Implementación separada de la arquitectura LNMP en tres hosts
Directorio de artículos
Directorio de artículos
1. ¿Qué es LNMP?
LNMP significa: arquitectura de servidor de sitio web Nginx+MySQL+PHP bajo sistema Linux. PHP en Nginx se combina con Nginx en la forma de fastcgi, que puede entenderse como Nginx representando al fastcgi de PHP.
2. Por qué usar LNMP
LNMP tiene las características de bajo costo, implementación flexible, rápido desarrollo, seguridad y estabilidad, etc. Es una excelente combinación de aplicaciones y entornos de red web. Si se trata de un sitio web personal con una configuración de servidor relativamente baja, por supuesto que se prefiere la arquitectura LNMP.
3. Cómo funciona LNMP
En primer lugar, el servicio Nginx no puede manejar solicitudes dinámicas, por lo que cuando un usuario inicia una solicitud dinámica, ¿cómo la maneja Nginx?
1. Solicitud estática: solicita archivos estáticos o páginas html, archivos html que existen en el servidor Archivos estáticos : archivos cargados en el servidor y archivos que nunca cambiarán son
archivos estáticos
.
Cuando un usuario inicia una solicitud http, la solicitud será procesada por Nginx. Si es una solicitud de recursos estáticos, Nginx la devolverá directamente. Si es una solicitud dinámica, Nginx la transferirá al programa PHP de back-end para su procesamiento a través del protocolo fastcgi, como se muestra en la siguiente figura.
12. Proceso de flujo de datos Solicitud: navegador -> equilibrio de carga -> nginx -> php-fpm -> contenedor -> mysql
Respuesta: mysql -> contenedor -> php-fpm -> nginx -> equilibrio de carga -> navegador.
4. Despliegue de LNMP
Descripción del entorno :
| nombre de la CPU | dirección IP | Version de aplicacion | sistema |
|---|---|---|---|
| nginx | 192.168.183.135 | nginx-1.20.2 | lo intenté8 |
| mysql | 192.168.183.136 | mysql-5.7.38 | lo intenté8 |
| php | 192.168.183.137 | php-8.1.11 | lo intenté8 |
1. Instalar nginx
//修改主机名关闭防火墙和selinux
[root@localhost ~]# hostnamectl set-hostname nginx
[root@localhost ~]# bash
[root@nginx ~]# setenforce 0
[root@nginx ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@nginx ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
//创建用户
[root@nginx ~]# useradd -rMs /sbin/nologin nginx
//安装依赖包
[root@nginx ~]# dnf -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ make wget vim
//下载nginx软件包并解压
[root@nginx ~]# wget http://nginx.org/download/nginx-1.20.2.tar.gz
--2022-10-11 13:47:12-- http://nginx.org/download/nginx-1.20.2.tar.gz
Resolving nginx.org (nginx.org)... 3.125.197.172, 52.58.199.22, 2a05:d014:edb:5704::6, ...
Connecting to nginx.org (nginx.org)|3.125.197.172|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1062124 (1.0M) [application/octet-stream]
Saving to: ‘nginx-1.20.2.tar.gz’
nginx-1.20.2.tar.gz 100%[================>] 1.01M 658KB/s in 1.6s
2022-10-11 13:47:14 (658 KB/s) - ‘nginx-1.20.2.tar.gz’ saved [1062124/1062124]
[root@nginx ~]# tar -xf nginx-1.20.2.tar.gz
//进入目录配置编译安装
[root@nginx ~]# cd nginx-1.20.2
[root@nginx nginx-1.20.2]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-debug \
> --with-http_ssl_module \
> --with-http_realip_module \
> --with-http_image_filter_module \
> --with-http_gunzip_module \
> --with-http_gzip_static_module \
> --with-http_stub_status_module \
> --http-log-path=/var/log/nginx/access.log \
> --error-log-path=/var/log/nginx/error.log
[root@nginx nginx-1.20.2]# make -j $(grep 'processor' /proc/cpuinfo | wc -l) && make install
//安装完成
[root@nginx nginx-1.20.2]# cd /usr/local/nginx/
[root@nginx nginx]# ls
conf html logs sbin
//配置环境变量
[root@nginx nginx]# echo "export PATH=$PATH:/usr/local/nginx/sbin" > /etc/profile.d/nginx.sh
[root@nginx nginx]# source /etc/profile.d/nginx.sh
//编写service文件启动服务
[root@nginx nginx]# cd
[root@nginx ~]# cat > /usr/lib/systemd/system/nginx.service << EOF
> [Unit]
> Description=nginx server daemon
> After=network.target
>
> [Service]
> Type=forking
> ExecStart=/usr/local/nginx/sbin/nginx
> ExecStop=/usr/local/nginx/sbin/nginx -s stop
> ExecReload=/bin/kill -HUP \$MAINPID
>
> [Install]
> WantedBy=multi-user.target
> EOF
[root@nginx ~]# systemctl daemon-reload
[root@nginx ~]# systemctl enable --now nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@nginx ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
2. Instalar mysql
//修改主机名关闭防火墙和selinux
[root@localhost ~]# hostnamectl set-hostname mysql
[root@localhost ~]# bash
[root@mysql ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@mysql ~]# setenforce 0
[root@mysql ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//安装依赖包
[root@mysql ~]# dnf -y install ncurses-devel openssl-devel openssl cmake mariadb-devel ncurses-compat-libs
//创建用户
[root@mysql ~]# useradd -rMs /sbin/nologin mysql
//下载mysql软件包
[root@mysql ~]# ls
anaconda-ks.cfg mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz //此处为节约时间是将提前下载好的进行上传
//解压重命名
[root@mysql ~]# tar xf mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
[root@mysql ~]# cd /usr/local/
[root@mysql local]# ls
bin games lib libexec sbin src
etc include lib64 mysql-5.7.38-linux-glibc2.12-x86_64 share
[root@mysql local]# mv mysql-5.7.38-linux-glibc2.12-x86_64 mysql
[root@mysql local]# ls
bin etc games include lib lib64 libexec mysql sbin share src
//修改属主属组
[root@mysql local]# chown -R mysql.mysql mysql
//配置include、man及环境变量
[root@mysql local]# ln -s /usr/local/mysql/include /usr/include/mysql
[root@mysql local]# echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf
[root@mysql local]# vi /etc/man_db.conf
MANDATORY_MANPATH /usr/local/mysql/man
[root@mysql local]# echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@mysql local]# source /etc/profile.d/mysql.sh
[root@mysql local]# which mysql
/usr/local/mysql/bin/mysql
//建立数据存放目录
[root@mysql ~]# mkdir -p /opt/data
[root@mysql ~]# chown -R mysql.mysql /opt/data/
//初始化数据库
[root@mysql ~]# mysqld --initialize --user mysql --datadir /opt/data
2022-10-11T06:12:47.976658Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2022-10-11T06:12:48.115799Z 0 [Warning] InnoDB: New log files created, LSN=45790
2022-10-11T06:12:48.152163Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2022-10-11T06:12:48.163911Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: ba9d3275-492b-11ed-bad6-000c2907de9b.
2022-10-11T06:12:48.165296Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2022-10-11T06:12:48.355412Z 0 [Warning] A deprecated TLS version TLSv1 is enabled. Please use TLSv1.2 or higher.
2022-10-11T06:12:48.355437Z 0 [Warning] A deprecated TLS version TLSv1.1 is enabled. Please use TLSv1.2 or higher.
2022-10-11T06:12:48.355796Z 0 [Warning] CA certificate ca.pem is self signed.
2022-10-11T06:12:48.392081Z 1 [Note] A temporary password is generated for root@localhost: M.81jgNZ9DKR
[root@mysql ~]# echo 'M.81jgNZ9DKR' > pass
//生成配置文件
[root@mysql ~]# cat >> /etc/my.cnf <<EOF
> [mysqld]
> basedir = /usr/local/mysql
> datadir = /opt/data
> socket = /tmp/mysql.sock
> port = 3306
> pid-file = /opt/data/mysql.pid
> user = mysql
> skip-name-resolve
> EOF
//配置服务启动脚本
[root@mysql ~]# cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@mysql ~]# sed -ri 's#^(basedir=).*#\1/usr/local/mysql#g' /etc/init.d/mysqld
[root@mysql ~]# sed -ri 's#^(datadir=).*#\1/opt/data#g' /etc/init.d/mysqld
[root@mysql ~]# chmod +x /etc/init.d/mysqld
//编写service文件启动服务并设置开机自启
[root@mysql ~]# cat > /usr/lib/systemd/system/mysqld.service <<EOF
[Unit]
Description=mysqld server daemon
After=network.target
[Service]
Type=forking
ExecStart=/etc/init.d/mysqld start
ExecStop=/etc/init.d/mysqld stop
ExecReload=/bin/kill -HUP \$MAINPID
[Install]
WantedBy=multi-user.target
EOF
[root@mysql ~]# systemctl daemon-reload
[root@mysql ~]# systemctl enable --now mysqld
[root@mysql ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 80 *:3306 *:*
LISTEN 0 128 [::]:22 [::]:*
//登录mysql修改密码
[root@mysql ~]# cat pass
M.81jgNZ9DKR
[root@mysql ~]# mysql -uroot -pM.81jgNZ9DKR
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.38
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> set password = password('123com');
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> quit
Bye
[root@mysql ~]# mysql -uroot -p123com
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.38 MySQL Community Server (GPL)
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
3. Instalar PHP
//修改主机名关闭防火墙selinux
[root@localhost ~]# hostnamectl set-hostname php
[root@localhost ~]# bash
[root@php ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@php ~]# setenforce 0
[root@php ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
//配置yum源
[root@php ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@php ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
//安装依赖包
[root@php ~]# yum -y install epel-release
[root@php ~]# yum -y install openssl-devel pcre-devel expat-devel libtool gcc gcc-c++ wget make ncurses-devel openssl cmake libxm12 libxm12-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel freetype freetype-devel gmp gmp-devel readline readline-devel libxslt libxslt-devel php-mysqlnd libsqlite3x-devel libzip-devel https://dl.rockylinux.org/pub/rocky/9/CRB/x86_64/os/Packages/o/oniguruma-devel-6.9.6-1.el9.5.x86_64.rpm http://mirror.stream.centos.org/9-stream/CRB/x86_64/os/Packages/libzip-devel-1.7.3-7.el9.x86_64.rpm http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm --allowerasing --skip-broken --nobest
//下载php软件包
[root@php ~]# wget https://www.php.net/distributions/php-8.1.11.tar.gz
//解压软件包编译安装
[root@php ~]# tar xf php-8.1.11.tar.gz
[root@php ~]# cd php-8.1.11
[root@php php-8.1.11]# ./configure --prefix=/usr/local/php8 --with-config-file-path=/etc --enable-fpm --enable-inline-optimization --disable-debug --disable-rpath --enable-shared --enable-soap --with-openssl --enable-bcmath --with-iconv --with-bz2 --enable-calendar --with-curl --enable-exif --enable-ftp --enable-gd --with-jpeg --with-zlib-dir --with-freetype --with-gettext --enable-json --enable-mbstring --enable-pdo --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-readline --enable-shmop --enable-simplexml --enable-sockets --with-zip --enable-mysqlnd-compression-support --with-pear --enable-pcntl --enable-posix
[root@php php-8.1.11]# make
[root@php php-8.1.11]# make install
//配置环境变量查看版本
[root@php php-8.1.11]# echo 'export PATH=/usr/local/php8/bin:$PATH' > /etc/profile.d/php8.sh
[root@php php-8.1.11]# source /etc/profile.d/php8.sh
[root@php php-8.1.11]# which php
/usr/local/php8/bin/php
[root@php php-8.1.11]# php -v
PHP 8.1.11 (cli) (built: Oct 11 2022 15:39:15) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.11, Copyright (c) Zend Technologies
//配置php-fpm
[root@php php-8.1.11]# cp php.ini-production /etc/php.ini
cp: overwrite '/etc/php.ini'? y
[root@php php-8.1.11]# cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[root@php php-8.1.11]# chmod +x /etc/init.d/php-fpm
[root@php php-8.1.11]# cp /usr/local/php8/etc/php-fpm.conf.default /usr/local/php8/etc/php-fpm.conf
[root@php php-8.1.11]# cp /usr/local/php8/etc/php-fpm.d/www.conf.default /usr/local/php8/etc/php-fpm.d/www.conf
//编写service文件启动服务并设为开机自启
[root@php php-8.1.11]# cat > /usr/lib/systemd/system/php.service <<EOF
[Unit]
Description=php server daemon
After=network.target
[Service]
Type=forking
ExecStart=/etc/init.d/php-fpm start
ExecStop=/etc/init.d/php-fpm stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@php php-8.1.11]# systemctl daemon-reload
[root@php php-8.1.11]# systemctl enable --now php
Created symlink /etc/systemd/system/multi-user.target.wants/php.service → /usr/lib/systemd/system/php.service.
[root@php php-8.1.11]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
4. Configurar después de la instalación
servidor nginx
[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf
······
location / {
root html;
index index.php index.html index.htm; //添加index.php
}
······
location ~ \.php$ {
root html;
fastcgi_pass 192.168.183.137:9000; //改为php端ip
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www$fastcgi_script_name; //将$/scripts修改为根目录
include fastcgi_params;
}
//检查配置文件是否有错误
[root@nginx ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
//重启服务
[root@nginx ~]# systemctl restart nginx
//创建index.php文件
[root@nginx ~]# cd /usr/local/nginx/html/
[root@nginx html]# vim index.php
[root@nginx html]# cat index.php
<?php
phpinfo();
?>
servidor php
[root@php ~]# vim /usr/local/php8/etc/php-fpm.d/www.conf
listen = 192.168.183.137:9000 //监听php服务器的ip端口号为9000
;listen.allowed_clients = 192.168.183.135 //允许nginx服务器进行访问
//创建index.php文件
[root@php ~]# mkdir /var/www
[root@php ~]# cat > /var/www/index.php <<EOF
> <?php
> phpinfo();
> ?>
> EOF
//重启服务
[root@php ~]# systemctl restart php
[root@php ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 192.168.183.137:9000 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
verificación de acceso
