由于这是我们第一次在这个session上使用apt,我们应该从更新本地包索引开始。
apt-get update
apt-get install nginx
apt install mysql-server mysql-client
apt install php-fpm php-mysql php-mbstring php-xml php-curl
LNMP会默认安装在以下目录:
配置:/etc/nginx
网站:/var/www
配置:/etc/mysql
数据:/var/lib/mysql
配置:/etc/php/7.2
打开sites-available
配置 Nginx:
vi /etc/nginx/sites-available/default
并参照以下数据修改,以 abc.com
为例子:
server {
listen 80;
listen [::]:80;
root /var/www/abc.com;
index index.php index.html index.htm;
server_name abc.com;
location /.well-known/ { try_files $uri $uri/ =404; }
location ~ /\. { return 404; }
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
}
如果以后要启用 Https,就要创建一个SSL的配置文件:
vi /etc/nginx/ssl.conf
并添加以下内容:
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets on;
ssl_stapling on;
ssl_stapling_verify on;
#ssl_trusted_certificate /path/to/pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
因为 /etc/nginx/sites-available/default 中的配置已经默认软链接到 /etc/nginx/sites-enabled,所以不需要重复 link
。
键入以下命令,测试配置文件的语法错误:
nginx -t
重载 Nginx 来刷新配置:
systemctl reload nginx
现在开始配置 MySQL,启动安全检查:
mysql_secure_installation
系统将要求您输入为MySQL根帐户设置的密码,接下来,系统将询问你要设置的密码安全等级,不建议选LOW,还有就是删除一些匿名用户和测试数据库,禁用远程根登录。
请注意,在运行 MySQL 5.7(及更高版本)的 Ubuntu 系统中,默认情况下,根MySQL用户被设置为使用auth_socket
插件进行身份验证,而不是使用密码。在许多情况下,这可以有更高的安全性和可用性,但是当您需要允许外部程序(例如:phpMyAdmin)访问用户时,那就很难受了。
(选做)所以我们现在需要开启 root 的密码登陆。
mysql
这时候会进入 MySQL 的控制台 mysql >
接下来,使用以下命令检查每个MySQL用户帐户使用的身份验证方法:
mysql > SELECT user,authentication_string,plugin,host FROM mysql.user;
修改身份验证:
mysql > ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
刷新配置:
mysql > FLUSH PRIVILEGES;
你现在可以再次检查身份验证方法:
Input:
mysql > SELECT user,authentication_string,plugin,host FROM mysql.user;
Output:
+------------------+-------------------------------------------+-----------------------+-----------+
| user | authentication_string | plugin | host |
+------------------+-------------------------------------------+-----------------------+-----------+
| root | *3636DACC8616D997782ADD0839F92C1571D6D78F | mysql_native_password | localhost |
| mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| debian-sys-maint | *CC744277A401A7D25BE1CA89AFF17BF607F876FF | mysql_native_password | localhost |
+------------------+-------------------------------------------+-----------------------+-----------+
4 rows in set (0.00 sec)
退出控制台:
mysql > exit
可以去腾讯云开通免费的证书,开通完下载证书,解压出来复制 Nginx 文件夹里的两个证书文件,随便找个目录放进去,本文会放到/var/www/ssl
里面。
然后修改 Nginx 的配置文件,同时开启 Http 自动跳转 Https,以 abc.com 为例子:
server {
listen 80;
listen [::]:80;
server_name abc.com;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include ssl.conf;
ssl_certificate /var/www/ssl/1_www.abc.com_bundle.crt;
ssl_certificate_key /var/www/ssl/2_www.abc.com.key;
root /var/www/abc.com;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name abc.com;
location /.well-known/ { try_files $uri $uri/ =404; }
location ~ /\. { return 404; }
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
}
接下来重启 Nginx :
systemctl restart nginx
Ubuntu 16.04 / 18.04 使用 systemctl 管理服务,LNMP 中 service 名称分别为 nginx、mysql、php7.2-fpm
systemctl reload nginx
systemctl status php7.2-fpm
参考:
Ubuntu 18.04 快速配置 LNMP(LEMP) 环境
How To Install Linux, Nginx, MySQL, PHP (LEMP stack) in Ubuntu 18.04