从0开始构建Debian 9 + PHP 7.3 + Nginx + MariaDB的网站环境

今天一个朋友把我搞吐血了,好吧,重新写一下最新版的Debian 9网站环境

需要的组件用的都是最新稳定版,注意,服务器不应该用非稳定版。

下面所有命令单步执行

 

#因为有些时候v6的apt很慢,所以设置apt只用ipv4:

echo 'Acquire::ForceIPv4 "true";' > /etc/apt/apt.conf.d/99force-ipv4

 

#设置源:

echo "deb http://ftp.us.debian.org/debian stretch main contrib non-free" >/etc/apt/sources.list
echo "deb http://ftp.us.debian.org/debian stretch-updates main contrib non-free" >>/etc/apt/sources.list
echo "deb http://security.debian.org stretch/updates main contrib non-free" >>/etc/apt/sources.list
echo "deb-src http://ftp.us.debian.org/debian stretch main contrib non-free" >>/etc/apt/sources.list
echo "deb-src http://ftp.us.debian.org/debian stretch-updates main contrib non-free" >>/etc/apt/sources.list
echo "deb-src http://security.debian.org stretch/updates main contrib non-free" >>/etc/apt/sources.list

 

#习惯性的ll和用不上的服务:

alias ll='ls -al'
echo "alias ll='ls -al'" >> /root/.bashrc
systemctl disable postfix
systemctl disable rsyslog

 

#为了超大并发而优化的

echo "net.ipv4.tcp_syncookies = 1">>/etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1">>/etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 1">>/etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 30">>/etc/sysctl.conf

sysctl -p

 

#改成中国时区,看着舒服:

timedatectl set-timezone 'Asia/Shanghai'
echo "UTC=no" >> /etc/default/rcS

 

#更新系统现有的核心和已安装组件:

apt-get update && apt-get upgrade -y && apt-get -u dist-upgrade -y

 

#先重启一次:

reboot

 

#最新版php和nginx的源

apt-get -y install apt-transport-https lsb-release ca-certificates
sh -c 'echo "deb https://packages.sury.org/nginx/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/nginx.list'
wget  -O /etc/apt/trusted.gpg.d/nginx.gpg https://packages.sury.org/nginx/apt.gpg
sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
wget  -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
apt-get update

 

#安装nginx+php+mariadb,注意,因为装php的时候会自动带上apache,所以我这里分几次处理这个问题。

apt-get install -y  nginx-extras net-tools nload mariadb-client-10.1 libmariadbclient-dev update-inetd  sysv-rc-conf net-tools proftpd 
/etc/init.d/nginx stop
apt-get install -y mariadb-server-10.1
apt-get install -y php7.3-fpm php7.3-cgi php7.3-gd php7.3-imap php7.3-xmlrpc php7.3-xsl php7.3-mysql php7.3-curl php7.3-common php7.3-dev php7.3-imagick php7.3-memcache  php7.3-recode php7.3-tidy php7.3-mbstring php7.3-db php7.3-apcu
systemctl disable apache2  && /etc/init.d/apache2 stop  && apt remove -y --purge apache2 && apt -y autoremove

 

#设置mysql,这里是用我自己的配置文件,你可以自己修改

cp /etc/mysql/mariadb.conf.d/50-server.cnf /etc/mysql/mariadb.conf.d/50-server.cnf.old

wget https://soft.tingtao.org/debian9/mariadb/cfg.txt -O /etc/mysql/mariadb.conf.d/50-server.cnf

mysql -u root -pmysql密码
set password for root@localhost = password('mysql密码'); 
grant all privileges on *.* to root@"127.0.0.1" identified by 'mysql密码' with grant option;
grant all privileges on *.* to root@"%" identified by 'mysql密码' with grant option;
exit;

/etc/init.d/mysql restart

 

#设置proftpd:

wget  https://soft.tingtao.org/debian9/proftpd/proftpd_nossl.txt -O /etc/proftpd/proftpd.conf
/etc/init.d/proftpd restart

 

#设置nginx:

mkdir -p /cachedisk/staticfile
mkdir -p /dev/shm/cachemem/phpfile
mkdir -p /dev/shm/cachemem/fastcgi
mkdir -p /cachemem/phpfile
mkdir -p /cachemem/fastcgi
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.default
rm /etc/nginx/sites-enabled/default
mkdir /var/www/logs
rm /etc/nginx/sites-enabled/default
wget  https://soft.tingtao.org/nginx/nginx.conf.txt -O /etc/nginx/nginx.conf


cp /etc/nginx/fastcgi_params /etc/nginx/fastcgi_params.default
cp /etc/nginx/fastcgi.conf /etc/nginx/fastcgi.conf.default
cp /etc/php/7.3/fpm/php-fpm.conf /etc/php/7.3/fpm/php-fpm.conf.default
echo 'fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root/:/tmp/:/proc/:/usr/share/php/";' >> /etc/nginx/fastcgi_params
echo 'fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root/:/tmp/:/proc/:/usr/share/php/";' >> /etc/nginx/fastcgi.conf
echo "php_admin_value[open_basedir]=/var/www/:/proc/:/tmp/:/usr/share/php/" >> /etc/php/7.3/fpm/php-fpm.conf

/etc/init.d/nginx restart

 

#删掉一个示例配置,节约内存:

mv /etc/php/7.3/fpm/pool.d/www.conf /etc/php/7.3/fpm/pool.d/www.conf.bak
/etc/init.d/php7.3-fpm restart

注意,因为唯一的示例文件删掉了,所以php在这里重启是肯定会失败的,等以后创建了网站就正常了。

 

 

#####################################################

创建站点的过程:

以本站为例,ftp用户名为www.tingtao.org,网站位于 /var/www/www.tingtao.org,密码为“ftp密码”

 

#创建站点目录和ftp账号什么的:

useradd www.tingtao.org -s /sbin/nologin
echo www.tingtao.org:ftp密码|chpasswd
groupadd -f www.tingtao.org
usermod -G www.tingtao.org -a www-data
usermod -G www.tingtao.org -a proftpd
mkdir /var/www/www.tingtao.org
usermod -d /var/www/www.tingtao.org www.tingtao.org
chown -R www.tingtao.org:www.tingtao.org /var/www/www.tingtao.org
chmod -R 755 /var/www/www.tingtao.org

 

#php配置:

cat > /etc/php/7.3/fpm/pool.d/www.tingtao.org.conf <<- _EOF1_
[www.tingtao.org]
user = www.tingtao.org
group = www.tingtao.org
listen = /var/run/php7-fpm-www.tingtao.org.sock
listen.owner = www-data
listen.group = www-data
php_admin_value[include_path] = .:/var/www/globals/www.3ha.net/lib
php_admin_value[open_basedir] = /dev/shm/www/www.tingtao.org:/tmp:/var/www/www.tingtao.org
php_admin_value[upload_max_filesize] = 50M
php_admin_value[max_execution_time] = 30
php_admin_value[max_input_time] = 60
php_admin_value[memory_limit] = 256M
php_admin_value[output_buffering] = 4096
php_admin_value[disable_functions] = system,exec,shell_exec,passthru,error_log,dl,sys_getloadavg,pfsockopen,openlog,syslog,readlink,symlink,link,leak,popen,escapeshellcmd,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,escapeshellarg,pcntl_exec,show_source,highlight_file,ini_restore,apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,virtual,mb_send_mail,set_time_limit,max_execution_time,php_uname,disk_free_space,diskfreespace,stream_copy_to_stream
php_admin_flag[allow_url_fopen] = off
php_admin_flag[expose_php] = Off
php_admin_flag[display_errors] = Off
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /
_EOF1_

 

#站点配置是 /etc/nginx/sites-enabled/www.tingtao.org.conf ,注意证书路径:

#######################################################
#                      www.tingtao.org

server {
        listen 80; 
        listen [::]:80; 
        server_name     tingtao.org www.tingtao.org;
        keepalive_timeout    120;
        
        listen          443 ssl;
        listen          [::]:443 ssl;
        ssl_certificate /var/www/ca/tingtao.org/fullchain.pem;
        ssl_certificate_key /var/www/ca/tingtao.org/privkey.pem;
        ##############################################

        error_log /dev/null;
        access_log /dev/null;

        root /var/www/www.tingtao.org;

        set $skip_cache 0;
        #post访问不缓存
        if ($request_method = POST) {
            set $skip_cache 1;
        }   
        #动态查询不缓存
        if ($query_string != "") {
            set $skip_cache 1;
        }   
        #后台等特定页面不缓存(其他需求请自行添加即可)
        if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
            set $skip_cache 1;
        }   
        #对登录用户、评论过的用户不展示缓存
        if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
            set $skip_cache 1;
        }


        location ~ ^.+\.php {
            fastcgi_split_path_info ^(.+\.php)(.*)$;
            fastcgi_pass   unix:/var/run/php7-fpm-www.tingtao.org.sock;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root/$fastcgi_script_name;
            include fastcgi_params;
            fastcgi_param  QUERY_STRING     $query_string;
            fastcgi_param  REQUEST_METHOD   $request_method;
            fastcgi_param  CONTENT_TYPE     $content_type;
            fastcgi_param  CONTENT_LENGTH   $content_length;
            fastcgi_param PHP_ADMIN_VALUE "cgi.fix_pathinfo=1";
            fastcgi_param PHP_ADMIN_VALUE   "include_path= .:/var/www/globals/v.haote.net/lib:/usr/share/php/";
            fastcgi_param PHP_ADMIN_VALUE   "open_basedir= $document_root/:/tmp:/usr/share/php/";
            fastcgi_param PHP_ADMIN_VALUE   "upload_max_filesize= 50M";
            fastcgi_param PHP_ADMIN_VALUE   "max_execution_time= 30";
            fastcgi_param PHP_ADMIN_VALUE   "max_input_time= 60";
            fastcgi_param PHP_ADMIN_VALUE   "memory_limit= 128M";
            fastcgi_param PHP_ADMIN_VALUE   "output_buffering= 4096";
            fastcgi_param PHP_ADMIN_VALUE   "disable_functions= system,exec,shell_exec,passthru,error_log,dl,sys_getloadavg,pfsockopen,openlog,syslog,readlink,symlink,link,leak,popen,escapeshellcmd,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,escapeshellarg,pcntl_exec,show_source,highlight_file,ini_restore,apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,virtual,mb_send_mail,set_time_limit,max_execution_time,php_uname,disk_free_space,diskfreespace,stream_copy_to_stream";
            fastcgi_param PHP_ADMIN_VALUE   "allow_url_fopen= off";
            fastcgi_param PHP_ADMIN_VALUE   "expose_php= Off";
            fastcgi_param PHP_ADMIN_VALUE   "display_errors= Off";
            fastcgi_param PHP_ADMIN_VALUE   "post_max_size= 50M";
            fastcgi_intercept_errors        on;
            fastcgi_ignore_client_abort     on;
            fastcgi_read_timeout 180;


#            add_header Fastcgi-Cache $upstream_cache_status;
#            fastcgi_cache_bypass $skip_cache;
#            fastcgi_no_cache $skip_cache;
#            fastcgi_cache wp_fastcgi;
#            fastcgi_cache_valid 2h;
        }


        location / {
            #定义首页索引文件的名称
            index index.php index.html index.htm;
            #下面这行和后面的跟wordpress有关
            try_files $uri $uri/ /index.php?$args;
        }
#        rewrite /wp-admin$ $scheme://$host$uri/ permanent;

}

 

#数据库名和用户名为tingtao :

create database tingtao;
CREATE USER 'tingtao'@'%' IDENTIFIED BY '数据库密码';
GRANT ALL PRIVILEGES ON `tingtao` . * TO 'tingtao'@'%';

 

#站点创建以后需要重启php和nginx:

/etc/init.d/nginx restart
/etc/init.d/php7.3-fpm restart

 

 

至此,所有相关环境创建完成,只有nginx的站点配置和mysql建库需要编辑器或者mysql来执行,其他的都是复制即可。

文中直接从soft.tingtao.org下载的文件请自行留档,我这里可能随时改动。

 

 

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: