腾讯云服务器 CentOS 7.6 快速搭建 LNMP 环境

我在腾讯云上购买了云服务器，系统是 CentOS 7.6 x64，自己整理了以下脚本文件，可以快速安装 LNMP 环境。

文件列表及备注如下：

1-init.sh      # 初始化更新系统软件库
2-account.sh   # 创建 www、mysql 账号
3-openss1.sh   # 安装 openssl-1.1.1d
4-nginx.sh     # 安装 nginx-1.16.1
5-php.sh       # 安装 php-7.2.28
6-mysql.sh     # 安装 mysql-5.7.28
my.cnf         # mysql 的配置文件
nginx.conf     # nginx 的全局配置文件
mysite.conf    # nginx 的示例网站配置文件

包含了 6 个 shell 脚本文件和 3 个配置文件，按顺序执行以上 6 个脚本，php、nginx、mysql 都被安装在 /usr/local 目录下的各自目录。其中，mysql 采用二进制包安装，默认密码保存在 lnmp-script/mysql_new_password.log。默认的配置文件只保证服务能够正常跑起来，如果想要达到最佳性能，需要自己结合服务器硬件配置去做优化。

文件打包下载：lnmp-script.zip

下面展示所有文件的源代码。

---

1、脚本文件 1-init.sh

#!/bin/sh

yum -y update

yum install -y lrzsz wget

mkdir /root/soft

2、脚本文件 2-account.sh

#!/bin/sh

groupadd www
useradd -g www www

groupadd mysql
useradd -g mysql -s /sbin/nologin mysql

3、脚本文件 3-openssl.sh

#!/bin/sh

cd /root/soft

yum install -y zlib-devel

wget -c https://www.openssl.org/source/openssl-1.1.1d.tar.gz
tar xf openssl-1.1.1d.tar.gz
cd openssl-1.1.1d/
./config --prefix=/usr/local/openssl-1.1.1d zlib shared
make && make install

ln -sf /usr/local/openssl-1.1.1d/lib/lib* /usr/lib64/

mv /usr/bin/openssl /usr/bin/openssl.old
#mv /usr/include/openssl /usr/include/openssl.old

ln -s /usr/local/openssl-1.1.1d/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl-1.1.1d/include/openssl /usr/include/openssl

4、脚本文件 4-nginx.sh

#!/bin/sh

current_path=$(cd "$(dirname $0)";pwd)

cd /root/soft

yum install -y pcre-devel gd-devel

wget -c http://nginx.org/download/nginx-1.16.1.tar.gz
tar xf nginx-1.16.1.tar.gz
cd nginx-1.16.1/
./configure --prefix=/usr/local/nginx --error-log-path=/usr/local/nginx/logs/error.log --http-log-path=/usr/local/nginx/logs/access.log --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_sub_module --with-pcre --with-file-aio --with-http_realip_module --with-http_image_filter_module --with-openssl=../openssl-1.1.1d --with-http_v2_module
make && make install

mkdir /usr/local/nginx/conf/vhost

cp -f $current_path/nginx.conf /usr/local/nginx/conf/nginx.conf
cp -f $current_path/mysite.conf /usr/local/nginx/conf/vhost/mysite.conf

echo "[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=false
[Install]
WantedBy=multi-user.target" > nginx.service

chmod +x nginx.service

mv nginx.service /usr/lib/systemd/system/

systemctl enable nginx

5、脚本文件 5-php.sh

#!/bin/sh

cd /root/soft

#安装PHP依赖的软件包
yum install -y autoconf gcc gcc-c++ wget curl curl-devel cmake libpng libpng-devel libjpeg libjpeg-devel libzip libzip-devel libxml2 libxml2-devel bzip2 bzip2-devel freetype freetype-devel libicu-devel libxslt libxslt-devel
 
#下载php7.2.28（下载地址可能有变，自己去php.net获取最新地址）
wget -c https://www.php.net/distributions/php-7.2.28.tar.gz
 
#解压
tar xf php-7.2.28.tar.gz
 
#进入源代码目录
cd php-7.2.28/
 
#配置，指定安装目录为/usr/local/php
./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-bcmath --enable-fpm --enable-ftp --enable-inline-optimization --enable-intl --enable-libxml --enable-mbregex --enable-mbstring --enable-opcache --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvsem --enable-sysvshm --enable-xml --enable-zip --with-bz2 --with-curl --with-fpm-group=www --with-fpm-user=www --with-freetype-dir --with-gd --with-gettext --with-iconv-dir --with-jpeg-dir --with-libdir=lib64 --with-libxml-dir --with-mhash --with-mysqli=mysqlnd --with-openssl --with-pcre-regex --with-pdo-mysql=mysqlnd --with-png-dir --with-xmlrpc --with-xsl --with-zlib
 
#如无报错，即可执行编译（如果报错，则执行make clean清理，解决后重新make）
make
 
#编译完毕安装
make install
 
#添加php-fpm服务管理脚本
cp sapi/fpm/php-fpm.service /usr/lib/systemd/system/
 
#设置php-fpm服务开机自启动
systemctl enable php-fpm
 
#生成配置文件（如果用于生产环境则应该复制php.ini-production）
cp php.ini-production /usr/local/php/etc/php.ini
 
#进入配置文件目录
cd /usr/local/php/etc
 
#配置php-fpm
cp php-fpm.conf.default php-fpm.conf
cp php-fpm.d/www.conf.default php-fpm.d/www.conf
 
#设置默认时区
echo 'date.timezone = "Asia/Shanghai"' >> php.ini
 
#加载opcache
echo 'zend_extension=opcache.so' >> php.ini

#关闭HTTP header的php版本显示
sed -i "s/expose_php = On/expose_php = Off/g" php.ini

#配置SSL CA证书路径
echo 'openssl.cafile=/etc/ssl/certs/ca-bundle.crt' >> php.ini

#错误记录到日志文件
echo 'error_log = "/usr/local/php/var/log/error.log"' >> php.ini

chown www:www /usr/local/php/var/log/

6、脚本文件 6-mysql.sh

#!/bin/sh

current_path=$(cd "$(dirname $0)";pwd)


#检查是否已安装过mariadb，若有则删除（linux系统自带的）
s=$(rpm -qa | grep mariadb)
for i in $s
do
  rpm -e --nodeps $i
done


#检查是否已安装过mysql，若有则删除（linux系统自带的）
s=$(rpm -qa | grep mysql)
for i in $s
do
  rpm -e --nodeps $i
done

cd /root/soft

wget -c https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.28-linux-glibc2.12-x86_64.tar.gz
tar xf mysql-5.7.28-linux-glibc2.12-x86_64.tar.gz
mv mysql-5.7.28-linux-glibc2.12-x86_64 /usr/local/mysql

cd /usr/local/mysql
mkdir data
mkdir tmp
mkdir log
touch log/error.log
chown -R mysql:mysql .

yum -y install numactl

./bin/mysqld --initialize --user=mysql --datadir=/usr/local/mysql/data --basedir=/usr/local/mysql > a.log 2>&1

#提取临时密码
pass=$(tail -n 1 a.log | awk -F ': ' '{print $NF}')
rm a.log

cp $current_path/my.cnf my.cnf

cp support-files/mysql.server /etc/init.d/mysqld
chmod +x /etc/init.d/mysqld 
chkconfig --add mysqld

service mysqld start

newpass=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 30)

sql="ALTER USER 'root'@'localhost' identified by '$newpass'"
./bin/mysql -uroot -p"$pass" --connect-expired-password -e "$sql"

service mysqld stop

#保存新密码到文件
echo "$newpass" > $current_path/mysql_new_password.log

#控制台输出新密码
echo "mysql new password: $newpass"

7、配置文件 my.cnf

[mysqld]
port = 3306
basedir = /usr/local/mysql
datadir = /usr/local/mysql/data
log-error = /usr/local/mysql/log/error.log
pid-file = /usr/local/mysql/data/mysql.pid
tmpdir = /usr/local/mysql/tmp
socket = /tmp/mysql.sock
default-time-zone = '+8:00'
character-set-server = utf8mb4
max_connections = 1000
sql-mode = NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER

8、配置文件 nginx.conf

user     www www;
worker_processes  auto;

error_log  /usr/local/nginx/logs/error.log;
pid        /usr/local/nginx/nginx.pid;

worker_rlimit_nofile   65535;

events {
    use epoll;
    worker_connections 65535;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log     /usr/local/nginx/logs/access.log  main;

    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 8m;

    sendfile        on;
    tcp_nopush      on;

    keepalive_timeout  60;

    tcp_nodelay     on;

    server_tokens   off;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;

    gzip  on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/javascript application/vnd.ms-fontobject image/svg+xml;
    gzip_vary on;

    server {
        listen 80 default_server;
        return 400;
    }

    include vhost/*.conf;

}

9、配置文件 mysite.conf

server {
    listen 80;

    #域名配置示例
    server_name mysite.com www.mysite.com;

    root  /home/www/mysite;
    index index.php index.html;

    #强制跳转到www开头的域名
    if ($host != 'www.mysite.com') {
        rewrite ^(.*) http://www.mysite.com permanent;
    }

    location ~ .+\.php$ {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi.conf;
    }
    
    # 静态资源文件缓存7天
    location ~ .+\.(gif|jpg|jpeg|png|bmp|swf|ico|svg|js|css|eof|ttf|woff)$ {
        expires 7d;
        access_log off;
    }

    # 禁止访问以“.”开头的文件或目录，以及后缀名是.sql、.bak、.ini的文件
    location ~ (/\.)|(.+\.(sql|bak|ini)$) {
        deny all;
    }
}

10、各服务的操作指令

#管理nignx服务
systemctl start|stop|reload nginx

#管理php-fpm服务
systemctl start|stop|reload php-fpm

#管理mysql服务
service mysqld start|stop