今天一个朋友把我搞吐血了,好吧,重新写一下最新版的Debian 9网站环境
需要的组件用的都是最新稳定版,注意,服务器不应该用非稳定版。
下面所有命令单步执行
#因为有些时候v6的apt很慢,所以设置apt只用ipv4:
echo 'Acquire::ForceIPv4 "true";' > /etc/apt/apt.conf.d/99force-ipv4
#设置源:
echo "deb http://ftp.us.debian.org/debian stretch main contrib non-free" >/etc/apt/sources.list echo "deb http://ftp.us.debian.org/debian stretch-updates main contrib non-free" >>/etc/apt/sources.list echo "deb http://security.debian.org stretch/updates main contrib non-free" >>/etc/apt/sources.list echo "deb-src http://ftp.us.debian.org/debian stretch main contrib non-free" >>/etc/apt/sources.list echo "deb-src http://ftp.us.debian.org/debian stretch-updates main contrib non-free" >>/etc/apt/sources.list echo "deb-src http://security.debian.org stretch/updates main contrib non-free" >>/etc/apt/sources.list
#习惯性的ll和用不上的服务:
alias ll='ls -al' echo "alias ll='ls -al'" >> /root/.bashrc systemctl disable postfix systemctl disable rsyslog
#为了超大并发而优化的
echo "net.ipv4.tcp_syncookies = 1">>/etc/sysctl.conf echo "net.ipv4.tcp_tw_reuse = 1">>/etc/sysctl.conf echo "net.ipv4.tcp_tw_recycle = 1">>/etc/sysctl.conf echo "net.ipv4.tcp_fin_timeout = 30">>/etc/sysctl.conf sysctl -p
#改成中国时区,看着舒服:
timedatectl set-timezone 'Asia/Shanghai' echo "UTC=no" >> /etc/default/rcS
#更新系统现有的核心和已安装组件:
apt-get update && apt-get upgrade -y && apt-get -u dist-upgrade -y
#先重启一次:
reboot
#最新版php和nginx的源
apt-get -y install apt-transport-https lsb-release ca-certificates sh -c 'echo "deb https://packages.sury.org/nginx/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/nginx.list' wget -O /etc/apt/trusted.gpg.d/nginx.gpg https://packages.sury.org/nginx/apt.gpg sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list' wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg apt-get update
#安装nginx+php+mariadb,注意,因为装php的时候会自动带上apache,所以我这里分几次处理这个问题。
apt-get install -y nginx-extras net-tools nload mariadb-client-10.1 libmariadbclient-dev update-inetd sysv-rc-conf net-tools proftpd /etc/init.d/nginx stop apt-get install -y mariadb-server-10.1 apt-get install -y php7.3-fpm php7.3-cgi php7.3-gd php7.3-imap php7.3-xmlrpc php7.3-xsl php7.3-mysql php7.3-curl php7.3-common php7.3-dev php7.3-imagick php7.3-memcache php7.3-recode php7.3-tidy php7.3-mbstring php7.3-db php7.3-apcu systemctl disable apache2 && /etc/init.d/apache2 stop && apt remove -y --purge apache2 && apt -y autoremove
#设置mysql,这里是用我自己的配置文件,你可以自己修改
cp /etc/mysql/mariadb.conf.d/50-server.cnf /etc/mysql/mariadb.conf.d/50-server.cnf.old
wget https://soft.tingtao.org/debian9/mariadb/cfg.txt -O /etc/mysql/mariadb.conf.d/50-server.cnf
mysql -u root -pmysql密码
set password for root@localhost = password('mysql密码');
grant all privileges on *.* to root@"127.0.0.1" identified by 'mysql密码' with grant option;
grant all privileges on *.* to root@"%" identified by 'mysql密码' with grant option;
exit;
/etc/init.d/mysql restart
#设置proftpd:
wget https://soft.tingtao.org/debian9/proftpd/proftpd_nossl.txt -O /etc/proftpd/proftpd.conf /etc/init.d/proftpd restart
#设置nginx:
mkdir -p /cachedisk/staticfile mkdir -p /dev/shm/cachemem/phpfile mkdir -p /dev/shm/cachemem/fastcgi mkdir -p /cachemem/phpfile mkdir -p /cachemem/fastcgi mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.default rm /etc/nginx/sites-enabled/default mkdir /var/www/logs rm /etc/nginx/sites-enabled/default wget https://soft.tingtao.org/nginx/nginx.conf.txt -O /etc/nginx/nginx.conf cp /etc/nginx/fastcgi_params /etc/nginx/fastcgi_params.default cp /etc/nginx/fastcgi.conf /etc/nginx/fastcgi.conf.default cp /etc/php/7.3/fpm/php-fpm.conf /etc/php/7.3/fpm/php-fpm.conf.default echo 'fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root/:/tmp/:/proc/:/usr/share/php/";' >> /etc/nginx/fastcgi_params echo 'fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root/:/tmp/:/proc/:/usr/share/php/";' >> /etc/nginx/fastcgi.conf echo "php_admin_value[open_basedir]=/var/www/:/proc/:/tmp/:/usr/share/php/" >> /etc/php/7.3/fpm/php-fpm.conf /etc/init.d/nginx restart
#删掉一个示例配置,节约内存:
mv /etc/php/7.3/fpm/pool.d/www.conf /etc/php/7.3/fpm/pool.d/www.conf.bak /etc/init.d/php7.3-fpm restart
注意,因为唯一的示例文件删掉了,所以php在这里重启是肯定会失败的,等以后创建了网站就正常了。
#####################################################
创建站点的过程:
以本站为例,ftp用户名为www.tingtao.org,网站位于 /var/www/www.tingtao.org,密码为“ftp密码”
#创建站点目录和ftp账号什么的:
useradd www.tingtao.org -s /sbin/nologin echo www.tingtao.org:ftp密码|chpasswd groupadd -f www.tingtao.org usermod -G www.tingtao.org -a www-data usermod -G www.tingtao.org -a proftpd mkdir /var/www/www.tingtao.org usermod -d /var/www/www.tingtao.org www.tingtao.org chown -R www.tingtao.org:www.tingtao.org /var/www/www.tingtao.org chmod -R 755 /var/www/www.tingtao.org
#php配置:
cat > /etc/php/7.3/fpm/pool.d/www.tingtao.org.conf <<- _EOF1_ [www.tingtao.org] user = www.tingtao.org group = www.tingtao.org listen = /var/run/php7-fpm-www.tingtao.org.sock listen.owner = www-data listen.group = www-data php_admin_value[include_path] = .:/var/www/globals/www.3ha.net/lib php_admin_value[open_basedir] = /dev/shm/www/www.tingtao.org:/tmp:/var/www/www.tingtao.org php_admin_value[upload_max_filesize] = 50M php_admin_value[max_execution_time] = 30 php_admin_value[max_input_time] = 60 php_admin_value[memory_limit] = 256M php_admin_value[output_buffering] = 4096 php_admin_value[disable_functions] = system,exec,shell_exec,passthru,error_log,dl,sys_getloadavg,pfsockopen,openlog,syslog,readlink,symlink,link,leak,popen,escapeshellcmd,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,escapeshellarg,pcntl_exec,show_source,highlight_file,ini_restore,apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,virtual,mb_send_mail,set_time_limit,max_execution_time,php_uname,disk_free_space,diskfreespace,stream_copy_to_stream php_admin_flag[allow_url_fopen] = off php_admin_flag[expose_php] = Off php_admin_flag[display_errors] = Off pm = dynamic pm.max_children = 5 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 3 chdir = / _EOF1_
#站点配置是 /etc/nginx/sites-enabled/www.tingtao.org.conf ,注意证书路径:
#######################################################
# www.tingtao.org
server {
listen 80;
listen [::]:80;
server_name tingtao.org www.tingtao.org;
keepalive_timeout 120;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /var/www/ca/tingtao.org/fullchain.pem;
ssl_certificate_key /var/www/ca/tingtao.org/privkey.pem;
##############################################
error_log /dev/null;
access_log /dev/null;
root /var/www/www.tingtao.org;
set $skip_cache 0;
#post访问不缓存
if ($request_method = POST) {
set $skip_cache 1;
}
#动态查询不缓存
if ($query_string != "") {
set $skip_cache 1;
}
#后台等特定页面不缓存(其他需求请自行添加即可)
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index).xml") {
set $skip_cache 1;
}
#对登录用户、评论过的用户不展示缓存
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
location ~ ^.+\.php {
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/var/run/php7-fpm-www.tingtao.org.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param PHP_ADMIN_VALUE "cgi.fix_pathinfo=1";
fastcgi_param PHP_ADMIN_VALUE "include_path= .:/var/www/globals/v.haote.net/lib:/usr/share/php/";
fastcgi_param PHP_ADMIN_VALUE "open_basedir= $document_root/:/tmp:/usr/share/php/";
fastcgi_param PHP_ADMIN_VALUE "upload_max_filesize= 50M";
fastcgi_param PHP_ADMIN_VALUE "max_execution_time= 30";
fastcgi_param PHP_ADMIN_VALUE "max_input_time= 60";
fastcgi_param PHP_ADMIN_VALUE "memory_limit= 128M";
fastcgi_param PHP_ADMIN_VALUE "output_buffering= 4096";
fastcgi_param PHP_ADMIN_VALUE "disable_functions= system,exec,shell_exec,passthru,error_log,dl,sys_getloadavg,pfsockopen,openlog,syslog,readlink,symlink,link,leak,popen,escapeshellcmd,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,escapeshellarg,pcntl_exec,show_source,highlight_file,ini_restore,apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,virtual,mb_send_mail,set_time_limit,max_execution_time,php_uname,disk_free_space,diskfreespace,stream_copy_to_stream";
fastcgi_param PHP_ADMIN_VALUE "allow_url_fopen= off";
fastcgi_param PHP_ADMIN_VALUE "expose_php= Off";
fastcgi_param PHP_ADMIN_VALUE "display_errors= Off";
fastcgi_param PHP_ADMIN_VALUE "post_max_size= 50M";
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort on;
fastcgi_read_timeout 180;
# add_header Fastcgi-Cache $upstream_cache_status;
# fastcgi_cache_bypass $skip_cache;
# fastcgi_no_cache $skip_cache;
# fastcgi_cache wp_fastcgi;
# fastcgi_cache_valid 2h;
}
location / {
#定义首页索引文件的名称
index index.php index.html index.htm;
#下面这行和后面的跟wordpress有关
try_files $uri $uri/ /index.php?$args;
}
# rewrite /wp-admin$ $scheme://$host$uri/ permanent;
}
#数据库名和用户名为tingtao :
create database tingtao; CREATE USER 'tingtao'@'%' IDENTIFIED BY '数据库密码'; GRANT ALL PRIVILEGES ON `tingtao` . * TO 'tingtao'@'%';
#站点创建以后需要重启php和nginx:
/etc/init.d/nginx restart /etc/init.d/php7.3-fpm restart
至此,所有相关环境创建完成,只有nginx的站点配置和mysql建库需要编辑器或者mysql来执行,其他的都是复制即可。
文中直接从soft.tingtao.org下载的文件请自行留档,我这里可能随时改动。