CentOS+Nginx+Tomcat+Mysql+PHP 环境搭建及系统部署
==============安装centos 7.0=======================选择最小安装,将相关的"调试工具"、“兼容性程序库”、“开发工具”选中。
此操作是为了减少后期安装或编译相关服务时出现依赖、或环境的问题。
硬盘分区,可根据个人的习惯而定,不清楚的可以直接选择系统自动分区,
由于个人的习惯,本人的分区如下,仅供参考:
/boot 500M 用于启动Linux的核心文件
swap 5120M(5G)Linux下的交换分区,又称为虚拟内存,一般是物理内存的2倍,但不建议超过8G
/ 51200M(50G) 所有系统的文件等,都在该分区下
/home剩下的空间 用户主目录,新建的用户的目录将会出现在这里
================关闭不需要的安全设置,使用其他的安全管理================
vi /etc/selinux/config //关闭Selinux
SELINUX=disabled //原为enforcing改为disabled
------------------------或使用以下命令关闭SELINUX---------------------------------------
sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
setenforce 0
systemctl stop firewalld //停止系统默认的防火墙
systemctl mask firewalld //屏蔽服务(让它不能启动)
reboot //重启让selinux配置生效
=================管理工具安装======================
安装ifconfig、ntsysv、updatedb、lrzsz(上传下载)、wget(远程http下载)功能
yum install -y chkconfignet-tools telnet ntsysv mlocate lrzsz wget lsof setuptool system-config-securitylevel-tui system-config-network-gui system-config-network-tui system-config-date tcpdump
yum install -y vim nano //安装编辑器
==============更新Centos 7.0 repo源=====================
yum install -y epel-release
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/epel-release.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum clean all
yum makecache
yum install -y python-pip
pip install --upgrade pip
pip install requests
=====安装nginx yum安装的第三方repo源文件(使用编译安装则不需要)=======
mkdir /root/software
cd /root/software
wget https://mirrors.ustc.edu.cn/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm
rpm -ivh epel-release-7-11.noarch.rpm
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
=====安装mysql yum安装的第三方repo源文件(使用编译安装则不需要)=======
cd /root/software //进入源文件集中文件夹
wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm//下载
yum localinstall -y mysql57-community-release-el7-8.noarch.rpm //通过rpm安装得到repo源
yum repolist enabled | grep "mysql.-community." //检查mysql源是否安装成功
=================各种环境的预装======================
yum install -y make cmake gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-serversgd gd-devel perl expat expat-devel nss_ldap unixODBC-devel libxslt-devel libevent-devel libtool-ltdl bison libtool zip unzip gmp-devel //安装各种环境所需要的插件
yum install -y pcre pcre-devel//安装PCRE(可与预装环境同步进行)
yum update -y //升级补丁
=======================安装mysql及初始设置mysql=======================
yum install -y bison-devel libaio-devel//预装mysql环境
yum install -y perl-Data-Dumper//预装mysql所需环境
yum install -y mysql-server //安装mysqld
service mysqld start//启动mysql
systemctl enable mysqld.service//开机自启动
grep 'temporary password' /var/log/mysqld.log //mysql5.7版本后,初始密码不再为空,默认随机生成,可通过该命令查询
mysql -u root -p //进入mysql
alter user root@localhost> exit; //退出mysql管理
----------------------------设置mysql 不分大小写----------------------
vi /etc/my.cnf
lower_case_table_names=1 //必须在 中
-------------------------配置mysql支持UTF-8-------------------------
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
lower_case_table_names=1
character-set-server=utf8
max_connections=500
innodb_log_file_size=60M
innodb_buffer_pool_size=128M
symbolic-links=0
default-character-set=utf8
socket=/var/lib/mysql/mysql.sock
open-files-limit = 8192
log-error=/var/log/mysqld.log
socket=/var/lib/mysql/mysql.sock
pid-file=/var/run/mysqld/mysqld.pid
service mysqld restart//重启mysql
=================MySQL运维小知识======================
MySQL高占用CPU、内存,有可能是由于进程未能及时释放,可以通过简单的设置,可以有效的解决这个问题。
mysql -uroot -p
mysql> show global variables like '%timeout';
mysql> set global interactive_timeout=100;
-----------------上述的,在重启mysqld.service后失效-----------------------------------
vi /etc/my.cnf
interactive_timeout=20
wait_timeout=20
------------------------------上述,任何时候都生效-------------------------
-----------------------------mysql创建远程用户并授权---------------------------
mysql -uroot -p
mysql> create user root> mysql> grant all privileges on . to 'root'@'%'identified by '123456' with grant option;
mysql> flush privileges;
-----------------------------mysql创建数据库-----------------------------
mysql> CREATE DATABASE lottery DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
----------------------------mysql修改指定用户的密码-------------------------------
update mysql.user set password=password('新密码') where User="test" and Host="localhost";
---------------------------mysql删除指定用户-------------------------------------
delete from user where User='test' and Host='localhost';
====================安装PHP环境==========================
yum install -y php56w php56w-cli php56w-common php56w-gd php56w-ldap php56w-mbstring php56w-mcrypt php56w-mysql php56w-pdo php56w-devel
yum install -y traceroute net-snmp-devel vim sysstat tree mysql-devel ntpdate libjpeg* bind-utils
yum install -y php56w-imap php56w-odbc php56w-pear php56w-xml php56w-xmlrpc php56w-mhash libmcrypt php56w-bcmath
yum install -y php56w-fpm
vi /etc/php-fpm.d/www.conf
user = nginx //默认为apache,修改与nginx一致的用户需要安装nginx后才能改
group = nginx //默认为apache,修改与nginx一致的组需要安装nginx后才能改
vi /etc/php.ini
session.save_path = "/var/lib/php/session" //设置session的位置,否则PHP运行会出错
chmod 777/var/lib/php/session //设置文件夹属性
chkconfig php-fpm on
=============安装yum nginx============
yum install -y automake autoconf libtool make
yum install -y nginx
chkconfig nginx on
cd /etc/nginx
mkdir vhost //放虚拟主机配置文件的位置
vi nginx.conf
-------------在server{}中添加如下内容---------------------------
~~~~在server的root下添加如下内容,默认首页文件名~
index index.php default.php index.html index.htm;
~~在server中添加支持PHP的语句~~~
location ~ .php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
---------------------在http{}的最后,添加如下内容---------------------------
include vhost/*.conf; //添加完成后保存退出
nginx -t //检查nginx.conf及vhost下的配置文件是否正确
service php-fpm start//启动PHP-FPM
service nginx restart //重启nginx服务
------------------虚拟主机配置示例------------------------------
server {
listen 808;
server_name 10.17.162.113:808;
root /home/website/phpmyadmin/wwwroot;
location / {
index index.php index.html index.shtml;
}
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_indexindex.php;
fastcgi_paramSCRIPT_FILENAME/home/website/phpmyadmin/wwwroot$fastcgi_script_name;
include fastcgi_params;
}
#log...
}
------------------Nginx 反向代理转发(无条件访问HTTPS)---------------------------
server {
listen 80;
server_namehuizhong.itrxm.com;
rewrite ^(.*)$https://$host$1 permanent;
}
server {
listen 443;
server_namehuizhong.itrxm.com;
ssl on;
ssl_certificate /etc/nginx/vhost/ssl/huizhong.itrxm.com-certificate.crt;
ssl_certificate_key /etc/nginx/vhost/ssl/huizhong.itrxm.com-private.key;
ssl_session_timeout5m;
ssl_protocols TLSv1;
ssl_ciphersHIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass https://10.17.162.113:6443;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_next_upstream off;
proxy_buffer_size 32k;
proxy_buffers 64 32k;
proxy_busy_buffers_size 1m;
proxy_temp_file_write_size 512k;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
}
-------------------------------Nginx访问TomCat WebApps下某个目录---------------
server {
listen 80;
server_namehhcphb.itrxm.com;
#charset koi8-r;
#access_loglogs/host.access.logmain;
location / {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass http://59.188.14.217:8080/HBH5/;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#root html;
#indexindex.html;
proxy_next_upstream off;
proxy_buffer_size 32k;
proxy_buffers 64 32k;
proxy_busy_buffers_size 1m;
proxy_temp_file_write_size 512k;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /HBH5/ {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass http://59.188.14.217:8080/HBH5/;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#root html;
#indexindex.html;
proxy_next_upstream off;
proxy_buffer_size 32k;
proxy_buffers 64 32k;
proxy_busy_buffers_size 1m;
proxy_temp_file_write_size 512k;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
}
================JAVA开发环境安装=============
yum search java-1.7 //搜索java-1.7的版本
yum install -y java-1.7.0-openjdk-devel.x86_64 //安装java-1.7.0版本开发环境
cd /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.161-2.6.12.0.el7_4.x86_64/ //进入安装目录
vi /etc/profile //环境配置
-------------------在文件最后面,添加上-----------------------
export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.161-2.6.12.0.el7_4.x86_64 //版本不同,路径不一样,需要注意这个问题
export PATH=$JAVA_HOME/bin:$PATH
export>source /etc/profile //立即生效
javac //运行测试
-----------------------显示以下内容说明配置成功---------------------------
# javac
Usage: javac
where possible options include:
-g Generate all debugging info
-g:none Generate no debugging info
-g:{lines,vars,source} Generate only some debugging info
-nowarn Generate no warnings
-verbose Output messages about what the compiler is doing
-deprecation Output source locations where deprecated APIs are used
-classpath Specify where to find user>
-cp Specify where to find user> -sourcepath Specify where to find input source files
-bootclasspath Override location of bootstrap> -extdirs Override location of installed extensions
-endorseddirs Override location of endorsed standards path
-proc:{none,only} Control whether annotation processing and/or compilation is done.
-processor [,,...] Names of the annotation processors to run; bypasses default discovery process
-processorpath Specify where to find annotation processors
-parameters Generate metadata for reflection on method parameters
-d Specify where to place generated> -s Specify where to place generated source files
-h Specify where to place generated native header files
-implicit:{none,class} Specify whether or not to generate> -encoding Specify character encoding used by source files
-source Provide source compatibility with specified>
-target Generate> -profile Check that API used is available in the specified profile
-version Version information
-help Print a synopsis of standard options
-Akey[=value] Options to pass to annotation processors
-X Print a synopsis of nonstandard options
-J Passdirectly to the runtime system
-Werror Terminate compilation if warnings occur
@ Read options and filenames from file
注:若输入javac显示:bash: javac: 未找到命令…则说明配置失败,检查环境变量路径是否正确。
================Tomcat安装=============
mkdir /opt/tomcat
sudo groupadd tomcat
sudo useradd -s /bin/nologin -g tomcat -d /opt/tomcat/tomcat tomcat
mkdir /root/software //创建专用于存放下载的软件,个人习惯,也可放在/usr/local下等。
cd /root/software
wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-7/v7.0.82/bin/apache-tomcat-7.0.82.tar.gz
sudo tar -zxvf apache-tomcat-7.0.82.tar.gz -C /opt/tomcat/tomcat --strip-components=1
cd /opt/tomcat/tomcat
chmod -R 754 bin/
chgrp -R tomcat /opt/tomcat/tomcat
chmod -R g+r conf
chmod g+x conf
chown -R tomcat webapps/ work/ temp/ logs/
=================创建服务启动文件==================
sudo vi /etc/systemd/system/tomcat.service
-------------------------------内容如下----------------------------------------------------
Description=Apache Tomcat Web Application Container
After=syslog.target network.target
Type=forking
Environment=JAVA_HOME=/usr/lib/jvm/jre
Environment=CATALINA_PID=/opt/tomcat/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat/tomcat
Environment=CATALINA_BASE=/opt/tomcat/tomcat
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'
ExecStart=/opt/tomcat/tomcat/bin/startup.sh
ExecStop=/bin/kill -15 $MAINPID
User=tomcat
Group=tomcat
WantedBy=multi-user.target
systemctl daemon-reload //重载一下服务单元
systemctl enable tomcat.service
systemctl start tomcat.service
===========安装haveged(进程守护)====================
sudo yum install -y haveged
sudo systemctl start haveged.service
sudo systemctl enable haveged.service
访问 http://:8080 预览是否正常。
================配置Tomcat 管理界面==========================
sudo vi /opt/tomcat/tomcat/conf/tomcat-users.xml
-------------------------在与内输入以下内容-------------------
sudo systemctl restart tomcat.service
==============catalina.out 日志分割===================
yum install -y cronolog
修改bin/catalina.sh文件 标红的为修改的内容,
shift
touch “$CATALINA_OUT”
if [ “$1” = “-security” ] ; then
if [ $have_tty -eq 1 ]; then
echo “Using Security Manager”
fi
shift
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Djava.security.manager \
-Djava.security.policy==”\”$CATALINA_BASE/conf/catalina.policy\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap “$@” start \
> “$CATALINA_OUT” 2>&1 “&”
else
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap “$@” start \
> “$CATALINA_OUT” 2>&1 “&”
fi
改为:
shift
touch "$CATALINA_OUT" 注释掉
if [ “$1” = “-security” ] ; then
if [ $have_tty -eq 1 ]; then
echo “Using Security Manager”
fi
shift
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Djava.security.manager \
-Djava.security.policy==”\”$CATALINA_BASE/conf/catalina.policy\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap "$@" start 2>&1 | /usr/sbin/cronolog "$CATALINA_BASE"/logs/catalina.%Y-%m-%d.out >> /dev/null &
else
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap “$@” start 2>&1 | /usr/sbin/cronolog "$CATALINA_BASE"/logs/catalina.%Y-%m-%d.out >> /dev/null &
fi
====================tomcat日志分割定期删除catalina.out=============
每天晚上11点50切割日志文件,同时删除超过30天的日志
log_path=/opt/tomcat/logs
d=date +%Y-%m-%d
d90=date -d'30 day ago' +%Y-%m-%d
cd ${log_path} && cp catalina.out $log_path/cron/catalina.out.$d.log
echo > catalina.out
rm -rf $log_path/cron/catalina.out.${d90}.log
添加权限
chmod 777 /shell/log.sh
编辑crontab
crontab -e
50 23* sh /shell/log.sh
----------------------另一种方法---------------------------
crontab -e
[*]5 find /usr/logs/ -name ".20" -ctime +7 -exec rm -rf {} \;
systemctl start tomcat7.service
===============配置访问同一个项目下不同的文件夹===========
先将原本的配置注释掉,然后新增如下内容:
================SSL环境搭建==================================
在nginx的conf中,进行做对应的修改
server {
listen 80;
server_name域名地址;
rewrite ^(.*)$https://$host$1 permanent;
}
server {
listen 443;
server_namex;
ssl on;
ssl_certificate /etc/nginx/vhost/ssl/certificate.crt;
ssl_certificate_key /etc/nginx/vhost/ssl/private.key;
ssl_session_timeout5m;
ssl_protocols TLSv1;
ssl_ciphersHIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / { client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass http://IP地址:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_next_upstream off;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
}
在tomcat 中的server.xml中修改:
修改为:
并新加节点:
重启tomcat服务
systemctl restart tomcat.service
注:没有若只有key及crt文件的证书,可以进入
https://www.myssl.cn/tools/merge-pfx-cert.html
中进行生成一个pfx文件的证书,并设置一个密码。
=================通过VisualVM对Tomcat性能监控==================
JMX下载地址:http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-jmx-remote.jar
catalina-jmx-remote.jar包下载完成后放到Tomcat的lib目录下
vim catalina.sh
----------------------------------在注释下面添加如下内容------------------------------------
CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote-Dcom.sun.management.jmxremote.port=7090-Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=被监控的服务器IP地址-Dcom.sun.management.jmxremote.authenticate=true-Dcom.sun.management.jmxremote.password.file=/var/tomcat/tomcat/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=/var/tomcat/tomcat/conf/jmxremote.access"
-------------------------------------------------------------------------------------------------------------
cd /var/tomcat/tomcat/conf
vim jmxremote.access
-------------------------------------------------------------------------
monitorRole readonly
controlRole readwrite
---------------------------------------------------------------------------
vim jmxremote.password //要与运行tomcat的权限一致
-----------------------------------------------------------------------
monitorRole 25DWdl2&D^W
controlRole 25DWdl2&D^W
------------------------------------------------------------------------
chmod 0400 jmxremote.password //密码文件应该是只读的,只能由Tomcat运行用户
systemctl restart tomcat.service
至此,整套环境及系统搭建部署完毕。
页:
[1]