前置操作
- 檢視安全組配置
- 關閉防火牆
ufw status # 檢視防火牆狀態 ufw disable # 關閉防火牆 ufw enable # 開啟防火牆 ufw allow 80/tcp # 開放 80/tcp 埠 ufw delete allow 80/tcp # 禁用 80/tcp 埠
安裝 PHP
apt update # 更新包管理器
apt install php7.4 php7.4-fpm # 安裝 php, php-fpm
php -v # 檢視 php 版本
php -m # 檢視 php 擴充套件安裝 Composer
# 下載 composer
php -r "readfile('https://getcomposer.org/installer');" | php
# 全域性安裝
mv composer.phar /usr/bin/composer
# 檢視版本
composer -v
# 更換為 aliyun 映象
composer config -g repo.packagist composer https://mirrors.aliyun.com/composer/最佳化 PHP-FPM
vim /etc/php/7.4/fpm/php-fpm.conf
# 修改
emergency_restart_threshold = 10
emergency_restart_interval = 1m
process_control_timeout = 10s
vim /etc/php/7.4/fpm/pool.d/www.conf
# 修改
pm = static
pm.max_children = 100
pm.start_servers = 20
pm.min_spare_servers = 10
pm.max_spare_servers = 30
pm.max_requests = 500
slowlog = /var/log/php-fpm-slow.log
request_slowlog_timeout = 5s安裝 Nginx
apt install nginx # 安裝 nginx
nginx -v # 檢視 nginx 版本
# 配置 https 證照
mkdir /etc/nginx/cert
openssl dhparam -dsaparam -out /etc/nginx/cert/dhparam.pem 4096
# 最佳化 nginx
vim /etc/nginx/nginx.conf
# 修改
user www-data;
pid /run/nginx.pid;
worker_processes auto;
worker_cpu_affinity 0001 0010 0100 1000;
worker_rlimit_nofile 655350;
include /etc/nginx/modules-enabled/*.conf;
events {
use epoll;
worker_connections 655350;
# multi_accept on;
}# laravel-api.conf 檔案配置
server {
listen 80;
server_name *.com;
index index.php;
root /data/prod/*/public/;
rewrite ^(.*)$ https://$host$1 permanent;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_index index.php;
try_files $uri $uri/ = 404;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
access_log off;
log_not_found off;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
}
server {
listen 443 ssl http2;
server_name *.com;
index index.php;
root /data/prod/*/public/;
ssl_dhparam /etc/nginx/cert/dhparam.pem;
ssl_certificate /etc/nginx/cert/*.com.pem;
ssl_certificate_key /etc/nginx/cert/*.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
access_log /var/log/nginx/prod/*-access.log;
error_log /var/log/nginx/prod/*-error.log;
location /
{
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$
{
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_index index.php;
try_files $uri $uri/ = 404;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
access_log off;
log_not_found off;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
}
# vue.conf 檔案配置
server {
listen 80;
server_name *.com;
index index.html;
root /data/prod/*/dist/;
rewrite ^(.*)$ https://$host$1 permanent;
location / {
root /data/prod/*/dist;
try_files $uri /index.html;
}
}
server {
listen 443 ssl http2;
server_name *.com;
index index.html;
root /data/prod/*/dist/;
ssl_dhparam /etc/nginx/cert/dhparam.pem;
ssl_certificate /etc/nginx/cert/*.com.pem;
ssl_certificate_key /etc/nginx/cert/*.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
access_log /var/log/nginx/prod/*-access.log;
error_log /var/log/nginx/prod/*-error.log;
location /
{
root /data/prod/*/dist;
try_files $uri /index.html;
}
location ~ ^/(images|javascript|js|css|flash|media|static)/
{
expires 1d;
access_log off;
log_not_found off;
}
}
配置 Nginx 與 PHP
1:
vim /etc/nginx/sites-available/default
# 增加 php 配置
location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_index index.php;
include fastcgi_params;
}2:
vim /etc/nginx/fastcgi_params
# 增加配置
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;3:
vim /etc/php/7.4/fpm/pool.d/www.conf
# 修改
listen = /var/run/php/php7.4-fpm.sock4:
vim /etc/php/7.4/fpm/php.ini
# 修改
cgi.fix_pathinfo=0安裝 Mysql8
# 安裝 mysql 服務, mysql 客戶端, mysql php 擴充套件
apt install mysql-server mysql-client php7.4-mysql
# 檢視 mysql 版本
mysql -V
# 進入 mysql (初始安裝 root 使用者無需密碼 可直接進入 或 sudo mysql 也可直接進入 mysql)
sudo mysql
# 重置密碼
alter user 'root'@'localhost' identified with mysql_native_password by '新密碼';
# 重新整理許可權
flush privileges;
# 檢視使用者資訊
use mysql;
select user, host from user;
# 新增遠端使用者登入
create user 'root'@'%' identified by '密碼';
grant all privileges on *.* to 'root'@'%' with grant option;
flush privileges;
# 修改 mysqld 配置檔案, 註釋掉 bind-addrerss = 127.0.0.1
vim /etc/mysql/mysql.conf.d/mysqld.cnf
# bind-address = 127.0.0.1安裝 Redis
# 安裝 redis
apt install redis
# 修改 redis 配置
vim /etc/redis/redis.conf
# bind 127.0.0.1 ::1 # 新增註釋 允許遠端訪問
daemonize yes # 由 no 改為 yes 允許後臺執行
requirepass 密碼 # 開啟註釋 新增訪問密碼啟動服務 設定開機啟動
# 檢視服務狀態
systemctl status nginx
# 啟動服務
systemctl start nginx
# 重啟服務
systemctl restart nginx
# 停止服務
systemctl stop nginx
# 開機啟動
systemctl enable nginx
# 檢視開機啟動狀態
systemctl is-enabled nginx
# nginx, php7.4-fpm, mysql, redis, 安裝 Laravel 佇列 程式監控器 Supervisor
vim /etc/supervisor/supervisord.conf
# 修改
; supervisor config file
[unix_http_server]
file=/var/run/supervisor.sock ; (the path to the socket file)
chmod=0700 ; sockef file mode (default 0700)
[supervisord]
loglevel=warn ;
logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP)
; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket
; The [include] section can just contain the "files" setting. This
; setting can list multiple files (separated by whitespace or
; newlines). It can also contain wildcards. The filenames are
; interpreted as relative to this file. Included files *cannot*
; include files themselves.
[include]
files = /etc/supervisor/conf.d/*.conf
# 新增配置檔案
vim /etc/superrvisor/conf.d/laravel-*.conf
[program:laravel-*]
process_name=%(program_name)s_%(process_num)02d
command=php /data/prod/*/artisan queue:work redis --sleep=60 --tries=2
autostart=true
autorestart=true
user=www-data
numprocs=8
redirect_stderr=true
stdout_logfile=/var/log/supervisor/laravel-*.log
# 啟動 supervisor
sudo supervisorctl reread
sudo supervisorctl update
sudo supervisorctl start laravel-*:*參考
ubuntu系統下安裝LNMP整合環境的詳細步驟
ubuntu20 安裝和配置mysql8.0.23
為高效能最佳化 PHP-FPM
阿里雲 Composer 全量映象
本作品採用《CC 協議》,轉載必須註明作者和本文連結