Ubuntu 18.04 搭建 Nginx, MySQL, PHP(LEMP)

December 7, 2018 日常

1、安装

由于这是我们第一次在这个session上使用apt,我们应该从更新本地包索引开始。

更新 apt

apt-get update

安装 Nginx

apt-get install nginx

安装 MySQL

apt install mysql-server mysql-client

安装 PHP 和常用插件

apt install php-fpm php-mysql php-mbstring php-xml php-curl

2、安装目录

LNMP会默认安装在以下目录:

  • Nginx

配置:/etc/nginx

网站:/var/www

  • MySQL

配置:/etc/mysql

数据:/var/lib/mysql

  • PHP

配置:/etc/php/7.2

3、配置

打开sites-available配置 Nginx:

vi /etc/nginx/sites-available/default

并参照以下数据修改,以 abc.com 为例子:

server {
  listen 80;
  listen [::]:80;

  root /var/www/abc.com;
  index index.php index.html index.htm;
  server_name abc.com;
  location /.well-known/ { try_files $uri $uri/ =404; }
  location ~ /\. { return 404; }
  location / {
    try_files $uri $uri/ =404;
  }
  location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php7.2-fpm.sock;
  }
}

如果以后要启用 Https,就要创建一个SSL的配置文件:

vi /etc/nginx/ssl.conf

并添加以下内容:

ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets on;
ssl_stapling on;
ssl_stapling_verify on;
#ssl_trusted_certificate /path/to/pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;

因为 /etc/nginx/sites-available/default 中的配置已经默认软链接到 /etc/nginx/sites-enabled,所以不需要重复 link

键入以下命令,测试配置文件的语法错误:

nginx -t

重载 Nginx 来刷新配置:

systemctl reload nginx

现在开始配置 MySQL,启动安全检查:

mysql_secure_installation

系统将要求您输入为MySQL根帐户设置的密码,接下来,系统将询问你要设置的密码安全等级,不建议选LOW,还有就是删除一些匿名用户和测试数据库,禁用远程根登录。

请注意,在运行 MySQL 5.7(及更高版本)的 Ubuntu 系统中,默认情况下,根MySQL用户被设置为使用auth_socket插件进行身份验证,而不是使用密码。在许多情况下,这可以有更高的安全性和可用性,但是当您需要允许外部程序(例如:phpMyAdmin)访问用户时,那就很难受了。

(选做)所以我们现在需要开启 root 的密码登陆。

mysql

这时候会进入 MySQL 的控制台 mysql >

接下来,使用以下命令检查每个MySQL用户帐户使用的身份验证方法:

mysql > SELECT user,authentication_string,plugin,host FROM mysql.user;

修改身份验证:

mysql > ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';

刷新配置:

mysql > FLUSH PRIVILEGES;

你现在可以再次检查身份验证方法:

Input:
mysql > SELECT user,authentication_string,plugin,host FROM mysql.user;

Output:
+------------------+-------------------------------------------+-----------------------+-----------+
| user             | authentication_string                     | plugin                | host      |
+------------------+-------------------------------------------+-----------------------+-----------+
| root             | *3636DACC8616D997782ADD0839F92C1571D6D78F | mysql_native_password | localhost |
| mysql.session    | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| mysql.sys        | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| debian-sys-maint | *CC744277A401A7D25BE1CA89AFF17BF607F876FF | mysql_native_password | localhost |
+------------------+-------------------------------------------+-----------------------+-----------+
4 rows in set (0.00 sec)

退出控制台:

mysql > exit

3、启用Https

可以去腾讯云开通免费的证书,开通完下载证书,解压出来复制 Nginx 文件夹里的两个证书文件,随便找个目录放进去,本文会放到/var/www/ssl里面。

然后修改 Nginx 的配置文件,同时开启 Http 自动跳转 Https,以 abc.com 为例子:

server {
        listen 80;
        listen [::]:80;
        server_name abc.com;
        rewrite ^(.*) https://$host$1 permanent;
}
server {
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;

        include ssl.conf;
        ssl_certificate /var/www/ssl/1_www.abc.com_bundle.crt;
        ssl_certificate_key /var/www/ssl/2_www.abc.com.key;
        root /var/www/abc.com;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm index.nginx-debian.html;

        server_name abc.com;

        location /.well-known/ { try_files $uri $uri/ =404; }

        location ~ /\. { return 404; }

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }
}

接下来重启 Nginx :

systemctl restart nginx

4、常用命令

Ubuntu 16.04 / 18.04 使用 systemctl 管理服务,LNMP 中 service 名称分别为 nginx、mysql、php7.2-fpm

  • 启动:systemctl start service
  • 停止:systemctl stop service
  • 重载:systemctl reload service
  • 重启:systemctl restart service
  • 查看状态:systemctl status service
  • 开启自启动:systemctl enable service
  • 关闭自启动:systemctl disable service

如重载 Nginx 可执行:

systemctl reload nginx

查看 PHP 状态可执行:

systemctl status php7.2-fpm

参考:

Ubuntu 18.04 快速配置 LNMP(LEMP) 环境
How To Install Linux, Nginx, MySQL, PHP (LEMP stack) in Ubuntu 18.04



添加新评论