LNMP架构

一、LNMP组成

  • Linux
    • 关闭SElinux
    • 关闭防火墙
    • /tmp/ 目录权限为1777
  • Nginx
  • MySQL
  • PHP

二、部署流程

1. 安装系统

2. 软件安装

  • Nginx
/etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key

yum install -y nginx

[root@web01 ~]# vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key

[root@web01 ~]# yum install -y nginx
......
Dependencies Resolved

==========================================================================================================
 Package            Arch                Version                           Repository                 Size
==========================================================================================================
Installing:
 nginx              x86_64              1:1.16.0-1.el7.ngx                nginx-stable              766 k

Transaction Summary
==========================================================================================================
......
Installed:
  nginx.x86_64 1:1.16.0-1.el7.ngx       
  • MySQL(MariaDB模拟)
yum install -y mariadb-server mariadb
[root@web01 /var/html]# yum install -y mariadb-server mariadb
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
 * webtatic: us-east.repo.webtatic.com
......
Complete!
  • PHP
    step1 解决YUM安装软件冲突问题
yum remove php-mysql php php-fpm php-common
[root@web01 ~]# yum remove php-mysql php-common php php-fpm
Loaded plugins: fastestmirror
No Match for argument: php-mysql
No Match for argument: php-common
No Match for argument: php
No Match for argument: php-fpm
No Packages marked for removal

step2 准备YUM安装软件扩展资源信息

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
[root@web01 ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Retrieving https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
warning: /var/tmp/rpm-tmp.Xzo5ED: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:epel-release-7-11                warning: /etc/yum.repos.d/epel.repo created as /etc/yum.repos.d/epel.repo.rpmnew
################################# [100%]
[root@web01 ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
Retrieving https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
warning: /var/tmp/rpm-tmp.c7tCGl: Header V4 RSA/SHA1 Signature, key ID 62e74ca5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:webtatic-release-7-3             ################################# [100%]

step3 利用YUM安装PHP相关软件信息

yum install -y php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb
[root@web01 ~]# yum install -y php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache  php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb
......
Installed:
  mod_php71w.x86_64 0:7.1.30-1.w7                  php71w-cli.x86_64 0:7.1.30-1.w7               
  php71w-common.x86_64 0:7.1.30-1.w7               php71w-devel.x86_64 0:7.1.30-1.w7             
  php71w-embedded.x86_64 0:7.1.30-1.w7             php71w-fpm.x86_64 0:7.1.30-1.w7               
  php71w-gd.x86_64 0:7.1.30-1.w7                   php71w-mbstring.x86_64 0:7.1.30-1.w7          
  php71w-mcrypt.x86_64 0:7.1.30-1.w7               php71w-mysqlnd.x86_64 0:7.1.30-1.w7           
  php71w-opcache.x86_64 0:7.1.30-1.w7              php71w-pdo.x86_64 0:7.1.30-1.w7               
  php71w-pecl-memcached.x86_64 0:3.0.4-1.w7        php71w-pecl-mongodb.x86_64 0:1.5.3-1.w7       
  php71w-pecl-redis.x86_64 0:3.1.6-1.w7            php71w-xml.x86_64 0:7.1.30-1.w7               

Dependency Installed:
  libX11.x86_64 0:1.6.5-2.el7                  libX11-common.noarch 0:1.6.5-2.el7               
  libXau.x86_64 0:1.0.8-2.1.el7                libXpm.x86_64 0:3.5.12-1.el7                     
  libmcrypt.x86_64 0:2.5.8-13.el7              libmemcached.x86_64 0:1.0.16-5.el7               
  libxcb.x86_64 0:1.13-1.el7                   pcre-devel.x86_64 0:8.32-17.el7                  
  php71w-pear.noarch 1:1.10.4-1.w7             php71w-pecl-igbinary.x86_64 0:2.0.5-1.w7         
  php71w-process.x86_64 0:7.1.30-1.w7         

Complete!
-----------------------------------------------------------------------------------------------
[root@web01 ~]# yum install -y php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache  php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
 * webtatic: uk.repo.webtatic.com
Package mod_php71w-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-cli-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-common-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-devel-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-embedded-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-gd-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-mcrypt-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-mbstring-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-pdo-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-xml-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-fpm-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-mysqlnd-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-opcache-7.1.30-1.w7.x86_64 already installed and latest version
Package php71w-pecl-memcached-3.0.4-1.w7.x86_64 already installed and latest version
Package php71w-pecl-redis-3.1.6-1.w7.x86_64 already installed and latest version
Package php71w-pecl-mongodb-1.5.3-1.w7.x86_64 already installed and latest version
Nothing to do

3. 软件配置和测试

  • Nginx+PHP
[root@web01 /etc/nginx/conf.d]# vim /etc/nginx/conf.d/www.conf 
server {
   listen 80;
   server_name www.aspen.com;
   location / {
      root /var/html/www;
      index index.php index.html index.htm;
   }
   location ~* \.php$ {                                                     #指定站点目录(要与默认location站点目录一致)
      root /var/html/www;
      fastcgi_index index.php;                                              #指定首页文件
      fastcgi_pass 127.0.0.1:9000;                                          #指定PHP服务主机
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;     #文件路径参数传递
      include fastcgi_params;                                               #引用fastcgi内置变量库文件
   }
}
[root@web01 /etc/nginx/conf.d]# mkdir /var/html/www
[root@web01 /etc/nginx/conf.d]# vim /var/html/www/index.php
<?php
phpinfo();
?>
[root@web01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web01 /etc/nginx/conf.d]# systemctl start php-fpm.service 
[root@web01 /etc/nginx/conf.d]# ps -ef| grep php
root      30618      1  0 10:07 ?        00:00:00 php-fpm: master process (/etc/php-fpm.conf)
apache    30619  30618  0 10:07 ?        00:00:00 php-fpm: pool www
apache    30620  30618  0 10:07 ?        00:00:00 php-fpm: pool www
apache    30621  30618  0 10:07 ?        00:00:00 php-fpm: pool www
apache    30622  30618  0 10:07 ?        00:00:00 php-fpm: pool www
apache    30623  30618  0 10:07 ?        00:00:00 php-fpm: pool www
root      30652  29343  0 10:21 pts/0    00:00:00 grep --color=auto php
[root@web01 /etc/nginx/conf.d]# netstat -lntup |grep php
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      30618/php-fpm: mast 
附:
SCRIPT_FILENAME #指定参数名称
$document_root #文件路径传递变量
$fastcgi_script_name #文件名传递变量

  • PHP+MySQL
[root@web01 /etc/nginx/conf.d]# vim /var/html/www/test_MariaDB.php
pbp与Mysql连接测试代码
<?php
   $servername = "localhost";
   $username = "root";
   $password = "aspen123456";
   //$link_id=mysql_connect('主机名','用户','密码');
   //mysql -u用户 -p密码 -h 主机;
   $conn = mysqli_connect($servername,$username,$password);
   if ($conn) {
      echo "mysql successful by root !\n";
   }else{
      die("connection Failed: " . mysqli_connect_error());
   }
?>
[root@web01 /etc/nginx/conf.d]# systemctl start mariadb
[root@web01 /etc/nginx/conf.d]# mysqladmin -uroot password "aspen123456"     #初次安装数据库后,设置数据库管理员密码(只能设置密码,不能重置密码)       
[root@web01 /etc/nginx/conf.d]# mysql -uroot -paspen123456                   #以指定用户登录数据库
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 5.5.60-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> exit
Bye
初次安装数据库后,设置数据库管理员密码(只能设置密码,不能重置密码)
mysqladmin -uroot password "aspen123456"
以指定用户登录数据库
mysql -uroot -paspen123456

4. 手动代码上线(以WordPress举例)

step1 获取代码

  • 博客(开源代码)-WordPress
WordPress官方压缩包
网站(开源代码)-dededms
论坛(开源代码)-discuz
知乎(开源代码)-wecenter

step2 将代码放入指定站点目录

tar xf 源码包 -C 站点目录
[root@web01 ~]# cd /tmp/
[root@web01 /tmp]# rz -E
rz waiting to receive.
[root@web01 /tmp]# tar xf wordpress-5.2.2.tar.gz -C /var/html/blog/
[root@web01 /tmp]# cd /var/html/blog/
[root@web01 /var/html/blog]# ls
wordpress
[root@web01 /var/html/blog]# mv ./wordpress/* ./
[root@web01 /var/html/blog]# ll
total 196
-rw-r--r--  1 nobody nfsnobody   420 Dec  1  2017 index.php
-rw-r--r--  1 nobody nfsnobody 19935 Jan  2  2019 license.txt
-rw-r--r--  1 nobody nfsnobody  7447 Apr  9 06:59 readme.html
drwxr-xr-x  2 nobody nfsnobody     6 Aug  6 10:56 wordpress
-rw-r--r--  1 nobody nfsnobody  6919 Jan 12  2019 wp-activate.php
drwxr-xr-x  9 nobody nfsnobody  4096 Jun 19 01:50 wp-admin
-rw-r--r--  1 nobody nfsnobody   369 Dec  1  2017 wp-blog-header.php
-rw-r--r--  1 nobody nfsnobody  2283 Jan 21  2019 wp-comments-post.php
-rw-r--r--  1 nobody nfsnobody  2898 Jan  8  2019 wp-config-sample.php
drwxr-xr-x  4 nobody nfsnobody    52 Jun 19 01:50 wp-content
-rw-r--r--  1 nobody nfsnobody  3847 Jan  9  2019 wp-cron.php
drwxr-xr-x 20 nobody nfsnobody  8192 Jun 19 01:50 wp-includes
-rw-r--r--  1 nobody nfsnobody  2502 Jan 16  2019 wp-links-opml.php
-rw-r--r--  1 nobody nfsnobody  3306 Dec  1  2017 wp-load.php
-rw-r--r--  1 nobody nfsnobody 39551 Jun 10 21:34 wp-login.php
-rw-r--r--  1 nobody nfsnobody  8403 Dec  1  2017 wp-mail.php
-rw-r--r--  1 nobody nfsnobody 18962 Mar 29 03:04 wp-settings.php
-rw-r--r--  1 nobody nfsnobody 31085 Jan 17  2019 wp-signup.php
-rw-r--r--  1 nobody nfsnobody  4764 Dec  1  2017 wp-trackback.php
-rw-r--r--  1 nobody nfsnobody  3068 Aug 17  2018 xmlrpc.php

step3 修改站点目录数据权限

chown -R 用户. 站点目录
nginx的worker进程用户、php-fpm进程用户和站点目录的用户要保持一致
[root@web01 /var/html/blog]# ps -ef | grep 'worker process'| head -1
www       30575  30574  0 10:06 ?        00:00:00 nginx: worker process
[root@web01 /var/html/blog]# chown -R www. /var/html/blog/
[root@web01 /var/html/blog]# ll /var/html/blog/ -d
drwxr-xr-x 6 www www 4096 Aug  6 10:56 /var/html/blog/
[root@web01 /var/html/blog]# ll /var/html/blog/ | head -5
total 196
-rw-r--r--  1 www www   420 Dec  1  2017 index.php
-rw-r--r--  1 www www 19935 Jan  2  2019 license.txt
-rw-r--r--  1 www www  7447 Apr  9 06:59 readme.html
drwxr-xr-x  2 www www     6 Aug  6 10:56 wordpress

step4 更改php-fpm程序权限

vim /etc/php-fpm.d/www.conf
[root@web01 /var/html/blog]# ps -ef | grep php
root      30618      1  0 10:07 ?        00:00:00 php-fpm: master process (/etc/php-fpm.conf)
apache    30619  30618  0 10:07 ?        00:00:00 php-fpm: pool www
apache    30620  30618  0 10:07 ?        00:00:00 php-fpm: pool www
apache    30621  30618  0 10:07 ?        00:00:00 php-fpm: pool www
apache    30622  30618  0 10:07 ?        00:00:00 php-fpm: pool www
apache    30623  30618  0 10:07 ?        00:00:00 php-fpm: pool www
root      31331  29343  0 11:00 pts/0    00:00:00 grep --color=auto php
[root@web01 /var/html/blog]# vim /etc/php-fpm.d/www.conf 
; Start a new pool named 'www'.
......
user = www
; RPM: Keep a group allowed to write in log dir.
group = www
......
[root@web01 /var/html/blog]# systemctl restart php-fpm.service 
[root@web01 /var/html/blog]# ps -ef | grep php
root      31440      1  1 11:02 ?        00:00:00 php-fpm: master process (/etc/php-fpm.conf)
www       31442  31440  0 11:02 ?        00:00:00 php-fpm: pool www
www       31443  31440  0 11:02 ?        00:00:00 php-fpm: pool www
www       31444  31440  0 11:02 ?        00:00:00 php-fpm: pool www
www       31445  31440  0 11:02 ?        00:00:00 php-fpm: pool www
www       31446  31440  0 11:02 ?        00:00:00 php-fpm: pool www
root      31448  29343  0 11:02 pts/0    00:00:00 grep --color=auto php

step5 配置网站初始页面

vim /etc/nginx/conf.d/ #虚拟主机配置文件
client_max_body_size 5m; #设置网站请求主体最大尺寸,默认为1M;
[root@web01 /etc/nginx/conf.d]# vim blog.conf 
server {
   listen 80;
   server_name blog.aspen.com;
   client_max_body_size 5m;              # 设置网站请求主体最大尺寸,默认为1M;
   root /var/html/blog;
   location / {
      index index.php;
   }
   location ~ \.php$ {
      fastcgi_index index.php;
      fastcgi_pass 127.0.0.1:9000;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      include fastcgi_params;
   }
   error_page 500 502 503 504 /error_page.html;
   location =/error_page.html {
      root /var/html/error;
   }
}
[root@web01 /etc/nginx/conf.d]# systemctl restart nginx

数据库模拟

[root@web01 /etc/nginx/conf.d]# mysql -uroot -paspen123456
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 5
Server version: 5.5.60-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| test               |
+--------------------+
4 rows in set (0.00 sec)
MariaDB [(none)]> create database WordPress;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all on WordPress.* to 'wordpress'@'localhost' identified by 'aspen123';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> select user,host,password from mysql.user;
+-----------+-----------+-------------------------------------------+
| user      | host      | password                                  |
+-----------+-----------+-------------------------------------------+
| root      | localhost | *2B7C88C5E17652747B14612628FFB1D8C2AFBEDA |
| root      | web01     |                                           |
| root      | 127.0.0.1 |                                           |
| root      | ::1       |                                           |
|           | localhost |                                           |
|           | web01     |                                           |
| wordpress | localhost | *A554BC539ED5798B2E9525FD00DFD22DAB8D56BA |
+-----------+-----------+-------------------------------------------+
7 rows in set (0.00 sec)

5. 数据库迁移

step1 备份数据库

mysqldump -u用户名 -p密码 -A> 备份文件.sql
-A 备份全部数据库(PS:实际环境中,不要一次备份所有数据库,尽量分库,甚至分表备份)
[root@web01 /etc/nginx/conf.d]# mysqldump -uroot -paspen123456 -A>/tmp/web_Mariadb_Backup.sql
[root@web01 /etc/nginx/conf.d]# ll /tmp/web_Mariadb_Backup.sql 
-rw-r--r-- 1 root root 989067 Aug  6 12:27 /tmp/web_Mariadb_Backup.sql

step2 传输备份文件

scp -rp 备份文件.sql 目标主机:/目标目录
[root@web01 /etc/nginx/conf.d]# scp -rp /tmp/web_Mariadb_Backup.sql 172.16.1.151:/tmp/
ECDSA key fingerprint is SHA256:4O+/HRUt2Qwcz4xXk3y+Y5It07gqAUNy//ju/dZH2Vc.
ECDSA key fingerprint is MD5:5b:e2:99:8c:b6:d6:88:85:2c:4a:84:65:4a:74:78:75.
Are you sure you want to continue connecting (yes/no)? yes     
Warning: Permanently added '172.16.1.151' (ECDSA) to the list of known hosts.
root@172.16.1.151's password: 
web_Mariadb_Backup.sql             100%  966KB  66.3MB/s   00:00 
[root@db01 ~]# ll /tmp/web_Mariadb_Backup.sql 
-rw-r--r-- 1 root root 989067 Aug  6 12:27 /tmp/web_Mariadb_Backup.sql

step3 恢复数据库

mysql -u用户 -p密码 <备份文件.sql
[root@db01 ~]# systemctl restart mariadb.service
[root@db01 ~]# mysqladmin -uroot password "123456"
[root@db01 ~]# mysql -uroot -p123456 </tmp/web_Mariadb_Backup.sql
[root@db01 ~]# mysql -uroot -p123456
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.60-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| WordPress          |
| mysql              |
| performance_schema |
| test               |
+--------------------+
5 rows in set (0.00 sec)

MariaDB [(none)]> grant all on WordPress.* to 'wordpress'@'172.16.1.%' identified by 'aspen';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> select user,host,password from mysql.user;
+-----------+------------+-------------------------------------------+
| user      | host       | password                                  |
+-----------+------------+-------------------------------------------+
| root      | localhost  | *2B7C88C5E17652747B14612628FFB1D8C2AFBEDA |
| root      | web01      |                                           |
| root      | 127.0.0.1  |                                           |
| root      | ::1        |                                           |
|           | localhost  |                                           |
|           | web01      |                                           |
| wordpress | localhost  | *A554BC539ED5798B2E9525FD00DFD22DAB8D56BA |
| wordpress | 172.16.1.% | *27F9E7294EFD32F1BA3EE8CF21B05FE3C6DBA0E3 |
+-----------+------------+-------------------------------------------+
8 rows in set (0.00 sec)

step4 测试页面修(改网站配置文件,连接指定数据库)

vim /var/html/blog/wp-config.php
[root@web01 /etc/nginx/conf.d]# vim /var/html/blog/wp-config.php 
......
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'WordPress' );

/** MySQL database username */
define( 'DB_USER', 'wordpress' );

/** MySQL database password */
define( 'DB_PASSWORD', 'aspen' );

/** MySQL hostname */
define( 'DB_HOST', '172.16.1.151' );

/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8mb4' );

/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
......
[root@web01 /etc/nginx/conf.d]# systemctl stop mariadb.service 

6. 实现数据共享

step1 确认数据存储位置

  • 复制图片地址
http://blog.aspen.com/wp-content/uploads/2019/08/test.jpg
  • inotify监控站点目录
inotifywait -mrq 站点目录
[root@web01 /etc/nginx/conf.d]# yum install -y inotify-tools
......
Installed:
  inotify-tools.x86_64 0:3.14-8.el7                                                                       

Complete!
[root@web01 /etc/nginx/conf.d]# inotifywait -mrq /var/html/blog/
......
/var/html/blog/wp-content/uploads/2019/08/ OPEN test.jpg
......
  • 利用find命令查找图片位置
[root@web01 /etc/nginx/conf.d]# find /var/html/blog/ -type f -iname 'test.jpg' -mmin -3 
/var/html/blog/wp-content/uploads/2019/08/test.jpg

step2 备份本地数据

tar zcf /tmp/备份文件名称 数据目录
[root@web01 /etc/nginx/conf.d]# cd /var/html/blog/wp-content/
[root@web01 /var/html/blog/wp-content]# ls
index.php  languages  plugins  themes  upgrade  uploads
[root@web01 /var/html/blog/wp-content]# tar zcf /tmp/uploads_backup_$(date +%F).tar.gz ./uploads/*
[root@web01 /var/html/blog/wp-content]# ll /tmp/uploads_backup_2019-08-06.tar.gz 
-rw-r--r-- 1 root root 91320 Aug  6 13:27 /tmp/uploads_backup_2019-08-06.tar.gz
[root@web01 /var/html/blog/wp-content/uploads]# tar tf /tmp/uploads_backup_2019-08-06.tar.gz 
./uploads/2019/
./uploads/2019/08/
./uploads/2019/08/test.jpg
./uploads/2019/08/test-150x150.jpg
./uploads/2019/08/test-300x300.jpg
./uploads/2019/08/test-100x100.jpg

step3 实现存储目录挂载

mount -t nfs -o nosuid,noexec,nodev nfs服务:/挂载目录 挂载点
[root@nfs01 ~]# vim /etc/exports
#/var/html/blog/wp-content/upload @ web01 share with /upload/blog @ localhost
/upload/blog 172.16.1.0/24(rw,sync,anonuid=2000,anongid=2000)
[root@nfs01 ~]# systemctl reload nfs
[root@nfs01 ~]# showmount -e 172.16.1.131
Export list for 172.16.1.131:
/upload/blog 172.16.1.0/24
[root@nfs01 ~]# cd /upload/
[root@nfs01 /upload]# mkdir blog
[root@nfs01 /upload]# id www
uid=2000(www) gid=2000(www) groups=2000(www)
[root@web01 /var/html/blog/wp-content/uploads]# id www
uid=2000(www) gid=2000(www) groups=2000(www)
tail -1 /etc/fstab 
172.16.1.131:/upload/blog /var/html/blog/wp-content/uploads nfs noexec,nosuid,nodev 0 0
[root@web01 /var/html/blog/wp-content/uploads]# df -h 
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda3        99G  2.0G   97G   2% /
devtmpfs        476M     0  476M   0% /dev
tmpfs           487M     0  487M   0% /dev/shm
tmpfs           487M   26M  461M   6% /run
tmpfs           487M     0  487M   0% /sys/fs/cgroup
/dev/sda1       197M  105M   93M  54% /boot
tmpfs            98M     0   98M   0% /run/user/0
[root@web01 /var/html/blog/wp-content/uploads]# mount -a
[root@web01 /var/html/blog/wp-content/uploads]# df -h 
Filesystem                 Size  Used Avail Use% Mounted on
/dev/sda3                   99G  2.0G   97G   2% /
devtmpfs                   476M     0  476M   0% /dev
tmpfs                      487M     0  487M   0% /dev/shm
tmpfs                      487M   26M  461M   6% /run
tmpfs                      487M     0  487M   0% /sys/fs/cgroup
/dev/sda1                  197M  105M   93M  54% /boot
tmpfs                       98M     0   98M   0% /run/user/0
172.16.1.131:/upload/blog   99G  1.7G   98G   2% /var/html/blog/wp-content/uploads

step4 还原数据

[root@web01 /var/html/blog/wp-content/uploads]# tar xf /tmp/uploads_backup_2019-08-06.tar.gz ./
[root@web01 /var/html/blog/wp-content/uploads]# ls
uploads
[root@web01 /var/html/blog/wp-content/uploads]# mv ./uploads/* ./
[root@web01 /var/html/blog/wp-content/uploads]# rm -rf ./uploads/
[root@web01 /var/html/blog/wp-content/uploads]# ls
2019
[root@nfs01 ~]# tree /upload/blog/
/upload/blog/
└── 2019
    └── 08
        ├── test-100x100.jpg
        ├── test-150x150.jpg
        ├── test-300x300.jpg
        └── test.jpg

2 directories, 4 files
[root@backup ~]# ll /data/blog/
total 0
drwxr-xr-x 3 rsync rsync 16 Aug  6 11:54 2019
[root@backup ~]# tree /data/blog/
/data/blog/
└── 2019
    └── 08
        ├── test-100x100.jpg
        ├── test-150x150.jpg
        ├── test-300x300.jpg
        └── test.jpg

2 directories, 4 files

step5 检查测试

7 安全访问

step1 生成证书(模拟)

openssl genrsa -idea -out server.key 2048
openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout
server.key -out server.crt
[root@web01 /etc/nginx/conf]# openssl genrsa -idea -out server.key 2048 
Generating RSA private key, 2048 bit long modulus
........................+++
.................................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@web01 /etc/nginx/conf]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt 
Generating a 2048 bit RSA private key
.........................................................+++
...........................+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BJ
Locality Name (eg, city) [Default City]:FT  
Organization Name (eg, company) [Default Company Ltd]:Personal
Organizational Unit Name (eg, section) []:Aspen
Common Name (eg, your name or your server's hostname) []:web01
Email Address []:666@aspen.com
[root@web01 /etc/nginx/conf]# ls
server.crt  server.key

step2 实现HTTPs访问和自动跳转

[root@web01 /etc/nginx/conf]# vim /etc/nginx/conf.d/blog.conf 
server {
   listen 80;
   server_name blog.aspen.com;
   location / {
      rewrite (.*) https://$server_name/$1 permanent;
   }
}
server {
   listen 443 ssl;
   server_name blog.aspen.com;
   client_max_body_size 5m;
   ssl_certificate /etc/nginx/conf/server.crt;
   ssl_certificate_key /etc/nginx/conf/server.key;
   root /var/html/blog;
   location / {
      index index.php;
   }
   location ~ \.php$ {
      fastcgi_index index.php;
      fastcgi_pass 127.0.0.1:9000;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      include fastcgi_params;
   }
   error_page 500 502 503 504 /error_page.html;
   location =/error_page.html {
      root /var/html/error;
   }
}
[root@web01 /etc/nginx/conf]# systemctl restart nginx

8 伪静态(需要开发人员和运维人员配合)

step1 修改网站后台设置

设置---固定链接---自定义结构 %post_id%.html

step2 修改虚拟主机配置文件

伪静态地址信息重写
server 区块
rewrite /wp-admin$ $scheme://$host$uri permanent;
访问伪静态页面
location 区块
try_files $uri $uri/ /index.php?$args==$uri;
[root@web01 /etc/nginx/conf]# vim ../conf.d/blog.conf 
server {
   listen 80;
   server_name blog.aspen.com;
   location / {
      rewrite (.*) https://$server_name/$1 permanent;
   }
}
server {
   listen 443 ssl;
   server_name blog.aspen.com;
   client_max_body_size 5m;
   ssl_certificate /etc/nginx/conf/server.crt;
   ssl_certificate_key /etc/nginx/conf/server.key;
   rewrite /wp-admin$ $scheme://$host$uri permanent;                        #伪静态地址信息重写
   root /var/html/blog;
   location / {
      index index.php;
      try_files $uri $uri/ /index.php?$args==$uri;                          #访问伪静态页面
   }
   location ~ \.php$ {
      fastcgi_index index.php;
      fastcgi_pass 127.0.0.1:9000;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      include fastcgi_params;
   }
   error_page 500 502 503 504 /error_page.html;
   location =/error_page.html {
      root /var/html/error;
   }
[root@web01 /etc/nginx/conf]# systemctl restart nginx

附:思维导图

发表评论

您的电子邮箱地址不会被公开。