新的版本，本文使用 10.4

mkdir /root/mariadb && cd /root/mariadb
yum-builddep mariadb-server
git clone --branch 10.4 https://github.com/MariaDB/server.git
cmake -DRPM=centos8 server/
make && make install
adduser mysql -r -U
mysql_install_db --user=mysql --basedir=/usr/ --ldata=/var/lib/mysql/
chown -R mysql:mysql /var/lib/mysql

Step 9. 添加 MariaDB systemd conf 到系統

nano /lib/systemd/system/mariadb.service

將以下內容複製進去

# USED FOR MARIADB >=10.1
#
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Thanks to:
# Daniel Black
# Erkan Yanar
# David Strauss
# and probably others

[Unit]
Description=MariaDB database server
After=network.target
After=syslog.target

[Install]
WantedBy=multi-user.target
Alias=mysql.service
Alias=mysqld.service
Alias=mariadb.service

[Service]

##############################################################################
## Core requirements
##

Type=notify

# Setting this to true can break replication and the Type=notify settings
# See also bind-address mysqld option.
PrivateNetwork=false

##############################################################################
## Package maintainers
##

User=mysql
Group=mysql

# To allow memlock to be used as non-root user if set in configuration
CapabilityBoundingSet=CAP_IPC_LOCK

NoNewPrivileges=true

PrivateDevices=true

# Execute pre and post scripts as root, otherwise it does it as User=
PermissionsStartOnly=true

# Perform automatic wsrep recovery. When server is started without wsrep,
# galera_recovery simply returns an empty string. In any case, however,
# the script is not expected to return with a non-zero status.
# It is always safe to unset _WSREP_START_POSITION environment variable.
ExecStartPre=/bin/sh -c "systemctl unset-environment _WSREP_START_POSITION"
ExecStartPre=/bin/sh -c "[ -x /usr/bin/galera_recovery ] || exit 0; VAR=`/usr/bin/galera_recovery`; [ $? -eq 0 ] && \
systemctl set-environment _WSREP_START_POSITION=$VAR || exit 1"

# Needed to create system tables etc.
# ExecStartPre=/usr/bin/mysql_install_db -u mysql

# Start main service
# MYSQLD_OPTS here is for users to set in /etc/systemd/system/mariadb.service.d/MY_SPECIAL.conf
# Use the [service] section and Environment="MYSQLD_OPTS=...".
# This isn't a replacement for my.cnf.
# _WSREP_NEW_CLUSTER is for the exclusive use of the script galera_new_cluster

ExecStart=/usr/sbin/mysqld $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION


# Unset _WSREP_START_POSITION environment variable.
ExecStartPost=/bin/sh -c "systemctl unset-environment _WSREP_START_POSITION"

KillMode=process
KillSignal=SIGTERM

# Don't want to see an automated SIGKILL ever
SendSIGKILL=no

# Restart crashed server only, on-failure would also restart, for example, when
# my.cnf contains unknown option
Restart=on-abort
RestartSec=5s

##############################################################################
## USERs can override
##
##
## by creating a file in /etc/systemd/system/mariadb.service.d/MY_SPECIAL.conf
## and adding/setting the following will override this file's settings.

# Useful options not previously available in [mysqld_safe]

# Kernels like killing mysqld when out of memory because its big.
# Lets temper that preference a little.
# OOMScoreAdjust=-600

# Explicitly start with high IO priority
# BlockIOWeight=1000

# If you don't use the /tmp directory for SELECT ... OUTFILE and
# LOAD DATA INFILE you can enable PrivateTmp=true for a little more security.
PrivateTmp=true

##
## Options previously available to be set via [mysqld_safe]
## that now needs to be set by systemd config files as mysqld_safe
## isn't executed.
##

# Number of files limit. previously [mysqld_safe] open-file-limit
LimitNOFILE=655350

# Maximium core size. previously [mysqld_safe] core-file-size
# LimitCore=

# Nice priority. previously [mysqld_safe] nice
# Nice=-5

# Timezone. previously [mysqld_safe] timezone
# Environment="TZ=UTC"

# Library substitutions. previously [mysqld_safe] malloc-lib with explict paths
# (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD).
# Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD=

# Flush caches. previously [mysqld_safe] flush-caches=1
# ExecStartPre=sync
# ExecStartPre=sysctl -q -w vm.drop_caches=3

# numa-interleave=1 equalivant
# Change ExecStart=numactl --interleave=all /usr/sbin/mysqld......

# crash-script equalivent
# FailureAction=

Step 10. 設定 MariaDB 開機自動啟動

systemctl daemon-reload
systemctl enable mariadb
systemctl start mariadb

Step 11. 編譯安裝 PHP

PHP 請到 https://www.php.net/downloads 下載最新的版本，本文使用 PHP 7.4.3

開始編譯 PHP

cd /root 
wget https://www.php.net/distributions/php-7.4.3.tar.gz
wget https://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.16.tar.gz
tar -xvf php-7.4.3.tar.gz
tar -xvf libiconv-1.16.tar.gz
cd /root/libiconv-1.16
./configure --prefix=/usr/local
make && make install
cd /root/php-7.4.3 
./configure --prefix=/usr/local/php --enable-fpm --with-curl --enable-gd --with-gettext --with-jpeg --with-freetype --with-kerberos --with-openssl --with-mhash --with-mysql-sock=/var/lib/mysql/mysql.sock --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-sodium=/usr/local --with-webp --with-xsl --with-zlib --with-zip --with-iconv=/usr/local --enable-bcmath --enable-calendar --enable-exif --enable-ftp --enable-sockets --enable-soap --enable-mbstring --enable-intl --enable-opcache --with-fpm-user=www-data --with-fpm-group=www-data
make && make install
adduser www-data -r -U
cp php.ini-development /usr/local/php/lib/php.ini
cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
cp /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf
cp sapi/fpm/php-fpm /usr/local/bin

Step 12. 更改 PHP 預設時區至台北標準時間。

sed -i 's/;date.timezone =/date.timezone = "Asia\/Taipei"/g' /usr/local/php/lib/php.ini

Step 13. 避免 Nginx 將不存在的文件丟給 PHP 處理造成任意腳本注入，請執行以下指令。

sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /usr/local/php/lib/php.ini

Step 14. 將 php 加入全域命令方便使用

nano ~/.bashrc

加入此行

export PATH="/usr/local/php/bin:$PATH"

Step 15. 添加 PHP systemd conf 到系統

nano /lib/systemd/system/php-fpm.service

[Unit]
Description=The PHP 7.4 FastCGI Process Manager
After=network.target

[Service]
Type=simple
PIDFile=/var/run/php-fpm.pid
ExecStart=/usr/local/php/sbin/php-fpm --nodaemonize --fpm-config /usr/local/php/etc/php-fpm.conf
ExecReload=/bin/kill -USR2 $MAINPID

[Install]
WantedBy=multi-user.target

Step 16. 設定 PHP 開機自動啟動

systemctl daemon-reload
systemctl enable php-fpm
systemctl start php-fpm

恭喜你已經編譯完成 LNMP～

未經允許不得轉載：三號科技報 » CentOS 7 / CentOS 8 架設 LNMP (自行編譯)

CentOS 7 / CentOS 8 架設 LNMP (自行編譯)

作者：chris1004tw

相關推薦