【筆記】Linode - VPS CentOS 7 LNMP Linux + Nginx + MariaDB + PHP
關閉新式防火牆
systemctl stop firewalld.service
systemctl disable firewalld.service
設定 selinux
vi /etc/sysconfig/selinux
關閉 selinux
SELINUX=disabled
設定防火牆
vi firewall.sh
變更權限
chmod +x firewall.sh
啟動防火牆
./firewall.sh start
確認規則
iptables -L
設定主機名稱
hostnamectl set-hostname 主機名稱
設定主機位址
vi /etc/hosts
127.0.0.1 localhost.localdomain localhost
IP位址 子網域名稱 網域名稱
設定時區
timedatectl list-timezones
timedatectl set-timezone 'Asia/Taipei'
確認時間
date
新增使用者
useradd 新使用者
passwd 新使用者
在線初始安裝
yum -y remove mariadb-* postfix-*
yum -y install postfix cyrus-sasl cyrus-sasl-gssapi cyrus-sasl-ntlm cyrus-sasl-md5 cyrus-sasl-plain dovecot
yum -y install mariadb mariadb-server mariadb-devel
yum -y install samba samba-client samba-common samba-common-libs samba-common-tools
yum -y install ntp wget lynx nmap telnet traceroute crontabs mlocate logwatch ftp screen python bzip2-* git openssl-* boost-* GeoIP-*
設定系統環境變數
vi /etc/profile
export LD_LIBRARY_PATH=/usr/local/lib
export LD_RUN_PATH=/usr/local/lib
安裝編譯所需要的函式庫
yum -y groupinstall "Development Tools"
yum -y install gcc gcc-c++ make automake autoconf kernel-devel ncurses-devel curl gd file patch mlocate diffutils libzip curl-devel gd-devel gettext-devel glibc-devel glib2-devel libstdc++-devel libjpeg-devel libpng-devel libxslt-devel libxml2-devel pcre-devel zlib-devel bison bison-devel pam-devel libc-client libc-client-devel
安裝 Bench Tools
wget -qO- --no-check-certificate https://raw.githubusercontent.com/oooldking/script/master/superbench.sh | bash
重新開機
https://login.linode.com/login
編輯 dovecot 設定檔
vi /etc/dovecot/dovecot.conf
protocols = imap pop3
啟動 pop3
systemctl start dovecot
開機啟動
systemctl enable dovecot
啟動 saslauthd
systemctl start saslauthd
開機啟動
systemctl enable saslauthd
編輯 postfix 設定檔
vi /etc/postfix/main.cf
郵件主機名稱
myhostname = 主機名稱
郵件主機網域名稱
mydomain = 網域名稱
郵件主機發信來源
myorigin = $myhostname
要監聽的網路介面
inet_interfaces = all
要收信的網域名稱
mydestination = /etc/postfix/local-host-names
帳號對照表
virtual_alias_maps = hash:/etc/postfix/virtual
設定信任網域
mynetworks_style = host
規定信任的用戶端
mynetworks = 127.0.0.0/8, 192.168.0.0/24, hash:/etc/postfix/access
規範可以幫忙 relay 的下一部 MTA 主機位址
relay_domains = $mydestination
啟動 SMTP 認證
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated
vi /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain login
vi /etc/dovecot/conf.d/10-mail.conf
mail_location = mbox:~/mail:INBOX=/var/mail/%u
vi /etc/dovecot/conf.d/10-master.conf
service auth 區塊
#unix_listener auth-userdb
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postdrop
}
設定接收的網域
vi /etc/postfix/local-host-names
設定郵件帳號對應
vi /etc/postfix/virtual
轉換對照表
postmap /etc/postfix/virtual
postmap /etc/postfix/access
啟動服務
systemctl start postfix
開機啟動
systemctl enable postfix
重新開機
https://login.linode.com/login
安裝 Make
tar zxf make-4.3.tar.gz
cd make-4.3
./configure && make && make install && make clean
安裝 M4
tar zxf m4-1.4.18.tar.gz
cd m4-1.4.18
./configure && make && make install && make clean
安裝 Autoconf
tar zxf autoconf-2.71.tar.gz
cd autoconf-2.71
./configure && make && make install && make clean
安裝 Automake
tar zxf automake-1.16.3.tar.gz
cd automake-1.16.3
./configure && make && make install && make clean
安裝 Libtool
tar zxf libtool-2.4.6.tar.gz
cd libtool-2.4.6
./configure && make && make install && make clean
安裝 Bison
tar zxf bison-3.7.5.tar.gz
cd bison-3.7.5
./configure && make && make install && make clean
登出再登入
安裝 screen
tar zxf screen-4.8.0.tar.gz
cd screen-4.8.0
./configure --prefix=/usr/local/screen && make && make install && make clean
執行位置
/usr/local/screen/bin/screen
創建會話
/usr/local/screen/bin/screen -S lnmp
恢復會話
/usr/local/screen/bin/screen -r lnmp
安裝 htop
tar zxf htop-2.2.0.tar.gz
cd htop-2.2.0
./configure && make && make install && make clean
執行位置
/usr/local/bin/htop
安裝 jemalloc
tar jxf jemalloc-5.2.1.tar.bz2
cd jemalloc-5.2.1
./configure --prefix=/usr/local/jemalloc && make && make install && make clean
安裝 rar
tar zxf rarlinux-x64-6.0.0.tar.gz
cd rar
make
執行位置
/usr/local/bin/rar
/usr/local/bin/unrar
安裝 7-zip
tar jxf p7zip_16.02_src_all.tar.bz2
cd p7zip_16.02
cp makefile.linux_amd64 makefile.machine
make all
make test
make install
make clean
執行位置
/usr/local/bin/7za
安裝 libevent
tar zxf libevent-2.1.12-stable.tar.gz
cd libevent-2.1.12-stable
./configure --prefix=/usr/local/libevent && make && make install && make clean
安裝 memcached
tar zxf memcached-1.6.9.tar.gz
cd memcached-1.6.9
./configure --prefix=/usr/local/memcached --with-libevent=/usr/local/libevent && make && make install && make clean
啟動 memcached
/usr/local/memcached/bin/memcached -u daemon -d -l 127.0.0.1 -p 11211 -m 256 -t 4
安裝 redis
tar zxf redis-5.0.10.tar.gz
cd redis-5.0.10
make
make test
make install
cd utils
./install_server.sh
啟動 redis
/usr/local/bin/redis-server /etc/redis/6379.conf
命令列
/usr/local/bin/redis-cli
性能測試
/usr/local/bin/redis-benchmark -n 10000
安裝 curl
tar zxf curl-7.75.0.tar.gz
cd curl-7.75.0
./configure --prefix=/usr/local/curl && make && make install && make clean
執行位置
/usr/local/curl/bin/curl
安裝 rsync
tar zxf rsync-3.1.3.tar.gz
cd rsync-3.1.3
./configure --prefix=/usr/local/rsync && make && make install && make clean
執行位置
/usr/local/rsync/bin/rsync
安裝 GMP
tar jxf gmp-6.1.2.tar.bz2
cd gmp-6.1.2
./configure --prefix=/usr/local/gmp && make && make install && make clean
安裝 libsodium
tar zxf libsodium-1.0.18.tar.gz
cd libsodium-1.0.18
./configure --prefix=/usr/local/libsodium --with-pthreads && make && make install && make clean
安裝 apr
tar zxf apr-1.7.0.tar.gz
cd apr-1.7.0
./configure --prefix=/usr/local/apr && make && make install && make clean
安裝 apr-util
tar zxf apr-util-1.6.1.tar.gz
cd apr-util-1.6.1
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/bin/apr-1-config && make && make install && make clean
安裝 sqlite
tar zxf sqlite-autoconf-3370100.tar.gz
cd sqlite-autoconf-3370100
./configure --prefix=/usr/local/sqlite3 && make && make install && make clean
執行位置
/usr/local/sqlite3/bin/sqlite3
安裝 subversion
tar jxf subversion-1.9.12.tar.bz2
cd subversion-1.9.12
./configure --prefix=/usr/local/subversion --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --with-sqlite=/usr/local/sqlite3 && make && make install && make clean
安裝 ImageMagick
tar zxf ImageMagick-7.0.11-14.tar.gz
cd ImageMagick-7.0.11-14
./configure --prefix=/usr/local/ImageMagick && make && make install && make clean
執行位置
/usr/local/ImageMagick/bin/magick
安裝 cmake
tar zxf cmake-3.21.4.tar.gz
cd cmake-3.21.4
./configure && make && make install && make clean
安裝 MariaDB
tar zxf server-mariadb-10.1.48.tar.gz
cd server-mariadb-10.1.48
/usr/local/bin/cmake . -LH
/usr/local/bin/cmake . -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci && make && make install && make clean
切換到目的目錄
cd /usr/local/mysql
新增 mysql 使用者和群組並禁止登入
useradd -r -s /sbin/nologin mysql
變更擁有者
chown -R mysql .
變更群組
chgrp -R mysql .
安裝預設資料
scripts/mysql_install_db --user=mysql
執行測試
cd mysql-test
perl mysql-test-run.pl
變更程式擁有者為 root
chown -R root .
變更資料擁有者為 mysql
chown -R mysql data
複製設定檔
cp support-files/my-huge.cnf /etc/my.cnf
複製啟動檔
cp support-files/mysqld_multi.server /etc/init.d/mysql.server
cp support-files/mysql.server /usr/lib/systemd/system/mysql.service
編輯設定檔
vi /etc/my.cnf
character-set-server = utf8
collation-server = utf8_general_ci
default_storage_engine = MyISAM
#default_storage_engine = InnoDB
啟動 MariaDB
/usr/local/mysql/bin/mysqld_safe --datadir=/usr/local/mysql/data &
啟用 MariaDB 服務
systemctl start mysql.service
systemctl enable mysql.service
設定 root 帳號密碼
/usr/local/mysql/bin/mysqladmin -u root password '新密碼'
/usr/local/mysql/bin/mysql_secure_installation
登入 MariaDB
/usr/local/mysql/bin/mysql -u root -p
use mysql;
delete from user where Host <> 'localhost' or User <> 'root';
exit;
安裝 PostgreSQL
tar zxf postgresql-11.14.tar.gz
cd postgresql-11.14
./configure --prefix=/usr/local/pgsql --without-readline && make world && make install-world && make clean
新增使用者 postgres
useradd postgres
建立資料目錄
mkdir /usr/local/pgsql/data
變更資料擁有者
chown postgres /usr/local/pgsql/data
切換使用者
su - postgres
初始化資料
/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data
編輯設定檔
vi /usr/local/pgsql/data/postgresql.conf
vi /usr/local/pgsql/data/pg_ident.conf
vi /usr/local/pgsql/data/pg_hba.conf
啟動 pgsql (須用 postgres 使用者啟動)
/usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l logfile start
指令說明
/usr/local/pgsql/bin/pg_ctl --help
停止 pgsql (須用 postgres 使用者啟動)
/usr/local/pgsql/bin/pg_ctl stop -D /usr/local/pgsql/data
重啟 pgsql (須用 postgres 使用者啟動)
/usr/local/pgsql/bin/pg_ctl restart -D /usr/local/pgsql/data
登入 PostgreSQL
/usr/local/pgsql/bin/psql
設定 postgres 密碼
alter role postgres with password '新密碼';
登出 PostgreSQL
\q
登出 postgres 使用者
exit
重新開機
https://login.linode.com/login
創建會話
/usr/local/screen/bin/screen -S lnmp
安裝 libmemcached
tar zxf libmemcached-1.0.18.tar.gz
cd libmemcached-1.0.18
./configure --prefix=/usr/local/libmemcached --with-memcached=/usr/local/memcached --with-mysql=/usr/local/mysql/bin/mysql_config && make && make install && make clean
須額外步驟啟動;且若能內建實為上。
安裝 Python
tar zxf Python-3.8.12.tgz
cd Python-3.8.12
./configure && make && make install && make clean
執行位置
/usr/local/bin/python3
安裝 nghttp2
tar zxf nghttp2-1.46.0.tar.gz
cd nghttp2-1.46.0
./configure --prefix=/usr/local/nghttp2 --with-boost && make && make install && make clean
安裝 httpd
tar zxf httpd-2.4.52.tar.gz
cd httpd-2.4.52
./configure --prefix=/usr/local/apache2 --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --with-pcre --enable-mods-shared=all --enable-mpms-shared=all --enable-static-support --enable-http2 --with-nghttp2=/usr/local/nghttp2 && make && make install && make clean
安裝 nginx
tar zxf nginx-1.18.0.tar.gz
cd nginx-1.18.0
./configure --prefix=/usr/local/nginx --with-threads --with-pcre --with-http_ssl_module --with-http_v2_module && make && make install && make clean
設定 nginx
vi /usr/local/nginx/conf/nginx.conf
vi /usr/local/nginx/conf/fastcgi.conf
vi /usr/local/nginx/conf/fastcgi_params
vi /usr/local/nginx/conf/uwsgi_params
測試 nginx
/usr/local/nginx/sbin/nginx -t
啟動 nginx
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
停止 nginx
/usr/local/nginx/sbin/nginx -s stop
/usr/local/nginx/sbin/nginx -s quit
重啟 nginx
/usr/local/nginx/sbin/nginx -s reload
預設目錄
/usr/local/nginx/html
安裝 php
tar zxf php-7.3.33.tar.gz
cd php-7.3.33
# 自訂版(請自行依當時情況更動)
./configure --prefix=/usr/local/php7 --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --enable-maintainer-zts --with-tsrm-pthreads --enable-bcmath --without-bz2 --enable-calendar --enable-cgi --enable-cli --enable-ctype --with-curl=/usr/local/curl --enable-dom --without-enchant --enable-exif --enable-fileinfo --enable-filter --enable-ftp --enable-fpm --with-fpm-user=nobody --with-fpm-group=nobody --without-gd --with-gettext --with-gmp=/usr/local/gmp --enable-hash --with-iconv --without-imap --disable-intl --enable-json --enable-libxml --enable-mbstring --with-mhash --enable-mysqlnd --with-mysqli=mysqlnd --with-mysql-sock --enable-opcache --with-openssl --enable-pcntl --without-pear --with-pdo-mysql=mysqlnd --with-pdo-pgsql --with-pgsql=/usr/local/pgsql --enable-phar --enable-posix --enable-session --enable-shmop --enable-simplexml --enable-soap --enable-sockets --with-sodium=/usr/local/libsodium --enable-sysvmsg --enable-sysvsem --enable-sysvshm --enable-tokenizer --enable-wddx --enable-xml --enable-xmlreader --with-xmlrpc --with-xsl --with-libzip --with-zlib
make
make test
make install
make clean
複製 PHP 設定檔
cp php.ini-production /usr/local/php7/etc/php.ini
複製 php-fpm 設定檔
cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf
cp /usr/local/php7/etc/php-fpm.d/www.conf.default /usr/local/php7/etc/php-fpm.d/www.conf
編輯設定檔
vi /usr/local/php7/etc/php.ini
vi /usr/local/php7/etc/php-fpm.conf
vi /usr/local/php7/etc/php-fpm.d/www.conf
啟動 php-fpm
/usr/local/php7/sbin/php-fpm -c /usr/local/php7/etc/php.ini -y /usr/local/php7/etc/php-fpm.conf
顯示系統執行程序
ps -A
刪除 php-fpm 程序
killall -KILL php-fpm
安裝 imagick
tar zxf imagick-3.5.1.tgz
cd imagick-3.5.1
/usr/local/php7/bin/phpize
./configure --with-php-config=/usr/local/php7/bin/php-config --with-imagick=/usr/local/ImageMagick && make && make install && make clean
vi /usr/local/php7/etc/php.ini
extension=imagick.so
安裝 phpredis
tar zxf phpredis-5.3.5.tar.gz
cd phpredis-5.3.5
/usr/local/php7/bin/phpize
./configure --with-php-config=/usr/local/php7/bin/php-config && make && make install && make clean
vi /usr/local/php7/etc/php.ini
extension=redis.so
設定執行權限
chmod +x /etc/rc.d/rc.local
設定開機啟動
vi /etc/rc.d/rc.local
#啟動 firewall
/usr/local/bin/firewall.sh start
#啟動 memcached
/usr/local/memcached/bin/memcached -u daemon -d -l 127.0.0.1 -p 11211 -m 256 -t 4
#啟動 redis
/usr/local/bin/redis-server /etc/redis/6379.conf
#啟動 mysql
/usr/local/mysql/bin/mysqld_safe --datadir=/usr/local/mysql/data &
#啟動 nginx
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
#啟動 php-fpm
/usr/local/php7/sbin/php-fpm -c /usr/local/php7/etc/php.ini -y /usr/local/php7/etc/php-fpm.conf
#啟動 subversion
/usr/local/subversion/bin/svnserve -d -r /home/subversion
設定 sshd
vi /etc/ssh/sshd_config
LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
MaxAuthTries 6
MaxSessions 10
PermitEmptyPasswords no
PasswordAuthentication yes
重新啟動
systemctl restart sshd
關閉 PHP 版本顯示
vi +/expose_php /usr/local/php7/etc/php.ini
expose_php = Off
安裝 FFmpeg
tar zxf FFmpeg-n4.4.1.tar.gz
cd FFmpeg-n4.4.1
./configure --prefix=/usr/local/FFmpeg --disable-asm && make && make install && make clean
執行位置
/usr/local/FFmpeg/bin/ffmpeg
My Linode referral URL:
https://www.linode.com/?r=db960629f2cb7dfed486aacc38109b3046d25544
| 新增時間 |
2019-12-31 |
| 最後更新 |
2022-02-09 |