lamp+nginx代理+discuz+wordpress+phpmyadmin搭建

咱們以模擬實際需求的形式來複習。需求以下：
1. 準備兩臺centos 6，其中一臺機器跑mysql，另一臺機器跑apache和nginx + php
2. 同時安裝apache和nginx，其中nginx啓動80端口，用來跑靜態對象（圖片、js、css），apache監聽88端口，負責跑動態頁（php相關的），而且須要由nginx代理對外訪問
3. mysql服務器須要開啓慢查詢日誌
4. 搭建discuz、wordpress以及phpmyadmin，域名分別爲bbs.abc.com, blog.abc.com, pma.abc.com
5. 配置discuz的僞靜態(nginx)
6. apache不須要記錄日誌，nginx記錄日誌，但不記錄圖片等靜態頁的日誌，而且配置日誌切割
7. 配置圖片防盜鏈(nginx)
8. 配置圖片緩存7天，js，css緩存1天(nginx)
9. discuz和wordpress訪問後臺限制一下ip白名單，好比只容許192.168.1.100訪問(nginx)
10. phpmyadmin整個站點須要配置用戶認證(nginx)
11. 寫一個mysql備份的腳本，天天5點執行，須要遠程拷貝到web機器上
12. 把除了百度、google外的其餘常見搜索引擎蜘蛛封掉，好比（bingbot/2.0、Sogou web spider/4.0、360Spider、YisouSpider、YandexBot/3.0）(nginx)你們好，裏面的圖片僅供參考，只是一種思路，不要照搬！！
對代理名詞的理解：舉個例子吧！你是供應商，你手下有一個業務代理，它幫你銷售東西出去，若是你想不賣這個東西給某個公司或者地方，是否是給代理說說就行了。那我這裏apache是供應商，nginx是代理商，因此nginx響應客戶端，他知道客戶的請求
實驗環境：
一、VMware Workstation 10
二、設備A：MySQL，IP地址：192.168.137.102，HostName：mysql
三、設備B：LAMP環境+nginx代理，IP地址：192.168.137.107，HostName：lanp
四、Linux發行版：Centos 6.7 x86_64；
五、Nginx：http://nginx.org/download/nginx-1.6.2.tar.gz
六、Apache：httpd-2.2.16.tar.gz
七、PHP：php-5.3.28.tar.gz
八、MySQL:mysql-5.5.42-linux2.6-x86_64.tar.gz
九、discuz：Discuz_X3.2_SC_UTF8.zip
十、wordpress：wordpress-4.2.2-zh_CN.tar.gz
十一、phpmyadmin：phpMyAdmin-4.0.8-all-languages.zip
實驗步驟：
設備A：mysql

cd /usr/local/src/
tar zxvf mysql-5.5.42-linux2.6-x86_64.tar.gz
mv mysql-5.5.42-linux2.6-x86_64 /usr/local/mysql
cd /usr/local/mysql
mkdir -p /data/mysql
useradd -s /sbin/nologin -M mysql
chown -R mysql:mysql /data/mysql
cp support-files/my-large.cnf /etc/my.cnf
cp support-files/mysql.server /etc/init.d/mysqld
chmod 755 /etc/init.d/mysqld
vi /etc/init.d/mysql，basedir=/usr/local/mysql，datadir=/data/mysql
./scripts/mysql_install_db –user=mysql –datadir=/data/mysql
vim /etc/profile.d/mysql.sh加入export PATH=$PATH:/usr/local/mysql/bin
chkconfig –add mysqld
chkconfig mysqld on
service mysqld start

登陸mysql受權：grant all on *.* to ‘aming’@’192.168.137.107’ identified by ‘aminglinux.com’;

設備B：LAMP
1. 安裝apache

cd /usr/local/src/
tar zvxf httpd-2.2.16.tar.gz
cd httpd-2.2.16
./configure –prefix=/usr/local/apache2 –enable-mods-shared=most –enable-so
make&make install

apache加入chkconfig

cp /usr/local/apache2/bin/apachectl /etc/init.d/httpd
vim /etc/init.d/httpd

在第一行#!/bin/sh下增長兩行文字

# chkconfig: 35 70 30
# description: Apache
chkconfig –level 35 httpd on

2. 安裝php

cd /usr/local/src/
tar zxvf php-5.3.28.tar.gz
cd php-5.3.28
./configure –prefix=/usr/local/php –with-apxs2=/usr/local/apache2/bin/apxs –with-config-file-path=/usr/local/php/etc –with-libxml-dir –with-gd –with-jpeg-dir –with-png-dir –with-freetype-dir –with-iconv-dir –with-zlib-dir –with-bz2 –with-openssl –with-mcrypt –enable-soap –enable-gd-native-ttf –enable-mbstring –enable-sockets –enable-exif –disable-ipv6 –with-mysql=mysqlnd –with-mysqli=mysqlnd –with-pdo-mysql=mysqlnd
make&make install
cp /usr/local/src/php-5.3.28/php.ini-production /usr/local/php/etc/php.ini

三、 配置apache結合php

vim /usr/local/apache2/conf/httpd.conf

找到:

AddType application/x-gzip .gz .tgz

在該行下面添加:

AddType application/x-httpd-php .php

找到:

DirectoryIndex index.html

將該行改成:

DirectoryIndex index.html index.htm index.php

找到:

#ServerName www.example.com:80

修改成:

ServerName localhost:80

vim /usr/local/apache2/conf/httpd.conf找到：

Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all

改成：

Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all

測試LAMP環境：在瀏覽器訪問192.168.137.107，若是顯示IT Works！表示LAMP環境搭建成功

mkdir data
cd data

在data目錄分別建立bbs、blog、pma目錄

4.解壓discuz並把upload下的內容移到bbs下

cd /usr/local/src
unzip Discuz_X3.2_SC_UTF8.zip
mv upload/* /data/bbs

5.解壓wordpress並把wordpress下的內容移到blog下

[root@lanp src]# tar zxvf wordpress-4.2.2-zh_CN.tar.gz
[root@lanp src]# mv wordpress/* /data/blog

6.解壓phpmyadmin並把phpMyAdmin-4.0.8-all-languages下的內容移到pma下

[root@lanp src]# unzip phpMyAdmin-4.0.8-all-languages.zip
[root@lanp src]# mv phpMyAdmin-4.0.8-all-languages/* /data/pma

7.把apache端口改爲88：進入apache主配置文件，把lisen 80改爲88

8.[root@lanp ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf（添加三個虛擬主機，並把80端口改爲88）

#ServerAdmin webmaster@dummy-host.example.com
DocumentRoot 「/data/bbs」
ServerName bbs.abc.com
#ServerAlias www.dummy-host.example.com
ErrorLog 「logs/bbs.abc.com-error_log」
CustomLog 「logs/bbs.abc.com-access_log」 common

#ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot 「/data/blog」
ServerName blog.abc.com
ErrorLog 「logs/blog.abc.com-error_log」
CustomLog 「logs/blog.abc.com-access_log」 common

#ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot 「/data/pma」
ServerName pma.abc.com
ErrorLog 「logs/pma.abc.com-error_log」
CustomLog 「logs/pma.abc.com-access_log」 common

檢查配置文件是否有語法錯誤：

[root@lanp ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK

檢查88端口是否監聽

[root@lanp ~]# /usr/local/apache2/bin/apachectl restart
[root@lanp ~]# netstat -lnp

9.在真機win上的host文件裏綁定ip和虛擬主機域名（host文件路徑：C/windows/System32/drivers/etc/hosts

192.168.137.107 bbs.abc.com blog.abc.com pma.abc.com

10.安裝discuz

在瀏覽器訪問bbs.abc.com/install/，會出現discuz圖形安裝界面，點我贊成，出現不少目錄不可寫，爲啥不可寫呢？由於ps aux |grep httpd，httpd是以daemon用戶運行。因此須要把discuz中不可寫的目錄的屬主和屬組改爲daemon，chown -R daemon:daemon config/ data uc_client/data uc_server/data
回到瀏覽器刷新，下一步，再全新安裝discuz
在mysql中建立discuz庫並受權一個用戶

mysql> create database discuz;
mysql> grant all on *.* to ‘aming’@’192.168.137.107’ identified by ‘aminglinux.com’;
mysql> flush privileges;

回到discuz瀏覽器，數據庫名爲discuz，數據庫用戶名爲aming，數據庫密碼aminglinux.com

到此discuz論壇安裝完畢

11.安裝wordpress
在mysql中建立blog庫

mysql> create database blog;

在瀏覽器中訪問blog.abc.com：88進行安裝http://s1.51cto.com/wyfs02/M00/78/4C/wKiom1Z6BiTyW7WFAAD-3ngXLGQ414.png根據錯誤提示，在blog目錄下建立wp-config.php而後把瀏覽器中方框內信息拷貝至wp-config.php目錄

12.安裝phpmyadmin

cp libraries/config.default.php config.inc.php

更改

$cfg[‘Servers’][$i][‘user’] = ‘root’;
$cfg[‘Servers’][$i][‘password’] = ‘yourrootpassword’;
$cfg[‘Servers’][$i][‘host’] = ‘yourdbip’;
$cfg[‘Servers’][$i][‘auth_type’] = ‘config’;##認證模式

在瀏覽器中訪問pma.abc.com：88進行安裝

13.安裝nginx

[root@lanp src]# wget http://nginx.org/download/nginx-1.6.2.tar.gz
[root@lanp src]# tar zxvf nginx-1.6.2.tar.gz
[root@lanp nginx-1.6.2]# ./configure –prefix=/usr/local/nginx –with-pcre
make &make install

nginx啓動腳本和配置文件

vim /etc/init.d/nginx //加入以下內容
#!/bin/bash
# chkconfig: – 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings

NGINX_SBIN=」/usr/local/nginx/sbin/nginx」
NGINX_CONF=」/usr/local/nginx/conf/nginx.conf」
NGINX_PID=」/usr/local/nginx/logs/nginx.pid」
RETVAL=0
prog=」Nginx」

start() {
echo -n $」Starting $prog: 「
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}

stop() {
echo -n $」Stopping $prog: 「
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}

reload(){
echo -n $」Reloading $prog: 「
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}

restart(){
stop
start
}

configtest(){
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}

case 「$1」 in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $」Usage: $0 {start|stop|reload|restart|configtest}」
RETVAL=1
esac
exit $RETVAL

chmod 755 /etc/init.d/nginx

chkconfig –add nginx
chkconfig nginx on
service nginx start
service nginx configtest#（檢測配置文件，configtest至關於-t）
vim /usr/local/nginx/conf/nginx.conf #清空原來的配置，加入以下內容

user nobody nobody;

worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http

{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip ‘$remote_addr $http_x_forwarded_for [$time_local]’
‘$host 「$request_uri」 $status’
‘」$http_referer」 「$http_user_agent」‘;
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm application/xml;
include vhosts/*.conf;
}

cd /usr/local/nginx/conf/
mkdir vhosts
touch discuz.conf
touch pma.conf
touch blog.conf

14.discuz.conf
server
{
listen 80;
server_name bbs.abc.com;
index index.html index.htm index.php;
root /data/bbs;

#根據user_agent控制
if ($http_user_agent ~ ‘bingbot/2.0|MJ12bot/v1.4.2|Spider/3.0|YoudaoBot|Tomato|Gecko/20100315’){
return 403;
}
location ~ admin.php {
allow 192.168.31.141;
deny all;
proxy_pass http://127.0.0.1:88;
proxy_set_header Host $host;
}

location ~ \.php$ {
proxy_pass http://127.0.0.1:88;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

location ~ .*\.(js|css)?$
{
expires 24h;
access_log off;
}

location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ {
expires 7d;
valid_referers none blocked server_names *.abc.com *.a.com *.b.com *.baidu.com\
*.google.com *.google.cn *.soso.com ;
if ($invalid_referer) {
return 403;
#rewrite ^/ http://www.example.com/nophoto.gif;
}
access_log off;
}

rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last;
rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last;
rewrite ^([^\.]*)/(fid|tid)-([0-9]+)\.html$ $1/index.php?action=$2&value=$3 last;

access_log /home/logs/discuz.log combined_realip;

 

檢測nginx配置文件：

/usr/local/nginx/sbin/nginx -t

重啓

nginx：service nginx restart

在瀏覽器訪問bbs.abc.com，是能夠正常進入discuz頁面的。

15.blog.conf配置(參考 http://www.upupw.net/nginxhelp/n33.html)

server
{
listen 80;
server_name blog.abc.com;
index index.html index.htm index.php;
root /data/blog;
location /wp-admin/ {
allow 127.0.0.1;
deny all;
location ~ \.php$ {
proxy_pass http://127.0.0.1:88;
proxy_set_header Host $host;
}
}

location / {
proxy_pass http://127.0.0.1:88/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

}

檢測nginx配置文件是否有語法錯誤：

/usr/local/nginx/sbin/nginx -t

重啓nginx：

service nginx restart

在瀏覽器訪問：blog.abc.com，是能夠訪問的

16.配置pma.conf

server
{
listen 80;
server_name pma.abc.com;
index index.html index.htm index.php;
root /data/pma;

location / {
auth_basic 「Auth」;
auth_basic_user_file /usr/local/nginx/conf/htpasswd;

location ~ \.php$ {
proxy_pass http://127.0.0.1:88;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

}
}

檢測nginx配置文件是否有語法錯誤：

/usr/local/nginx/sbin/nginx -t

重啓nginx：

service nginx restart

瀏覽器訪問：pma.abc.com是能夠訪問到的

1七、配置nginx的日誌切割

[root@lanp vhosts]# vim /usr/local/sbin/logrotate.sh
#!/bin/bash
d=`date -d 「-1 day」 +%Y%m$d`
/bin/mv /home/logs/discuz.log /home/logs/discuz_$d.log
/etc/init.d/nginx reload >/dev/null 2>/dev/null
cd /home/logs
gzip discuz_$d.log

1八、mysql備份腳本無需密碼經過ssh執行rsync來同步文件的方法能夠參考http://www.jb51.net/article/60192.htm

vim mysqlbak.sh
#!/bin/bash
source /etc/profile
d=`date +%F`
/usr/local/mysql/bin/mysqldump -uroot -p838024 wordpress >/data/mysqlbak/$d.wordpresssql
/usr/local/mysql/bin/mysqldump -uroot -p838024 discuz >/data/mysqlbak/$d.discuzsql
/usr/local/mysql/bin/mysqldump -uroot -p838024 phpmyadmin >/data/mysqlbak/$d.phpmyadminsql
rsync -avLupz -e 「ssh -p 22」 /data/mysqlbak/ 192.168.137.107:/tmp/

再把腳本放進crontab計劃任務

chmod a+x mysqlbak.sh
crontab -e
*/3 * * * * /root/shell/mysqlbak.sh

關於rsync命令：

本地和遠程須要安裝rsync和openssh-clients

yum install rsync和yum install openssh-clients