当前位置：首页 > news >正文

Nginx（四）

news 2025/6/20 0:25:28

部署LNMP架构动态网站WordPress

LNMP=Linux+Nginx+MySQL+Php

环境

192.168.29.141	centos8	Nginx	1.24.0
192.168.29.142	centos8	MySQL	8.0.33
192.168.29.143	centos8	Php	7.2.24

关闭firewalld

systemctl stop firewalld
systemctl disable firewalld

关闭selinux

setenforce 0
sed -ir 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config &> /dev/null

部署Nginx

#先决条件
[root@nginx ~]#yum -y install yum-utils#配置nginx官方yum源
[root@nginx ~]#vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true#安装
[root@nginx ~]#yum -y install nginx#查看版本
[root@nginx ~]#nginx -v
nginx version: nginx/1.24.0#新建用户www
[root@nginx ~]#useradd www -s /sbin/nologin -M#修改nginx启动用户
[root@nginx ~]#vim /etc/nginx/nginx.conf
user=www www
...#新建配置文件
[root@nginx ~]#vim /etc/nginx/conf.d/wordpress.conf
server {listen       80;server_name  myblog.com;access_log  /var/log/nginx/host.access.log  main;location / {root   /www/wordpress;index  index.php index.html index.htm;}#error_page  404              /404.html;# redirect server error pages to the static page /50x.html#error_page   500 502 503 504  /50x.html;location = /50x.html {root   /usr/share/nginx/html;}# proxy the PHP scripts to Apache listening on 127.0.0.1:80##location ~ \.php$ {#    proxy_pass   http://127.0.0.1;#}# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000#location ~ \.php$ {root           /www/wordpress;fastcgi_pass   192.168.29.143:9000;fastcgi_index  index.php;fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;include        fastcgi_params;}# deny access to .htaccess files, if Apache's document root# concurs with nginx's one##location ~ /\.ht {#    deny  all;#}
}[root@nginx ~]systemctl restart nginx
[root@nginx ~]systemctl enable nginx
[root@nginx ~]#ps aux | grep nginx
root        2936  0.0  0.1  41492   944 ?        Ss   00:48   0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
www         2937  0.0  0.6  72632  5132 ?        S    00:48   0:00 nginx: worker process
root        2976  0.0  0.1 221924  1120 pts/0    R+   00:52   0:00 grep --color=auto nginx

location ~ \.php${...}中，

nginx的fastcgi_param默认为SCRIPT_FILENAME /scripts$fastcgi_script_name; 当php部署完成后，访问192.168.29.141/index.php会提示file not found。将/script替换为$document_root即可，指使用location / {...}中root指定的路径。

部署MySQL

[root@mysql ~]#wget https://repo.mysql.com//mysql80-community-release-el8-5.noarch.rpm
[root@mysql ~]#yum -y install mysql80-community-release-el8-5.noarch.rpm
[root@mysql ~]#ls /etc/yum.repos.d/
CentOS-Base.repo                CentOS-Devel.repo               CentOS-Media.repo               mysql-community-debuginfo.repo  
CentOS-centosplus.repo          CentOS-Extras.repo              CentOS-PowerTools.repo          mysql-community.repo            
CentOS-CR.repo                  CentOS-fasttrack.repo           CentOS-Sources.repo             mysql-community-source.repo     
CentOS-Debuginfo.repo           CentOS-HA.repo                  CentOS-Vault.repo               nginx.repo#（仅限 EL8 系统）基于 EL8 的系统（例如 RHEL8 和 Oracle Linux 8）包括默认启用的 MySQL 模块。除非禁用此模块，否则它会屏蔽 MySQL 存储库提供的包
[root@mysql ~]#yum -y module disable mysql
[root@mysql ~]#yum install -y mysql-community-server
[root@mysql ~]#mysql --version
mysql  Ver 8.0.33 for Linux on x86_64 (MySQL Community Server - GPL)#启动mysql服务并设置为开机启动
[root@mysql ~]#systemctl start mysqld.service 
[root@mysql ~]#systemctl enable mysqld#查询mysql数据库默认密码
[root@mysql ~]#grep "password" /var/log/mysqld.log 
2023-05-14T02:45:28.175684Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: <.XMel1ukpiw
#修改mysql密码
[root@mysql ~]#mysqladmin -uroot -p'<.XMel1ukpiw' password 'Admin.123'
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.
#登录数据库
[root@mysql ~]#mysql -uroot -p'Admin.123'
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 8.0.33 MySQL Community Server - GPLCopyright (c) 2000, 2023, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
4 rows in set (0.00 sec)
#创建网站数据库
mysql> create database wordpress;
Query OK, 1 row affected (0.00 sec)
#创建php登录数据库的用户
mysql> create user 'zhangsan'@'192.168.29.143' identified by 'Admin.123';
Query OK, 0 rows affected (0.01 sec)
#给新用户授权
mysql> grant all privileges on wordpress.* to 'zhangsan'@'192.168.29.143';
Query OK, 0 rows affected (0.01 sec)
#刷新权限
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec) 
mysql> show grants for zhangsan@'192.168.29.143';
+----------------------------------------------------------------------+
| Grants for zhangsan@192.168.29.143                                   |
+----------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `zhangsan`@`192.168.29.143`                    |
| GRANT ALL PRIVILEGES ON `wordpress`.* TO `zhangsan`@`192.168.29.143` |
+----------------------------------------------------------------------+
2 rows in set (0.00 sec)      
#mysql8.0启用了新的密码认证插件caching_sha2_password，为了和php适配，修改密码认证插件为旧版的mysql_native_password
mysql> alter user 'zhangsan'@'192.168.29.143' identified with mysql_native_password by 'Admin.123';
Query OK, 0 rows affected (0.02 sec)mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)[root@mysql ~]#netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      914/sshd            
tcp6       0      0 :::22                   :::*                    LISTEN      914/sshd            
tcp6       0      0 :::33060                :::*                    LISTEN      4165/mysqld         
tcp6       0      0 :::3306                 :::*                    LISTEN      4165/mysqld

部署PHP

[root@php ~]#yum -y install php-fpm php-mysqlnd php-gd php-json.x86_64
#新建用户www
[root@nginx ~]#useradd www -s /sbin/nologin -M
#因为nginx和php不在同一台服务器上，启用tcp通讯模式
[root@php ~]#vim /etc/php-fpm.d/www.conf
...
user = www
group = www
; Note: This value is mandatory.
listen = /run/php-fpm/www.sock
listen = 0.0.0.0:9000
...
; Default Value: any
#将下行注释掉，启动默认值any
;listen.allowed_clients = 127.0.0.1
...#创建index.php文件
[root@php ~]#vim /usr/share/nginx/html/index.php 
<?php
phpinfo();
?>
#创建mysql.php文件,测试数据库连接
[root@php ~]#vim /usr/share/nginx/html/mysql.php 
<?php
$servername = "192.168.29.142";  
$username = "zhangsan";   //定义数据库用户名
$passwd = "Admin.123";   //定义数据库密码
#注意：php7版本之后mysql_connect已被废弃，使用mysqli_connect替代
$conntest = mysqli_connect($servername,$username,$passwd);  
if($conntest) { echo "连接成功"; 
} 
?>[root@php ~]#systemctl start php-fpm.service 
[root@php ~]#systemctl enable php-fpm.service 
[root@php ~]#ps aux | grep php
root        2557  0.0  2.4 428032 20236 ?        Ss   01:58   0:00 php-fpm: master process (/etc/php-fpm.conf)
www         2558  0.0  1.4 443232 11992 ?        S    01:58   0:00 php-fpm: pool www
www         2559  0.0  1.4 443232 11992 ?        S    01:58   0:00 php-fpm: pool www
www         2560  0.0  1.4 443232 11992 ?        S    01:58   0:00 php-fpm: pool www
www         2561  0.0  1.4 443232 11992 ?        S    01:58   0:00 php-fpm: pool www
www         2562  0.0  1.4 443232 11992 ?        S    01:58   0:00 php-fpm: pool www
root        2572  0.0  0.1 221924  1176 pts/0    R+   01:58   0:00 grep --color=auto php

PHP相关配置

核心配置文件——/etc/php.ini

date.timezone = PRC 设置php时区,PRC是中国

open_basedir 设置PHP脚本允许访问的目录；它将PHP所能打开的文件限制在指定的目录树中，包括文件本身。当程序要使用例如fopen()或file_get_contents()打开一个文件时，这个文件的位置将会被检查。当文件在指定的目录树之外，程序将拒绝打开。

全局配置文件——/etc/php-fpm.conf

pid = /run/php-fpm/php-fpm.pid 设置pid文件位置

error_log = /var/log/php-fpm/error.log 设置错误日志文件位置

log_level = notice 记录日志的等级。alert（必须立即处理）, error（错误情况）, warning（警告情况）, notice（一般重要信息）, debug（调试信息）. 默认: notice.

process.max = 128 默认无设置；控制子进程最大数的全局变量, 后边的设置子进程数量的指令受到这个值的限制, 0表示无限制。

daemonize = yes 将fpm转至后台运行

拓展配置文件——/etc/php-fpm.d/www.conf

user = www 设置php-fpm启动用户和组

listen.allowed_clients = 127.0.0.1 允许访问FastCGI进程的IP，设置any为不限制IP，如果要设置其他主机的nginx也能访问这台FPM进程，listen处要设置成本地可被访问的IP。默认值是any。每个地址是用逗号分隔. 如果没有设置或者为空，则允许任何服务器请求连接

listen = 127.0.0.1:9000 fpm监听端口，即nginx中php处理的地址，一般默认值即可。

slowlog = /var/log/php-fpm/$pool-slow.log 开启慢日志

pm = dynamic 动态模式进程管理开启

pm.start_servers = 32 最初开启多少进程

pm.min_spare_servers = 32 最小的多余进程数，最少空闲。用户访问会消耗掉进程。然后为了满足后续游湖随时随地开启进程保持空闲数为32。

pm.max_children = 512 指PHP-FPM Pool 最大的子进程数,数值取决于你的服务器内存。假设你打算给10G内存给当前配置的PHP-FPM Pool，一般一个PHP请求占用内存10M-40M，我们按站点每个PHP请求占用内存25M，这样max_children = 10G/25M = 409。所以，这个值可以根据情况算出来

pm.max_spare_servers = 64 最大的多余进程。大规模断开后，高并发访问过后，还剩多少。

pm.max_requests = 1500 每个子进程能响应的请求数量，到达此数字，该PHP进程就被释放掉了。ax_requests是每个子进程重生之前处理的请求数，默认值为unlimited（默认为1024），可以设置小一点（如500左右），这样可以避免内存泄露带来的问题

测试

在物理机本地做host解析：192.168.29.143 myblog.com

访问http://myblog.com/index.php如下。

踩坑：

一、在访问测试数据库连接mysql.php页面时，网页无法访问

nginx日志

2023/05/20 03:29:37 [error] 3287#3287: *23 FastCGI sent in stderr: "PHP message: PHP Fatal error: Uncaught Error: Call to undefined function mysql_connect() in /www/wordpress/mysql.php:5

解决

php7.0高版本已废弃mysql_connect()函数，使用mysqli_connect()替代

二、第一个坑解决后，再次访问mysql.php，依然无法正确访问，访问页面空白

nginx日志

PHP message: PHP Warning: mysqli_connect(): (HY000/2054): The server requested authentication method unknown to the client in /www/wordpress/mysql.php on line 5" while reading response header from upstream, client: 192.168.29.1, server: myblog.com, request: "GET /mysql.php HTTP/1.1", upstream: "fastcgi://192.168.29.143:9000", host: "myblog.com"

解决

mysql8.0版本使用新的密码认证插件 caching_sha2_password，先前版本使用的默认插件是mysql_native_password。在index.php页面可看到mysqlnd部分php支持的认证插件，没有caching_sha2_password，可使用mysql_native_password；所以在mysql部署部分将zhangsan认证插件改为mysql_native_password。

业务上线——WordPress

#下载wordpress并解压
[root@php ~]#wget -O wordpress.tar.gz https://cn.wordpress.org/latest-zh_CN.tar.gz
[root@php ~]#tar -x wordpress.tar.gz -C /www/

访问http://myblog.com/index.php

无法加载网页样式，实际是有这些样式文件的。待解决