Shulou(Shulou.com)06/01 Report--

Experimental topic: set up LAMP, install Nginx, as an agent, install MySQL on a separate machine, apache is responsible for dynamic, nginx is responsible for static

The requirements are as follows:

1. Prepare two centos 6, one of which runs mysql, the other runs apache and nginx + php

two。 Both apache and nginx are installed, in which nginx starts port 80 to run static objects (pictures, js, css), apache listens on port 88, runs dynamic pages (php-related), and needs to be accessed by nginx agents

3. Slow log needs to be enabled on mysql server.

4. Build discuz, wordpress and phpmyadmin. The domain names are bbs.xin.com, blog.xin.com and pma.xin.com, respectively.

5. Configure pseudo-static (nginx) of discuz

6. Apache does not need to log, nginx logs, but does not log static pages such as pictures, and configures log cutting

7. Configure image hotlink protection (nginx)

8. Configure image cache for 7 days and js,css cache for 1 day (nginx)

9. Discuz and wordpress access backend restrict ip whitelist, for example, only allow 192.168.244.1 access (nginx)

10. Phpmyadmin needs to configure user authentication (nginx) throughout the site.

11. Write a script for mysql backup, which is executed at 5 o'clock every day, and needs to be remotely copied to the web machine.

twelve。 Block out other common search engine spiders except Baidu and google, such as (bingbot/2.0, Sogou web spider/4.0, 360Spider, YisouSpider, YandexBot/3.0) (nginx)

Hello everyone, the picture inside is for reference only, it's just a way of thinking, don't copy it!

Experimental environment:

1 、 VMware Workstation 12

2. The IP address of the device is: 192.168.244.146 Magazine mysqlmerm.

3. The device Borel Nginxhammer ApachettPHPMagic IP address: 192.168.244.139Moore Hostlanmp real machine: 192.168.244.1

4. Linux distribution: Centos 6.7x86-64

5. Nginx: http://nginx.org/download/nginx-1.10.0.tar.gz

6. Apache: http://mirrors.cnnic.cn/apache/httpd/httpd-2.4.18.tar.gz

7. PHP: http://cn2.php.net/get/php-5.6.21.tar.gz

8. MySQL: http://mirrors.sohu.com/mysql/MySQL-5.5/mysql-5.5.49.tar.gz

9. Discuz: http://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_SC_UTF8.zip

10. Wordpress: https://cn.wordpress.org/wordpress-4.2.2-zh_CN.tar.gz

11. Phpmyadmin: https://files.phpmyadmin.net/phpMyAdmin/4.6.2/phpMyAdmin-4.6.2-all-languages.zip

12. Pcre: http://sourceforge.net/projects/pcre/files/pcre2/10.20/pcre2-10.20.tar.gz

13. Apr: http://mirror.bit.edu.cn/apache//apr/apr-1.5.2.tar.gz

14. Apr-util: http://mirror.bit.edu.cn/apache//apr/apr-util-1.5.4.tar.gz

Preparation for the experiment:

1, install the dependency package

Yum-y install ntp make openssl openssl-devel pcre pcre-devel libpng libpng-devel libtiff-devel libjpeg-6b libjpeg-devel-6b freetype freetype-devel gd gd-devel fontconfig-devel zlib zlib-devel libevent-devel gcc gcc-c++ flex bison bzip2 bzip2-devel libXpm libXpm-devel ncurses ncurses-devel libmcrypt libmcrypt-devel libxml2 libxml2-devel imake autoconf automake screen sysstat compat-libstdc++-33 curl curl-devel

2. Download each software in device An and B respectively

A, download mysql

# wget http://mirrors.sohu.com/mysql/MySQL-5.5/mysql-5.5.49.tar.gz

B, download

# wget http://mirrors.cnnic.cn/apache/httpd/httpd-2.4.18.tar.gz

# wget http://mirror.bit.edu.cn/apache//apr/apr-1.5.2.tar.gz

# wget http://mirror.bit.edu.cn/apache//apr/apr-util-1.5.4.tar.gz

# wget http://cn2.php.net/get/php-5.6.21.tar.gz

# wget http://nginx.org/download/nginx-1.10.0.tar.gz

# wget http://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_TC_UTF8.zip

# wget https://cn.wordpress.org/wordpress-4.2.2-zh_CN.tar.gz

# wget https://files.phpmyadmin.net/phpMyAdmin/4.6.2/phpMyAdmin-4.6.2-all-languages.zip

3. Update system time

# crontab-e

* / 30 * / usr/sbin/ntpdate tiger.sina.com.cn > / dev/dull 2 > 1 &

4. Clear Iptables, close Selinux, or add access to databases and websites.

# chkconfig iptables off

# chkconfig ip6tables off

# / etc/init.d/iptables stop

# / etc/init.d/ip6tables stop

# sed-I "s/LINUX=.*/LINUX=disabled/g" / etc/selinux/config

# reboot (shutdown-h now)

The steps of the experiment:

Device A:mysql

Reference documentation (mysql 5-5)

# yum install-y gcc gcc-c++ cmake ncurses-devel wget

# cd / usr/local/src/

# wget http://mirrors.sohu.com/mysql/MySQL-5.5/mysql-5.5.49.tar.gz

# useradd-s / sbin/nologin-M mysql

# mkdir-p / data/mysql

# chown-R mysql:mysql / data/mysql

# tar-zxvf mysql-5.5.49.tar.gz

# cd / usr/local/src/mysql-5.5.49

# cmake-DCMAKE_INSTALL_PREFIX=/usr/local/mysql-DMYSQL_DATADIR=/data/mysql-DDEFAULT_CHARSET=utf8-DDEFAULT_COLLATION=utf8_general_ci-DEXTRA_CHARSETS=all-DENABLED_LOCAL_INFILE=1-DMYSQL_USER=mysql-DMYSQL_TCP_PORT=3306

# make & & make install

# cd / usr/local/mysql/

# chown-R mysql:mysql / usr/local/mysql/

# / usr/local/mysql/scripts/mysql_install_db-user=mysql-datadir=/data/mysql-basedir=/usr/local/mysql/

# cd / usr/local/mysql/support-files/

# cp my-small.cnf / etc/my.cnf

# cp mysql.server / etc/init.d/mysqld

# vim / etc/init.d/mysqld

Find basedir,datadir and add the corresponding installation directory and data directory

Basedir=/usr/local/mysql

Datadir=/data/mysql

# / etc/init.d/mysqld stop

# ps aux | grep mysql

# netstat-lnp | grep 3306

# mysql-uroot-p

# create database discuz

# create database wordpress

# grant all on *. * to 'discuz'@'192.168.244.139' identified by' discuz'

# quit

Reference:

# grant all on *. * to 'user name' @ 'web server ip address' identified by 'user password'

Device B:lanmp

First, install Apache

Reference documentation (KVM)

# cd / usr/local/src/

# wget http://mirrors.cnnic.cn/apache/httpd/httpd-2.4.18.tar.gz

# wget http://mirror.bit.edu.cn/apache//apr/apr-1.5.2.tar.gz

# wget http://mirror.bit.edu.cn/apache//apr/apr-util-1.5.4.tar.gz

# tar zxvf apr-util-1.5.4.tar.gz

# tar zxvf apr-1.5.2.tar.gz

# tar zxvf httpd-2.4.18

# cp-r apr-1.5.2 httpd-2.4.18/srclib/apr

# cp-r apr-util-1.5.4 httpd-2.4.18/srclib/apr-util

# cd httpd-2.4.18

#. / configure-prefix=/usr/local/apache2/-with-included-apr-enable-so-enable-deflate=shared-enable-expires=shared-enable-rewrite=shared

# make & & make install & & echo $?

# / usr/local/apache2/bin/apachectl start

# echo "/ usr/local/apache2/bin/apachectl start" > > / etc/rc.local

# vim / etc/profile.d/path.sh

#! / bin/bash

Export PATH=$PATH:/usr/local/apache2/bin

# source / etc/profile.d/path.sh

# apachectl-t (check syntax)

# apachectl restart

Second, install PHP

# wget http://cn2.php.net/get/php-5.6.21.tar.gz

# tar zxvf php-5.6.21.tar.gz

# cd php-5.6.21

# / configure-- prefix=/usr/local/php-- with-apxs2=/usr/local/apache2/bin/apxs-- with-config-file-path=/usr/local/php/etc-- with-mysql=mysqlnd-- with-mysqli=mysqlnd-- with-pdo-mysql=mysqlnd-- with-libxml-dir-- with-gd-- with-jpeg-dir-- with-png-dir-- with-freetype-dir-- with-iconv-dir-- with-zlib-dir-- with-bz2-- with-openssl -with-mcrpt-enable-soap-enable-gd-native-ttf-enable-mbstring-enable-sockets-enable-exif-disable-ipv6

# in the traditional way of installing php, we generally need to specify the following items when compiling PHP:

#-with-mysql=/usr/local/mysql

#-with-pdo-mysql=/usr/local/mysql

# this actually uses the libmysql driver that comes with mysql officially, which is an older driver, which has been available since PHP 5.3.

# instead of recommending to use it, it is recommended to use mysqlnd.

# mysqlnd is built into the PHP source code, so you don't need to install mysql server in advance when you compile and install PHP

# mysql client API (mysql_connect, pdo, mysqli) can be provided, which will reduce some workload.

# make & & make install & & echo $?

# cp / usr/local/src/php-5.6.21/php.ini-production / usr/local/php/etc/php.ini

Configure the combination of PHP and Apache

# vim / usr/local/apache2/conf/httpd.conf

The modification is as shown below:

Before modification:

After modification:

Before modification:

After modification:

Before modification:

After modification:

Check to see if a modules/libphp5.so exists

Test the LAMP environment: visit 192.168.244.139 in a browser, if IT Works is displayed! Indicates that the LAMP environment has been built successfully

IV. Configuration of discuz, wordpress and phpmyadmin

# mkdir-p / date/ {discuz,blog,pma}

1 configure discuz

# unzip Discuz_X3.2_SC_UTF8.zip

# mv upload/* / date/discuz

2 configure wordpress

# tar zxvf wordpress-4.2.2-zh_CN.tar.gz

# mv wordpress/* / date/blog/

3 configure phpmyadmin

# unzip phpMyAdmin-4.4.13.1-all-languages.zip

# mv phpMyAdmin-4.4.13.1-all-languages/* / date/pma/

Open the virtual host configuration file

Before modification:

After modification:

# vim / usr/local/apache2/conf/extra/httpd-vhosts.conf

DocumentRoot "/ date/discuz/"

ServerName bbs.xin.com

ErrorLog "logs/bbs.xin.com-error_log"

CustomLog "logs/bbs.xin.com-access_log" common

DocumentRoot "/ date/blog/"

ServerName blog.xin.com

ErrorLog "logs/blog.xin.com-error_log"

CustomLog "logs/blog.xin.com-access_log" common

LHost *: 88 >

DocumentRoot "/ date/pma/"

ServerName pma.xin.com

ErrorLog "logs/pma.xin.com-error_log"

CustomLog "logs/pma.xin.com-access_log" common

As shown below:

# / usr/local/apache2/bin/apachectl-t (apachectl-t)

Detection syntax

# / usr/local/apache2/bin/apachectl graceful (apachectl graceful)

Load configuration file

# netstat-lnp | grep 88

Check if port 88 is listening

Bind ip and virtual host domain name in the host file on the real machine win (host file path: C/windows/System32/drivers/etc/hosts

192.168.244.4 bbs.xin.com blog.xin.com pma.xin.com

Install discuz

Visit bbs.abc.com:88/install/, in the browser will appear discuz graphical installation interface, I agree, there are a lot of directories are unwritable, why not write it? Because ps aux | grep httpd,httpd is running as a daemon user. Therefore, it is necessary to change the owners and groups of unwritable directories in discuz to daemon,chown-R daemon:daemon / date/discuz.

Go back to browser refresh, and next, install discuz all over again

Create a discuz library in mysql and authorize a user

Mysql > create database discuz

Mysql > grant all on *. * to 'discuz'@'192.168.244.139' identified by' discuz'

Mysql > flush privileges

Mysql > quit

Back to the discuz browser, the database name is discuz, the database user name is discuz, and the database password is discuz

To this discuz forum installation is complete

Install wordpress

Access blog.xin.com:88 in the browser for installation

Click to submit:

According to the error prompt, create a wp-config.php in the blog directory and copy the information in the box in the browser to the wp-config.php file

Then click to install

Click to log in, and then enter the user name and password you just set to log in.

Install phpmyadmin

# cd / date/pma

# cp libraries/config.default.php config.inc.php

# vim config.inc.php

The changes are as follows:

$cfg ['Servers'] [$I] [' user'] = 'root'; # user name root of the database

$cfg ['Servers'] [$I] [' password'] = 'yourrootpassword'; # root password of the database

$cfg ['Servers'] [$I] [' host'] = 'yourdbip'; # ip address of the database

$cfg ['Servers'] [$I] [' auth_type'] = 'config';### authentication mode changes cookie to config

The database server executes the following command

# mysql-uroot password 'phpadmin'

# mysql-uroot-pphpadmin

> grant all on *. * to 'root'@'192.168.244.139' identified by' phpadmin'

Fourth, install nginx

Reference documentation (nginx)

Configure nginx

# vim / usr/local/nginx/conf/nginx.conf

User nobody nobody

Worker_processes 2

Error_log / usr/local/nginx/logs/nginx_error.log crit

Pid / usr/local/nginx/logs/nginx.pid

Worker_rlimit_nofile 51200

Events

{

Use epoll

Worker_connections 6000

}

Http

{

Include mime.types

Default_type application/octet-stream

Server_names_hash_bucket_size 3526

Server_names_hash_max_size 4096

Log_format combined_realip'$remote_addr $http_x_forwarded_for [$time_local]'

'$host "$request_uri" $status'

'"$http_referer"$http_user_agent"'

Sendfile on

Tcp_nopush on

Keepalive_timeout 30

Client_header_timeout 3m

Client_body_timeout 3m

Send_timeout 3m

Connection_pool_size 256

Client_header_buffer_size 1k

Large_client_header_buffers 8 4k

Request_pool_size 4k

Output_buffers 4 32k

Postpone_output 1460

Client_max_body_size 10m

Client_body_buffer_size 256k

Client_body_temp_path / usr/local/nginx/client_body_temp

Proxy_temp_path / usr/local/nginx/proxy_temp

Fastcgi_temp_path / usr/local/nginx/fastcgi_temp

Fastcgi_intercept_errors on

Tcp_nodelay on

Gzip on

Gzip_min_length 1k

Gzip_buffers 4 8k

Gzip_comp_level 5

Gzip_http_version 1.1

Gzip_types text/plain application/x-javascript text/css text/htm application/xml

Include vhosts/*.conf

}

As you can see from the figure above, nginx also supports virtual hosts. Let's create virtual hosts.

# mkdir / usr/local/nginx/conf/vhosts

# cd / usr/local/nginx/conf/vhosts

# touch bbs.conf blog.conf pma.conf

Configure bbs.conf

# vim / usr/local/nginx/conf/vhosts/bbs.conf

Server

{

Listen 80

Server_name bbs.xin.com

Index index.html index.php

Root / date/discuz

If ($http_user_agent ~ 'bingbot/2.0 | MJ12bot/v1.4.2 | Spider/3.0 | YoudaoBot | Tomato | Gecko/20100315')

{

Return 403

}

Location ~ admin.php {

Allow 192.168.244.1

Deny all

Proxy_pass http://127.0.0.1:88;

Proxy_set_header Host $host

}

Location ~\ .php$ {

Proxy_pass http://127.0.0.1:88;

Proxy_set_header Host $host

Proxy_set_header X-Real-IP $remote_addr

Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for

}

Location. *\. (js | css)? $

{

Expires 24h

Access_log off

}

Location ~ * ^. +\. (gif | jpg | png | swf | flv | rar | doc | pdf | gz | bz2 | jpeg | bmp | xls) ${

Expires 7d

Valid_referers none blocked server_names * .baidu.com * .google.com * .google.cn * .soso.com

If ($invalid_referer)

{

Return 403

# rewrite ^ / http://www.xin.com/nophoto.gif;

}

Access_log off

}

Rewrite ^ ([^\.] *) / topic- (. +)\ .html $$1/portal.php?mod=topic&topic=$2 last

Rewrite ^ ([^\.] *) / forum- (\ w +)-([0-9] +)\ .html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last

Rewrite ^ ([^\.] *) / thread- ([0-9] +)-([0-9] +)-([0-9] +)\ .html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last

Rewrite ^ ([^\.] *) / group- ([0-9] +)-([0-9] +)\ .html$ $1/forum.php?mod=group&fid=$2&page=$3 last

Rewrite ^ ([^\.] *) / space- (username | uid)-(. +)\ .html$ $1/home.php?mod=space&$2=$3 last

Rewrite ^ ([^\.] *) / (fid | tid)-([0-9] +)\ .html$ $1/index.php?action=$2&value=$3 last

Access_log / home/logs/discuz.log combined_realip

}

Picture error prompt: change root / date/bbs to / date/discuz

# / usr/local/nginx/sbin/nginx-t

# service nginx configtest

Check the grammar

Visit bbs.xin.com in the browser, which is accessible.

Configure blog.conf

# vim / usr/local/nginx/conf/vhosts/blog.conf

Server

{

Listen 80

Server_name blog.xin.com

Index index.html index.htm index.php

Root / date/blog

Location / wp-admin/ {

Allow 192.168.244.1

Deny all

Location ~\ .php$ {

Proxy_pass http://127.0.0.1:88;

Proxy_set_header Host $host

}

}

Location / {

Proxy_pass http://127.0.0.1:88/;

Proxy_set_header Host $host

Proxy_set_header X-Real-IP $remote_addr

Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for

}

}

# / usr/local/nginx/sbin/nginx-t

# service nginx configtest

Check the grammar

In the browser to access: blog.xin.com, is accessible, automatically jump to blog.xin.com:88

Configure pma.conf

# vim / usr/local/nginx/conf/vhosts/pma.conf

Server

{

Listen 80

Server_name pma.xin.com

Index index.html index.php

Root / date/pma

Location / {

Auth_basic "Auth"

Auth_basic_user_file / usr/local/nginx/conf/htpasswd

Location ~\ .php$ {

Proxy_pass http://127.0.0.1:88;

Proxy_set_header Host $host

Proxy_set_header X-Real-IP $remote_addr

Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for

}

}

}

# / usr/local/nginx/sbin/nginx-t

# service nginx configtest

Check the grammar

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.