一、LNMP组成
- Linux
- 关闭SElinux
- 关闭防火墙
- /tmp/ 目录权限为1777
- Nginx
- MySQL
- PHP
二、部署流程
1. 安装系统
2. 软件安装
- Nginx
|
/etc/yum.repos.d/nginx.repo [nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=0 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key yum install -y nginx |
[root@web01 ~]# vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
[root@web01 ~]# yum install -y nginx
......
Dependencies Resolved
==========================================================================================================
Package Arch Version Repository Size
==========================================================================================================
Installing:
nginx x86_64 1:1.16.0-1.el7.ngx nginx-stable 766 k
Transaction Summary
==========================================================================================================
......
Installed:
nginx.x86_64 1:1.16.0-1.el7.ngx - MySQL(MariaDB模拟)
| yum install -y mariadb-server mariadb |
[root@web01 /var/html]# yum install -y mariadb-server mariadb
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
* webtatic: us-east.repo.webtatic.com
......
Complete!- PHP
step1 解决YUM安装软件冲突问题
| yum remove php-mysql php php-fpm php-common |
[root@web01 ~]# yum remove php-mysql php-common php php-fpm
Loaded plugins: fastestmirror
No Match for argument: php-mysql
No Match for argument: php-common
No Match for argument: php
No Match for argument: php-fpm
No Packages marked for removalstep2 准备YUM安装软件扩展资源信息
| rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm |
[root@web01 ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Retrieving https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
warning: /var/tmp/rpm-tmp.Xzo5ED: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:epel-release-7-11 warning: /etc/yum.repos.d/epel.repo created as /etc/yum.repos.d/epel.repo.rpmnew
################################# [100%]
[root@web01 ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
Retrieving https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
warning: /var/tmp/rpm-tmp.c7tCGl: Header V4 RSA/SHA1 Signature, key ID 62e74ca5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:webtatic-release-7-3 ################################# [100%]step3 利用YUM安装PHP相关软件信息
| yum install -y php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb |
[root@web01 ~]# yum install -y php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb
......
Installed:
mod_php71w.x86_64 0:7.1.30-1.w7 php71w-cli.x86_64 0:7.1.30-1.w7
php71w-common.x86_64 0:7.1.30-1.w7 php71w-devel.x86_64 0:7.1.30-1.w7
php71w-embedded.x86_64 0:7.1.30-1.w7 php71w-fpm.x86_64 0:7.1.30-1.w7
php71w-gd.x86_64 0:7.1.30-1.w7 php71w-mbstring.x86_64 0:7.1.30-1.w7
php71w-mcrypt.x86_64 0:7.1.30-1.w7 php71w-mysqlnd.x86_64 0:7.1.30-1.w7
php71w-opcache.x86_64 0:7.1.30-1.w7 php71w-pdo.x86_64 0:7.1.30-1.w7
php71w-pecl-memcached.x86_64 0:3.0.4-1.w7 php71w-pecl-mongodb.x86_64 0:1.5.3-1.w7
php71w-pecl-redis.x86_64 0:3.1.6-1.w7 php71w-xml.x86_64 0:7.1.30-1.w7
Dependency Installed:
libX11.x86_64 0:1.6.5-2.el7 libX11-common.noarch 0:1.6.5-2.el7
libXau.x86_64 0:1.0.8-2.1.el7 libXpm.x86_64 0:3.5.12-1.el7
libmcrypt.x86_64 0:2.5.8-13.el7 libmemcached.x86_64 0:1.0.16-5.el7
libxcb.x86_64 0:1.13-1.el7 pcre-devel.x86_64 0:8.32-17.el7
php71w-pear.noarch 1:1.10.4-1.w7 php71w-pecl-igbinary.x86_64 0:2.0.5-1.w7
php71w-process.x86_64 0:7.1.30-1.w7
Complete!
-----------------------------------------------------------------------------------------------
[root@web01 ~]# yum install -y php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
* webtatic: uk.repo.webtatic.com
Package mod_php71w-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-cli-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-common-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-devel-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-embedded-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-gd-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-mcrypt-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-mbstring-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-pdo-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-xml-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-fpm-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-mysqlnd-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-opcache-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-pecl-memcached-3.0.4-1.w7.x86_64 already installed and latest version
Package php71w-pecl-redis-3.1.6-1.w7.x86_64 already installed and latest version
Package php71w-pecl-mongodb-1.5.3-1.w7.x86_64 already installed and latest version
Nothing to do
3. 软件配置和测试
- Nginx+PHP
[root@web01 /etc/nginx/conf.d]# vim /etc/nginx/conf.d/www.conf
server {
listen 80;
server_name www.aspen.com;
location / {
root /var/html/www;
index index.php index.html index.htm;
}
location ~* \.php$ { #指定站点目录(要与默认location站点目录一致)
root /var/html/www;
fastcgi_index index.php; #指定首页文件
fastcgi_pass 127.0.0.1:9000; #指定PHP服务主机
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; #文件路径参数传递
include fastcgi_params; #引用fastcgi内置变量库文件
}
}
[root@web01 /etc/nginx/conf.d]# mkdir /var/html/www
[root@web01 /etc/nginx/conf.d]# vim /var/html/www/index.php
<?php
phpinfo();
?>
[root@web01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web01 /etc/nginx/conf.d]# systemctl start php-fpm.service
[root@web01 /etc/nginx/conf.d]# ps -ef| grep php
root 30618 1 0 10:07 ? 00:00:00 php-fpm: master process (/etc/php-fpm.conf)
apache 30619 30618 0 10:07 ? 00:00:00 php-fpm: pool www
apache 30620 30618 0 10:07 ? 00:00:00 php-fpm: pool www
apache 30621 30618 0 10:07 ? 00:00:00 php-fpm: pool www
apache 30622 30618 0 10:07 ? 00:00:00 php-fpm: pool www
apache 30623 30618 0 10:07 ? 00:00:00 php-fpm: pool www
root 30652 29343 0 10:21 pts/0 00:00:00 grep --color=auto php
[root@web01 /etc/nginx/conf.d]# netstat -lntup |grep php
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 30618/php-fpm: mast |
附: SCRIPT_FILENAME #指定参数名称 $document_root #文件路径传递变量 $fastcgi_script_name #文件名传递变量 |
- PHP+MySQL
[root@web01 /etc/nginx/conf.d]# vim /var/html/www/test_MariaDB.php
pbp与Mysql连接测试代码
<?php
$servername = "localhost";
$username = "root";
$password = "aspen123456";
//$link_id=mysql_connect('主机名','用户','密码');
//mysql -u用户 -p密码 -h 主机;
$conn = mysqli_connect($servername,$username,$password);
if ($conn) {
echo "mysql successful by root !\n";
}else{
die("connection Failed: " . mysqli_connect_error());
}
?>
[root@web01 /etc/nginx/conf.d]# systemctl start mariadb
[root@web01 /etc/nginx/conf.d]# mysqladmin -uroot password "aspen123456" #初次安装数据库后,设置数据库管理员密码(只能设置密码,不能重置密码)
[root@web01 /etc/nginx/conf.d]# mysql -uroot -paspen123456 #以指定用户登录数据库
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 5.5.60-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> exit
Bye|
初次安装数据库后,设置数据库管理员密码(只能设置密码,不能重置密码) mysqladmin -uroot password "aspen123456" 以指定用户登录数据库 mysql -uroot -paspen123456 |
4. 手动代码上线(以WordPress举例)
step1 获取代码
- 博客(开源代码)-WordPress
| WordPress官方压缩包 |
|
网站(开源代码)-dededms 论坛(开源代码)-discuz 知乎(开源代码)-wecenter |
step2 将代码放入指定站点目录
| tar xf 源码包 -C 站点目录 |
[root@web01 ~]# cd /tmp/
[root@web01 /tmp]# rz -E
rz waiting to receive.
[root@web01 /tmp]# tar xf wordpress-5.2.2.tar.gz -C /var/html/blog/
[root@web01 /tmp]# cd /var/html/blog/
[root@web01 /var/html/blog]# ls
wordpress
[root@web01 /var/html/blog]# mv ./wordpress/* ./
[root@web01 /var/html/blog]# ll
total 196
-rw-r--r-- 1 nobody nfsnobody 420 Dec 1 2017 index.php
-rw-r--r-- 1 nobody nfsnobody 19935 Jan 2 2019 license.txt
-rw-r--r-- 1 nobody nfsnobody 7447 Apr 9 06:59 readme.html
drwxr-xr-x 2 nobody nfsnobody 6 Aug 6 10:56 wordpress
-rw-r--r-- 1 nobody nfsnobody 6919 Jan 12 2019 wp-activate.php
drwxr-xr-x 9 nobody nfsnobody 4096 Jun 19 01:50 wp-admin
-rw-r--r-- 1 nobody nfsnobody 369 Dec 1 2017 wp-blog-header.php
-rw-r--r-- 1 nobody nfsnobody 2283 Jan 21 2019 wp-comments-post.php
-rw-r--r-- 1 nobody nfsnobody 2898 Jan 8 2019 wp-config-sample.php
drwxr-xr-x 4 nobody nfsnobody 52 Jun 19 01:50 wp-content
-rw-r--r-- 1 nobody nfsnobody 3847 Jan 9 2019 wp-cron.php
drwxr-xr-x 20 nobody nfsnobody 8192 Jun 19 01:50 wp-includes
-rw-r--r-- 1 nobody nfsnobody 2502 Jan 16 2019 wp-links-opml.php
-rw-r--r-- 1 nobody nfsnobody 3306 Dec 1 2017 wp-load.php
-rw-r--r-- 1 nobody nfsnobody 39551 Jun 10 21:34 wp-login.php
-rw-r--r-- 1 nobody nfsnobody 8403 Dec 1 2017 wp-mail.php
-rw-r--r-- 1 nobody nfsnobody 18962 Mar 29 03:04 wp-settings.php
-rw-r--r-- 1 nobody nfsnobody 31085 Jan 17 2019 wp-signup.php
-rw-r--r-- 1 nobody nfsnobody 4764 Dec 1 2017 wp-trackback.php
-rw-r--r-- 1 nobody nfsnobody 3068 Aug 17 2018 xmlrpc.phpstep3 修改站点目录数据权限
| chown -R 用户. 站点目录 nginx的worker进程用户、php-fpm进程用户和站点目录的用户要保持一致 |
[root@web01 /var/html/blog]# ps -ef | grep 'worker process'| head -1
www 30575 30574 0 10:06 ? 00:00:00 nginx: worker process
[root@web01 /var/html/blog]# chown -R www. /var/html/blog/
[root@web01 /var/html/blog]# ll /var/html/blog/ -d
drwxr-xr-x 6 www www 4096 Aug 6 10:56 /var/html/blog/
[root@web01 /var/html/blog]# ll /var/html/blog/ | head -5
total 196
-rw-r--r-- 1 www www 420 Dec 1 2017 index.php
-rw-r--r-- 1 www www 19935 Jan 2 2019 license.txt
-rw-r--r-- 1 www www 7447 Apr 9 06:59 readme.html
drwxr-xr-x 2 www www 6 Aug 6 10:56 wordpressstep4 更改php-fpm程序权限
| vim /etc/php-fpm.d/www.conf |
[root@web01 /var/html/blog]# ps -ef | grep php
root 30618 1 0 10:07 ? 00:00:00 php-fpm: master process (/etc/php-fpm.conf)
apache 30619 30618 0 10:07 ? 00:00:00 php-fpm: pool www
apache 30620 30618 0 10:07 ? 00:00:00 php-fpm: pool www
apache 30621 30618 0 10:07 ? 00:00:00 php-fpm: pool www
apache 30622 30618 0 10:07 ? 00:00:00 php-fpm: pool www
apache 30623 30618 0 10:07 ? 00:00:00 php-fpm: pool www
root 31331 29343 0 11:00 pts/0 00:00:00 grep --color=auto php
[root@web01 /var/html/blog]# vim /etc/php-fpm.d/www.conf
; Start a new pool named 'www'.
......
user = www
; RPM: Keep a group allowed to write in log dir.
group = www
......
[root@web01 /var/html/blog]# systemctl restart php-fpm.service
[root@web01 /var/html/blog]# ps -ef | grep php
root 31440 1 1 11:02 ? 00:00:00 php-fpm: master process (/etc/php-fpm.conf)
www 31442 31440 0 11:02 ? 00:00:00 php-fpm: pool www
www 31443 31440 0 11:02 ? 00:00:00 php-fpm: pool www
www 31444 31440 0 11:02 ? 00:00:00 php-fpm: pool www
www 31445 31440 0 11:02 ? 00:00:00 php-fpm: pool www
www 31446 31440 0 11:02 ? 00:00:00 php-fpm: pool www
root 31448 29343 0 11:02 pts/0 00:00:00 grep --color=auto phpstep5 配置网站初始页面
|
vim /etc/nginx/conf.d/ #虚拟主机配置文件 client_max_body_size 5m; #设置网站请求主体最大尺寸,默认为1M; |
[root@web01 /etc/nginx/conf.d]# vim blog.conf
server {
listen 80;
server_name blog.aspen.com;
client_max_body_size 5m; # 设置网站请求主体最大尺寸,默认为1M;
root /var/html/blog;
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
error_page 500 502 503 504 /error_page.html;
location =/error_page.html {
root /var/html/error;
}
}
[root@web01 /etc/nginx/conf.d]# systemctl restart nginx
数据库模拟
[root@web01 /etc/nginx/conf.d]# mysql -uroot -paspen123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 5
Server version: 5.5.60-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
4 rows in set (0.00 sec)
MariaDB [(none)]> create database WordPress;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all on WordPress.* to 'wordpress'@'localhost' identified by 'aspen123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> select user,host,password from mysql.user;
+-----------+-----------+-------------------------------------------+
| user | host | password |
+-----------+-----------+-------------------------------------------+
| root | localhost | *2B7C88C5E17652747B14612628FFB1D8C2AFBEDA |
| root | web01 | |
| root | 127.0.0.1 | |
| root | ::1 | |
| | localhost | |
| | web01 | |
| wordpress | localhost | *A554BC539ED5798B2E9525FD00DFD22DAB8D56BA |
+-----------+-----------+-------------------------------------------+
7 rows in set (0.00 sec)
5. 数据库迁移
step1 备份数据库
| mysqldump -u用户名 -p密码 -A> 备份文件.sql -A 备份全部数据库(PS:实际环境中,不要一次备份所有数据库,尽量分库,甚至分表备份) |
[root@web01 /etc/nginx/conf.d]# mysqldump -uroot -paspen123456 -A>/tmp/web_Mariadb_Backup.sql
[root@web01 /etc/nginx/conf.d]# ll /tmp/web_Mariadb_Backup.sql
-rw-r--r-- 1 root root 989067 Aug 6 12:27 /tmp/web_Mariadb_Backup.sqlstep2 传输备份文件
| scp -rp 备份文件.sql 目标主机:/目标目录 |
[root@web01 /etc/nginx/conf.d]# scp -rp /tmp/web_Mariadb_Backup.sql 172.16.1.151:/tmp/
ECDSA key fingerprint is SHA256:4O+/HRUt2Qwcz4xXk3y+Y5It07gqAUNy//ju/dZH2Vc.
ECDSA key fingerprint is MD5:5b:e2:99:8c:b6:d6:88:85:2c:4a:84:65:4a:74:78:75.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.1.151' (ECDSA) to the list of known hosts.
root@172.16.1.151's password:
web_Mariadb_Backup.sql 100% 966KB 66.3MB/s 00:00 [root@db01 ~]# ll /tmp/web_Mariadb_Backup.sql
-rw-r--r-- 1 root root 989067 Aug 6 12:27 /tmp/web_Mariadb_Backup.sqlstep3 恢复数据库
| mysql -u用户 -p密码 <备份文件.sql |
[root@db01 ~]# systemctl restart mariadb.service
[root@db01 ~]# mysqladmin -uroot password "123456"
[root@db01 ~]# mysql -uroot -p123456 </tmp/web_Mariadb_Backup.sql
[root@db01 ~]# mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.60-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| WordPress |
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.00 sec)
MariaDB [(none)]> grant all on WordPress.* to 'wordpress'@'172.16.1.%' identified by 'aspen';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> select user,host,password from mysql.user;
+-----------+------------+-------------------------------------------+
| user | host | password |
+-----------+------------+-------------------------------------------+
| root | localhost | *2B7C88C5E17652747B14612628FFB1D8C2AFBEDA |
| root | web01 | |
| root | 127.0.0.1 | |
| root | ::1 | |
| | localhost | |
| | web01 | |
| wordpress | localhost | *A554BC539ED5798B2E9525FD00DFD22DAB8D56BA |
| wordpress | 172.16.1.% | *27F9E7294EFD32F1BA3EE8CF21B05FE3C6DBA0E3 |
+-----------+------------+-------------------------------------------+
8 rows in set (0.00 sec)
step4 测试页面修(改网站配置文件,连接指定数据库)
| vim /var/html/blog/wp-config.php |
[root@web01 /etc/nginx/conf.d]# vim /var/html/blog/wp-config.php
......
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'WordPress' );
/** MySQL database username */
define( 'DB_USER', 'wordpress' );
/** MySQL database password */
define( 'DB_PASSWORD', 'aspen' );
/** MySQL hostname */
define( 'DB_HOST', '172.16.1.151' );
/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8mb4' );
/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
......
[root@web01 /etc/nginx/conf.d]# systemctl stop mariadb.service 
6. 实现数据共享
step1 确认数据存储位置
- 复制图片地址
| http://blog.aspen.com/wp-content/uploads/2019/08/test.jpg |
- inotify监控站点目录
| inotifywait -mrq 站点目录 |
[root@web01 /etc/nginx/conf.d]# yum install -y inotify-tools
......
Installed:
inotify-tools.x86_64 0:3.14-8.el7
Complete!
[root@web01 /etc/nginx/conf.d]# inotifywait -mrq /var/html/blog/
......
/var/html/blog/wp-content/uploads/2019/08/ OPEN test.jpg
......- 利用find命令查找图片位置
[root@web01 /etc/nginx/conf.d]# find /var/html/blog/ -type f -iname 'test.jpg' -mmin -3
/var/html/blog/wp-content/uploads/2019/08/test.jpgstep2 备份本地数据
| tar zcf /tmp/备份文件名称 数据目录 |
[root@web01 /etc/nginx/conf.d]# cd /var/html/blog/wp-content/
[root@web01 /var/html/blog/wp-content]# ls
index.php languages plugins themes upgrade uploads
[root@web01 /var/html/blog/wp-content]# tar zcf /tmp/uploads_backup_$(date +%F).tar.gz ./uploads/*
[root@web01 /var/html/blog/wp-content]# ll /tmp/uploads_backup_2019-08-06.tar.gz
-rw-r--r-- 1 root root 91320 Aug 6 13:27 /tmp/uploads_backup_2019-08-06.tar.gz
[root@web01 /var/html/blog/wp-content/uploads]# tar tf /tmp/uploads_backup_2019-08-06.tar.gz
./uploads/2019/
./uploads/2019/08/
./uploads/2019/08/test.jpg
./uploads/2019/08/test-150x150.jpg
./uploads/2019/08/test-300x300.jpg
./uploads/2019/08/test-100x100.jpgstep3 实现存储目录挂载
| mount -t nfs -o nosuid,noexec,nodev nfs服务:/挂载目录 挂载点 |
[root@nfs01 ~]# vim /etc/exports
#/var/html/blog/wp-content/upload @ web01 share with /upload/blog @ localhost
/upload/blog 172.16.1.0/24(rw,sync,anonuid=2000,anongid=2000)
[root@nfs01 ~]# systemctl reload nfs
[root@nfs01 ~]# showmount -e 172.16.1.131
Export list for 172.16.1.131:
/upload/blog 172.16.1.0/24
[root@nfs01 ~]# cd /upload/
[root@nfs01 /upload]# mkdir blog
[root@nfs01 /upload]# id www
uid=2000(www) gid=2000(www) groups=2000(www)[root@web01 /var/html/blog/wp-content/uploads]# id www
uid=2000(www) gid=2000(www) groups=2000(www)
tail -1 /etc/fstab
172.16.1.131:/upload/blog /var/html/blog/wp-content/uploads nfs noexec,nosuid,nodev 0 0
[root@web01 /var/html/blog/wp-content/uploads]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 99G 2.0G 97G 2% /
devtmpfs 476M 0 476M 0% /dev
tmpfs 487M 0 487M 0% /dev/shm
tmpfs 487M 26M 461M 6% /run
tmpfs 487M 0 487M 0% /sys/fs/cgroup
/dev/sda1 197M 105M 93M 54% /boot
tmpfs 98M 0 98M 0% /run/user/0
[root@web01 /var/html/blog/wp-content/uploads]# mount -a
[root@web01 /var/html/blog/wp-content/uploads]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 99G 2.0G 97G 2% /
devtmpfs 476M 0 476M 0% /dev
tmpfs 487M 0 487M 0% /dev/shm
tmpfs 487M 26M 461M 6% /run
tmpfs 487M 0 487M 0% /sys/fs/cgroup
/dev/sda1 197M 105M 93M 54% /boot
tmpfs 98M 0 98M 0% /run/user/0
172.16.1.131:/upload/blog 99G 1.7G 98G 2% /var/html/blog/wp-content/uploadsstep4 还原数据
[root@web01 /var/html/blog/wp-content/uploads]# tar xf /tmp/uploads_backup_2019-08-06.tar.gz ./
[root@web01 /var/html/blog/wp-content/uploads]# ls
uploads
[root@web01 /var/html/blog/wp-content/uploads]# mv ./uploads/* ./
[root@web01 /var/html/blog/wp-content/uploads]# rm -rf ./uploads/
[root@web01 /var/html/blog/wp-content/uploads]# ls
2019[root@nfs01 ~]# tree /upload/blog/
/upload/blog/
└── 2019
└── 08
├── test-100x100.jpg
├── test-150x150.jpg
├── test-300x300.jpg
└── test.jpg
2 directories, 4 files[root@backup ~]# ll /data/blog/
total 0
drwxr-xr-x 3 rsync rsync 16 Aug 6 11:54 2019
[root@backup ~]# tree /data/blog/
/data/blog/
└── 2019
└── 08
├── test-100x100.jpg
├── test-150x150.jpg
├── test-300x300.jpg
└── test.jpg
2 directories, 4 filesstep5 检查测试
7 安全访问
step1 生成证书(模拟)
| openssl genrsa -idea -out server.key 2048 openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt |
[root@web01 /etc/nginx/conf]# openssl genrsa -idea -out server.key 2048
Generating RSA private key, 2048 bit long modulus
........................+++
.................................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@web01 /etc/nginx/conf]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
Generating a 2048 bit RSA private key
.........................................................+++
...........................+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BJ
Locality Name (eg, city) [Default City]:FT
Organization Name (eg, company) [Default Company Ltd]:Personal
Organizational Unit Name (eg, section) []:Aspen
Common Name (eg, your name or your server's hostname) []:web01
Email Address []:666@aspen.com
[root@web01 /etc/nginx/conf]# ls
server.crt server.keystep2 实现HTTPs访问和自动跳转
[root@web01 /etc/nginx/conf]# vim /etc/nginx/conf.d/blog.conf
server {
listen 80;
server_name blog.aspen.com;
location / {
rewrite (.*) https://$server_name/$1 permanent;
}
}
server {
listen 443 ssl;
server_name blog.aspen.com;
client_max_body_size 5m;
ssl_certificate /etc/nginx/conf/server.crt;
ssl_certificate_key /etc/nginx/conf/server.key;
root /var/html/blog;
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
error_page 500 502 503 504 /error_page.html;
location =/error_page.html {
root /var/html/error;
}
}
[root@web01 /etc/nginx/conf]# systemctl restart nginx
8 伪静态(需要开发人员和运维人员配合)
step1 修改网站后台设置
| 设置---固定链接---自定义结构 %post_id%.html |
step2 修改虚拟主机配置文件
|
伪静态地址信息重写 server 区块 rewrite /wp-admin$ $scheme://$host$uri permanent; 访问伪静态页面 location 区块 try_files $uri $uri/ /index.php?$args==$uri; |
[root@web01 /etc/nginx/conf]# vim ../conf.d/blog.conf
server {
listen 80;
server_name blog.aspen.com;
location / {
rewrite (.*) https://$server_name/$1 permanent;
}
}
server {
listen 443 ssl;
server_name blog.aspen.com;
client_max_body_size 5m;
ssl_certificate /etc/nginx/conf/server.crt;
ssl_certificate_key /etc/nginx/conf/server.key;
rewrite /wp-admin$ $scheme://$host$uri permanent; #伪静态地址信息重写
root /var/html/blog;
location / {
index index.php;
try_files $uri $uri/ /index.php?$args==$uri; #访问伪静态页面
}
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
error_page 500 502 503 504 /error_page.html;
location =/error_page.html {
root /var/html/error;
}
[root@web01 /etc/nginx/conf]# systemctl restart nginx
附:思维导图
