Summary of LNMP Construction
Reference (quickly complete LNMP environment setup, domain name registration, and SSL certificate application): https://help.aliyun.com/practice_detail/433401?spm=5176.21213303.J_6704733920.7.1c8e53c92gtUqr&scm=20140722.S_help@@%E5%AE%9E %E6%88%98%E6%B4%BE@@433401._.ID_help@@%E5%AE%9E%E6%88%98%E6%B4%BE@@433401-RL_lnmp%E7%8E%AF %E5%A2%83%E6%90%AD%E5%BB%BA-LOC_main-OR_ser-V_2-P0_0
Reference (deployment of LNMP environment): https://help.aliyun.com/document_detail/53161.html?spm=a2c4g.26937906.0.0.55a1ef7dhIsXWE
Reference (manually deploy LNMP environment (CentOS 7)): https://help.aliyun.com/document_detail/97251.html?spm=a2c4g.11186623.0.0.5f804c61AbhHXu
1. What is "LNMP Web"
LNMP
Respectively represent Linux
, Nginx
, MySQL
andPHP
2. Basic configuration
Create an ECS instance and assign a public IP address to the instance
- Instance type: ecs.c6.large
- Operating system: public image CentOS 7.8 64-bit
- Network type: dedicated network VPC
- IP address: public network IP
Add security group rules in the inbound direction of the instance security group and allow ports 22, 80, and 443
other configuration
- Nginx version: Nginx 1.20.1
- MySQL version: MySQL 5.7.36
- PHP version: PHP 7.0.33
3. Preparatory conditions
Remote connection needs to deploy the ECS instance of the LNMP environment
turn off firewall
Run systemctl status firewalld
the command to view the status of the current firewall
[External link picture transfer failed, the source site may have an anti-leeching mechanism, it is recommended to save the picture and upload it directly (img-QnjXVcPD-1677985027826)(001.png)]
- If the status parameter of the firewall is
inactive
, the firewall is closed - If the status parameter of the firewall is
active
, the firewall is enabled
Temporarily turn off the firewall:
systemctl stop firewalld
To permanently disable the firewall:
systemctl stop firewalld // 关闭防火墙
systemctl disable firewalld // 开机时,禁止启动防火墙
close SELinux
Run getenforce
the command to view the current status of SELinux
- SELinux is off if
SELinux
the status parameter isDisabled
- If
SELinux
the status parameter isEnforcing
, SELinux is enabled
What is SELinux?
Security-Enhanced Linux (SELinux) is a feature of the Linux kernel that provides security policy protection mechanisms that support access control.
Reference: https://help.aliyun.com/document_detail/157022.htm?spm=a2c4g.11186623.0.0.576c2830cyZzsX#task-2385075
4. Install Nginx
Install Nginx
yum -y install nginx
view version
nginx -v
5. Install MySQL
update yum source
rpm -Uvh http://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm
Install MySQL
yum -y install mysql-community-server --nogpgcheck
Start MySQL by running the following command
systemctl start mysqld
Set startup to start MySQL
systemctl enable mysqld
systemctl daemon-reload
6. Install PHP
update yum source
Add EPEL source
yum install \
https://repo.ius.io/ius-release-el7.rpm \
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Add Webtatic source
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
Install PHP
yum -y install php70w-devel php70w.x86_64 php70w-cli.x86_64 php70w-common.x86_64 php70w-gd.x86_64 php70w-ldap.x86_64 php70w-mbstring.x86_64 php70w-mcrypt.x86_64 php70w-pdo.x86_64 php70w-mysqlnd php70w-fpm php70w-opcache php70w-pecl-redis php70w-pecl-mongodb
view version
php -v
7. Configure Nginx
Backup Nginx configuration file
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
Modify the Nginx configuration file and add Nginx support for PHP
vim /etc/nginx/nginx.conf
Modify or add configuration information within server braces
Modify location/configuration information
location / {
index index.php index.html index.htm;
}
Add or modify location ~.php$ configuration information
#添加下列信息,配置Nginx通过fastcgi方式处理您的PHP请求。
location ~ .php$ {
root /usr/share/nginx/html; #将/usr/share/nginx/html替换为您的网站根目录,本文使用/usr/share/nginx/html作为网站根目录。
fastcgi_pass 127.0.0.1:9000; #Nginx通过本机的9000端口将PHP请求转发给PHP-FPM进行处理。
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params; #Nginx调用fastcgi接口处理PHP请求。
}
[External link picture transfer failed, the source site may have an anti-leeching mechanism, it is recommended to save the picture and upload it directly (img-pUz7FtxM-1677985027828)(002.png)]
Start the Nginx service
systemctl start nginx
Set the Nginx service to start automatically at boot
systemctl enable nginx
8. Configure MySQL
View the /var/log/mysqld.log file to obtain and record the initial password of the root user
grep 'temporary password' /var/log/mysqld.log
The results returned by the command line are as follows, where ARQTRy3+n8*W is the initial password of MySQL. This initial password will be used when resetting the root user password in the next step
[External link picture transfer failed, the source site may have an anti-leeching mechanism, it is recommended to save the picture and upload it directly (img-55IIJfYz-1677985027829)(003.png)]
Configure MySQL security
mysql_secure_installation
9. Configure PHP
Create and edit the phpinfo.php file to display PHP information
vim /usr/share/nginx/html/phpinfo.php
Start PHP-FPM
systemctl start php-fpm
Set PHP-FPM to start automatically at boot
systemctl enable php-fpm
10. Test access to the LNMP configuration information page
Enter http://<ECS instance public network IP address>/phpinfo.php in the address bar of the browser to access
After testing and accessing the LNMP configuration information page, it is recommended that you run the following command to delete the phpinfo.php file to eliminate the risk of data leakage
rm -rf <网站根目录>/phpinfo.php
rm -rf /usr/share/nginx/html/phpinfo.php
11. Configure website data
project address:/usr/share/nginx/html
12. Install Git to update the project code
yum install git
yum install git
Check version
git --version
yum installation git is installed in /usr/libexec/git-core
the directory
generate ssk key
ssh-keygen -t rsa
// 进入秘钥目录
cd /root/.ssh/
// 查看ssk
cat id_rsa.pub
13. Reconfigure the web project address
Restart Nginx
sudo systemctl stop nginx
sudo systemctl start nginx