首页 » 后端 » Apache » 正文

Dell EMC PowerEdge T340 离线安装 LNMP 环境

发布者:站点默认
2020/06/6 浏览数(966) 分类:Apache, CentOS/RockyLinux, Linux, MySQL/MariaDB, Nginx Dell EMC PowerEdge T340 离线安装 LNMP 环境已关闭评论

上接:Dell EMC PowerEdge T340 磁盘初始化

CentOS 7 (1708) 安装盘内置有 PHP5.4.16、Apache2.4.6 和 MariaDB15.1(MySQL5.5.56),如果能满足需要,可在装系统的同时一起安装(如下图),下文就不需要看了。

CentOS7 内置的 PHP Web 服务

客户的服务器,禁止联网、禁止使用U盘,只能使用光驱。需要的 WEB 环境如下:

CentOS-7-x86_64-DVD-1708.iso
Nginx-1.18.0-1.el7.ngx.x86_64
MySQL-community-server-8.0.20-1.el7.x86_64
PHP-7.2w

下载 rpm 包

安装一台相同环境的虚拟机,并在虚拟机中准备好下载环境:

yum install epel-release
yum install yum-utils
yum install openssl-devel
mkdir ~/rpms && cd $_

在虚拟机中下载安装包

YUM 的这2个参数可以仅下载安装包及其依赖而不安装:

--downloadonly
--downloaddir

下载 MySQL 的依赖

yum install --downloadonly --downloaddir=. openssl openssl-devel net-tools

下载 PHP

rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum install --downloadonly --downloaddir=. \
    php72w php72w-cli php72w-fpm php72w-common php72w-devel \
    php72w-embedded php72w-gd php72w-mbstring php72w-mysqlnd \
    php72w-opcache php72w-pdo php72w-xml

下载 Nginx

创建 /etc/yum.repos.d/nginx.repo 内容如下:

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
yum install --downloadonly --downloaddir=. nginx

下载 MySQL

到 https://dev.mysql.com/downloads/mysql/ 下载,需要的文件有:

mysql-community-client-8.0.20-1.el7.x86_64.rpm
mysql-community-common-8.0.20-1.el7.x86_64.rpm
mysql-community-devel-8.0.20-1.el7.x86_64.rpm
mysql-community-libs-8.0.20-1.el7.x86_64.rpm
mysql-community-libs-compat-8.0.20-1.el7.x86_64.rpm
mysql-community-server-8.0.20-1.el7.x86_64.rpm

下载 SELinux 管理工具

yum install --downloadonly --downloaddir=. policycoreutils-python
# 将这些包单独放入 ~/rpms/tools/ 中

制作安装脚本 install.sh

rpm 没有依赖管理功能,需要先安装依赖再安装 nginx/php/mysql(或者使用 npm –nodeps *.rpm 一起安装,最后用 yum check 检查依赖),mod_php72w 要在 PHP 装好后再安装。

将依赖包放入 ~/rpms/deps 目录

将 php/nginx/mysql 放入 ~/rpms/apps 目录

将 mod_php72w 放入 ~/rpms/adds 目录。

制作安装脚本 install.sh:

#!/bin/bash
echo -n "Install Nginx + PHP + MySQL ? [y/yes/N]:"
read ANS
case $ANS in
    y|Y|yes|Yes|YES)
        echo -e "\e[0;33mInstall dependencies ... \e[0m"
        rpm -Uvh --nosignature ./deps/*.rpm
        echo -e "\e[0;33mInstall Nginx + PHP + MySQL ... \e[0m"
        rpm -Uvh --nosignature ./apps/*.rpm
        echo -e "\e[0;33mInstall addons ...  \e[0m"
        rpm -Uvh --nosignature ./adds/*.rpm
        echo -e "\e[0;33mInstall tools ...  \e[0m"
        rpm -Uvh --nosignature ./tools/*.rpm
        echo -e "\e[0;32mFinished. \e[0m"

        # 配置 php-fpm 的运行身份
        echo -e "\e[0;33mConfiguring web server running identity  ...  \e[0m"
        chown -R nginx:nginx /var/lib/php # 详见 session_path,默认 apache 会影响 session
        sed -i 's/^user = apache$/user = nginx/' /etc/php-fpm.d/www.conf
        sed -i 's/^group = apache$/group = nginx/' /etc/php-fpm.d/www.conf
        # 更改 php 上传文件大小
        sed -i 's/^upload_max_filesize = 2M$/upload_max_filesize = 1024M/' /etc/php.ini
        sed -i 's/^post_max_size = 8M$/post_max_size = 1024M/' /etc/php.ini
        sed -i 's/^memory_limit = 128M$/memory_limit = 2048M/' /etc/php.ini
        sed -i 's/^max_execution_time = 30$/max_execution_time = 600/' /etc/php.ini

        # 将 web server 设为开机启动
        echo -e "\e[0;33mConfiguring web server auto start ...  \e[0m"
        systemctl enable nginx
        systemctl enable php-fpm
        systemctl enable mysqld

        # 开启防火墙并允许 web server 通过
        echo -e "\e[0;33mConfiguring firewall ...  \e[0m"
        systemctl start firewalld
        firewall-cmd --add-service=http --permanent
        firewall-cmd --add-port=8080/tcp --permanent #追加一个测试用端口
        firewall-cmd --reload

        # 启动 web server
        echo -e "\e[0;33mRun web server ...  \e[0m"
        systemctl start nginx
        systemctl start php-fpm
        systemctl start mysqld

        # 初始化 MySQL(禁止远程登录、删除测试数据库、……)
        cat /var/log/mysqld.log | grep -E 'A temporary password.*'
        echo -n "Run mysql_secure_installation ? [y/yes/N]:"
        read MYSQL_ANS
        case $MYSQL_ANS in
            y|Y|yes|Yes|YES)
                mysql_secure_installation
                ;;
            *)
                ;;
        esac

        echo -e "\e[0;33mGet web server ip address ...  \e[0m"
        ifconfig | grep -E 'inet.*'

        ;;
    *)
        echo -e "\e[0;33mCanceled \e[0m"
        ;;
esac
exit 0

创建数据库用户的 SQL:

-- 地址:localhost(严禁使用“%”,即:严禁开启远程登录)
-- 帐号:db_user_name(库名与用户名相同)
-- 密码:db_user_password (使用了 MySQL 8 以后的、旧的密码验证方式)
CREATE USER 'db_user_name'@'localhost'
  IDENTIFIED WITH mysql_native_password BY 'db_user_password';
GRANT USAGE ON *.* TO 'db_user_name'@'localhost';
ALTER USER 'db_user_name'@'localhost'
  REQUIRE NONE WITH
    MAX_QUERIES_PER_HOUR 0
    MAX_CONNECTIONS_PER_HOUR 0
    MAX_UPDATES_PER_HOUR 0
    MAX_USER_CONNECTIONS 0;
CREATE DATABASE IF NOT EXISTS `db_user_name`;
GRANT ALL PRIVILEGES ON `db_user_name`.*
  TO 'db_user_name'@'localhost';

收集到的 rpm 包及安装脚本如下:

~/rpms/
│  install.sh
│  
├─adds
│      mod_php72w-7.2.27-1.w7.x86_64.rpm
│      
├─apps
│      mysql-community-client-8.0.20-1.el7.x86_64.rpm
│      mysql-community-common-8.0.20-1.el7.x86_64.rpm
│      mysql-community-devel-8.0.20-1.el7.x86_64.rpm
│      mysql-community-libs-8.0.20-1.el7.x86_64.rpm
│      mysql-community-libs-compat-8.0.20-1.el7.x86_64.rpm
│      mysql-community-server-8.0.20-1.el7.x86_64.rpm
│      nginx-1.18.0-1.el7.ngx.x86_64.rpm
│      php72w-cli-7.2.27-1.w7.x86_64.rpm
│      php72w-common-7.2.27-1.w7.x86_64.rpm
│      php72w-devel-7.2.27-1.w7.x86_64.rpm
│      php72w-embedded-7.2.27-1.w7.x86_64.rpm
│      php72w-fpm-7.2.27-1.w7.x86_64.rpm
│      php72w-gd-7.2.27-1.w7.x86_64.rpm
│      php72w-mbstring-7.2.27-1.w7.x86_64.rpm
│      php72w-mysqlnd-7.2.27-1.w7.x86_64.rpm
│      php72w-opcache-7.2.27-1.w7.x86_64.rpm
│      php72w-pdo-7.2.27-1.w7.x86_64.rpm
│      php72w-xml-7.2.27-1.w7.x86_64.rpm
│      
├─deps
│      autoconf-2.69-11.el7.noarch.rpm
│      automake-1.13.4-3.el7.noarch.rpm
│      e2fsprogs-1.42.9-17.el7.x86_64.rpm
│      e2fsprogs-libs-1.42.9-17.el7.x86_64.rpm
│      keyutils-libs-devel-1.5.8-3.el7.x86_64.rpm
│      krb5-devel-1.15.1-46.el7.x86_64.rpm
│      krb5-libs-1.15.1-46.el7.x86_64.rpm
│      libargon2-20161029-3.el7.x86_64.rpm
│      libcom_err-1.42.9-17.el7.x86_64.rpm
│      libcom_err-devel-1.42.9-17.el7.x86_64.rpm
│      libjpeg-turbo-1.2.90-8.el7.x86_64.rpm
│      libkadm5-1.15.1-46.el7.x86_64.rpm
│      libpng-1.5.13-7.el7_2.x86_64.rpm
│      libselinux-2.5-15.el7.x86_64.rpm
│      libselinux-devel-2.5-15.el7.x86_64.rpm
│      libselinux-python-2.5-15.el7.x86_64.rpm
│      libselinux-utils-2.5-15.el7.x86_64.rpm
│      libsepol-2.5-10.el7.x86_64.rpm
│      libsepol-devel-2.5-10.el7.x86_64.rpm
│      libss-1.42.9-17.el7.x86_64.rpm
│      libverto-devel-0.2.5-4.el7.x86_64.rpm
│      libX11-1.6.7-2.el7.x86_64.rpm
│      libX11-common-1.6.7-2.el7.noarch.rpm
│      libXau-1.0.8-2.1.el7.x86_64.rpm
│      libxcb-1.13-1.el7.x86_64.rpm
│      libXpm-3.5.12-1.el7.x86_64.rpm
│      libxslt-1.1.28-5.el7.x86_64.rpm
│      m4-1.4.16-10.el7.x86_64.rpm
│      net-tools-2.0-0.25.20131004git.el7.x86_64.rpm
│      openssl-1.0.2k-19.el7.x86_64.rpm
│      openssl-devel-1.0.2k-19.el7.x86_64.rpm
│      openssl-libs-1.0.2k-19.el7.x86_64.rpm
│      pcre-devel-8.32-17.el7.x86_64.rpm
│      perl-5.16.3-295.el7.x86_64.rpm
│      perl-Carp-1.26-244.el7.noarch.rpm
│      perl-constant-1.27-2.el7.noarch.rpm
│      perl-Data-Dumper-2.145-3.el7.x86_64.rpm
│      perl-Encode-2.51-7.el7.x86_64.rpm
│      perl-Exporter-5.68-3.el7.noarch.rpm
│      perl-File-Path-2.09-2.el7.noarch.rpm
│      perl-File-Temp-0.23.01-3.el7.noarch.rpm
│      perl-Filter-1.49-3.el7.x86_64.rpm
│      perl-Getopt-Long-2.40-3.el7.noarch.rpm
│      perl-HTTP-Tiny-0.033-3.el7.noarch.rpm
│      perl-libs-5.16.3-295.el7.x86_64.rpm
│      perl-macros-5.16.3-295.el7.x86_64.rpm
│      perl-parent-0.225-244.el7.noarch.rpm
│      perl-PathTools-3.40-5.el7.x86_64.rpm
│      perl-Pod-Escapes-1.04-295.el7.noarch.rpm
│      perl-Pod-Perldoc-3.20-4.el7.noarch.rpm
│      perl-Pod-Simple-3.28-4.el7.noarch.rpm
│      perl-Pod-Usage-1.63-3.el7.noarch.rpm
│      perl-podlators-2.5.1-3.el7.noarch.rpm
│      perl-Scalar-List-Utils-1.27-248.el7.x86_64.rpm
│      perl-Socket-2.010-5.el7.x86_64.rpm
│      perl-Storable-2.45-3.el7.x86_64.rpm
│      perl-Test-Harness-3.28-3.el7.noarch.rpm
│      perl-Text-ParseWords-3.29-4.el7.noarch.rpm
│      perl-Thread-Queue-3.02-2.el7.noarch.rpm
│      perl-threads-1.87-4.el7.x86_64.rpm
│      perl-threads-shared-1.43-6.el7.x86_64.rpm
│      perl-Time-HiRes-1.9725-3.el7.x86_64.rpm
│      perl-Time-Local-1.2300-2.el7.noarch.rpm
│      zlib-1.2.7-18.el7.x86_64.rpm
│      zlib-devel-1.2.7-18.el7.x86_64.rpm
│      
└─tools
        audit-2.8.5-4.el7.x86_64.rpm
        audit-libs-2.8.5-4.el7.x86_64.rpm
        audit-libs-python-2.8.5-4.el7.x86_64.rpm
        checkpolicy-2.5-8.el7.x86_64.rpm
        libcgroup-0.41-21.el7.x86_64.rpm
        libsemanage-2.5-14.el7.x86_64.rpm
        libsemanage-python-2.5-14.el7.x86_64.rpm
        policycoreutils-2.5-34.el7.x86_64.rpm
        policycoreutils-python-2.5-34.el7.x86_64.rpm
        python-IPy-0.75-6.el7.noarch.rpm
        setools-libs-3.3.8-4.el7.x86_64.rpm

部署

硬件初始化

新服务器需要将物理磁盘在 BIOS 里转换成 RAID 功能的虚拟磁盘后才可以使用。这台服务器只有2块硬盘,所以选择 RAID1。

安装操作系统

将刻录好的 CentOS 光盘放入 Dell EMC 的光驱,默认会从光驱启动,不需要在 BIOS 中设置或按在开机时按 F11 选择启动顺序。

分区如下:

# DATA
/data      LVM                 xfs                   1795.67 GiB  # 数据区
# SYSTEM
/boot      Standard Partition  xfs                   1024 Mib     # 这个无法使用 LVM,普通即可
/          LVM                 xfs                   50 Gib
/boot/efi  Standard Partition  EFI System Partition  200 Mib
swap       LVM                 swap                  15.63Gib     # 内存的1~1.5倍

安装 WEB 服务

清理依赖

rpm -e --nodeps mariadb-libs

传输 rpm 包到新服务器并安装

将存放有 rpms 包和 install.sh 的文件夹 ~/rpms/ 刻录成光盘(记得先将 install.sh 添加可执行权限),读光驱的方法为:

mkdir /media/cdrom
mount /dev/cdrom /media/cdrom
cd /media/cdrom
yes | ./install.sh # 或 yes | bash ./install.sh
#umount /media/cdrom

配置 Web 服务

设为开机启动

systemctl enable nginx
systemctl enable php-fpm
systemctl enable mysqld

启动 WEB 及相关服务

systemctl start nginx
systemctl start php-fpm
systemctl start mysqld

初始化 MySQL 数据库

# MySQL 启动后才可以执行以下命令:
mysql_secure_installation
# root 密码在 /var/log/mysqld.log 里,搜关键字“A temporary password is generated for root@localhost:”
# 输入密码后会让设置新密码
# 之后记得要删除匿名用户、禁止 root 远程登录、移除测试数据库、重新加载权限配置

让 firewalld 防火墙允许 http 服务通行

systemctl start firewalld.service
firewall-cmd --add-service=http --permanent
firewall-cmd --add-port=8080/tcp --permanent #追加一个测试用端口
firewall-cmd --reload

为 /data/web 目录添加 DAC(-rwxrwxrwx) 和 MAC(SELinux) 权限

# 确保 /etc/selinux/config 中 SELINUX=enforcing 如果有修改重启才会生效
mkdir /data/web
chown nginx:nginx -R /data/web
chmod go-rwx -R /data/web
semanage fcontext -a -t httpd_sys_content_t '/data/web(/.*)?
restorecon -RvvF /data/web

chcon -t httpd_sys_rw_content_t /data/web/upall.cn/uploads -R
# 上边一行指定目录可写,不然会报:
# type=AVC avc: denied { execmem } for pid=11645 comm="php-fpm" scontext=.... tcontext....
# type=AVC avc: denied { write } for pid=11645 comm="php-fpm" scontext=.... tcontext....
# type=AVC avc: denied { remove_name } for pid=11645 comm="php-fpm" scontext=.... tcontext....
# semanage fcontext -l | grep /data/web # 查看目录的 SELinux 权限

修改 nginx 的运行身份

# 编辑 /etc/nginx/nginx.conf
user nginx; # 确保这里是 nginx 而不是 apache、nobody、www-data 或 其它

修改 nginx 和 php-fpm 的运行身份

# 编辑 /etc/php-fpm.d/www.conf
user = apache  # 改为 nginx
group = apache # 改为 nginx

运行身份禁止使用 root,修改后记得重启 nginx 和 php-fpm:

systemctl reload nginx
systemctl reload php-fpm    # 或 restart

如果重启如错可以用这个命令查看错误原因:

ngint -t
# php-fpm 不详

其它

0. 将光驱做为 yum 的软件源

# 将光盘放入光驱或将iso添加到虚拟机后:
mkdir /media/cdrom && mount /dev/cdrom $_
cd /etc/yum.repos.d/
vi CentOS-Media.repo # 将 enabled 从 0 改为 1
mv CentOS-Base.repo CentOS-Base.repo.disabled
# umount /media/cdrom

# 或者:
yum --disablerepo=* --enablerepo=c7-media install nginx mysql-server # c7-media 来自 yum repolist all 中的 repo id(即第1列,第2列有 CentOS-7 Media)

1. 将文件制作为 iso 镜像

genisoimage -full-iso9660-filenames -joliet -allow-lowercase -o file.iso ./folder/
#或:mkisofs -full-iso9660-filenames -joliet -allow-lowercase -o file.iso ./folder/
 
# -full-iso9660-filenames 长文件名支持,默认8+3
# -joliet                 中文文件名支持
# -allow-lowercase        小写支持,默认全是大写
# -allow-leading-dots     允许 . 开头的文件
# -allow-multidot         Allow more than one dot in filenames (e.g. .tar.gz)

2. 通过在安装时选择“PHP支持”和“MariaDB数据库服务器”来安装的 PHP 环境会送一个 GNOME 桌面环境,如果不想要这个桌面环境可以最小化安装之后挂载光驱做为软件源并用以下命令安装 WEB 环境:

yum install --disableplugin=fastestmirror apache php mariadb

3. 如果移动 MySQL 的 datadir 需要:

mkdir /data/db
chown mysql:mysql /data/db
mv /var/lib/mysq/* /data/db/
sed -i 's/^datadir=/var/lib/mysql$/datadir=/data/db' /etc/my.cnf
semanage fcontext -a -t mysqld_db_t '/data/db(/.*)?'
restorecon -RvvF /data/db
点击返回顶部
  1. 留言
  2. 联系方式