应用需求如下:

1. 准备两台centos 6,其中一台机器跑mysql,另外一台机器跑apache和nginx + php 
2. 同时安装apache和nginx,其中nginx启动80端口,用来跑静态对象(图片、js、css),apache监听88端口,负责跑动态页(php相关的),并且需要由nginx代理对外访问
3. mysql服务器需要开启慢查询日志
4. 搭建discuz、wordpress以及phpmyadmin,域名分别为bbs.test.com, blog.test.com, phpmd.test.com
5. 配置discuz的伪静态(nginx)
6. apache不需要记录日志,nginx记录日志,但不记录图片等静态页的日志,并且配置日志切割
7. 配置图片防盗链(nginx)
8. 配置图片缓存7天,js,css缓存1天(nginx)
9. discuz和wordpress访问后台限制一下ip白名单,比如只允许192.168.1.100访问(nginx)
10. phpmyadmin整个站点需要配置用户认证(nginx)
11. 写一个mysql备份的脚本,每天5点执行,需要远程拷贝到web机器上
12. 把除了百度、google外的其他常见搜索引擎蜘蛛封掉,比如(bingbot/2.0、Sogou web spider/4.0、360Spider、YisouSpider、YandexBot/3.0)
环境准备:
1、VMware Workstation 11
2、设备A:MySQL,IP地址:192.168.1.5,HostName:mysql
3、设备B:LAMP环境+nginx代理,IP地址:192.168.1.6,HostName:lanp 
4、Linux发行版:Centos 6.7 x86_64;
5、Nginx:http://nginx.org/download/nginx-1.6.2.tar.gz
6、Apache:httpd-2.2.16.tar.gz
7、PHP:php-5.3.28.tar.gz
8、MySQL:mysql-5.5.42-linux2.6-x86_64.tar.gz
9、discuz:Discuz_X3.2_SC_UTF8.zip
10、wordpress:wordpress-4.2.2-zh_CN.tar.gz
11、phpmyadmin:phpMyAdmin-4.0.8-all-languages.zip

步骤详解:

设备A:安装mysql            192.168.1.5
cd /usr/local/src/ 
tar zxvf mysql-5.5.42-linux2.6-x86_64.tar.gz
mv mysql-5.5.42-linux2.6-x86_64 /usr/local/mysql 
cd /usr/local/mysql
mkdir -p /data/mysql
useradd -s /sbin/nologin -M mysql
chown -R mysql:mysql /data/mysql
cp support-files/my-large.cnf /etc/my.cnf 
cp support-files/mysql.server /etc/init.d/mysqld
chmod 755 /etc/init.d/mysqld
vi /etc/init.d/mysql,basedir=/usr/local/mysql,datadir=/data/mysql
./scripts/mysql_install_db --user=mysql --datadir=/data/mysql 
vim /etc/profile.d/mysql.sh加入export PATH=$PATH:/usr/local/mysql/bin
chkconfig --add mysqld
chkconfig mysqld on
service mysqld start
登录mysql授权:grant all on *.* to 'super'@'192.168.1.6' identified by 'superlinux.com';

设备B:LAMP        192.168.1.6
1. 安装apache
cd /usr/local/src/ 
tar zvxf httpd-2.2.16.tar.gz 
cd httpd-2.2.16 
./configure --prefix=/usr/local/apache2  --enable-mods-shared=most  --enable-so
make&make install
apache加入chkconfig
cp /usr/local/apache2/bin/apachectl /etc/init.d/httpd
vim /etc/init.d/httpd
在第一行#!/bin/sh下增加两行文字
# chkconfig: 35 70 30
# description: Apache
chkconfig --level 35 httpd on
2.  安装php
cd /usr/local/src/ 
tar zxvf php-5.3.28.tar.gz 
cd php-5.3.28 
./configure   --prefix=/usr/local/php   --with-apxs2=/usr/local/apache2/bin/apxs   --with-config-file-path=/usr/local/php/etc  --with-libxml-dir   --with-gd   --with-jpeg-dir   --with-png-dir   --with-freetype-dir   --with-iconv-dir   --with-zlib-dir   --with-bz2   --with-openssl   --with-mcrypt   --enable-soap   --enable-gd-native-ttf   --enable-mbstring   --enable-sockets   --enable-exif   --disable-ipv6 --with-mysql=mysqlnd --with-mysqli=mysqlnd  --with-pdo-mysql=mysqlnd
make&make install
cp /usr/local/src/php-5.3.28/php.ini-production /usr/local/php/etc/php.ini
3、 配置apache结合php
vim /usr/local/apache2/conf/httpd.conf
找到:
AddType application/x-gzip .gz .tgz
在该行下面添加:
AddType application/x-httpd-php .php
找到:
    DirectoryIndex index.html
将该行改为:
    DirectoryIndex index.html index.htm index.php
找到:
#ServerName www.example.com:80
修改为:
ServerName localhost:80
vim /usr/local/apache2/conf/httpd.conf找到:
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
改为:
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Allow from all
测试LAMP环境:在浏览器访问192.168.1.6,如果显示IT Works!表示LAMP环境搭建成功
mkdir data
cd data
在data目录分别创建bbs、blog、phpmd目录

4.解压discuz并把upload下的内容移到bbs下
cd /usr/local/src
unzip Discuz_X3.2_SC_UTF8.zip
mv upload/* /data/bbs  

5.解压wordpress并把wordpress下的内容移到blog下
[root@lanp src]# tar zxvf wordpress-4.2.2-zh_CN.tar.gz
[root@lanp src]# mv wordpress/* /data/blog

6.解压phpmyadmin并把phpMyAdmin-4.0.8-all-languages下的内容移到phpmd下
[root@lanp src]# unzip phpMyAdmin-4.0.8-all-languages.zip
[root@lanp src]# mv phpMyAdmin-4.0.8-all-languages/* /data/phpmd

7.把apache端口改成88:进入apache主配置文件,把lisen 80改成88
8.[root@lanp ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf(添加三个虚拟主机,并把80端口改成88)
    #ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot "/data/bbs"
    ServerName bbs.test.com
    #ServerAlias www.dummy-host.example.com
    ErrorLog "logs/bbs.test.com-error_log"
    CustomLog "logs/bbs.test.com-access_log" common
    #ServerAdmin webmaster@dummy-host2.example.com
    DocumentRoot "/data/blog"
    ServerName blog.test.com
    ErrorLog "logs/blog.test.com-error_log"
    CustomLog "logs/blog.test.com-access_log" common
    #ServerAdmin webmaster@dummy-host2.example.com
    DocumentRoot "/data/phpmd"
    ServerName phpmd.test.com
    ErrorLog "logs/phpmd.test.com-error_log"
    CustomLog "logs/phpmd.test.com-access_log" common
检查配置文件是否有语法错误:
[root@lanp ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
检查88端口是否监听
[root@lanp ~]# /usr/local/apache2/bin/apachectl restart
[root@lanp ~]# netstat -lnp
9.在真机win上的host文件里绑定ip和虚拟主机域名(host文件路径:C/windows/System32/drivers/etc/hosts
192.168.1.6  bbs.test.com blog.test.com phpmd.test.com
10.安装discuz
在浏览器访问bbs.test.com/install/,会出现discuz图形安装界面,点我同意,出现很多目录不可写,为啥不可写呢?因为ps aux |grep httpd,httpd是以daemon用户运行。所以需要把discuz中不可写的目录的属主和属组改成daemon,chown -R daemon:daemon config/ data uc_client/data uc_server/data
回到浏览器刷新,下一步,再全新安装discuz
在mysql中创建discuz库并授权一个用户
mysql> create database discuz;
mysql> grant all on *.* to 'super'@'192.168.1.6' identified by 'superlinux.com';
mysql> flush privileges;
回到discuz浏览器,数据库名为discuz,数据库用户名为super,数据库密码superlinux.com
到此discuz论坛安装完毕
11.安装wordpress
在mysql中创建blog库
mysql> create database blog;
在浏览器中访问blog.test.com:88进行web界面信息输入安装

12.安装phpmyadmin

cp libraries/config.default.php config.inc.php
更改
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = 'yourrootpassword';
$cfg['Servers'][$i]['host'] = 'yourdbip';
$cfg['Servers'][$i]['auth_type'] = 'config';##认证模式
在浏览器中访问phpmd.test.com:88进行web界面操作安装

13.安装nginx
[root@lanp src]# wget http://nginx.org/download/nginx-1.6.2.tar.gz
[root@lanp src]# tar zxvf nginx-1.6.2.tar.gz
[root@lanp nginx-1.6.2]# ./configure   --prefix=/usr/local/nginx   --with-pcre
make &make install
nginx启动脚本和配置文件
vim /etc/init.d/nginx  //加入如下内容
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start() {
        echo -n $"Starting $prog: "
        mkdir -p /dev/shm/nginx_temp
        daemon $NGINX_SBIN -c $NGINX_CONF
        RETVAL=$?
        echo
        return $RETVAL
}
stop() {
        echo -n $"Stopping $prog: "
        killproc -p $NGINX_PID $NGINX_SBIN -TERM
        rm -rf /dev/shm/nginx_temp
        RETVAL=$?
        echo
        return $RETVAL
}
reload(){
        echo -n $"Reloading $prog: "
        killproc -p $NGINX_PID $NGINX_SBIN -HUP
        RETVAL=$?
        echo
        return $RETVAL
}
restart(){
        stop
        start
}
configtest(){
    $NGINX_SBIN -c $NGINX_CONF -t
    return 0
}
case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  reload)
        reload
        ;;
  restart)
        restart
        ;;
  configtest)
        configtest
        ;;
  *)
        echo $"Usage: $0 {start|stop|reload|restart|configtest}"
        RETVAL=1
esac
exit $RETVAL
chmod 755 /etc/init.d/nginx
chkconfig --add nginx
chkconfig nginx on
service nginx start
service nginx configtest(检测配置文件,configtest相当于-t)
vim /usr/local/nginx/conf/nginx.conf 清空原来的配置,加入如下内容
user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
    use epoll;
    worker_connections 6000;
}
http
{
    include mime.types;
    default_type application/octet-stream;
    server_names_hash_bucket_size 3526;
    server_names_hash_max_size 4096;
    log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
    '$host "$request_uri" $status'
    '"$http_referer" "$http_user_agent"';
    sendfile on;
    tcp_nopush on;
    keepalive_timeout 30;
    client_header_timeout 3m;
    client_body_timeout 3m;
    send_timeout 3m;
    connection_pool_size 256;
    client_header_buffer_size 1k;
    large_client_header_buffers 8 4k;
    request_pool_size 4k;
    output_buffers 4 32k;
    postpone_output 1460;
    client_max_body_size 10m;
    client_body_buffer_size 256k;
    client_body_temp_path /usr/local/nginx/client_body_temp;
    proxy_temp_path /usr/local/nginx/proxy_temp;
    fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
    fastcgi_intercept_errors on;
    tcp_nodelay on;
    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 8k;
    gzip_comp_level 5;
    gzip_http_version 1.1;
    gzip_types text/plain application/x-javascript text/css text/htm application/xml;
   include vhosts/*.conf;
}
cd /usr/local/nginx/conf/
mkdir vhosts
touch discuz.conf
touch phpmd.conf
touch blog.conf
14.discuz.conf
server
{
    listen 80;
    server_name bbs.test.com;
    index index.html index.htm index.php;
    root /data/bbs;
#根据user_agent控制
    if ($http_user_agent ~ 'bingbot/2.0|MJ12bot/v1.4.2|Spider/3.0|YoudaoBot|Tomato|Gecko/20100315'){
            return 403;
    }
    location ~ admin.php {
        allow 192.168.31.141;
        deny all;
        proxy_pass   http://127.0.0.1:88;
        proxy_set_header Host   $host;
    }
    location ~ \.php$ {
         proxy_pass   http://127.0.0.1:88;
         proxy_set_header Host   $host;
         proxy_set_header X-Real-IP      $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
    location ~ .*\.(js|css)?$
    {
          expires      24h;
          access_log off;
    }
    location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ {
         expires 7d;
         valid_referers none blocked server_names *.test.com *.a.com *.b.com *.baidu.com\
         *.google.com *.google.cn *.soso.com ;
         if ($invalid_referer) {
              return 403;
              #rewrite ^/ http://www.example.com/nophoto.gif;
         }
         access_log off;
    }
    rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last;
        rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
        rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
        rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
        rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last;
        rewrite ^([^\.]*)/(fid|tid)-([0-9]+)\.html$ $1/index.php?action=$2&value=$3 last;
    access_log /home/logs/discuz.log combined_realip;
检测nginx配置文件:/usr/local/nginx/sbin/nginx -t
重启nginx:service nginx restart
在浏览器访问bbs.test.com,是可以正常进入discuz页面的。
15.blog.conf配置
server
{
    listen 80;
    server_name blog.test.com;
    index index.html index.htm index.php;
    root /data/blog;
    location /wp-admin/ {
        allow 127.0.0.1;
        deny all;
        location ~ \.php$ {
        proxy_pass   http://127.0.0.1:88;
        proxy_set_header Host   $host;
        }
    }
    location  / {
         proxy_pass   http://127.0.0.1:88/;
         proxy_set_header Host   $host;
         proxy_set_header X-Real-IP      $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
检测nginx配置文件是否有语法错误:/usr/local/nginx/sbin/nginx -t
重启nginx:service nginx restart
在浏览器访问:blog.test.com,是可以访问的
16.配置phpmd.conf
server
{
    listen 80;
    server_name phpmd.test.com;
    index index.html index.htm index.php;
    root /data/phpmd;
    location / {
         auth_basic              "Auth";
         auth_basic_user_file   /usr/local/nginx/conf/htpasswd;
    location ~ \.php$ {
         proxy_pass   http://127.0.0.1:88;
         proxy_set_header Host   $host;
         proxy_set_header X-Real-IP      $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
    }
}
检测nginx配置文件是否有语法错误:/usr/local/nginx/sbin/nginx -t
重启nginx:service nginx restart
浏览器访问:phpmd.test.com是可以访问到的
17、配置nginx的日志切割
[root@lanp vhosts]# vim /usr/local/sbin/logrotate.sh
#!/bin/bash
d=`date -d "-1 day" +%Y%m$d`
/bin/mv /home/logs/discuz.log /home/logs/discuz_$d.log
/etc/init.d/nginx reload >/dev/null 2>/dev/null
cd /home/logs
gzip discuz_$d.log
18、mysql备份脚本无需密码通过ssh执行rsync来同步文件的方法可以参考http://www.jb51.net/article/60192.htm
vim mysqlbak.sh
#!/bin/bash
source /etc/profile
d=`date +%F`
/usr/local/mysql/bin/mysqldump -uroot -p838024 wordpress >/data/mysqlbak/$d.wordpresssql
/usr/local/mysql/bin/mysqldump -uroot -p838024 discuz >/data/mysqlbak/$d.discuzsql
/usr/local/mysql/bin/mysqldump -uroot -p838024 phpmyadmin >/data/mysqlbak/$d.phpmyadminsql
rsync -avLupz -e "ssh -p 22" /data/mysqlbak/ 192.168.1.6:/tmp/
再把脚本放进crontab计划任务
chmod a+x mysqlbak.sh
crontab -e
*/3 * * * * /root/shell/mysqlbak.sh