Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

Recommended Posts

LNMP架构的源码编译

一、LNMP架构的编译安装

1. 安装nginx服务

(1)关闭防火墙

[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# setenforce 0
setenforce: SELinux is disabled

(2)安装依赖包

[root@localhost ~]# yum -y install pcre-devel zlib-devel gcc gcc-c++ make

(3)创建运行用户

[root@localhost ~]# useradd -M -s /sbin/nologin nginx

(4)编译安装

[root@localhost ~]# cd /opt
[root@localhost opt]# tar zxvf nginx-1.15.9.tar.gz -C /opt
[root@localhost opt]# cd nginx-1.15.9/
[root@localhost nginx-1.15.9]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
[root@localhost nginx-1.15.9]# make -j 2 && make install
    #make -j2是给与的安装核数,越大越快(注意机器最好不要超过机器本身核数)

(5)优化路径

[root@localhost nginx-1.15.9]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/

(6)添加nginx系统服务

[root@localhost nginx-1.15.9]# vim /lib/systemd/system/nginx.service
 
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
 
[root@localhost nginx-1.15.9]# chmod 754 /lib/systemd/system/nginx.service
[root@localhost nginx-1.15.9]# systemctl start nginx.service
[root@localhost nginx-1.15.9]# systemctl enable nginx.service
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.

2. 安装mysql服务

(1)安装mysql环境依赖包

[root@localhost nginx-1.15.9]# yum -y install \
> ncurses \
> ncurses-devel \
> bison \
> cmake

(2)创建运行用户

[root@localhost nginx-1.15.9]# useradd -M -s /sbin/nologin mysql

(3)编译安装

[root@localhost nginx-1.15.9]# cd /opt
[root@localhost opt]# tar zxvf mysql-boost-5.7.20.tar.gz
[root@localhost opt]# cd /opt/mysql-5.7.20/
[root@localhost mysql-5.7.20]# cmake \
> -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
> -DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \
> -DSYSCONFDIR=/etc \
> -DSYSTEMD_PID_DIR=/usr/local/mysql \
> -DDEFAULT_CHARSET=utf8  \
> -DDEFAULT_COLLATION=utf8_general_ci \
> -DWITH_EXTRA_CHARSETS=all \
> -DWITH_INNOBASE_STORAGE_ENGINE=1 \
> -DWITH_ARCHIVE_STORAGE_ENGINE=1 \
> -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
> -DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \
> -DMYSQL_DATADIR=/usr/local/mysql/data \
> -DWITH_BOOST=boost \
> -DWITH_SYSTEMD=1
[root@localhost mysql-5.7.20]# make -j 2 && make install

(4)修改mysql配置文件

[root@localhost mysql-5.7.20]# vim /etc/my.cnf
#删除全部内容后编辑
[client]
port = 3306
socket=/usr/local/mysql/mysql.sock
 
[mysqld]
user = mysql
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data
port = 3306
character-set-server=utf8
pid-file = /usr/local/mysql/mysqld.pid
socket=/usr/local/mysql/mysql.sock
bind-address = 0.0.0.0
skip-name-resolve
max_connections=2048
default-storage-engine=INNODB
max_allowed_packet=16M
server-id = 1
 
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES

(5)更改mysql安装目录和配置文件的属主数组

[root@localhost mysql-5.7.20]# chown -R mysql:mysql /usr/local/mysql/
[root@localhost mysql-5.7.20]# chown mysql:mysql /etc/my.cnf

(6)设置路径环境变量

[root@localhost mysql-5.7.20]# echo 'export PATH=/usr/local/mysql/bin:/usr/local/mysql/lib:$PATH' >> /etc/profile
[root@localhost mysql-5.7.20]# source /etc/profile

(7)初始化数据库

[root@localhost mysql-5.7.20]# cd /usr/local/mysql/bin/
[root@localhost bin]# ./mysqld \
> --initialize-insecure \
> --user=mysql \
> --basedir=/usr/local/mysql \
> --datadir=/usr/local/mysql/data

(8)添加mysqld系统服务

[root@localhost bin]# cp /usr/local/mysql/usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/
[root@localhost bin]# systemctl daemon-reload
[root@localhost bin]# systemctl start mysqld.service
[root@localhost bin]# systemctl enable mysqld
Created symlink from /etc/systemd/system/multi-user.target.wants/mysqld.service to /usr/lib/systemd/system/mysqld.service.

(9)修改mysql的登录密码

[root@localhost bin]# mysqladmin -u root -p password "abc123"
Enter password: 
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.

(10)授权远程登录

[root@localhost bin]# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.7.20 Source distribution
 
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
 
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
mysql> grant all privileges on *.* to 'root'@'%' identified by 'abc123';
Query OK, 0 rows affected, 1 warning (0.00 sec)

3. 安装配置php解析环境

(1)安装环境依赖包

[root@localhost bin]# yum -y install gd \
> libjpeg libjpeg-devel \
> libpng libpng-devel \
> freetype freetype-devel \
> libxml2 libxml2-devel \
> zlib zlib-devel \
> curl curl-devel \
> openssl openssl-devel

(2)编译安装

[root@localhost bin]# cd /opt
[root@localhost opt]# tar jxvf php-7.1.10.tar.bz2
[root@localhost opt]# cd php-7.1.10
[root@localhost php-7.1.10]# ./configure \
> --prefix=/usr/local/php \
> --with-mysql-sock=/usr/local/mysql/mysql.sock \
> --with-mysqli \
> --with-zlib \
> --with-curl \
> --with-gd \
> --with-jpeg-dir \
> --with-png-dir \
> --with-freetype-dir \
> --with-openssl \
> --enable-fpm \
> --enable-mbstring \
> --enable-xml \
> --enable-session \
> --enable-ftp \
> --enable-pdo \
> --enable-tokenizer \
> --enable-zip
[root@localhost php-7.1.10]# make -j 2 && make install

(3)路径优化

[root@localhost php-7.1.10]# ln -s /usr/local/php/bin/* /usr/local/bin/
[root@localhost php-7.1.10]# ln -s /usr/local/php/sbin/* /usr/local/sbin/

(4)调整php配置文件

php有三个配置文件,分别是:
主配置文件php.ini
进程服务配置文件php-fpm.conf
扩展配置文件www.conf

  1. 调整主配置文件
[root@localhost php-7.1.10]# cp /opt/php-7.1.10/php.ini-development /usr/local/php7/php.ini
#在测试环境时使用php.ini-development文件,而在生产环境时使用php.ini-production文件
[root@localhost php-7.1.10]# vim /usr/local/php/lib/php.ini
 
#1170行,修改
mysqli.default_socket = /usr/local/mysql/mysql.sock
#939行,取消注释,修改
date.timezone = Asia/Shanghai
 
[root@localhost php-7.1.10]# php -m   #验证安装的模块
[PHP Modules]
Core
ctype
curl
date
dom
fileinfo
filter
ftp
gd
hash
iconv
json
libxml
mbstring
mysqli
mysqlnd
openssl
pcre
PDO
pdo_sqlite
Phar
posix
Reflection
session
SimpleXML
SPL
sqlite3
standard
tokenizer
xml
xmlreader
xmlwriter
zip
zlib
 
[Zend Modules]
  1. 调整进程服务配置文件
[root@localhost php-7.1.10]# cd /usr/local/php/etc/
[root@localhost etc]# cp php-fpm.conf.default php-fpm.conf
[root@localhost etc]# vim php-fpm.conf
 
#17行,删除注释符号“;”
pid = run/php-fpm.pid
  1. 调整扩展配置文件
[root@localhost etc]# cd /usr/local/php/etc/php-fpm.d/
[root@localhost php-fpm.d]# cp www.conf.default www.conf

(5)启动php-fpm

PHP-FPM(FastCGI Process Manager:FastCGI 进程管理器)是一个 PHPFastCGI 管理器, 由于Nginx服务器不能处理动态页面,需要由 Nginx 把动态请求交给 php-fpm 进程进行解析。

[root@localhost php-fpm.d]# /usr/local/php/sbin/php-fpm -c /usr/local/php/lib/php.ini
[root@localhost php-fpm.d]# netstat -anpt | grep 9000
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      33883/php-fpm: mast 
[root@localhost php-fpm.d]# cd /opt/php-7.1.10/sapi/fpm
[root@localhost fpm]# cp php-fpm.service /usr/lib/systemd/system/php-fpm.service
[root@localhost fpm]# systemctl restart php-fpm.service

(6)配置nginx支持php解析

[root@localhost fpm]# vim /usr/local/nginx/conf/nginx.conf
 
#65行-71行,取消注释,修改第69行,将/scripts 修改为nginx的工作目录
        location ~ \.php$ {
            root           html;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /usr/local/nginx/html$fastcgi_script_name;
            include        fastcgi_params;
        }
 
[root@localhost fpm]# systemctl restart nginx.service

(7)验证php测试页

[root@localhost fpm]# vim /usr/local/nginx/html/index.php
 
<?php
phpinfo();
?>

(8)验证数据库工作是否正常

[root@localhost fpm]# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.7.20 Source distribution
 
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
 
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
mysql> CREATE DATABASE bbs;
Query OK, 1 row affected (0.00 sec)
 
mysql> GRANT all ON bbs.* TO 'bbsuser'@'%' IDENTIFIED BY 'admin123';
Query OK, 0 rows affected, 1 warning (0.00 sec)
 
mysql> flush privileges;
Query OK, 0 rows affected (0.03 sec)
 
mysql> quit
Bye
[root@localhost fpm]# vim /usr/local/nginx/html/index.php
 
<?php
$link=mysqli_connect('192.168.159.11','bbsuser','admin123');
if($link) echo "<h1>Success!!</h1>";
else echo "Fail!!";
?>

4.部署Discuz!社区论坛web应用

(1)解压论坛软件

[root@localhost fpm]# cd /opt
[root@localhost opt]# unzip Discuz_X3.4_SC_UTF8.zip  -d /opt/dis

(2)新建web目录

[root@localhost opt]# cd /opt/dis/dir_SC_UTF8/
[root@localhost dir_SC_UTF8]# cp -r upload/ /usr/local/nginx/html/bbs/

(3)调整论坛目录的权限

[root@localhost dir_SC_UTF8]# cd /usr/local/nginx/html/bbs/
[root@localhost bbs]# chmod -R 777 ./{config,data,uc_server,uc_client}

(4)安装bbs


(5)访问

用户访问页面:http://IP地址/bbs/index.php

管理访问页面:http://IP地址/bbs/admin.php

Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...