Centos 7 环境下 LNMP 服务器配置步骤记录

前端之家收集整理的这篇文章主要介绍了Centos 7 环境下 LNMP 服务器配置步骤记录前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

环境:阿里云 Centos7 64位

环境配置

1、更新 yum 源

http://mirrors.aliyun.com/hel...

@H_301_12@
  • 备份

  • mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
    @H_301_12@
  • 下载新的 CentOS-Base.repo 到 /etc/yum.repos.d/

  • wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
    @H_301_12@
  • 更新

  • yum makecache
    yum update
    2、设置免密码 ssh 登录
    git config --global user.name "your_name"
    git config --global user.email "your@gmail.com"
    ssh-keygen -t rsa -C   "your@gmail.com"
    cat ~/.ssh/id_rsa.pub   #复制自己本地的id_rsa.pub
    vi ~/.ssh/authorized_keys   #添加自己的id_rsa.pub进去
    chmod 600 ~/.ssh/authorized_keys
    3、安装 Git

    参考 http://blog.csdn.net/jinwufei...

    4、安装 oh-my-zsh

    参考 https://zhuanlan.zhihu.com/p/...

    5、安装 autojump

    参考 https://github.com/wting/auto...

    6、安装 lnmp

    https://github.com/lj2007331/...

    7、安装composer
    PHP -r "copy('https://getcomposer.org/installer','composer-setup.PHP');"
    PHP composer-setup.PHP
    PHP -r "unlink('composer-setup.PHP');"
    
    composer config -g repo.packagist composer https://packagist.PHPcomposer.com
    8、备份

    设置阿里云自动快照备份

    9、添加ftp用户
    cd ~/lnmp
    ./pureftpd_vhost.sh

    站点配置

    1、添加虚拟站点
    cd ~/lnmp    
    ./vhost.sh

    2、配置 https 功能
    采用的是 letsencrypt 提供的免费 HTTPS 证书。

    配置方法如下:

    wget https://raw.githubusercontent.com/certbot/certbot/master/letsencrypt-auto
    
    cp  letsencrypt-auto /bin/letsencrypt
    
    chmod -R 755  /bin/letsencrypt
    
    service Nginx stop
    
    letsencrypt certonly --standalone --email your@mail.com -d domain.com

    最后一步如果出现问题的话,删除 ~/.pip/pip.conf,运行

    pip install --upgrade pip

    然后重新运行

    letsencrypt certonly --standalone --email your@mail.com -d domain.com

    成功的话看到

    IMPORTANT NOTES:
     - Congratulations! Your certificate and chain have been saved at
       /etc/letsencrypt/live/vickoo.linkerlab.net/fullchain.pem. Your cert
       will expire on 2017-06-01. To obtain a new or tweaked version of
       this certificate in the future,simply run letsencrypt again. To
       non-interactively renew *all* of your certificates,run
       "letsencrypt renew"
     - Your account credentials have been saved in your Certbot
       configuration directory at /etc/letsencrypt. You should make a
       secure backup of this folder now. This configuration directory will
       also contain certificates and private keys obtained by Certbot so
       making regular backups of this folder is ideal.
     - If you like Certbot,please consider supporting our work by:
    
       Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
       Donating to EFF:                    https://eff.org/donate-le

    修改Nginx.conf,添加https支持修改Nginx.conf下面对应项(或者修改虚拟站点里的配置)

    listen 443 ssl http2;
    #listen [::]:443 ssl http2;
    server_name cdn.loldata.cn;
    index index.html index.htm index.PHP default.html default.htm default.PHP;
    root  /home/wwwroot/op-gg-spider/storage;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/www.loldata.cn-0001/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.loldata.cn-0001/privkey.pem;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
    ssl_session_cache builtin:1000 shared:SSL:10m;

    修改Nginx.conf(或虚拟站点配置文件),使http自动跳转https,在server添加

    server
    {
          if ($ssl_protocol = "") { 
                return 301 https://$server_name$request_uri; 
          }
    }

    重启Nginx

    service Nginx start

    设置自动续费

    crontab -e
    #在文件添加
    * * 1 * * service Nginx stop && letsencrypt renew && service Nginx start

    自动脚本

    把上面的配置 Https 的步骤写成了一个简单的脚本了,使用方法:

    @H_301_12@
  • 把下面脚本代码复制到任何想放的位置,例如命名为 add-https ,给予执行权限。

  • 第一次运行,请执行下面命令,安装 letsencrypt
    ./add-https install

  • 用 lnmp 配置好想要的域名

  • 在域名管理后台,把该域名映射到对应的 ip 上

  • 执行以下命令,安装证书
    ./add-https your.domain

  • 安装后会看到如下提示

  • #-----Add those below to your.domain.conf-----
    listen 443 ssl http2;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/$1/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/$1/privkey.pem;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    
    if (\$ssl_protocol = \"\") { return 301 https://\$server_name\$request_uri; }

    复制上面内容,到 your.domain.conf 里,运行

    service Nginx start

    配置完成!

    自动脚本如下:

    #!/bin/sh
    if [ "$#" -eq "0" ]
    then
       echo "---------How to use?-----------
    1. cd /home/lnmp and add a vhost you want under http.
    2. back to this directory and run
    ./add-https your_domain
    ";
    elif [ $1 == "install" ]
    then
      echo "--------- installing letsencrypt ----------";
      wget https://raw.githubusercontent.com/certbot/certbot/master/letsencrypt-auto
      mv  letsencrypt-auto /bin/letsencrypt
      chmod -R 755  /bin/letsencrypt
      rm ~/.pip/pip.conf
      pip install --upgrade pip
      echo "--------- success! --------";
    else
      echo "-----Adding Https by letsencrypt----";
      service Nginx stop
      letsencrypt certonly --standalone --email your@email.com -d $1
      service Nginx start
      echo "
    
    
    -----Add those below to $1.conf-----
      listen 443 ssl http2;
      ssl on;
      ssl_certificate /etc/letsencrypt/live/$1/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/$1/privkey.pem;
      ssl_session_timeout 5m;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_prefer_server_ciphers on;
      ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
      ssl_session_cache builtin:1000 shared:SSL:10m;
    
    
      if (\$ssl_protocol = \"\") { return 301 https://\$server_name\$request_uri; }
    ";
    fi

    猜你在找的CentOS相关文章