LNMP架构搭建

1.编译安装nginx(1.18.0)

nginx官网:nginx.org

环境:(最小化安装)

[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)

[root@localhost ~]# systemctl is-active firewalld.service
unknown
[root@localhost ~]# getenforce
Disabled

yum源安装:

[root@localhost ~]# yum -y install epel-release

重建yum元数据:

[root@localhost ~]# yum clean all

[root@localhost ~]# yum makecache

更新软件包:

[root@localhost ~]# yum update -y

安装tab键补齐功能:

[root@localhost ~]# yum -y install vim net-tools bash-c*

[root@localhost ~]# reboot

安装nginx依赖环境:(可脚本)

yum -y install wget gcc gcc-c++ make pcre pcre-devel zlib zlib-devel openssl openssl-devel

cd /usr/local/src/

wget -c http://nginx.org/download/nginx-1.18.0.tar.gz

如果下载过慢或者链接失效,请用以下链接:

wget -c http://itityunwei.cn/linux_package/nginx-1.18.0.tar.gz

tar -zxvf nginx-1.18.0.tar.gz

cd nginx-1.18.0

mkdir -p /usr/local/nginx

./configure   –prefix=/usr/local/nginx

make && make install

环境变量配置:

[root@localhost ~]# vim /etc/profile

底部新增一行export PATH=$PATH:/usr/local/nginx/sbin/

[root@localhost ~]# source /etc/profile

启动nginx:nginx

关闭nginx:nginx -s stop

配置用systemctl来管理nginx:

[root@localhost ~]# vim /usr/lib/systemd/system/nginx.service

[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
[Install]
WantedBy=multi-user.target

启动nginx并开机自启动

[root@localhost ~]# systemctl start nginx.service
[root@localhost ~]# systemctl enable nginx.service

查看nginx运行状态

[root@localhost ~]# systemctl is-active nginx.service

[root@localhost ~]# systemctl status nginx.service

2.编译安装php(7.3.25)

php官网:php.net

安装php依赖环境:(可脚本)

yum -y install epel-release

编译安装libzip(php7要libzip版本大于0.11)

yum remove libzip

wget -c https://nih.at/libzip/libzip-1.2.0.tar.gz

tar -zxvf libzip-1.2.0.tar.gz

cd libzip-1.2.0/

./configure

make && make install

添加搜索路径到配置文件

vim /usr/local/lib64

/usr/local/lib

/usr/lib

/usr/lib64

然后 更新配置

ldconfig -v

cp /usr/local/lib/libzip/include/zipconf.h /usr/local/include/zipconf.h

 

安装php环境依赖:
yum -y install gcc gcc-c++ make pcre pcre-devel   zlib zlib-devel openssl openssl-devel libxml2 libxml2-devel libcurl libcurl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel openldap openldap-devel libmcrypt libmcrypt-devel
cd /usr/local/src/
wget -c https://www.php.net/distributions/php-7.3.25.tar.gz

如果下载过慢或者链接失效,请用以下链接:

wget -c http://itityunwei.cn/linux_package/php-7.3.25.tar.gz

tar -zxvf php-7.3.25.tar.gz
cd php-7.3.25
mkdir -p /usr/local/php
./configure –prefix=/usr/local/php –with-config-file-path=/usr/local/php/etc –enable-ctype –with-mysql=mysqlnd –with-mysqli=mysqlnd –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr –enable-xml –disable-rpath –enable-bcmath –enable-shmop –enable-sysvsem –enable-inline-optimization –with-curl –enable-mbregex –enable-mbstring –with-mcrypt –with-gd –enable-gd-native-ttf –with-openssI –with-mhash –enable-pcntl –enable-sockets –with-ldap-sasl –with-xmlrpc –enable-zip –enable-soap –with-gettext –enable-fpm

make && make install
cp php.ini-production /usr/local/php/etc/php.ini

环境变量配置:

vim /etc/profile

export PATH=$PATH:/usr/local/php/sbin/:/usr/local/php/bin/

source /etc/profile

mv /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf

ln -s /usr/local/php/sbin/php-fpm /usr/local/bin/

cp /usr/local/php/etc/php-fpm.d/www.conf.back /usr/local/php/etc/php-fpm.d/www.conf

systemctl管理php启动

vim /usr/lib/systemd/system/php-fpm.service

[Unit]
Description=php-fpm
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/php/sbin/php-fpm
[Install]
WantedBy=multi-user.target

启动php:

[root@localhost system]# systemctl start php-fpm.service
[root@localhost system]# systemctl enable php-fpm.service

修改nginx配置:

cp /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.back

vim /usr/local/nginx/conf/nginx.conf

3.编译安装mysql(5.7.32)

官网:https://www.mysql.com/

yum install -y gcc gcc-c++ make tar openssl openssl-devel cmake ncurses ncurses-devel
useradd -s /sbin/nologin mysql
cd /usr/loca/src
wget -c https://cdn.mysql.com//Downloads/MySQL-5.7/mysql-boost-5.7.32.tar.gz

如果下载过慢或者链接失效,请用以下链接:

wget -c http://itityunwei.cn/linux_package/mysql-boost-5.7.32.tar.gz

tar -zxvf mysql-boost-5.7.32.tar.gz
cd mysql-5.7.32

mkdir -p /usr/local/mysql

mkdir -p /data/mysql

cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/data/mysql -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DMYSQL_TCP_PORT=3306 -DMYSQL_USER=mysql -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITH_MEMORY_STORAGE_ENGINE=1 -DENABLE_DOWNLOADS=1 -DDOWNLOAD_BOOST=1 -DWITH_BOOST=/usr/local/mysql/boost

如果发现国内主机执行后下载boost老是中断,请按下面方法:

cd /usr/local/mysql/boost

wget -c http://sourceforge.net/projects/boost/files/boost/1.59.0/boost_1_59_0.tar.gz(注意加-c参数,支持断点续传)

如果下载过慢或者链接失效,请用以下链接:

wget -c http://itityunwei.cn/linux_package/boost.tar.gz

tar -zxvf boost.tar.gz

cd /usr/local/src/mysql-5.7.32

cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DDOWNLOAD_BOOST=1 -DWITH_BOOST=/usr/local/mysql/boost/ -DMYSQL_DATADIR=/data/mysql -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DMYSQL_TCP_PORT=3306 -DMYSQL_USER=mysql -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITH_MEMORY_STORAGE_ENGINE=1 -DENABLE_DOWNLOADS=1 -DDOWNLOAD_BOOST=1 -DWITH_BOOST=/usr/local/mysql/boost

 

make && make install
cp supprt-files/mysql.server /etc/init.d/mysqld
chmod a+x /etc/init.d/mysqld

配置mysql环境变量:

vim /etc/profile

底部新增一行:export PATH=$PATH:/usr/local/mysql/bin/

更新mysql配置:

vim /etc/my.cnf

把里面的东西删除干净

[mysqld]

bind-address=127.0.0.1
port=3306
datadir=/data/mysql
user=mysql
skip-name-resolve
long_query_time=2
slow_query_log_file=/data/mysql/mysql-slow.log
expire_logs_days=2
innodb-file-per-table= 1
innodb_flush_log_at_trx_commit = 2
log_warnings = 1
max_allowed_packet = 1024M
connect_timeout = 60
net_read_timeout = 120

[mysqld_safe]
log-error=/data/mysql/mysqld.log
pid-file=/data/mysql/mysqld.pid

mysql数据库初始化:

mkdir -pv /data/mysql

chown -R mysql:mysql /usr/local/mysql/ /data/mysql/

yum -y install perl-Module-Install

cd /usr/local/mysql/bin

./mysqld –initialize-insecure –user=mysql –basedir=/usr/local/mysql –datadir=/data/mysql

使用systemctl管理mysql:

[root@localhost bin]# vim /usr/lib/systemd/system/mysqld.service
[Unit]
Description=mysqld
After=network.target
[Service]
Type=forking
ExecStart=/etc/init.d/mysqld start
[Install]
WantedBy=multi-user.target

启动mysql:

[root@localhost ~]# systemctl start mysqld.service
[root@localhost ~]# systemctl enable mysqld.service

查看mysql运行状态:

[root@localhost ~]# systemctl is-active mysqld.service

[root@localhost ~]# systemctl status mysqld.service

设置mysql的root密码:

设置mysql的root密码:
进入mysql:
mysql
设置mysql root密码:
set password for root@localhost = password(‘输入要设置的密码’);
exit
登录mysql:
mysql -uroot -p

进入数据库授权主机访问:

grant all privileges on *.* to ‘root’@’%’ identified by ‘输入上面设置的root密码’ with grant option;

flush privileges;

exit

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

华为防火墙VPN配置

ISP:
interface GE1/0/19
 undo portswitch
 undo shutdown
 ip address 100.100.100.1 255.255.255.0
 commit
 q

interface GE1/0/18
 undo portswitch
 undo shutdown
 ip address 200.200.200.1 255.255.255.0
 q

interface LoopBack0
 ip address 11.11.11.11 255.255.255.255
 commit

ospf 2 router-id 11.11.11.11
area 0.0.0.0
  network 11.11.11.11 0.0.0.0
  network 100.100.100.1 0.0.0.0
  network 200.200.200.1 0.0.0.0
  q
  q


XM_FW:
interface GigabitEthernet1/0/6
ip address 100.100.100.2 255.255.255.0
service-manage all permit
q

interface LoopBack0
 ip address 22.22.22.22 255.255.255.255
q

firewall zone untrust
add interface GigabitEthernet1/0/6
add interface Tunnel0
q

dhcp enable
interface GigabitEthernet1/0/5
service-manage all permit 
q


interface GigabitEthernet1/0/5.1
 vlan-type dot1q 250
 ip address 10.10.250.1 255.255.255.0
 dhcp select global
 service-manage all permit 
q


firewall zone trust
 
 add interface GigabitEthernet1/0/5
 add interface GigabitEthernet1/0/5.1
q

ip pool vlan250
 gateway-list 10.10.250.1
 network 10.10.250.0 mask 255.255.255.0
 excluded-ip-address 10.10.250.2 10.10.250.100
 lease day 3 hour 0 minute 0
 dns-list 10.10.94.10 10.10.94.11
q

ospf 2 router-id 22.22.22.22
 area 0.0.0.0
  network 22.22.22.22 0.0.0.0
  network 100.100.100.2 0.0.0.0
q
q


security-policy
 rule name local_untrust
  source-zone local
  destination-zone untrust
  source-address 100.100.100.0 mask 255.255.255.0
  destination-address 200.200.200.0 mask 255.255.255.0
  action permit
 rule name loca_trust
  source-zone local
  destination-zone trust
  action permit
 rule name hz_tunnel_xm
  source-zone untrust
  destination-zone trust
  source-address 10.20.250.0 mask 255.255.255.0
  destination-address 10.10.250.0 mask 255.255.255.0
  action permit
 rule name xm_tunnel_hz
  source-zone trust
  destination-zone untrust
  source-address 10.10.250.0 mask 255.255.255.0
  destination-address 10.20.250.0 mask 255.255.255.0
  action permit
 rule name untust_local
  source-zone untrust
  destination-zone local
  source-address 200.200.200.0 mask 255.255.255.0
  destination-address 100.100.100.0 mask 255.255.255.0
  action permit
q
q


隧道配置:
interface Tunnel0
 ip address 192.168.1.1 255.255.255.0
 tunnel-protocol gre
 source 100.100.100.2
 destination 200.200.200.2
q
ip route-static 10.20.250.0 24 Tunnel 0


S1:
vlan 250
q
dhcp enable

interface GigabitEthernet0/0/1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 250
q

interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 250
q


HZ_FW:
interface GigabitEthernet1/0/6
 undo shutdown
 ip address 200.200.200.2 255.255.255.0
 service-manage all permit
q

interface LoopBack0
 ip address 33.33.33.33 255.255.255.255
q


dhcp enable

interface GigabitEthernet1/0/5
service-manage all permit

interface GigabitEthernet1/0/5.1
 vlan-type dot1q 250
 ip address 10.20.250.1 255.255.255.0
 dhcp select global
 service-manage all permit 
q

firewall zone untrust
 add interface GigabitEthernet1/0/6
 add interface Tunnel0
q

firewall zone trust
 add interface GigabitEthernet1/0/5
 add interface GigabitEthernet1/0/5.1
q

ospf 2 router-id 33.33.33.33
 area 0.0.0.0
  network 33.33.33.33 0.0.0.0
  network 200.200.200.2 0.0.0.0
q
q


ip pool vlan250
 gateway-list 10.20.250.1
 network 10.20.250.0 mask 255.255.255.0
 excluded-ip-address 10.20.250.2 10.20.250.100
 lease day 3 hour 0 minute 0
 dns-list 10.20.94.10 10.20.94.11
q


security-policy
 rule name local_untrust
  source-zone local
  destination-zone untrust
  source-address 200.200.200.0 mask 255.255.255.0
  destination-address 100.100.100.0 mask 255.255.255.0
  action permit
 rule name loca_trust
  source-zone local
  destination-zone trust
  action permit
 rule name xm_tunnel_hz
  source-zone untrust
  destination-zone trust
  source-address 10.10.250.0 mask 255.255.255.0
  destination-address 10.20.250.0 mask 255.255.255.0
  action permit
 rule name hz_tunnel_xm
  source-zone trust
  destination-zone untrust
  source-address 10.20.250.0 mask 255.255.255.0
  destination-address 10.10.250.0 mask 255.255.255.0
  action permit
 rule name untust_local
  source-zone untrust
  destination-zone local
  source-address 100.100.100.0 mask 255.255.255.0
  destination-address 200.200.200.0 mask 255.255.255.0
  action permit
q
q

隧道配置:
interface Tunnel0
 ip address 192.168.2.1 255.255.255.0
 tunnel-protocol gre
 source 200.200.200.2
 destination 100.100.100.2
 q
ip route-static 10.10.250.0 24 Tunnel 0


S2:
vlan250
q

dhcp enable
interface GigabitEthernet0/0/1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 250
q

interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 250
q