树莓派/香橙派安装并配置LEMP

今天群里面的朋友搭建Web,参照的很多网站的教程,结果都说是错误的,现在自己的Web访问不了了,可能他的路径是错误的,但是不管怎样,我现在教大家怎么配置Nginx.如果本地web没有公网Ip,请用Ngrok穿透.


Apache
  • 更新系统,这是安装软件前的良好习惯.
#更新软件列表。
sudo apt-get update
#更新软件。
sudo apt-get upgrade
#更新系统版本。
sudo apt-get dist-upgrade

安装配置lnmp(Nginx+MySQL+PHP)

#安装Nginx
sudo apt install nginx -y
#安装chkconfig
apt-get install chkconfig
#添加开机启动
chkconfig nginx on

#安装Mysql
sudo apt install  mysql-server -y
service mysql start
chkconfig mysql on
service mysql restart

#安装PHP,使PHP支持 MySQL、FastCGI
install php5-fpm php5-cgi php5-cli php5-curl php5-mysql php5-gd php5-mcrypt php5-memcache 
#启动php5-fpm
/etc/init.d/php5-fpm start
#设置开机启动php5-fpm
chkconfig php5-fpm on
#重启mysql
/etc/init.d/mysql restart
#重启nginx
/etc/init.d/nginx restart
  • 配置Nginx至支持PHP
#配分Nginx的配置
cp /etc/nginx/nginx.conf  /etc/nginx/nginx.conf.bak
#用nano打开配置
nano /etc/nginx/nginx.conf

  • 改成如下配置:
user www-data www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
    ##
    # Gzip Settings
    ##

    gzip on;
    #该指令用于开启或关闭gzip模块(on/off)

    gzip_disable "msie6";
    #禁用IE 6 gzip

     gzip_vary on;
    #在http header中添加Vary: Accept-Encoding ,给代理服务器用的

     gzip_proxied any;
    #这里设置无论header头是怎么样,都是无条件启用压缩

     gzip_comp_level 6;
    #gzip压缩比,数值范围是1-9,1压缩比最小但处理速度最快,9压缩比最大但处理速度最慢

     gzip_buffers 16 8k;
    #设置系统获取几个单位的缓存用于存储gzip的压缩结果数据流。16 8k代表以8k为单位,安装原始数据大小以8k为单位的16倍申请内存

     gzip_http_version 1.1;
    #识别http的协议版本

    #gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
    #默认压缩类型

     gzip_types
text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml text/javascript application/javascript application/x-javascript text/x-json application/json application/x-web-app-manifest+json text/css text/plain text/x-component font/opentype font/ttf application/x-font-ttf application/vnd.ms-fontobject image/x-icon;
    #进行压缩的文件类型,这里特别添加了对字体的文件类型

    #gzip_disable "MSIE [1-6]\.(?!.*SV1)";
    #禁用IE 6 gzip


    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}


#mail {
#   # See sample authentication script at:
#   # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#   # auth_http localhost/auth.php;
#   # pop3_capabilities "TOP" "USER";
#   # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#   server {
#       listen     localhost:110;
#       protocol   pop3;
#       proxy      on;
#   }
# 
#   server {
#       listen     localhost:143;
#       protocol   imap;
#       proxy      on;
#   }
#}
  • 站点配置:
#备份站点配置
cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
#修改配置,具体内容在下面
nano /etc/nginx/sites-available/default
#修改完成后,需要重新加载配置
service nginx reload  或者 sudo nginx -r 
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
    listen 80 ;
    listen [::]:80 ;
    #这里站点名字改成自己的
    server_name wwww.xxx.com;
    # 强制https访问
        rewrite ^/(.*) https://wwww.xxx.com/$1 permanent;
}
server {

    #启用HSTS
    add_header Strict-Transport-Security "max-age=10886400; includeSubDomains; preload";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;

    # SSL configuration
    #
    # listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;
        listen 443 ssl  ;
        listen [::]:443 ssl ;
        #这里的也需要该.
        ssl_certificate /srv/www/wwww.xxx.com.crt;
        ssl_certificate_key /srv/www/wwww.xxx.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;
    #
    # Self signed certs generated by the ssl-cert package
    # Don't use them in a production server!
    #
    # include snippets/snakeoil.conf;

    root /srv/www/html;

    # Add index.php to the list if you are using PHP
    index  index.php index.html index.htm index.nginx-debian.html;
    # 需要修改
    server_name wwww.xxx.com;

    location / {
        #typecho伪静态
        index index.html index.php; 
        if (-f $request_filename/index.html) { 
        rewrite (.*) $1/index.html break; 
}    
        if (-f $request_filename/index.php) { 
        rewrite (.*) $1/index.php; 
} 
        if (!-f $request_filename) { 
        rewrite (.*) /index.php; 
} 
        #typecho伪静态
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
            #最大上传附件
        client_max_body_size 32m;
    }



    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
    #   include snippets/fastcgi-php.conf;
    #
    #   # With php5-cgi alone:
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #   fastcgi_pass 127.0.0.1:9000;
    #   # With php5-fpm:
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_param  SCRIPT_FILENAME  /srv/www/html$fastcgi_script_name;
        include fastcgi_params;
    }


    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ {
    expires 30d;
    access_log off;
    }   

    location ~ .*\.(eot|ttf|otf|woff|svg)$ {
    expires 30d;
    access_log off;
    }

    location ~ .*\.(js|css)?$ {
    expires 7d;
    access_log off;
    }
    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #   deny all;
    #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#   listen 80;
#   listen [::]:80;
#
#   server_name example.com;
#
#   root /var/www/example.com;
#   index index.html;
#
#   location / {
#       try_files $uri $uri/ =404;
#   }
#}

server {
       listen 80;
       listen [::]:80;
        #这里也需要修改
       server_name xxxx.com;

       root /srv/www/html;
       index index.html;

       location / {
               try_files $uri $uri/ =404;
       }
}

server {
       listen 80;
       listen [::]:80;
# 这里也需要修改.
       server_name qq.xxxx.com;

       root /srv/www/html/qq;
       index index.php  index.html;

       location / {
               try_files $uri $uri/ =404;
       }
}
  • 配置PHP
nano /etc/php5/fpm/php.ini

date.timezone = PRC
#时区设置 把前面的分号去掉,改为date.timezone = PRC

#每个脚本运行的最长时间,单位秒
max_execution_time = 150

#每个脚本可以消耗的时间,单位也是秒
max_input_time = 300

#脚本运行最大消耗的内存,根据你的需求更改数值
memory_limit = 8M

#表单提交最大数据为 8M,此项不是限制上传单个文件的大小,而是针对整个表单的提交数据进行限制的。限制范围包括表单提交的所有内容.例如:发表贴子时,贴子标题,内容,附件等
post_max_size = 32M

#上载文件的最大许可大小
找到:upload_max_filesize = 32M
  • 配置php-fpm
#备份原有配置文件
cp /etc/php5/fpm/pool.d/www.conf  /etc/php5/fpm/pool.d/www.confbak
vim  /etc/php5/fpm/pool.d/www.conf
#修改用户为www-data
user = www-data
#修改组为www-data
group = www-data
/etc/init.d/mysql restart
/etc/init.d/nginx  restart
/etc/init.d/php5-fpm restart
  • 配置Mysql

安装完mysql-server 会提示可以运行mysql_secure_installation。运行mysql_secure_installation会执行几个设置:
a)为root用户设置密码
b)删除匿名账号
c)取消root用户远程登录
d)删除test库和对test库的访问权限
e)刷新授权表使修改生效
通过这几项的设置能够提高mysql库的安全。建议生产环境中mysql安装这完成后一定要运行一次mysql_secure_installation,详细步骤请参看下面的命令:

root@raspberrypi:/# mysql_secure_installation




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] n
 ... skipping.

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist
 ... Failed!  Not critical, keep moving...
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!


root@raspberrypi:/#
  • 安装配置phpmyadmin
#安装phpmyadmin
apt install phpmyadmin -y
#在站点根目录建立链接
sudo ln -s /usr/share/phpmyadmin /srv/www/html

至此就配置结束了,有些配置参考了别人的方法...
https://wwww.lvmoo.com/archives/20.html
https://www.linuxdashen.com/debian%E5%92%8Cubuntu%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%8D%87%E7%BA%A7php7

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 205,386评论 6 479
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 87,939评论 2 381
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 151,851评论 0 341
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 54,953评论 1 278
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 63,971评论 5 369
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 48,784评论 1 283
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 38,126评论 3 399
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 36,765评论 0 258
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 43,148评论 1 300
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 35,744评论 2 323
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 37,858评论 1 333
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 33,479评论 4 322
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 39,080评论 3 307
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 30,053评论 0 19
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 31,278评论 1 260
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 45,245评论 2 352
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 42,590评论 2 343

推荐阅读更多精彩内容