跳至正文
  • 74 views
  • 6 min read

debian11编译安装lnmp环境并部署wordpress

新浪微博 豆瓣 QQ 百度贴吧 QQ空间

环境准备

操作系统版本

root@debian:/usr/lib/systemd/system# hostnamectl
  Operating System: Debian GNU/Linux 11 (bullseye)
            Kernel: Linux 5.10.0-28-amd64
      Architecture: x86-64

mysql 8.3.0编译安装

mysql安装编译依赖包
apt install build-essential cmake pkg-config libssl1.1 libssl-dev libncurses5-dev libncursesw5-dev -y
下载mysql8.3.0 源码
wget https://cdn.mysql.com//Downloads/MySQL-8.3/mysql-boost-8.3.0.tar.gz 
创建用户组和用户名以及需要的目录
groupadd mysql
useradd -r -g mysql -s /bin/false mysql
mkdir /usr/local/{tmp,log,data}
解压并进入源码目录
cd /opt/softwaretar -zxvf mysql-boost-8.3.0.tar.gz
cd mysql-boost-8.3.0
mkdir /opt/software/mysql-boost-8.3.0/buildcd build
配置编译参数
cmake . -DFORCE_INSOURCE_BUILD=1 \
-DWITH_BOOST=boost/boost_1_77_0/ \
-DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
-DSYSCONFDIR=/etc \
-DMYSQL_DATADIR=/usr/local/data \
-DINSTALL_MANDIR=/usr/share/man \
-DMYSQL_TCP_PORT=3306 \
-DMYSQL_UNIX_ADDR=/usr/local/tmp/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DEXTRA_CHARSETS=all \
-DDEFAULT_COLLATION=utf8_general_ci \
-DWITH_READLINE=1 -DWITH_SSL=system \
-DWITH_EMBEDDED_SERVER=1 \
-DENABLED_LOCAL_INFILE=1 \
-DWITH_INNOBASE_STORAGE_ENGINE=1
编译并安装mysql

数字 8为 cpu 核数,不得超过系统总 CPU 核数

make -j 8 && make -j 8 install
修改安装目录属主
chown mysql:mysql -R /usr/local/{mysql,tmp,log,data}
安装完成后查看数据库版本
root@debian:/usr/local/mysql# /usr/local/mysql/bin/mysql --version
/usr/local/mysql/bin/mysql  Ver 8.3.0 for Linux on x86_64 (Source distribution)
新建my.cnf配置文件
#cat /etc/my.cnf
[mysqld_safe]
log-error=/usr/local/mysql/log/error.log

[mysqldump]
quick

[mysql]
no-auto-rehash
socket=/tmp/mysql.sock

[client]
default-character-set=utf8mb4

[mysqld]
basedir=/usr/local/mysql
socket=/tmp/mysql.sock
tmpdir=/tmpdata
datadir=/usr/local/data
default_authentication_plugin=mysql_native_password
character-set-server=utf8mb4
port=3306
user=mysql
数据库初始化

如果提示/tmp/data 目录不存在,可自行创建一个,并记住初始密码: Eq7wpmhcLz-o

root@debian:/usr/local/mysql# ./bin/mysqld --defaults-file=/etc/my.cnf --initialize --user='mysql'
cat /usr/local/log/mysql_error.log
2024-04-07T11:39:16.659765Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: Eq7wpmhcLz-o
创建 mysql 服务配置文件
vi /usr/lib/systemd/system/mysql.service
[Unit]
Description=MySQL 
Documentation=http://dev/mysql.com/doc/refman/en/using-systemd.html
After=network.target

[Service]
User=mysql
Group=mysql
ExecStart=/usr/local/mysql/bin/mysqld --defaults-file=/etc/my.cnf
LimitNOFILE=65536
LimitNPROC=65536
[Install]
WantedBy=multi-user.target
启用并启动 mysql 服务
systemctl daemon-reload
systemctl start mysql && systemctl enable mysql && systemctl status mysql
登入 mysql 数据库
root@debian:/usr/lib/systemd/system# mysql -u root -p
Enter password: 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> 
修改数据库密码并创建wordpress数据库和用户
#更改root用户的密码
ALTER USER root@'localhost' IDENTIFIED BY 'your_password';
#创建wordpress数据库供wordpress程序使用
create database wordpress;
#建wordpress用户
CREATE USER wordpress@'localhost' IDENTIFIED BY 'your_password';
#授权wordpress @'localhost'用户对数据库wordpress具有完全访问权限
GRANT ALL privileges ON wordpress.* TO wordpress @'localhost';
#设置wordpress用户的密码永不过期
ALTER USER 'wordpress'@'localhost' PASSWORD EXPIRE NEVER;
use mysql;
#允许远程主机连接
update user set host = '%' where user = 'wordpress';
update user set host = '%' where user = 'root';
#刷新权限
flush privileges;
exit;

nginx 1.22编译安装及配置

nginx编译依赖包
sudo apt update
sudo apt upgrade
sudo apt install build-essential libtool automake autoconf zlib1g-dev libpcre3-dev libssl-dev libxml2-dev libxslt1-dev libgd-dev libgeoip-dev libgoogle-perftools-dev libperl-dev libpam0g-dev libpcre++-dev libcurl4-openssl-dev libyajl-dev libmaxminddb-dev liblmdb-dev git
下载 nginx 安装包
wget http://nginx.org/download/nginx-1.22.0.tar.gz
tar -xvf nginx-1.22.0.tar.gz
下载并解压需要的附加模块
# ngx_brotli
git clone https://github.com/google/ngx_brotli.git
cd ngx_brotli
git submodule update --init --recursive
cd ..

# ngx_headers_more
git clone https://github.com/openresty/headers-more-nginx-module.git

# ngx_cache_purge
git clone https://github.com/nginx-modules/ngx_cache_purge.git
ngnix 编译参数
进入解压目录:
cd nginx-1.22.0
执行配置命令:
./configure --prefix=/usr/lib/nginx \
            --sbin-path=/usr/sbin/nginx \
            --conf-path=/etc/nginx/nginx.conf \
            --error-log-path=/var/log/nginx/error.log \
            --http-log-path=/var/log/nginx/access.log \
            --pid-path=/var/run/nginx.pid \
            --lock-path=/var/run/nginx.lock \
            --http-client-body-temp-path=/var/cache/nginx/client_temp \
            --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
            --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
            --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
            --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
            --user=www \
            --group=www \
            --with-http_ssl_module \
            --with-http_v2_module \
            --with-http_realip_module \
            --with-http_addition_module \
            --with-http_sub_module \
            --with-http_dav_module \
            --with-http_flv_module \
            --with-http_mp4_module \
            --with-http_gunzip_module \
            --with-http_gzip_static_module \
            --with-http_auth_request_module \
            --with-http_random_index_module \
            --with-http_secure_link_module \
            --with-http_degradation_module \
            --with-http_slice_module \
            --with-http_stub_status_module \
            --with-http_perl_module=dynamic \
            --with-mail=dynamic \
            --with-mail_ssl_module \
        --with-stream \
            --with-stream=dynamic \
            --with-stream_ssl_module \
            --with-stream_realip_module \
            --with-stream_ssl_preread_module \
            --with-compat \
            --with-pcre \
            --with-pcre-jit \
            --with-zlib-asm=CPU \
            --with-debug \
            --with-cc-opt='-O2 -g -pipe -fexceptions -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' \
            --with-ld-opt='-Wl,-z,relro -Wl,-E' \
        --add-module=../ngx_brotli \
            --add-module=../headers-more-nginx-module \
            --add-module=../ngx_cache_purge
编译并安装 nginx
make && make install
创建nginx用户组和用户名
sudo adduser --system --no-create-home --disabled-login --disabled-password --group www
创建并修改目录权限
sudo mkdir -p /var/cache/nginx
sudo chown www:www /var/cache/nginx
sudo chown -R www:www /usr/local/nginx
nginx 服务配置文件,并添加 nginx服务

同时也要修改 /etc/nginx/nginx.conf 里面的 pid 文件路径跟服务配置文件一致。

sudo vim /etc/systemd/system/nginx.service
[Unit]
Description=nginx web server
Documentation=http://nginx.org/en/docs/
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/etc/nginx/logs/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
启用并启动 Nginx 服务
sudo systemctl enable nginx
sudo systemctl start nginx
sudo systemctl status nginx

php 8.2.10编译安装及配置

php-fpm 8.2编译依赖包
apt-get install build-essential autoconf automake libtool libsqlite3-dev pkg-config libjpeg-dev libpng-dev libxml2-dev libbz2-dev libcurl4-gnutls-dev libssl-dev libffi-dev libwebp-dev libonig-dev libzip-dev
php 8.2源码下载
wget https://www.php.net/distributions/php-8.2.10.tar.gz
解压并进入目录
tar -zxvf php-8.2.10.tar.gz && cd php-8.2.10
php-fpm 8.2编译配置参数
./configure --prefix=/usr/local/php --sysconfdir=/etc/php --with-openssl --with-zlib --with-bz2 --with-curl --enable-bcmath --enable-gd --with-webp --with-jpeg --with-mhash --enable-mbstring --with-imap-ssl --with-mysqli --enable-exif --with-ffi --with-zip --enable-sockets --with-pcre-jit --enable-fpm --with-pdo-mysql --enable-pcntl --with-fpm-user=www --with-fpm-group=www
下面是参数的具体说明
./configure  
--prefix=/usr/local/php  #安装地址
--sysconfdir=/etc/php   #设置文件地址
--with-fpm-user=www
--with-fpm-group=www
--with-openssl  #启用ssl
--with-zlib  
--with-bz2  
--with-curl  #启用curl(必开)
--enable-bcmath  
--enable-gd  
--with-webp  
--with-jpeg  
--with-mhash  
--enable-mbstring  #必开,很多需要用到
--with-imap-ssl  
--with-mysqli  #mysqli函数,如果用pdo,可以补开
--enable-exif  
--with-ffi  #支持外挂C程序
--with-zip  
--enable-sockets  #开启socket
--with-pcre-jit  #开启jit
--enable-fpm  #开启fpm模式(必开)
--with-pdo-mysql   #支持mysql
--with-pdo-pgsql  #支持pgsql
--enable-pcntl

编译安装
make && make install
配置php-fpm 8.2
groupadd www
useradd -g www -s /sbin/nologin www
将编译目录中的php.ini-development拷贝到指定目录,如忘记位置,可 find 查找
cp php.ini-development /usr/local/php/lib/php.ini
cp /etc/php/php-fpm.conf.default /etc/php/php-fpm.conf
cp /etc/php/php-fpm.d/www.conf.default /etc/php/php-fpm.d/www.conf
vi /etc/profile在PATH中添加/usr/local/php/bin
或执行
export PATH=$PATH:/usr/local/php/bin
source /etc/profile
root@debian:/usr/local/php/bin# php -v
PHP 8.2.10 (cli) (built: Apr  7 2024 16:23:09) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.10, Copyright (c) Zend Technologies
-----------------------
mkdir /usr/local/php/tmp && chmod -R 755 /usr/local/php/tmp;chown -R www:www /usr/local/php/tmp
vi /usr/local/php/lib/php.ini
找到session.save_path,修改后面内容为"/usr/local/php/tmp"(原本是“/tmp”)
找到expose_php = On;,修改On为Off。这个修改是在响应头中隐藏php信息。否则在响应头的X-Powered-By中会显示php版本(尽量不要让入侵者获取更多的信息)
php-fpm服务配置文件
vi /usr/lib/systemd/system/php-fpm.service
[Unit]
Description=php-fpm service
After=network.target syslog.target

[Service]
Type=forking
ExecStart=/usr/local/php/sbin/pfp-fpm
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target
启用并启动服务
systemctl daemon-reload
systemctl start php-fpm && systemctl enable php-fpm && systemctl status php-fpm

安装部署wordpress

下载wordpress
wget -N https://cn.wordpress.org/latest-zh_CN.zip
解压 wordpress 并移动到网站目录(目录位置自定)
unzip latest-zh_CN.zip
mkdir /www/
mv wordpress/ /www/
chown www:www /www/wordpress/ -R
find /www/wordpress -type d -exec chmod 755 {} \; #目录设置755权限
find /www/wordpress -type f -exec chmod 644 {} \; #文件设置644权限
配置nginx
user  www;
worker_processes  1;
pid        /run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=WORDPRESS:250m inactive=1d max_size=1G;
    fastcgi_temp_path /var/cache/nginx/temp;
    fastcgi_cache_key "$scheme$request_method$host$request_uri";
    fastcgi_cache_use_stale error timeout invalid_header http_500;
    fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
    server {
        listen 80;
        server_name localhost ;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /www/wordpress;
        set $skip_cache 0;
        if ($request_method = POST) {
            set $skip_cache 1;
        }
        if ($query_string != "") {
            set $skip_cache 1;
        }
        if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
            set $skip_cache 1;
        }
        if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
            set $skip_cache 1;
        }
        location ~ [^/]\.php(/|$)
        {
            fastcgi_pass  127.0.0.1:9000;
            fastcgi_index index.php;
            include fastcgi.conf;
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            set $path_info $fastcgi_path_info;
            fastcgi_param PATH_INFO       $path_info;
            try_files $fastcgi_script_name =404;
            fastcgi_cache_bypass $skip_cache;
            fastcgi_no_cache $skip_cache;
            add_header X-Cache "$upstream_cache_status From $host";
            add_header Cache-Control  max-age=0;
            add_header Nginx-Cache "$upstream_cache_status";
            add_header Last-Modified $date_gmt;
            add_header X-Frame-Options SAMEORIGIN;
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";
            etag  on;
            fastcgi_cache WORDPRESS;
            fastcgi_cache_valid 200 301 302 1d;
        }
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }
        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }
        location ~ /.well-known {
            allow all;
        }
        location ~ /\.
        {
            deny all;
        }
    }
}
检查nginx配置文件
root@debian:/etc/nginx# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
去官网下载 wordpress安装包
wget -N https://cn.wordpress.org/latest-zh_CN.zip
unzip latest-zh_CN.zip
mv wordpress /www/
chown -R www:www /www/wordpress

打开 http://server_ip_address 按步骤安装 wordpress 即可。

标签:

发表回复