搜索到
2
篇与
的结果
-
基于Nginx的网站配置https强制访问 1. 前言之前的两篇文章简单记录了 Typecho 博客的搭建过程:1.基于Rocky Linux 8.10系统使用源码搭建LNMP环境,附加安装SQLite2.基于LNMP环境搭建Typecho博客但这里面因为是内网演示使用的是 http访问,不涉及任何 https 的设置。现在到处都能看到网站服务器使用 https ,说是安全性好,咱不懂,也没精力和技术去研究,也不知道咱这没流量的小破站需不需要那么高的安全性,服务器上也没啥重要数据,对安全性我到没那么高要求,毕竟不知道哪天就到期关闭了。。哈哈哈!但是话说回来,对不支持 https 的网站浏览器左上角会出现红色叉叉的 http 标识,实在是太扎眼了,既然都说 https 好,那咱也来折腾一下吧,努力把这个博客搞得好看一点,正规一点,虽说没啥内容,但看着高大上也是不错的。注:以下实验在阿里云轻量应用服务器完成,并非前两篇文章的内网实验,所以之前文中出现的内网IP 192.168.31.84 在本文中由域名 all.17zturn.com 代替,仅IP变化,其他参数配置一致。2. 申请免费的SSL证书要使网站支持 https 访问,首先得准备好 SSL 证书。别问我这是啥,我也不知道,专业的解释需要去专业的地方搜索,作为普通玩家,只要知道需要这么个东西就行了。首先这个证书的获取并不容易,专业的是需要收费的,且费用不低,好在现在为了推广使用 https,有许多机构推出了免费的证书申请,这里我使用的是大名鼎鼎的 Let's Encrypt。从这里申请的证书对专业用途有缺陷,有效期只有90天,但对普通玩家来说已经足够,反正到期可以再次申请新的证书,配置好脚本还可以自动进行申请。2.1. 安装ACME客户端引用官方的一段说明 Let's Encrypt 入门指南为了在您的网站上启用 HTTPS,您需要从证书颁发机构(CA)获取证书(一种文件)。 Let’s Encrypt 正是其中一家证书颁发机构。 要从 Let’s Encrypt 获取您网站域名的证书,您必须证明您对域名的实际控制权。 这一过程通常由 Web 主机上运行的 ACME 协议客户端完成。官网推荐的 AME 协议客户端是 Certbot。但是我这里选用的是acme.sh,其他更多客户端可参考官网提供的客户端列表ACME 客户端。acme.sh 的安装特别简单,以下操作都以 root 用户执行# email字段需要替换为自己的邮箱地址 curl https://get.acme.sh | sh -s email=nopoetry@outlook.com安装后的文件存放在 ~/.acme.sh 目录下,根据项目介绍,后续所有操作的修改都在这个文件内完成,不会污染其他系统文件。安装完成后,推荐关闭终端并重新启动新终端,这样可以直接使用 acme.sh 命令而不用加上繁琐的路径。2.2. 申请证书设置默认ca服务器( acme.sh 脚本默认ca服务器是 zerossl ,经常出错,会导致获取证书的时候一直出现:Pending, The CA is processing your order, please just wait.)acme.sh --set-default-ca --server letsencrypthttp方式验证域名(需保证 acme.sh 客户端与网站内容在同一服务器上)# -d参数指定域名(若要申请泛域名证书,必须明确指定一条二级域名,这里是17zturn.com) # --webroot参数需要替换为自己的网站根目录 acme.sh --issue -d 17zturn.com \ -d www.17zturn.com \ -d all.17zturn.com \ --webroot /var/www/html/typecho这里 acme.sh 客户端会在网站根目录下创建一个验证文件并完成自动验证,验证通过即会自动生成证书。2.3. 安装证书需要使用 acme.sh 客户端自带的命令来安装证书,不可直接使用 ~/.acme.sh 目录下的证书文件# -d参数指定域名(这里直接使用泛域名证书) # --key-file 和 --fullchain-file 指定证书安装路径 # --reloadcmd参数指定nginx服务器重载配置的命令,这样在安装证书后会自动调用重载命令使网站使用新的证书 acme.sh --install-cert \ -d 17zturn.com \ --key-file /etc/ssl/17zturn.com/key.pem \ --fullchain-file /etc/ssl/17zturn.com/fullchain.pem \ --reloadcmd "systemctl reload nginx"3. 配置Nginx支持https3.1 http强制跳转https配置 http 强制跳转 https 后,这样即使在浏览器输入 http://all.17zturn.com 也会自动跳转到 https://all.17zturn.com 页面。编辑博客站点的nginx配置文件sudo vi /usr/local/nginx/conf/vhosts/typecho.conf将原来的 server 块的内容注释掉,修改后的所有内容如下server { listen 80; server_name all.17zturn.com; access_log /usr/local/nginx/logs/typecho.access.log combined; return 301 https://$server_name$request_uri; }3.2 https配置增加博客站点新的https的配置sudo vi /usr/local/nginx/conf/vhosts/typecho-https.conf编辑内容如下server { listen 443 ssl default_server; server_name all.17zturn.com; access_log /usr/local/nginx/logs/typecho.access.log combined; root /var/www/html/typecho; index index.php index.html index.htm; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_certificate /etc/ssl/17zturn.com/fullchain.pem; ssl_certificate_key /etc/ssl/17zturn.com/key.pem; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_prefer_server_ciphers on; if (!-e $request_filename) { rewrite ^(.*)$ /index.php$1 last; } location / { if (-f $request_filename/index.html){ rewrite (.*) $1/index.html break; } if (-f $request_filename/index.php){ rewrite (.*) $1/index.php; } if (!-f $request_filename){ rewrite (.*) /index.php; } } location ~ .*\.php(\/.*)*$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }重新加载 nginxsudo systemctl reload nginx浏览器访问 https://all.17zturn.com 能成功显示博客即说明配置成功。 -
基于Rocky Linux 8.10系统使用源码搭建LNMP环境,附加安装SQLite 1. 环境说明标识说明相关链接LRocky Linux x86_64官方网站下载页面8.10 DVD版镜像下载地址8.10 Boot版镜像下载地址8.10 Mininal版镜像下载地址NNginx官方网站下载页面1.26.1下载地址MMySQL x86_64官方网站社区版下载页面8.0.39下载地址8.4.2LTS下载地址PPHP官方网站7.4.33下载地址8.2.22下载地址SSQLite官方网站下载页面3.46.0下载地址2. Rocky Linux此处使用 Rocky-8.10-x86_64-boot.iso 镜像进行网络安装,这样可同步软件仓库安装最新版本。国内镜像下载地址:mirrors.ustc.edu.cn Rocky-8.10-x86_64-boot.iso2.1. 虚拟机安装过程演示安装系统启动界面选择安装界面语言安装位置 Installation Destination网络配置 Network & Host Name软件安装源 Installation Source选择 https,输入 mirrors.ustc.edu.cn/rocky/8.10/BaseOS/x86_64/os软件选择 Software Selection语言支持 Language Support时间 Time & Date设置root用户密码 Root Password安装信息汇总 Installation Summary开始安装 Begin Installation完成安装2.2. 系统简单配置添加 devuser 用户,并自动创建家目录 /home/devuser,这里可以按各自喜好自定义用户名,不推荐直接使用 root 用户操作命令useradd devuser -m -s /bin/bash修改密码passwd devuser添加到用户组 wheel 以便后续使用 sudo 命令来执行一些需要管理员权限的命令usermod -aG wheel devuser注:后续操作登录到用户 devuser 执行,需要管理员权限的命令使用 sudo 执行配置 EPEL 软件仓库sudo dnf config-manager --set-enabled powertoolssudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm安装基本开发工具sudo dnf install gcc gcc-c++ gdb make cmake automake autoconf perl perl-devel python36 python36-devel git vim创建工作区目录mkdir -p /home/devuser/workspace/lnmp3. Nginx3.1. 安装下载wget -P /home/devuser/workspace/lnmp/ https://nginx.org/download/nginx-1.26.1.tar.gz解压tar -xf /home/devuser/workspace/lnmp/nginx-1.26.1.tar.gz -C /home/devuser/workspace/lnmp/安装依赖包sudo dnf install pcre pcre-utf16 pcre-utf32 pcre-devel \ pcre2 pcre2-utf16 pcre2-utf32 pcre2-devel openssl openssl-devel \ libxml2 libxml2-devel libxslt libxslt-devel gd gd-devel \ GeoIP GeoIP-devel gperftools gperftools-devel \ libatomic_ops libatomic_ops-devel编译配置cd /home/devuser/workspace/lnmp/nginx-1.26.1/./configure --prefix=/usr/local/nginx --builddir=build-out \ --user=www-data --group=www-data \ --with-select_module --with-poll_module --with-threads --with-file-aio \ --with-http_ssl_module --with-http_v2_module --with-http_v3_module \ --with-http_realip_module --with-http_addition_module \ --with-http_xslt_module=dynamic \ --with-http_image_filter_module=dynamic \ --with-http_geoip_module=dynamic \ --with-http_sub_module --with-http_dav_module --with-http_flv_module \ --with-http_mp4_module --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_auth_request_module --with-http_random_index_module \ --with-http_secure_link_module --with-http_degradation_module \ --with-http_slice_module --with-http_stub_status_module \ --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module \ --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module \ --with-stream_geoip_module=dynamic --with-stream_ssl_preread_module \ --with-google_perftools_module --with-cpp_test_module \ --with-compat --with-pcre --with-libatomic编译make安装sudo make install3.2. 配置添加 www-data 用户sudo useradd www-data -M -s /sbin/nologin创建虚拟主机配置文件夹,便于分别管理sudo mkdir /usr/local/nginx/conf/vhosts编辑 nginx 主配置文件sudo vi /usr/local/nginx/conf/nginx.conf修改内容如下 user www-data www-data; worker_processes auto; error_log /usr/local/nginx/logs/error.log; #error_log /usr/local/nginx/logs/error.log notice; #error_log /usr/local/nginx/logs/error.log info; pid /usr/local/nginx/logs/nginx.pid; events { worker_connections 1024; } http { include /usr/local/nginx/conf/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /usr/local/nginx/logs/access.log main; sendfile on; tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; gzip on; include /usr/local/nginx/conf/vhosts/*.conf; }添加默认虚拟主机配置(实际是拷贝的默认配置,只是简单做了个拆分)sudo vi /usr/local/nginx/conf/vhosts/defautl.conf内容如下server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #}检测配置文件是否有无问题sudo /usr/local/nginx/sbin/nginx -t编写 systemd 脚本,以便后续管理服务sudo vi /usr/lib/systemd/system/nginx.service内容如下[Unit] Description=The nginx HTTP and reverse proxy server After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/usr/local/nginx/logs/nginx.pid ExecStartPre=/usr/bin/rm -f /usr/local/nginx/logs/nginx.pid ExecStartPre=/usr/local/nginx/sbin/nginx -t ExecStart=/usr/local/nginx/sbin/nginx ExecReload=/usr/local/nginx/sbin/nginx -s reload ExecStop=/usr/local/nginx/sbin/nginx -s quit RestartSec=20 Restart=always [Install] WantedBy=multi-user.target设置开机启动sudo systemctl enable nginx.service启动服务sudo systemctl start nginx.service开启了 firewalld 防火墙的系统需要放行 http 、https 流量sudo firewall-cmd --permanent --zone=public --add-service=httpsudo firewall-cmd --permanent --zone=public --add-service=httpssudo firewall-cmd --reload浏览器访问 http://192.168.31.84 (需替换自己实际服务器ip)出现如下欢迎页面即表示安装成功4. MySQL4.1. 安装下载wget -P /home/devuser/workspace/lnmp/ https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-8.0.39-linux-glibc2.28-x86_64.tar.xz解压sudo tar -xf /home/devuser/workspace/lnmp/mysql-8.0.39-linux-glibc2.28-x86_64.tar.xz -C /usr/local/创建一个短文件名的软连接,方便输入sudo ln -s /usr/local/mysql-8.0.39-linux-glibc2.28-x86_64/ /usr/local/mysql4.2. 配置添加 mysql 用户sudo useradd mysql -M -s /sbin/nologin创建数据库目录sudo mkdir /usr/local/mysql/data修改数据库目录所有者为 mysql 用户sudo chown -R mysql:mysql /usr/local/mysql/data/编辑数据库配置文件 my.cnfsudo vi /etc/my.cnf内容如下,其中 basedir 代表 mysql 安装的目录, datadir 代表之前创建的数据库目录,参数需按实际情况修改[client] port = 3306 socket = /tmp/mysql.sock [mysql] port = 3306 socket = /tmp/mysql.sock [mysqld_safe] user = mysql port = 3306 basedir = /usr/local/mysql datadir = /usr/local/mysql/data socket = /tmp/mysql.sock pid_file = /tmp/mysql.pid log_error = /usr/local/mysql/data/error.log [mysqld] user = mysql port = 3306 server_id = 1 basedir = /usr/local/mysql datadir = /usr/local/mysql/data socket = /tmp/mysql.sock pid_file = /tmp/mysql.pid character_set_server = utf8mb4 collation-server = utf8mb4_unicode_ci init_connect = 'SET NAMES utf8mb4' skip_name_resolve = ON default_time_zone = '+8:00' explicit-defaults-for-timestamp = ON tls-version = TLSv1.2 lower-case-table-names = 1 max_allowed_packet = 16M #performance setttings lock_wait_timeout = 3600 open_files_limit = 65535 back_log = 1024 max_connections = 512 max_connect_errors = 1000000 table_open_cache = 1024 table_definition_cache = 1024 thread_stack = 512K sort_buffer_size = 16M join_buffer_size = 16M read_buffer_size = 8M read_rnd_buffer_size = 16M bulk_insert_buffer_size = 64M thread_cache_size = 768 interactive_timeout = 600 wait_timeout = 600 tmp_table_size = 96M max_heap_table_size = 96M #log settings log_timestamps = SYSTEM log_error = /usr/local/mysql/data/error.log log_error_verbosity = 3 slow_query_log = ON slow_query_log_file = /usr/local/mysql/data/slow.log long_query_time = 0.5 log_queries_not_using_indexes = ON log_throttle_queries_not_using_indexes = 60 min_examined_row_limit = 100 log_slow_admin_statements = ON log_slow_slave_statements = ON log_bin = /usr/local/mysql/data/mybinlog binlog_format = ROW sync_binlog = 1 binlog_cache_size = 4M max_binlog_cache_size = 2G max_binlog_size = 1G binlog_rows_query_log_events = ON binlog_expire_logs_seconds = 604800 #expire_logs_days = 7 binlog_checksum = CRC32 gtid_mode = ON enforce_gtid_consistency = TRUE #myisam settings key_buffer_size = 15M myisam_sort_buffer_size = 128M [mysqldump] quick初始化数据库sudo /usr/local/mysql/bin/mysqld --defaults-file=/etc/my.cnf --initialize --user=mysql执行完后无任何输出,查看日志sudo vi /usr/local/mysql/data/error.log查找 password 关键字有如下信息即表示数据库初始化成功,此时 root 用户的临时密码为 cJ1p/Tf4Q5Bt2024-08-04T01:10:30.696376Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: cJ1p/Tf4Q5Bt编写 systemd 脚本,以便后续管理服务sudo vi /usr/lib/systemd/system/mysqld.service内容如下[Unit] Description=MySQL 8.0.39 database server After=syslog.target network.target [Service] Type=forking User=mysql Group=mysql ExecStart=/usr/local/mysql/support-files/mysql.server start ExecStop=/usr/local/mysql/support-files/mysql.server stop ExecReload=/usr/local/mysql/support-files/mysql.server restart RestartSec=300 Restart=always [Install] WantedBy=multi-user.target修改 mysql.server 脚本sudo vi /usr/local/mysql/support-files/mysql.server按需修改以下参数,需与 my.cnf 里的参数一致basedir=/usr/local/mysql datadir=/usr/local/mysql/data mysqld_pid_file_path=/tmp/mysql.pid设置开机启动sudo systemctl enable mysqld.service启动服务sudo systemctl start mysqld.service执行安全安装/usr/local/mysql/bin/mysql_secure_installation4.3. 创建测试数据库在本地以 root 用户登录数据库/usr/local/mysql/bin/mysql -u root -p创建数据库名为 test_db 的测试数据库create database if not exists test_db default charset utf8mb4 collate utf8mb4_unicode_ci;创建用户名为 test_user,密码为 test_user@test_db 的测试用户create user 'test_user'@'%' identified by 'test_user@test_db';授予操作权限grant all privileges on test_db.* to 'test_user'@'%';更新权限flush privileges;5. SQLite5.1. 安装下载wget -P /home/devuser/workspace/lnmp/ https://www.sqlite.org/2024/sqlite-autoconf-3460000.tar.gz解压tar -xf /home/devuser/workspace/lnmp/sqlite-autoconf-3460000.tar.gz -C /home/devuser/workspace/lnmp/编译配置cd /home/devuser/workspace/lnmp/sqlite-autoconf-3460000/./configure --prefix=/usr/local/sqlite --exec-prefix=/usr/local/sqlite \ --libdir=/usr/local/lib64 --enable-shared --enable-static \ --enable-readline --enable-threadsafe \ --enable-dynamic-extensions --enable-math \ --enable-fts4 --enable-fts3 --enable-fts5 --enable-rtree \ --enable-session --enable-static-shell编译make安装sudo make install6. PHP6.1. 安装下载wget -P /home/devuser/workspace/lnmp/ https://www.php.net/distributions/php-8.2.22.tar.gz解压tar -xf /home/devuser/workspace/lnmp/php-8.2.22.tar.gz -C /home/devuser/workspace/lnmp/安装依赖包sudo dnf install systemd systemd-devel curl libcurl-devel \ enchant enchant-devel libffi-devel libavif libavif-devel libavif-tools \ gmp gmp-devel icu libicu-devel openldap openldap-devel \ oniguruma oniguruma-devel aspell aspell-devel readline readline-devel \ ncurses ncurses-devel net-snmp net-snmp-devel libsodium libsodium-devel \ argon2 libargon2 libargon2-devel tidy libtidy libtidy-devel \ zip libzip libzip-devel libzip-tools编译配置cd /home/devuser/workspace/lnmp/php-8.2.22/./configure --prefix=/usr/local/php/8.2.22 \ --exec-prefix=/usr/local/php/8.2.22 \ --enable-embed --enable-fpm --with-fpm-user=www-data \ --with-fpm-group=www-data --with-fpm-systemd \ --enable-phpdbg --enable-phpdbg-readline --enable-zts --enable-sigchild \ --with-openssl --with-kerberos --with-system-ciphers \ --with-zlib --enable-bcmath --with-bz2 --enable-calendar \ --with-curl --with-enchant --enable-exif --with-ffi \ --enable-ftp --with-openssl-dir --enable-gd --with-avif --with-webp \ --with-jpeg --with-xpm --with-freetype --enable-gd-jis-conv \ --with-gettext --with-gmp --with-mhash --enable-intl \ --with-ldap --with-ldap-sasl --enable-mbstring --with-mysqli \ --with-mysql-sock --enable-pcntl --with-pdo-mysql --with-zlib-dir \ --with-pspell --with-pdo-sqlite --with-readline --enable-shmop \ --with-snmp --enable-soap --enable-sockets --with-sodium \ --with-password-argon2 --enable-sysvmsg --enable-sysvsem --enable-sysvshm \ --with-tidy --with-xsl --enable-zend-test --with-zip --enable-mysqlnd \ --with-pear PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig:$PKG_CONFIG_PATH \ --with-libdir=lib64编译make -j4编译测试make test安装sudo make install6.2. 配置复制 php.ini 配置文件sudo cp /home/devuser/workspace/lnmp/php-8.2.22/php.ini-development /usr/local/php/8.2.22/lib/php.ini编辑 php.ini 配置文件sudo vi /usr/local/php/8.2.22/lib/php.ini以下参数按需修改date.timezone = Asia/Shanghai upload_max_filesize = 10M post_max_size = 10M memory_limit = 256M include_path = ".:/usr/local/php/8.2.22/include:/usr/local/php/8.2.22/lib/php" disable_functions = passthru,exec,system,chroot,chgrp,chown,shell_exec,proc_open,proc_get_status,popen,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server复制 php-fpm 相关配置文件sudo cp /usr/local/php/8.2.22/etc/php-fpm.conf.default /usr/local/php/8.2.22/etc/php-fpm.confsudo cp /usr/local/php/8.2.22/etc/php-fpm.d/www.conf.default /usr/local/php/8.2.22/etc/php-fpm.d/www.conf复制 systemd 脚本(启用 --with-fpm-systemd 参数后编译自动生成该脚本)sudo cp /home/devuser/workspace/lnmp/php-8.2.22/sapi/fpm/php-fpm.service /usr/lib/systemd/system/修改脚本 ProtectSystem 参数,否则后续无法启动sudo vi /usr/lib/systemd/system/php-fpm.service参数修改为如下ProtectSystem=off设置开机启动sudo systemctl enable php-fpm.service启动服务sudo systemctl start php-fpm.service7. 测试编写测试网页sudo vi /usr/local/nginx/html/test.php内容如下<?php phpinfo(); ?>配置 nginx 以支持 phpsudo cp /usr/local/nginx/conf/vhosts/defautl.conf /usr/local/nginx/conf/vhosts/defautl.conf.baksudo vi /usr/local/nginx/conf/vhosts/defautl.conf修改后的内容如下server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ { root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} 重新加载 nginx 配置sudo systemctl reload nginx浏览器访问 http://192.168.31.84/test.php (需替换自己实际服务器ip)出现如下php页面即表示安装成功8. 出现的问题及解决方法汇总8.1. 编译类8.1.1. nginx问题1:checking for PCRE2 library ... not found checking for PCRE library ... not found checking for PCRE library in /usr/local/ ... not found checking for PCRE library in /usr/include/pcre/ ... not found checking for PCRE library in /usr/pkg/ ... not found checking for PCRE library in /opt/local/ ... not found checking for PCRE library in /opt/homebrew/ ... not found ./configure: error: the HTTP rewrite module requires the PCRE library. You can either disable the module by using --without-http_rewrite_module option, or install the PCRE library into the system, or build the PCRE library statically from the source with nginx by using --with-pcre=<path> option.解决:sudo dnf install pcre pcre-utf16 pcre-utf32 pcre-devel pcre2 pcre2-utf16 pcre2-utf32 pcre2-devel问题2:checking for OpenSSL library ... not found checking for OpenSSL library in /usr/local/ ... not found checking for OpenSSL library in /usr/pkg/ ... not found checking for OpenSSL library in /opt/local/ ... not found checking for OpenSSL library in /opt/homebrew/ ... not found ./configure: error: SSL modules require the OpenSSL library. You can either do not enable the modules, or install the OpenSSL library into the system, or build the OpenSSL library statically from the source with nginx by using --with-openssl=<path> option.解决:sudo dnf install openssl openssl-devel问题3:checking for libxslt ... not found checking for libxslt in /usr/local/ ... not found checking for libxslt in /usr/pkg/ ... not found checking for libxslt in /opt/local/ ... not found ./configure: error: the HTTP XSLT module requires the libxml2/libxslt libraries. You can either do not enable the module or install the libraries.解决:sudo dnf install libxml2 libxml2-devel libxslt libxslt-devel问题4:checking for GD library ... not found checking for GD library in /usr/local/ ... not found checking for GD library in /usr/pkg/ ... not found checking for GD library in /opt/local/ ... not found checking for GD library in /opt/homebrew/ ... not found ./configure: error: the HTTP image filter module requires the GD library. You can either do not enable the module or install the libraries.解决:sudo dnf install gd gd-devel问题5:checking for GeoIP library ... not found checking for GeoIP library in /usr/local/ ... not found checking for GeoIP library in /usr/pkg/ ... not found checking for GeoIP library in /opt/local/ ... not found checking for GeoIP library in /opt/homebrew/ ... not found ./configure: error: the GeoIP module requires the GeoIP library. You can either do not enable the module or install the library.解决:sudo dnf install GeoIP GeoIP-devel问题6:checking for Google perftools ... not found checking for Google perftools in /usr/local/ ... not found checking for Google perftools in /opt/local/ ... not found checking for Google perftools in /opt/homebrew/ ... not found ./configure: error: the Google perftools module requires the Google perftools library. You can either do not enable the module or install the library.解决:sudo dnf install gperftools gperftools-devel问题7:checking for atomic_ops library ... not found ./configure: error: libatomic_ops library was not found.解决:sudo dnf install libatomic_ops libatomic_ops-devel8.1.2. php问题1:checking for libsystemd >= 209... no configure: error: Package requirements (libsystemd >= 209) were not met: Package 'libsystemd', required by 'virtual:world', not found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables SYSTEMD_CFLAGS and SYSTEMD_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.解决:sudo dnf install systemd systemd-devel问题2:checking for sqlite3 >= 3.7.7... no configure: error: Package requirements (sqlite3 >= 3.7.7) were not met: Package 'sqlite3', required by 'virtual:world', not found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables SQLITE_CFLAGS and SQLITE_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.解决:前面的 SQLite 编译后生成的库文件被指定安装在 /usr/local/lib64 目录下,在对 php 进行编译配置时可在 configure 执行的参数中加入 PKG_CONFIG_PATH 变量来包含该目录,这样 pkg-config 工具才会找到对应库文件的pc文件,形式如下:./configure xxx \ xxx \ PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig:$PKG_CONFIG_PATH问题3:configure: error: Package requirements (libcurl >= 7.29.0) were not met: Package 'libcurl', required by 'virtual:world', not found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables CURL_CFLAGS and CURL_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.v解决:sudo dnf install curl libcurl-devel问题4:checking for enchant-2... no configure: WARNING: libenchant-2 not found trying with old libenchant checking for enchant >= 1.4.2... no configure: error: Package requirements (enchant >= 1.4.2) were not met: Package 'enchant', required by 'virtual:world', not found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables ENCHANT_CFLAGS and ENCHANT_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.解决:sudo dnf install enchant enchant-devel问题5:checking for libffi >= 3.0.11... no configure: error: Package requirements (libffi >= 3.0.11) were not met: Package 'libffi', required by 'virtual:world', not found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables FFI_CFLAGS and FFI_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.解决:sudo dnf install libffi-devel问题6:checking for libavif >= 0.8.2... no configure: error: Package requirements (libavif >= 0.8.2) were not met: Package 'libavif', required by 'virtual:world', not found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables AVIF_CFLAGS and AVIF_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.解决:sudo dnf install libavif libavif-devel libavif-tools问题7:checking for __gmpz_rootrem in -lgmp... no configure: error: GNU MP Library version 4.2 or greater required.解决:sudo dnf install gmp gmp-devel问题8:checking for icu-uc >= 50.1 icu-io icu-i18n... no configure: error: Package requirements (icu-uc >= 50.1 icu-io icu-i18n) were not met: Package 'icu-uc', required by 'virtual:world', not found Package 'icu-io', required by 'virtual:world', not found Package 'icu-i18n', required by 'virtual:world', not found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables ICU_CFLAGS and ICU_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.解决:sudo dnf install icu libicu-devel问题9:configure: error: Cannot find ldap.h解决:sudo dnf install openldap openldap-devel问题10:configure: error: Cannot find ldap libraries in /usr/lib.解决:在64位系统下,安装 ldap 时其库文件安装在64位库目录下,如 /usr/lib64 ,在对 php 进行编译配置时在 configure 执行的参数中加入 --with-libdir=lib64 即可,形式如下:./configure xxx \ xxx \ --with-libdir=lib64问题11:checking for oniguruma... no configure: error: Package requirements (oniguruma) were not met: Package 'oniguruma', required by 'virtual:world', not found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables ONIG_CFLAGS and ONIG_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.解决:sudo dnf install oniguruma oniguruma-devel问题12:configure: error: Cannot find pspell解决:sudo dnf install aspell aspell-devel问题13:configure: error: Please reinstall readline - I cannot find readline.h解决:sudo dnf install readline readline-devel ncurses ncurses-devel问题14:configure: error: cannot find mm library解决:需要手工安装 mm 库,或者取消 configure 中 --with-mm 参数(与参数 --enable-zts 冲突,二选一)。手工安装主要过程如下:# 官网下载,速度极慢,甚至连接不上 wget -P /home/devuser/workspace/lnmp/ ftp://ftp.ossp.org/pkg/lib/mm/mm-1.4.2.tar.gz # 其他镜像备份网站下载 推荐 wget -P /home/devuser/workspace/lnmp/ https://www.mirrorservice.org/sites/ftp.ossp.org/pkg/lib/mm/mm-1.4.2.tar.gz # 解压 tar -xf /home/devuser/workspace/lnmp/mm-1.4.2.tar.gz -C /home/devuser/workspace/lnmp/ # 编译及安装 cd /home/devuser/workspace/lnmp/mm-1.4.2/ ./configure --prefix=/usr/local --exec-prefix=/usr/local --libdir=/usr/local/lib64 make sudo make install问题15:checking for net-snmp-config... no configure: error: Could not find net-snmp-config binary. Please check your net-snmp installation.解决:sudo dnf install net-snmp net-snmp-devel问题16:checking for libsodium >= 1.0.8... no configure: error: Package requirements (libsodium >= 1.0.8) were not met: Package 'libsodium', required by 'virtual:world', not found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables LIBSODIUM_CFLAGS and LIBSODIUM_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.解决:sudo dnf install libsodium libsodium-devel问题17:checking for libargon2... no configure: error: Package requirements (libargon2) were not met: Package 'libargon2', required by 'virtual:world', not found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables ARGON2_CFLAGS and ARGON2_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.解决:sudo dnf install argon2 libargon2 libargon2-devel问题18:configure: error: Cannot find libtidy解决:sudo dnf install tidy libtidy libtidy-devel问题19:checking for libzip >= 0.11 libzip != 1.3.1 libzip != 1.7.0... no configure: error: Package requirements (libzip >= 0.11 libzip != 1.3.1 libzip != 1.7.0) were not met: Package 'libzip', required by 'virtual:world', not found Package 'libzip', required by 'virtual:world', not found Package 'libzip', required by 'virtual:world', not found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables LIBZIP_CFLAGS and LIBZIP_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.解决:sudo dnf install zip libzip libzip-devel libzip-tools8.2. 运行类8.2.1. php问题1:[devuser@linux php-8.2.22]$ sudo systemctl start php-fpm.service [sudo] password for devuser: Job for php-fpm.service failed because the control process exited with error code. See "systemctl status php-fpm.service" and "journalctl -xe" for details. [devuser@linux php-8.2.22]$解决:查看服务状态systemctl status php-fpm.service显示如下信息● php-fpm.service - The PHP FastCGI Process Manager Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sun 2024-08-04 16:07:51 CST; 3min 27s ago Process: 591211 ExecStart=/usr/local/php/8.2.22/sbin/php-fpm --nodaemonize --fpm-config /usr/local/php/8.2.22/etc/php-fpm.conf (code=exited, status=78) Main PID: 591211 (code=exited, status=78) Aug 04 16:07:51 linux systemd[1]: Starting The PHP FastCGI Process Manager... Aug 04 16:07:51 linux php-fpm[591211]: [04-Aug-2024 16:07:51] ERROR: failed to open error_log (/usr/local/php/8.2.22/var/log/php-fpm.log): Read-only file system (30) Aug 04 16:07:51 linux php-fpm[591211]: [04-Aug-2024 16:07:51] ERROR: failed to post process the configuration Aug 04 16:07:51 linux php-fpm[591211]: [04-Aug-2024 16:07:51] ERROR: FPM initialization failed Aug 04 16:07:51 linux systemd[1]: php-fpm.service: Main process exited, code=exited, status=78/CONFIG Aug 04 16:07:51 linux systemd[1]: php-fpm.service: Failed with result 'exit-code'. Aug 04 16:07:51 linux systemd[1]: Failed to start The PHP FastCGI Process Manager.其中关键字 Read-only file system 很特殊,大概率不是文件权限问题,经过查阅资料,发现这是编译生成的 systemd 脚本中一个参数值引起的,查看脚本可以看到如下信息# Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit. ProtectSystem=full看下该字段的解释,引用自https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#ProtectSystem=ProtectSystem= Takes a boolean argument or the special values "full" or "strict". If true, mounts the /usr/ and the boot loader directories (/boot and /efi) read-only for processes invoked by this unit. If set to "full", the /etc/ directory is mounted read-only, too. If set to "strict" the entire file system hierarchy is mounted read-only, except for the API file system subtrees /dev/, /proc/ and /sys/ (protect these directories using PrivateDevices=, ProtectKernelTunables=, ProtectControlGroups=). This setting ensures that any modification of the vendor-supplied operating system (and optionally its configuration, and local mounts) is prohibited for the service. It is recommended to enable this setting for all long-running services, unless they are involved with system updates or need to modify the operating system in other ways. If this option is used, ReadWritePaths= may be used to exclude specific directories from being made read-only. Similar, StateDirectory=, LogsDirectory=, … and related directory settings (see below) also exclude the specific directories from the effect of ProtectSystem=. This setting is implied if DynamicUser= is set. This setting cannot ensure protection in all cases. In general it has the same limitations as ReadOnlyPaths=, see below. Defaults to off. Added in version 214.当设置为 full 时,php-fpm进程将 /usr、/boot、/etc 目录以只读模式挂载,所以此时出现了该问题,将其修改为 off 即可解决。sudo vi /usr/lib/systemd/system/php-fpm.service参数修改为如下ProtectSystem=off重新加载修改后的 systemd 脚本sudo systemctl daemon-reload重新启动 php-fpm 即可sudo systemctl start php-fpm.service
