CentOS7安装php类型CMS(Mariadb10.5)
测试环境
# uname -a
Linux localhost.localdomain 3.10.0-1160.15.2.el7.x86_64 #1 SMP Wed Feb 3 15:06:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
# php -v
php-fpm -vPHP 7.2.34 (cli) (built: Oct 1 2020 13:37:37) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.34, Copyright (c) 1999-2018, by Zend Technologies
# php-fpm -v
PHP 7.2.34 (fpm-fcgi) (built: Oct 1 2020 13:40:44)
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.34, Copyright (c) 1999-2018, by Zend Technologies
# mariadb --version
mariadb Ver 15.1 Distrib 10.5.8-MariaDB, for Linux (x86_64) using readline 5.1
系统部署
yum update
vi /etc/selinux/config
systemctl disable firewalld
systemctl disable postfix
vi /etc/ssh/sshd_config
vi /etc/security/limits.conf
root soft nofile 65535
root hard nofile 65535
* soft nofile 65535
* hard nofile 65535
# cat /etc/sysctl.conf
vm.swappiness = 0
kernel.sysrq = 1
net.ipv4.neigh.default.gc_stale_time = 120
# see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
# see details in https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_slow_start_after_idle = 0
reboot
yum install vim wget curl net-tools unzip lrzsz
MariaDB10.5安装
/etc/yum.repos.d/MariaDB.repo
# MariaDB 10.5 CentOS repository list - created 2021-02-22 04:46 UTC
# https://mariadb.org/download/
[mariadb]
name = MariaDB
baseurl = https://mirrors.nju.edu.cn/mariadb/yum/10.5/centos7-amd64
gpgkey=https://mirrors.nju.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck=1
yum install MariaDB-server MariaDB-client
MariaDB配置
# cat /etc/my.cnf
[mysqld]
user = mysql
port = 3306
datadir=/data/mysql
# socket=/data/mysql/mysql.sock
socket=/var/lib/mysql/mysql.sock
innodb_buffer_pool_size=128m
skip_name_resolve = 1
open_files_limit = 65535
init_connect='SET collation_connection = utf8mb4_unicode_ci'
init_connect='SET NAMES utf8mb4'
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
max_connections = 10240
max_connect_errors = 1000000
interactive_timeout = 600
wait_timeout = 600
# slow query
slow_query_log = 1
long_query_time = 0.5
explicit_defaults_for_timestamp=0
log-error=/data/mysql/mysql-error.log
pid-file=/data/mysql/mysqld.pid
#
# This group is read both by the client and the server
# use it for options that affect everything
#
[client-server]
#
# include *.cnf from the config directory
#
!includedir /etc/my.cnf.d
[mysqldump]
quick
max_allowed_packet = 32M
mkdir -p /data/mysql
chown -R mysql.mysql /data/mysql
mariadb-install-db /data/mysql
mariadb-install-db
systemctl enable mariadb
systemctl start mariadb
创建CMS数据库 及账号授权
>
> select version();
> use mysql
> select Host,User,Password from user;
> delete from user where User='';
> ALTER USER 'root'@'localhost' IDENTIFIED BY '123456789';
> ALTER USER 'mysql'@'localhost' IDENTIFIED BY '123456789';
> create database eycms;
> create database xrcms;
> grant all on eycms.* to 'eycms'@'127.0.0.1' identified by 'eycms122333eycms' ;
> grant all on xrcms.* to 'xrcms'@'127.0.0.1' identified by 'xrcms122333xrcms' ;
> flush privileges;
php-fpm安装
rpm -Uvh https://mirror.webtatic.com/yum/el7/epel-release.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum install -y php72w php72w-opcache php72w-xml php72w-gd php72w-devel php72w-mysql php72w-intl php72w-mbstring php72w-pecl-imagick php72w-pecl-imagick-devel
yum install php72w-fpm
# grep -v ';' /etc/php-fpm.d/www.conf
[www]
user = apache
group = apache
listen = /run/php-fpm/www.sock
listen.owner = apache
listen.group = apache
listen.mode = 0660
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 20
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 20
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
systemctl start php-fpm
systemctl enable php-fpm
Nginx安装
mkdir -p /data/src
cd /data/src
wget https://nginx.org/download/nginx-1.18.0.tar.gz
./configure --user=apache --group=apache --prefix=/usr/local/nginx --with-http_v2_module --with-stream --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module --with-http_ssl_module --with-pcre --with-http_realip_module --with-http_image_filter_module --with-file-aio --with-ld-opt=-ljemalloc
make
make install
# cat /etc/logrotate.d/nginx
/usr/local/nginx/logs/access.log {
#compress
nocompress
daily
copytruncate
create
notifempty
rotate 14
missingok
dateext
sharedscripts
postrotate
/bin/kill -USR1 `cat /usr/local/nginx/logs/nginx.pid` > /dev/null 2>/dev/null || true
endscript
}
dhparam文件
openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
nginx配置文件
# cat /usr/local/nginx/conf/nginx.conf
user apache apache;
worker_processes 2;
worker_rlimit_nofile 65535;
error_log /usr/local/nginx/logs/error.log debug;
events {
use epoll;
multi_accept on;
accept_mutex off;
worker_connections 65535;
}
http{
include mime.types;
log_format log_access '$remote_addr - $remote_user [$time_local] "$http_host" "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for '
'"$upstream_addr" "$upstream_status" "$upstream_response_time" "$request_time" "$upstream_cache_status"';
access_log /usr/local/nginx/logs/access.log log_access;
server_tokens off;
default_type application/octet-stream;
underscores_in_headers on;
server_names_hash_bucket_size 128;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml application/x-httpd-php application/xhtml+xml;
gzip_vary on;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
sendfile on;
#aio on;
#directio 4m;
tcp_nopush on;
tcp_nodelay on;
proxy_cache_path /usr/local/nginx/proxy_cache_temp levels=1:1:1 keys_zone=pcache:10m max_size=128m;
client_body_buffer_size 128k;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
proxy_buffer_size 16k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 54k;
proxy_temp_file_write_size 64k;
proxy_ignore_client_abort on;
proxy_hide_header X-Powered-By;
proxy_hide_header Server;
##############dns #################
resolver 223.5.5.5 233.6.6.6 valid=60s;
server {
listen 80;
add_header Strict-Transport-Security max-age=86400;
return 301 https://$host$request_uri;
}
include /usr/local/nginx/conf/conf.d/*.conf;
}
# cat /usr/local/nginx/conf/conf.d/allgo_eycms.conf
server {
listen 443 ssl http2;
server_name eycms.allgo.cc;
# ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/fullchain.cer;
ssl_certificate_key /usr/local/nginx/conf/ssl/allgo.cc.key;
ssl_trusted_certificate /usr/local/nginx/conf/ssl/ca.cer;
ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000";
ssl_stapling on;
ssl_stapling_verify on;
fastcgi_hide_header X-Powered-By;
root /data/eycms;
index index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
expires max;
log_not_found off;
}
}
# cat /usr/local/nginx/conf/conf.d/allgo_xrcms.conf
server {
listen 443 ssl http2;
server_name xrcms.allgo.cc;
# ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/fullchain.cer;
ssl_certificate_key /usr/local/nginx/conf/ssl/allgo.cc.key;
ssl_trusted_certificate /usr/local/nginx/conf/ssl/ca.cer;
ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000";
ssl_stapling on;
ssl_stapling_verify on;
fastcgi_hide_header x-powered-by;
root /data/xrcms;
index index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
expires max;
log_not_found off;
}
location ^~ /cache/ {
deny all;
}
location ^~ /config/ {
deny all;
}
location ^~ /dayrui/ {
deny all;
}
location ^~ /template/ {
deny all;
}
}
CMS部署
CMS文件准备
mkdir -p /data/eycms
cd /data/eycms
wget https://qiniu.eyoucms.com/EyouCMS-V1.5.1-UTF8-SP3_140.zip
unzip EyouCMS-V1.5.1-UTF8-SP3_140.zip
rm -f EyouCMS-V1.5.1-UTF8-SP3_140.zip
mkdir -p /data/xrcms
cd /data/xrcms
wget https://www.xunruicms.com/member.php?action=down&cid=10&is_update=123
unzip XunRuiCMS-安装包-V4.3.14-2021-02-20.zip
rm -f XunRuiCMS-安装包-V4.3.14-2021-02-20.zip
cd /data
chown -R apache.apache eycms xrcms
易优CMS
迅睿CMS
