LNMP部署

1. 安装Nginx

# 1. 更新软件列表
sudo dnf update

# 2. 安装nginx
# 安装
sudo dnf install nginx
# 查看是否安装成功
nginx -v
# 查看配置文件是否有错误
sudo nginx -t

# 3. 启动nginx服务
# 启动
sudo systemctl start nginx
# 添加到开机自启动
sudo systemctl enable nginx

# 4. 启动后输入服务器地址（ip addr）可查看到启动成功的网页返回

# 附：反向代理设置 /etc/nginx/conf.d/app2.example.com.conf
server {
    listen 80;
    server_name app.example.com;

    location / {
        proxy_pass http://localhost:4000;  # 将流量发送到应用程序所在的端口
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
# 附：HTTPS&HTTP&webSocket重定向
# HTTPS
server {
     listen 443 ssl;
     server_name app.example.com; # 域名
     ssl_certificate /etc/nginx/certs/app.example.com.pem; # ssl路径
     ssl_certificate_key /etc/nginx/certs/app.example.com.key; # ssl路径
		 # 其他ssl设置
		 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		 ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
		 ssl_prefer_server_ciphers on;
		 ssl_session_timeout 10m;
		 ssl_session_cache builtin:1000 shared:SSL:10m;
		 ssl_buffer_size 1400;
		 add_header Strict-Transport-Security max-age=15768000;
		 ssl_stapling on;
		 ssl_stapling_verify on;
		 # access_log /etc/nginx/conf.d/logs/example.com.log combined;

     location / {
         proxy_pass http://localhost:8088; # 代理的服务端口
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme; 
     }
}

# webSocket
server {
     listen 443 ssl;
     server_name paint.roaring.win; # 域名
     ssl_certificate /etc/nginx/certs/app.example.com.pem; # ssl路径
     ssl_certificate_key /etc/nginx/certs/app.example.com.key; # ssl路径
		 # 其他ssl设置
		 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		 ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
		 ssl_prefer_server_ciphers on;
		 ssl_session_timeout 10m;
		 ssl_session_cache builtin:1000 shared:SSL:10m;
		 ssl_buffer_size 1400;
		 add_header Strict-Transport-Security max-age=15768000;
		 ssl_stapling on;
		 ssl_stapling_verify on;
		 # access_log /etc/nginx/conf.d/logs/example.com.log combined;

     location / {
         proxy_pass http://localhost:8003; # 代理的服务端口
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
				 
				 # for websocket
				 proxy_http_version 1.1;
				 proxy_set_header Upgrade $http_upgrade; 
				 proxy_set_header Connection "upgrade"; 
     }
}

# HTTP转HTTPS
server {
      listen 80;
      server_name paint.roaring.win;   # HTTP重定向到HTTPS
      return 301 https://$server_name$request_uri;
}

可以修改nginx默认监听端口（将80端口改为其他）

# vim /etc/nginx/nginx.conf

server {
    listen  80;
    listen  [::]:80;
    server_name _;
    root    /usr/share/nginx/html;
    ……
}

nginx常用命令：

# 启动、停止、重启服务
sudo systemctl start nginx
sudo systemctl stop nginx
sudo systemctl restart nginx

# 查看nginx状态
sudo systemctl status nginx

# 查看服务端口
sudo netstat -tlnp | grep nginx

# 开启/关闭 开机自启动
sudo systemctl enable nginx
sudo systemctl disable nginx

安装SSL证书

1. acme.sh 自建证书

# 1. nginx服务开启后，运行以下命令智能生成证书（以webgpt.ancientrees.com为例）。生成的证书在/root/.acme.sh/。
acme.sh --issue -d webgpt.ancientrees.com --nginx

# 2. 复制移动证书到nginx下，集中管理（没有certs、webgpt.ancientrees.com目录则先新建）
acme.sh --install-cert -d webgpt.ancientrees.com \
--key-file       /etc/nginx/certs/webgpt.ancientrees.com/key.pem  \
--fullchain-file /etc/nginx/certs/webgpt.ancientrees.com/cert.pem \
--reloadcmd     "service nginx force-reload"

# 3. 打开配置服务器文件
vim /etc/nginx/conf.d/webgpt.ancientrees.com.conf

# 4. 配置
server {
     listen 443 ssl;
     server_name webgpt.ancientrees.com;
     ssl_certificate /etc/nginx/certs/webgpt.ancientrees.com/cert.pem;
     ssl_certificate_key /etc/nginx/certs/webgpt.ancientrees.com/key.pem;
     location / {
         proxy_pass http://localhost:1002; 
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
}
server {
      listen 80;
      server_name webgpt.ancientrees.com;  # HTTP重定向到HTTPS
      return 301 https://$server_name$request_uri;
}

# 5. 重启服务
sudo systemctl restart nginx

2. 安装MariaDB

# 1. 更新源（如已做则不用）
sudo dnf update

# 2. 清空MySQl，以免冲突无法安装
sudo dnf remove mysql mysql-server mysql-libs
# 禁止mysql的源
sudo dnf config-manager --disable mysql57-community

# 3. 安装 MariaDB
# 安装
sudo dnf install mariadb-server
# 确认安装成功
mariaDB -V

# 4. 启动服务&加入开机启动
# 启动服务
sudo systemctl start mariadb
# 加入开机启动
sudo systemctl enable mariadb

# 5. 进行安全设置
sudo mysql_secure_installation

mariaDB常用命令：

# 查看可用的mariaDB版本
sudo dnf search mariadb

# 查看所有依赖项
sudo rpm -qa | grep mariadb

# 启动、关闭、重启服务
sudo systemctl start mariadb
sudo systemctl stop mariadb
sudo systemctl restart mariadb

# 查看状态
sudo systemctl status mariadb
# 查看服务所在端口
sudo netstat -tulnp | grep mariadb

# 加入/关闭 开机启动
sudo systemctl enable mariadb
sudo systemctl disable mariadb

# 登录数据库（首次登入用root用户）
mysql -u 用户名 -p

# 新建数据库用户
CREATE USER '用户名'@'localhost' IDENTIFIED BY '密码';

# 赋予数据库用户权限（希望用户能够从任何主机访问MariaDB，请将 localhost 替换为 % ）
# 1. 赋予用户对所有数据库的所有权限
GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost';
# 2. 赋予用户对某个数据库的所有权限
GRANT ALL PRIVILEGES ON database_name.* TO 'username'@'localhost';
# 3. 赋予用户对某个数据库的限定权限
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP ON database_name.* TO 'username'@'localhost';
# 4. 刷新权限列表使生效
FLUSH PRIVILEGES;

# 查看用户详细信息
SELECT User, Host, authentication_string FROM mysql.user;
# 查看数据库列表
SHOW DATABASES;

# 新建数据库
CREATE DATABASE database_name;

# 退出数据库
Ctrl + C

3. 安装PHP

# 1. 安装
sudo dnf install php

# 2. 安装sql模块
sudo dnf install php-mysqli

# 3. 安装GD模块
# 安装前置
# libpng：提供PNG图像格式的支持
# jpegsrc：提供JPEG图像格式的支持
# freetype：提供TrueType字体的支持
sudo dnf install libpng-devel
sudo dnf install libjpeg-turbo-devel
sudo dnf install freetype-devel
# 安装GD库
sudo dnf install php-gd

# 4. 启动fpm服务&添加到开机启动
sudo systemctl start php-fpm
sudo systemctl enable php-fpm

# 5. 创建一个nginx配置文件来定义一个虚拟主机（一般一个配置文件对应一个服务）
vim /etc/nginx/conf.d/example.com.conf

# 6. 编辑ngin配置文件（example.com.conf），写上以下
server {
    listen 81;  # 端口号                           
    server_name example.com;  # 域名
    root /var/www/html;  # 项目地址
    index index.php index.html index.htm;  # 入口文件

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/run/php-fpm/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

# 7. 配置文件定义的项目地址处，新建一个测试文件
# 新建
vim /var/www/html/index.php
# 写上
<?php
echo phpinfo();
?>

# 8. 最后，重启nginx服务（sudo systemctl restart nginx）。便可在设置好的地址（ip或者域名）查看网站

php常用命令：

# 查看可用的php版本
dnf module list php

# 查看版本
php -v

# 查看所有依赖
rpm -qa | grep php
# 查看已安装的模块
php -m
# 查看状态
systemctl status php-fpm

# 启动、停止重启
sudo systemctl start php-fpm
sudo systemctl stop php-fpm
sudo systemctl restart php-fpm

# 设置、关闭开机后自动启动
sudo systemctl enable php-fpm
sudo systemctl disable php-fpm

# 安装完新的PHP模块后，要重启服务才能生效
sudo systemctl restart nginx
sudo systemctl restart php-fpm