应用需求如下:1. 准备两台centos 6,其中一台机器跑mysql,另外一台机器跑apache和nginx + php 2. 同时安装apache和nginx,其中nginx启动80端口,用来跑静态对象(图片、js、css),apache监听88端口,负责跑动态页(php相关的),并且需要由nginx代理对外访问3. mysql服务器需要开启慢查询日志4. 搭建discuz、wordpress以及phpmyadmin,域名分别为bbs.test.com, blog.test.com, phpmd.test.com5. 配置discuz的伪静态(nginx)6. apache不需要记录日志,nginx记录日志,但不记录图片等静态页的日志,并且配置日志切割7. 配置图片防盗链(nginx)8. 配置图片缓存7天,js,css缓存1天(nginx)9. discuz和wordpress访问后台限制一下ip白名单,比如只允许192.168.1.100访问(nginx)10. phpmyadmin整个站点需要配置用户认证(nginx)11. 写一个mysql备份的脚本,每天5点执行,需要远程拷贝到web机器上12. 把除了百度、google外的其他常见搜索引擎蜘蛛封掉,比如(bingbot/2.0、Sogou web spider/4.0、360Spider、YisouSpider、YandexBot/3.0)环境准备:1、VMware Workstation 112、设备A:MySQL,IP地址:192.168.1.5,HostName:mysql3、设备B:LAMP环境+nginx代理,IP地址:192.168.1.6,HostName:lanp 4、Linux发行版:Centos 6.7 x86_64;5、Nginx:http://nginx.org/download/nginx-1.6.2.tar.gz6、Apache:httpd-2.2.16.tar.gz7、PHP:php-5.3.28.tar.gz8、MySQL:mysql-5.5.42-linux2.6-x86_64.tar.gz9、discuz:Discuz_X3.2_SC_UTF8.zip10、wordpress:wordpress-4.2.2-zh_CN.tar.gz11、phpmyadmin:phpMyAdmin-4.0.8-all-languages.zip
步骤详解:
设备A:安装mysql 192.168.1.5cd /usr/local/src/ tar zxvf mysql-5.5.42-linux2.6-x86_64.tar.gzmv mysql-5.5.42-linux2.6-x86_64 /usr/local/mysql cd /usr/local/mysqlmkdir -p /data/mysqluseradd -s /sbin/nologin -M mysqlchown -R mysql:mysql /data/mysqlcp support-files/my-large.cnf /etc/my.cnf cp support-files/mysql.server /etc/init.d/mysqldchmod 755 /etc/init.d/mysqldvi /etc/init.d/mysql,basedir=/usr/local/mysql,datadir=/data/mysql./scripts/mysql_install_db --user=mysql --datadir=/data/mysql vim /etc/profile.d/mysql.sh加入export PATH=$PATH:/usr/local/mysql/binchkconfig --add mysqldchkconfig mysqld onservice mysqld start登录mysql授权:grant all on *.* to 'super'@'192.168.1.6' identified by 'superlinux.com';
设备B:LAMP 192.168.1.61. 安装apachecd /usr/local/src/ tar zvxf httpd-2.2.16.tar.gz cd httpd-2.2.16 ./configure --prefix=/usr/local/apache2 --enable-mods-shared=most --enable-somake&make installapache加入chkconfigcp /usr/local/apache2/bin/apachectl /etc/init.d/httpdvim /etc/init.d/httpd在第一行#!/bin/sh下增加两行文字# chkconfig: 35 70 30# description: Apachechkconfig --level 35 httpd on2. 安装phpcd /usr/local/src/ tar zxvf php-5.3.28.tar.gz cd php-5.3.28 ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache2/bin/apxs --with-config-file-path=/usr/local/php/etc --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-bz2 --with-openssl --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-mbstring --enable-sockets --enable-exif --disable-ipv6 --with-mysql=mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlndmake&make installcp /usr/local/src/php-5.3.28/php.ini-production /usr/local/php/etc/php.ini3、 配置apache结合phpvim /usr/local/apache2/conf/httpd.conf找到:AddType application/x-gzip .gz .tgz在该行下面添加:AddType application/x-httpd-php .php找到: DirectoryIndex index.html将该行改为: DirectoryIndex index.html index.htm index.php找到:#ServerName www.example.com:80修改为:ServerName localhost:80vim /usr/local/apache2/conf/httpd.conf找到: Options FollowSymLinks AllowOverride None Order deny,allow Deny from all改为: Options FollowSymLinks AllowOverride None Order deny,allow Allow from all测试LAMP环境:在浏览器访问192.168.1.6,如果显示IT Works!表示LAMP环境搭建成功mkdir datacd data在data目录分别创建bbs、blog、phpmd目录
4.解压discuz并把upload下的内容移到bbs下cd /usr/local/srcunzip Discuz_X3.2_SC_UTF8.zipmv upload/* /data/bbs
5.解压wordpress并把wordpress下的内容移到blog下[root@lanp src]# tar zxvf wordpress-4.2.2-zh_CN.tar.gz[root@lanp src]# mv wordpress/* /data/blog
6.解压phpmyadmin并把phpMyAdmin-4.0.8-all-languages下的内容移到phpmd下[root@lanp src]# unzip phpMyAdmin-4.0.8-all-languages.zip[root@lanp src]# mv phpMyAdmin-4.0.8-all-languages/* /data/phpmd
7.把apache端口改成88:进入apache主配置文件,把lisen 80改成888.[root@lanp ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf(添加三个虚拟主机,并把80端口改成88) #ServerAdmin webmaster@dummy-host.example.com DocumentRoot "/data/bbs" ServerName bbs.test.com #ServerAlias www.dummy-host.example.com ErrorLog "logs/bbs.test.com-error_log" CustomLog "logs/bbs.test.com-access_log" common #ServerAdmin webmaster@dummy-host2.example.com DocumentRoot "/data/blog" ServerName blog.test.com ErrorLog "logs/blog.test.com-error_log" CustomLog "logs/blog.test.com-access_log" common #ServerAdmin webmaster@dummy-host2.example.com DocumentRoot "/data/phpmd" ServerName phpmd.test.com ErrorLog "logs/phpmd.test.com-error_log" CustomLog "logs/phpmd.test.com-access_log" common检查配置文件是否有语法错误:[root@lanp ~]# /usr/local/apache2/bin/apachectl -tSyntax OK检查88端口是否监听[root@lanp ~]# /usr/local/apache2/bin/apachectl restart[root@lanp ~]# netstat -lnp9.在真机win上的host文件里绑定ip和虚拟主机域名(host文件路径:C/windows/System32/drivers/etc/hosts192.168.1.6 bbs.test.com blog.test.com phpmd.test.com10.安装discuz在浏览器访问bbs.test.com/install/,会出现discuz图形安装界面,点我同意,出现很多目录不可写,为啥不可写呢?因为ps aux |grep httpd,httpd是以daemon用户运行。所以需要把discuz中不可写的目录的属主和属组改成daemon,chown -R daemon:daemon config/ data uc_client/data uc_server/data回到浏览器刷新,下一步,再全新安装discuz在mysql中创建discuz库并授权一个用户mysql> create database discuz;mysql> grant all on *.* to 'super'@'192.168.1.6' identified by 'superlinux.com';mysql> flush privileges;回到discuz浏览器,数据库名为discuz,数据库用户名为super,数据库密码superlinux.com到此discuz论坛安装完毕11.安装wordpress在mysql中创建blog库mysql> create database blog;在浏览器中访问blog.test.com:88进行web界面信息输入安装
12.安装phpmyadmincp libraries/config.default.php config.inc.php更改$cfg['Servers'][$i]['user'] = 'root';$cfg['Servers'][$i]['password'] = 'yourrootpassword';$cfg['Servers'][$i]['host'] = 'yourdbip';$cfg['Servers'][$i]['auth_type'] = 'config';##认证模式在浏览器中访问phpmd.test.com:88进行web界面操作安装
13.安装nginx[root@lanp src]# wget http://nginx.org/download/nginx-1.6.2.tar.gz[root@lanp src]# tar zxvf nginx-1.6.2.tar.gz[root@lanp nginx-1.6.2]# ./configure --prefix=/usr/local/nginx --with-pcremake &make installnginx启动脚本和配置文件vim /etc/init.d/nginx //加入如下内容#!/bin/bash# chkconfig: - 30 21# description: http service.# Source Function Library. /etc/init.d/functions# Nginx SettingsNGINX_SBIN="/usr/local/nginx/sbin/nginx"NGINX_CONF="/usr/local/nginx/conf/nginx.conf"NGINX_PID="/usr/local/nginx/logs/nginx.pid"RETVAL=0prog="Nginx"start() { echo -n $"Starting $prog: " mkdir -p /dev/shm/nginx_temp daemon $NGINX_SBIN -c $NGINX_CONF RETVAL=$? echo return $RETVAL}stop() { echo -n $"Stopping $prog: " killproc -p $NGINX_PID $NGINX_SBIN -TERM rm -rf /dev/shm/nginx_temp RETVAL=$? echo return $RETVAL}reload(){ echo -n $"Reloading $prog: " killproc -p $NGINX_PID $NGINX_SBIN -HUP RETVAL=$? echo return $RETVAL}restart(){ stop start}configtest(){ $NGINX_SBIN -c $NGINX_CONF -t return 0}case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) restart ;; configtest) configtest ;; *) echo $"Usage: $0 {start|stop|reload|restart|configtest}" RETVAL=1esacexit $RETVALchmod 755 /etc/init.d/nginxchkconfig --add nginxchkconfig nginx onservice nginx startservice nginx configtest(检测配置文件,configtest相当于-t)vim /usr/local/nginx/conf/nginx.conf 清空原来的配置,加入如下内容user nobody nobody;worker_processes 2;error_log /usr/local/nginx/logs/nginx_error.log crit;pid /usr/local/nginx/logs/nginx.pid;worker_rlimit_nofile 51200;events{ use epoll; worker_connections 6000;}http{ include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 3526; server_names_hash_max_size 4096; log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]' '$host "$request_uri" $status' '"$http_referer" "$http_user_agent"'; sendfile on; tcp_nopush on; keepalive_timeout 30; client_header_timeout 3m; client_body_timeout 3m; send_timeout 3m; connection_pool_size 256; client_header_buffer_size 1k; large_client_header_buffers 8 4k; request_pool_size 4k; output_buffers 4 32k; postpone_output 1460; client_max_body_size 10m; client_body_buffer_size 256k; client_body_temp_path /usr/local/nginx/client_body_temp; proxy_temp_path /usr/local/nginx/proxy_temp; fastcgi_temp_path /usr/local/nginx/fastcgi_temp; fastcgi_intercept_errors on; tcp_nodelay on; gzip on; gzip_min_length 1k; gzip_buffers 4 8k; gzip_comp_level 5; gzip_http_version 1.1; gzip_types text/plain application/x-javascript text/css text/htm application/xml; include vhosts/*.conf;}cd /usr/local/nginx/conf/mkdir vhoststouch discuz.conftouch phpmd.conftouch blog.conf14.discuz.confserver{ listen 80; server_name bbs.test.com; index index.html index.htm index.php; root /data/bbs;#根据user_agent控制 if ($http_user_agent ~ 'bingbot/2.0|MJ12bot/v1.4.2|Spider/3.0|YoudaoBot|Tomato|Gecko/20100315'){ return 403; } location ~ admin.php { allow 192.168.31.141; deny all; proxy_pass http://127.0.0.1:88; proxy_set_header Host $host; } location ~ \.php$ { proxy_pass http://127.0.0.1:88; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location ~ .*\.(js|css)?$ { expires 24h; access_log off; } location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com *.a.com *.b.com *.baidu.com\ *.google.com *.google.cn *.soso.com ; if ($invalid_referer) { return 403; #rewrite ^/ http://www.example.com/nophoto.gif; } access_log off; } rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last; rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last; rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last; rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last; rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last; rewrite ^([^\.]*)/(fid|tid)-([0-9]+)\.html$ $1/index.php?action=$2&value=$3 last; access_log /home/logs/discuz.log combined_realip;检测nginx配置文件:/usr/local/nginx/sbin/nginx -t重启nginx:service nginx restart在浏览器访问bbs.test.com,是可以正常进入discuz页面的。15.blog.conf配置server{ listen 80; server_name blog.test.com; index index.html index.htm index.php; root /data/blog; location /wp-admin/ { allow 127.0.0.1; deny all; location ~ \.php$ { proxy_pass http://127.0.0.1:88; proxy_set_header Host $host; } } location / { proxy_pass http://127.0.0.1:88/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }}检测nginx配置文件是否有语法错误:/usr/local/nginx/sbin/nginx -t重启nginx:service nginx restart在浏览器访问:blog.test.com,是可以访问的16.配置phpmd.confserver{ listen 80; server_name phpmd.test.com; index index.html index.htm index.php; root /data/phpmd; location / { auth_basic "Auth"; auth_basic_user_file /usr/local/nginx/conf/htpasswd; location ~ \.php$ { proxy_pass http://127.0.0.1:88; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }}检测nginx配置文件是否有语法错误:/usr/local/nginx/sbin/nginx -t重启nginx:service nginx restart浏览器访问:phpmd.test.com是可以访问到的17、配置nginx的日志切割[root@lanp vhosts]# vim /usr/local/sbin/logrotate.sh#!/bin/bashd=`date -d "-1 day" +%Y%m$d`/bin/mv /home/logs/discuz.log /home/logs/discuz_$d.log/etc/init.d/nginx reload >/dev/null 2>/dev/nullcd /home/logsgzip discuz_$d.log18、mysql备份脚本无需密码通过ssh执行rsync来同步文件的方法可以参考http://www.jb51.net/article/60192.htmvim mysqlbak.sh#!/bin/bashsource /etc/profiled=`date +%F`/usr/local/mysql/bin/mysqldump -uroot -p838024 wordpress >/data/mysqlbak/$d.wordpresssql/usr/local/mysql/bin/mysqldump -uroot -p838024 discuz >/data/mysqlbak/$d.discuzsql/usr/local/mysql/bin/mysqldump -uroot -p838024 phpmyadmin >/data/mysqlbak/$d.phpmyadminsqlrsync -avLupz -e "ssh -p 22" /data/mysqlbak/ 192.168.1.6:/tmp/再把脚本放进crontab计划任务chmod a+x mysqlbak.shcrontab -e*/3 * * * * /root/shell/mysqlbak.sh