在 CentOS 7 上安装和配置LNMP环境(Linux+Nginx+MySQL+PHP)

2024-08-09 20:40:26

操作系统 | CentOS Linux release 7.6.1810 (Core) 

[root@localhost ~# cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core) 


[root@localhost ~]# sudo yum install ntp ntpupdate -y
[root@localhost ~]# sudo systemctl start ntpd
[root@localhost ~]# timedatectl set-timezone "Asia/Shanghai"
[root@localhost ~]# systemctl enable ntpd
[root@localhost ~]# ntpdate cn.pool.ntp.org
[root@localhost ~]# sudo systemctl restart ntpd
[root@localhost ~]# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[root@localhost ~]# clock --systohc
[root@localhost ~]# hwclock -w
[root@localhost ~]# date '+%Y/%m/%d %T %Z'
2019/09/27 00:21:06 CST


yum install -y redhat-lsb lsof net-tools lrzsz wget perl gcc gcc-c++ make zlib zlib-devel readline-devel automake ncurses-devel epel-release bash-completion sysstat mlocate cmake kernel kernel-headers kernel-devel iptables-services apr* autoconf bison bzip2 bzip2* bzip2-devel cpp curl curl-devel fontconfig fontconfig-devel freetype freetype* freetype-devel gd gettext gettext-libs gettext-devel gettext-common-devel glibc glibc-devel glibc-headers keyutils keyutils-libs-devel krb5-devel libcom_err-devel libpng libpng-devel libjpeg* libsepol-devel libselinux-devel libstdc++-devel libtool* libgomp libxml2 libxml2-devel libXpm* libxml* libXaw-devel libXmu-devel libtiff libtiff* mpfr ncurses* ntp openssl openssl-devel patch pcre-devel php-common php-gd policycoreutils telnet t1lib t1lib* nasm nasm* libwebp libwebp-devel libjpeg-devel db4-devel libXpm-devel libc-client-devel openldap-devel mysql-devel libicu-devel libcurl libcurl-devel libzip cpan tcp_wrappers psmisc tree cyrus-sasl-md5 vim chrony rsync xinetd crontabs iptables-utils git dos2unix boost boost-devel boost-doc libxslt libxslt-devel libdb4* qpid* gnutls boost-system avahi-libs boost-thread dwz dyninst emacs-filesystem fipscheck fipscheck-lib gdb libdwarf libedit libgfortran unzip zip trousers pakchois nettle neon m4 mokutil libproxy libstdc++-devel libquadmath libquadmath-devel libmpc libmodman libgnome-keyring subversion-libs systemtap-devel systemtap-runtime openssh openssh-clients systemtap-client perl-Carp perl-Data-Dumper perl-Encode perl-Error perl-Exporter perl-File-Path perl-File-Temp perl-Filter perl-Getopt-Long perl-Git perl-HTTP-Tiny perl-PathTools perl-Pod-Escapes perl-Pod-Perldoc perl-Pod-Simple perl-Pod-Usage perl-Scalar-List-Utils perl-Socket perl-Storable perl-TermReadKey perl-Test-Harness perl-Text-ParseWords perl-Thread-Queue perl-Time-HiRes perl-Time-Local perl-XML-Parser perl-constant perl-libs perl-macros perl-parent perl-podlators perl-srpm-macros perl-threads perl-threads-shared screen tcpdump nc mtr nmap tcl

yum clean all //清除yum缓存


[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@localhost ~]# firewall-cmd --state
not running

禁用selinux启动|运行的脚本 | 通用不添加多余项的原selinux配置文件

#<---selinux-disabled shell script--->
sed -i '7,12s/^/#&/g;7,12s/##/#/g;13cSELINUX=disabled' /etc/selinux/config
setenforce 0
disabled=`echo Disabled`
if [ $disabled  == $selinux_config ]
    echo "your selinux is `getenforce`."
    echo "your selinux is `getenforce`,please running command'reboot' or 'init 6'and 'cat /etc/selinux/config' configuration bash file!"
exit 0
[root@localhost ~]# sh dis.selinux.sh 
your selinux is Permissive,please running command'reboot' or 'init 6'and 'cat /etc/selinux/config' configuration bash file!
[root@localhost ~]# getenforce



[root@localhost ~]# cat /etc/selinux/config
# This
file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted


[root@localhost ~]# cat -n /etc/selinux/config 
     2  # This file controls the state of SELinux on the system.
     3  # SELINUX= can take one of these three values:
     4  #     enforcing - SELinux security policy is enforced.
     5  #     permissive - SELinux prints warnings instead of enforcing.
     6  #     disabled - No SELinux policy is loaded.
     7  #SELINUX=enforcing
     8  # SELINUXTYPE= can take one of three two values:
     9  #     targeted - Targeted processes are protected,
    10  #     minimum - Modification of targeted policy. Only selected processes are protected. 
    11  #     mls - Multi Level Security protection.
    12  #SELINUXTYPE=targeted
    13  SELINUX=disabled

reboot | init 6 重启后Disabled

[root@localhost ~]# getenforce


[root@localhost ~]# sh dis.selinux.sh 
setenforce: SELinux is disabled
your selinux is Disabled.
[root@localhost ~]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.

[root@localhost ~]# 


1.添加Nginx yum储存库,创建nginx.repo文件

touch /etc/yum.repos.d/nginx.repo
name=nginx repo


 注:$ 需要变成\$定义字符串

tee << EOF /etc/yum.repos.d/nginx.repo >/dev/null 2>&1
name=nginx repo


[root@localhost ~]# sh nginx-yum.repo.sh   
[root@localhost ~]# cat /etc/yum.repos.d/nginx.repo 
name=nginx repo



nginx-1.16.1.tar.gz                                13-Aug-2019 17:01             1032630

使用wget工具下载nginx-1.16.1.tar.gz(没有安装wget请使用yum安装: yum -y install wget)指定下载文件路径/usr/local/src

wget -P /usr/local/src https://nginx.org/download/nginx-1.16.1.tar.gz 


tar zxvf nginx-1.16.1.tar.gz;cd /usr/local/nginx-1.16.1



 检查配置环境| + OpenSSL library is not used | openssl 没有使用

Configuration summary
  + using system PCRE library
  + OpenSSL library is not used
  + using system zlib library

  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/local/nginx/sbin/nginx"
  nginx modules path: "/usr/local/nginx/modules"
  nginx configuration prefix: "/usr/local/nginx/conf"
  nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
  nginx pid file: "/usr/local/nginx/logs/nginx.pid"
  nginx error log file: "/usr/local/nginx/logs/error.log"
  nginx http access log file: "/usr/local/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"


wget -P /usr/local/src  https://www.openssl.org/source/openssl-1.1.1c.tar.gz


tar zxvf openssl-1.1.1c.tar.gz;cd /usr/local/src/openssl-1.1.1c/


./config --prefix=/usr/local/openssl
make && make install
echo "export PATH=\$PATH:/usr/local/openssl/bin" >> /etc/profile
source /etc/profile
./configure --with-openssl=/usr/local/src/openssl-1.1.1c
Configuration summary
  + using system PCRE library
  + using OpenSSL library: /usr/local/src/openssl-1.1.1c
  + using system zlib library

  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/local/nginx/sbin/nginx"
  nginx modules path: "/usr/local/nginx/modules"
  nginx configuration prefix: "/usr/local/nginx/conf"
  nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
  nginx pid file: "/usr/local/nginx/logs/nginx.pid"
  nginx error log file: "/usr/local/nginx/logs/error.log"
  nginx http access log file: "/usr/local/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"

已经使用 |  + using OpenSSL library: /usr/local/src/openssl-1.1.1c


[root@localhost nginx-1.16.1]# make && make install
... ... ...
make[1]: Leaving directory `/usr/local/src/nginx-1.16.1'
[root@localhost nginx-1.16.1]# 


[root@localhost ~]# /usr/local/nginx/sbin/nginx
[root@localhost ~]# ps -ef|grep nginx          
root      11578      1  0 09:57 ?        00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
nobody    11579  11578  0 09:57 ?        00:00:00 nginx: worker process
root      11581   1026  0 09:57 pts/0    00:00:00 grep --color=auto nginx




创建/etc/rc.d/init.d/nginx脚本 | 运行 sh nginx-init.d.sh

#sh nginx-init.d.sh
echo '#!/bin/sh


# nginx - this script starts and stops the nginx daemon


# chkconfig: - 85 15

# description: Nginx is an HTTP(S) server, HTTP(S) reverse \

# proxy and IMAP/POP3 proxy server

# processname: nginx

# config: /etc/nginx/nginx.conf

# config: /usr/local/nginx/conf/nginx.conf

# pidfile: /usr/local/nginx/logs/nginx.pid

# Source function library.

. /etc/rc.d/init.d/functions

# Source networking configuration.

. /etc/sysconfig/network

# Check that networking is up.

[ "$NETWORKING" = "no" ] && exit 0


prog=$(basename $nginx)


[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx


make_dirs() {

# make required directories

user=`$nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`

if [ -z "`grep $user /etc/passwd`" ]; then

useradd -M -s /bin/nologin $user


options=`$nginx -V 2>&1 | grep 'configure arguments:'`

for opt in $options; do

if [ `echo $opt | grep '.*-temp-path'` ]; then

value=`echo $opt | cut -d "=" -f 2`

if [ ! -d "$value" ]; then

# echo "creating" $value

mkdir -p $value && chown -R $user $value





start() {

[ -x $nginx ] || exit 5

[ -f $NGINX_CONF_FILE ] || exit 6


echo -n $"Starting $prog: "

daemon $nginx -c $NGINX_CONF_FILE



[ $retval -eq 0 ] && touch $lockfile

return $retval


stop() {

echo -n $"Stopping $prog: "

killproc $prog -QUIT



[ $retval -eq 0 ] && rm -f $lockfile

return $retval


restart() {

#configtest || return $?


sleep 1



reload() {

#configtest || return $?

echo -n $"Reloading $prog: "

killproc $nginx -HUP




force_reload() {



configtest() {

$nginx -t -c $NGINX_CONF_FILE


rh_status() {

status $prog


rh_status_q() {

rh_status >/dev/null 2>&1


case "$1" in


rh_status_q && exit 0




rh_status_q || exit 0







rh_status_q || exit 7










rh_status_q || exit 0



echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"

exit 2

esac' > /etc/rc.d/init.d/nginx
chmod 775 /etc/rc.d/init.d/nginx
chkconfig nginx on

测试正常:启动 | 停止 | 重启

[root@localhost ~]# /etc/rc.d/init.d/nginx start  
Starting nginx (via systemctl):                            [  OK  ]
[root@localhost ~]# ps -ef|grep nginx           
root      12955      1  0 12:46 ?        00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody    12957  12955  0 12:46 ?        00:00:00 nginx: worker process
root      12959   1026  0 12:46 pts/0    00:00:00 grep --color=auto nginx
[root@localhost ~]# /etc/rc.d/init.d/nginx stop 
Stopping nginx (via systemctl):                            [  OK  ]
[root@localhost ~]# ps -ef|grep nginx          
root      12986   1026  0 12:46 pts/0    00:00:00 grep --color=auto nginx
[root@localhost ~]# /etc/rc.d/init.d/nginx restart
Restarting nginx (via systemctl):                          [  OK  ]
[root@localhost ~]# ps -ef|grep nginx             
root      13018      1  0 12:46 ?        00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody    13020  13018  0 12:46 ?        00:00:00 nginx: worker process
root      13022   1026  0 12:46 pts/0    00:00:00 grep --color=auto nginx
[root@localhost ~]# service nginx start  
Starting nginx (via systemctl):                            [  OK  ]
[root@localhost ~]# ps -ef|grep nginx    
root      13246      1  0 12:48 ?        00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody    13248  13246  0 12:48 ?        00:00:00 nginx: worker process
root      13250   1026  0 12:48 pts/0    00:00:00 grep --color=auto nginx
[root@localhost ~]# service nginx stop 
Stopping nginx (via systemctl):                            [  OK  ]
[root@localhost ~]# ps -ef|grep nginx 
root      13284   1026  0 12:48 pts/0    00:00:00 grep --color=auto nginx
[root@localhost ~]# service nginx restart
Restarting nginx (via systemctl):                          [  OK  ]
[root@localhost ~]# ps -ef|grep nginx    
root      13323      1  0 12:48 ?        00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody    13325  13323  0 12:48 ?        00:00:00 nginx: worker process
root      13327   1026  0 12:48 pts/0    00:00:00 grep --color=auto nginx
[root@localhost ~]# systemctl start nginx         
[root@localhost ~]# ps -ef|grep nginx    
root      13436      1  0 12:50 ?        00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody    13438  13436  0 12:50 ?        00:00:00 nginx: worker process
root      13440   1026  0 12:50 pts/0    00:00:00 grep --color=auto nginx
[root@localhost ~]# systemctl stop nginx 
[root@localhost ~]# ps -ef|grep nginx   
root      13461   1026  0 12:50 pts/0    00:00:00 grep --color=auto nginx
[root@localhost ~]# systemctl restart nginx     
[root@localhost ~]# ps -ef|grep nginx      
root      13487      1  0 12:50 ?        00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody    13489  13487  0 12:50 ?        00:00:00 nginx: worker process
root      13491   1026  0 12:50 pts/0    00:00:00 grep --color=auto nginx

 使用 ip a 查看服务器  IP 在浏览器输入 ip 回车



[root@localhost ~]# cd /usr/local/src
[root@localhost src]# 
boost_1_59_0.tar.gz  cmake-3.7.2            jpegsrc.v9b.tar.gz      libvpx-1.3.0.tar.gz   mysql-5.7.16.tar.gz  nginx-1.17.3.tar.gz    pcre-8.43.tar.gz   zabbix-4.0.11.tar.gz
chkrootkit           cmake-3.7.2.tar.gz     libgd-2.1.1.tar.gz      libxml2-2.9.9.tar.gz  nginx-1.16.0.tar.gz  openssl-1.1.0e.tar.gz  php-7.3.8.tar.gz   zlib-1.2.11.tar.gz
chkrootkit.tar.gz    freetype-2.7.1.tar.gz  libmcrypt-2.5.8.tar.gz  libzip-1.5.2.tar.gz   nginx-1.16.1         openssl-1.1.1c         tiff-4.0.7.tar.gz
cmake-3.15.2.tar.gz  httpd-2.4.41.tar.bz2   libpng-1.6.36.tar.xz    mysql-5.7.16          nginx-1.16.1.tar.gz  openssl-1.1.1c.tar.gz  yasm-1.3.0.tar.gz
[root@localhost src]# tar zxvf cmake-3.7.2.tar.gz;cd cmake-3.7.2/
[root@localhost cmake-3.7.2]# ./configure
[root@localhost cmake-3.7.2]# make && make install
[root@localhost cmake-3.7.2]# cd /usr/local/src
[root@localhost src]# mkdir -p /usr/local/boost
[root@localhost src]# cp boost_1_59_0.tar.gz /usr/local/boost
[root@localhost src]# groupadd mysql
[root@localhost src]# useradd -g mysql mysql -s /bin/false
[root@localhost src]# mkdir -p /data/mysql
[root@localhost src]# chown -R mysql:mysql /data/mysql
[root@localhost src]# mkdir -p /usr/local/mysql
[root@localhost src]# tar zxvf mysql-5.7.16.tar.gz;cd mysql-5.7.16/
[root@localhost mysql-5.7.16]# cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/data/mysql -DWITH_INNOBASE_STORAGE_ENGINE=1 -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_EMBEDDED_SERVER=OFF -DWITH_BOOST=/usr/local/boost
[root@localhost mysql-5.7.16]# make && make install
[root@localhost mysql-5.7.16]# cat /etc/my.cnf
# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html

# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M

# Disabling symbolic-links is recommended to prevent assorted security risks

[root@localhost mysql
-5.7.16]# rm -rf /etc/my.cnf [root@localhost mysql-5.7.16]# cd /usr/local/mysql [root@localhost mysql]# ./bin/mysqld --user=mysql --initialize --basedir=/usr/local/mysql --datadir=/data/mysql 2019-09-23T18:43:24.083528Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). 2019-09-23T18:43:24.472600Z 0 [Warning] InnoDB: New log files created, LSN=45790 2019-09-23T18:43:24.514430Z 0 [Warning] InnoDB: Creating foreign key constraint system tables. 2019-09-23T18:43:24.569619Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 0639d87e-de32-11e9-bfc6-000c29f23dbf. 2019-09-23T18:43:24.570411Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened. 2019-09-23T18:43:24.571049Z 1 [Note] A temporary password is generated for root@localhost: IwPabGfsM5*s [root@localhost mysql]# cp /usr/local/mysql/support-files/my-default.cnf /usr/local/mysql/my.cnf [root@localhost mysql]# ln -s /usr/local/mysql/my.cnf /etc/my.cnf [root@localhost mysql]# cp /usr/local/mysql/support-files/mysql.server /etc/rc.d/init.d/mysqld [root@localhost mysql]# chmod 755 /etc/init.d/mysqld [root@localhost mysql]# chkconfig mysqld on [root@localhost mysql]# systemctl enable mysqld.service [root@localhost mysql]# sed -i "46s/basedir=/basedir=\/usr\/local\/mysql/g;47s/datadir=/datadir=\/data\/mysql/g;63s/mysqld_pid_file_path=/mysqld_pid_file_path=\/var\/run\/mysqld\/mysqld.pid/g" /etc/rc.d/init.d/mysqld [root@localhost mysql]# service mysqld start [root@localhost mysql]# echo 'export PATH=$PATH:/usr/local/mysql/bin' >> /etc/profile [root@localhost mysql]# source /etc/profile [root@localhost mysql]# ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql [root@localhost mysql]# ln -s /usr/local/mysql/include/mysql /usr/include/mysql [root@localhost mysql]# mkdir -p /var/lib/mysql [root@localhost mysql]# ln -s /tmp/mysql.sock /var/lib/mysql/mysql.sock [root@localhost mysql]# mysql_secure_installation Securing the MySQL server deployment. Enter password for user root: //输入root密码 The 'validate_password' plugin is installed on the server. The subsequent steps will run with the existing configuration of the plugin. Using existing password for root. Estimated strength of the password: 0 Change the password for root ? ((Press y|Y for Yes, any other key for No) : No //是否更改root密码,如果输入y会要求设置新的密码 ... skipping. By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? (Press y|Y for Yes, any other key for No) : y //是否删除匿名用户,建议y删除 Success. Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y //是否禁止root远程登录,建议y禁止 Success. By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y