Centos 7 環境下 LNMP 服務器配置步驟記錄

時間  2019-11-09
標籤 centos 環境 lnmp 服務器 配置 步驟 記錄 欄目 CentOS 简体版
原文   原文鏈接

環境:阿里雲 Centos7 64位php

Paste_Image.png

環境配置

一、更新 yum 源

http://mirrors.aliyun.com/hel...html

  • 備份nginx

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

  • 下載新的 CentOS-Base.repo 到 /etc/yum.repos.d/git

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

  • 更新github

yum makecache
yum update
二、設置免密碼 ssh 登陸
git config --global user.name "your_name"
git config --global user.email "your@gmail.com"
ssh-keygen -t rsa -C   "your@gmail.com"
cat ~/.ssh/id_rsa.pub   #複製本身本地的id_rsa.pub
vi ~/.ssh/authorized_keys   #添加本身的id_rsa.pub進去
chmod 600 ~/.ssh/authorized_keys
三、安裝 Git

參考 http://blog.csdn.net/jinwufei...centos

四、安裝 oh-my-zsh

參考 https://zhuanlan.zhihu.com/p/...session

五、安裝 autojump

參考 https://github.com/wting/auto...composer

六、安裝 lnmp

https://github.com/lj2007331/...dom

七、安裝composer
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php
php -r "unlink('composer-setup.php');"

composer config -g repo.packagist composer https://packagist.phpcomposer.com
八、備份

設置阿里雲自動快照備份ssh

九、添加ftp用戶
cd ~/lnmp
./pureftpd_vhost.sh

站點配置

一、添加虛擬站點
cd ~/lnmp    
./vhost.sh

二、配置 https 功能
採用的是 letsencrypt 提供的免費 HTTPS 證書。

配置方法以下:

wget https://raw.githubusercontent.com/certbot/certbot/master/letsencrypt-auto

cp  letsencrypt-auto /bin/letsencrypt

chmod -R 755  /bin/letsencrypt

service nginx stop

letsencrypt certonly --standalone --email your@mail.com -d domain.com

最後一步若是出現問題的話,刪除 ~/.pip/pip.conf ,運行

pip install --upgrade pip

而後從新運行

letsencrypt certonly --standalone --email your@mail.com -d domain.com

成功的話看到

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/vickoo.linkerlab.net/fullchain.pem. Your cert
   will expire on 2017-06-01. To obtain a new or tweaked version of
   this certificate in the future, simply run letsencrypt again. To
   non-interactively renew *all* of your certificates, run
   "letsencrypt renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

修改nginx.conf,添加https支持,修改nginx.conf下面對應項(或者修改虛擬站點裏的配置)

listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name cdn.loldata.cn;
index index.html index.htm index.php default.html default.htm default.php;
root  /home/wwwroot/op-gg-spider/storage;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.loldata.cn-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.loldata.cn-0001/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_session_cache builtin:1000 shared:SSL:10m;

修改nginx.conf(或虛擬站點的配置文件),使http自動跳轉https,在server添加

server
{
      if ($ssl_protocol = "") { 
            return 301 https://$server_name$request_uri; 
      }
}

重啓nginx

service nginx start

設置自動續費

crontab -e
#在文件裏添加
* * 1 * * service nginx stop && letsencrypt renew && service nginx start

自動腳本

把上面的配置 Https 的步驟寫成了一個簡單的腳本了,使用方法:

  • 把下面腳本代碼複製到任何想放的位置,例如命名爲 add-https ,給予執行權限。

  • 第一次運行,請執行下面命令,安裝 letsencrypt
    ./add-https install

  • 用 lnmp 配置好想要的域名

  • 在域名管理後臺,把該域名映射到對應的 ip 上

  • 執行如下命令,安裝證書
    ./add-https your.domain

  • 安裝後會看到以下提示

#-----Add those below to your.domain.conf-----
listen 443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/$1/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$1/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_session_cache builtin:1000 shared:SSL:10m;

if (\$ssl_protocol = \"\") { return 301 https://\$server_name\$request_uri; }

複製上面內容,到 your.domain.conf 裏,運行

service nginx start

配置完成!

自動腳本以下:

#!/bin/sh
if [ "$#" -eq "0" ]
then
   echo "---------How to use?-----------
1. cd /home/lnmp and add a vhost you want under http.
2. back to this directory and run
./add-https your_domain
";
elif [ $1 == "install" ]
then
  echo "--------- installing letsencrypt ----------";
  wget https://raw.githubusercontent.com/certbot/certbot/master/letsencrypt-auto
  mv  letsencrypt-auto /bin/letsencrypt
  chmod -R 755  /bin/letsencrypt
  rm ~/.pip/pip.conf
  pip install --upgrade pip
  echo "--------- success! --------";
else
  echo "-----Adding Https by letsencrypt----";
  service nginx stop
  letsencrypt certonly --standalone --email your@email.com -d $1
  service nginx start
  echo "


-----Add those below to $1.conf-----
  listen 443 ssl http2;
  ssl on;
  ssl_certificate /etc/letsencrypt/live/$1/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/$1/privkey.pem;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
  ssl_session_cache builtin:1000 shared:SSL:10m;


  if (\$ssl_protocol = \"\") { return 301 https://\$server_name\$request_uri; }
";
fi
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程