这个周末上线一个帮朋友做的网站,遇到挺多坑,记录一下

上线前准备

购买服务器,目前选择的是阿里云服务器,选择的是入门型1核1G实例

  • 目前没什么活动,三年1400软妹币

配置SSH连接

  • 增加本机ssh连接配置,一般激活实例后,ssh的22端口是默认开放的,可以直接通过root用户进行登录配置部署环境
  • 登录到服务器后,将自己的公钥加入到 ~/.ssh/authorized_keys 配置文件中就可直接通过秘钥进行登录

服务器配置

  • 服务器系统版本:CentOS Linux release 7.4.1708 (Core)
  • 内存:1G
  • CPU:1核
  • 硬盘:40G

上线流程 - 环境搭建

安装Mysql5.5

因为服务器配置有点低,所以这边选择安装比较低的mysql版本。从CentOS 7.0发布以来,yum源中开始使用mariadb来代替MySQL的安装。即使你输入的是yum install mysql , 显示的也是mariadb的安装内容,因此,如果使用yum安装MySQL的话,就需要去下载官方指定的yum源。
网址: https://dev.mysql.com/downloads/repo/yum/

先卸载mariadb,查看mariadb是否已经安装

  [root@iZbp17dq2xryqoixibq5u1Z ~]#  yum list installed | grep mariadb
  mariadb-libs.x86_64                     1:5.5.56-2.el7                 @anaconda

进行卸载

  [root@iZbp17dq2xryqoixibq5u1Z ~]# yum -y remove mariadb*
  Loaded plugins: fastestmirror
  Resolving Dependencies
  ......    **省略过程**

  Removed:
    mariadb-libs.x86_64 1:5.5.56-2.el7

  Dependency Removed:
    postfix.x86_64 2:2.10.1-6.el7                                                                redhat-lsb-core.x86_64 0:4.1-27.el7.centos.1

  Complete!

获取yum源和数据库安装(官方指南

  wget http://repo.mysql.com/yum/mysql-5.5-community/el/6/x86_64/mysql-community-release-el6-5.noarch.rpm   #MySQL5.5yum源

安装yum源

  rpm -ivh mysql-5.5-community/el/6/x86_64/mysql-community-release-el6-5.noarch.rpm 

安装好yum源后,需要修改一下配置文件,文件路径在 /etc/yum.repos.d/mysql-community.repo,要将5.5的enabled改为1,而5.6的enabled改为0

  # Enable to use MySQL 5.5
  [mysql55-community]
  name=MySQL 5.5 Community Server
  baseurl=http://repo.mysql.com/yum/mysql-5.5-community/el/6/$basearch/
  enabled=1
  gpgcheck=1
  gpgkey=file:/etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

  # Enable to use MySQL 5.6
  [mysql56-community]
  name=MySQL 5.6 Community Server
  baseurl=http://repo.mysql.com/yum/mysql-5.6-community/el/6/$basearch/
  enabled=0
  gpgcheck=1
  gpgkey=file:/etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

  # Note: MySQL 5.7 is currently in development. For use at your own risk.
  # Please read with sub pages: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/
  [mysql57-community-dmr]
  name=MySQL 5.7 Community Server Development Milestone Release
  baseurl=http://repo.mysql.com/yum/mysql-5.7-community/el/6/$basearch/
  enabled=0
  gpgcheck=1
  gpgkey=file:/etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

修改后保存退出,开始安装MySQL。在安装之前,可以查看下是否已有MySQL可安装文件

  [root@iZbp17dq2xryqoixibq5u1Z ~]# yum repolist enabled | grep "mysql.*-community.*"
  mysql-connectors-community/x86_64 MySQL Connectors Community                  49
  mysql-tools-community/x86_64      MySQL Tools Community                       61
  mysql55-community/x86_64          MySQL 5.5 Community Server                 449

安装mysql

  # 安装client,devel,server
  yum install mysql-community-client mysql-community-devel mysql-community-server

安装完毕后,可以查看下当前mysql版本

  [root@iZbp17dq2xryqoixibq5u1Z ~]# rpm -qi mysql-community-server
  Name        : mysql-community-server
  Version     : 5.5.60
  Release     : 2.el6
  Architecture: x86_64
  Install Date: 2018年05月05日 星期六 16:26:00
  ......

启动mysql

执行 service mysqld start 启动mysql

  [root@iZbp17dq2xryqoixibq5u1Z ~]# service mysqld start
  Starting mysqld (via systemctl):                           [  OK  ]

ok,mysql安装完毕

常用命令:

systemctl start mysqld #启动mysqld

systemctl stop mysqld #停止mysqld

systemctl restart mysqld #重启mysqld

systemctl enable mysqld #设置开机启动

systemctl status mysqld #查看 MySQL Server 状态

数据库安全设置
设置mysql root账户密码

  # mysqladmin -u root password 'new password'

重新登录mysql报如下错误

  ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

执行如下命令进行解决

  [root@iZbp17dq2xryqoixibq5u1Z ~]# systemctl stop mysqld       **关闭mysql服务**
  [root@iZbp17dq2xryqoixibq5u1Z ~]# mysqld --user=root --skip-grant-tables &        **关闭skip-grant-tables**
  [1] 32163
  [root@iZbp17dq2xryqoixibq5u1Z ~]# 180505 16:57:08 [Note] mysqld (mysqld 5.5.60) starting as process 32163 ...
  180505 16:57:08 [Note] Plugin 'FEDERATED' is disabled.
  180505 16:57:08 InnoDB: The InnoDB memory heap is disabled
  180505 16:57:08 InnoDB: Mutexes and rw_locks use GCC atomic builtins
  180505 16:57:08 InnoDB: Compressed tables use zlib 1.2.3
  180505 16:57:08 InnoDB: Using Linux native AIO
  180505 16:57:08 InnoDB: Initializing buffer pool, size = 128.0M
  180505 16:57:08 InnoDB: Completed initialization of buffer pool
  180505 16:57:08 InnoDB: highest supported file format is Barracuda.
  180505 16:57:08  InnoDB: Waiting for the background threads to start
  180505 16:57:09 InnoDB: 5.5.60 started; log sequence number 1595675
  180505 16:57:09 [Note] Server hostname (bind-address): '0.0.0.0'; port: 3306
  180505 16:57:09 [Note]   - '0.0.0.0' resolves to '0.0.0.0';
  180505 16:57:09 [Note] Server socket created on IP: '0.0.0.0'.
  180505 16:57:09 [Note] mysqld: ready for connections.
  Version: '5.5.60'  socket: '/var/lib/mysql/mysql.sock'  port: 3306  MySQL Community Server (GPL)
  mysql -u root mysql       **空密码登入**
  Reading table information for completion of table and column names
  You can turn off this feature to get a quicker startup with -A

  Welcome to the MySQL monitor.  Commands end with ; or \g.
  Your MySQL connection id is 1
  Server version: 5.5.60 MySQL Community Server (GPL)

  Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

  Oracle is a registered trademark of Oracle Corporation and/or its
  affiliates. Other names may be trademarks of their respective
  owners.

  Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

  mysql> UPDATE user SET authentication_string=PASSWORD('new password') where USER='root';      **重新设置root密码**
  Query OK, 4 rows affected (0.00 sec)
  Rows matched: 4  Changed: 4  Warnings: 0

  mysql> FLUSH PRIVILEGES;      **刷新设置**
  Query OK, 0 rows affected (0.00 sec)

  mysql> quit
  Bye

安装PHP环境

开始安装PHP和PHP-FPM
首先安装EPEL。EPEL即Extra Packages for Enterprise Linux的简称,是为企业级Linux提供的一组高质量的额外软件包

  yum -y install epel-release

安装PHP和PHP-FPM

  yum -y install php php-fpm

查看PHP版本

  [root@iZbp17dq2xryqoixibq5u1Z ~]# php -v
  PHP 5.4.16 (cli) (built: Mar  7 2018 13:34:47)
  Copyright (c) 1997-2013 The PHP Group
  Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies

这时发现PHP版本是5.4的,原因是yum默认的epel-release源太低了,而我需要部署的网站是基于Laravel5.5开发的,环境要求:

  • PHP >= 7.0.0 需要重新安装PHP7
  • PHP OpenSSL 扩展
  • PHP PDO 扩展
  • PHP Mbstring 扩展
  • PHP Tokenizer 扩展
  • PHP XML 扩展

删除之前安装的PHP版本

  yum remove php* php-common

我们需要更换下rpm源,搜索epel-release源并删除后进行更新

  [root@iZbp17dq2xryqoixibq5u1Z ~]# rpm -qa | grep epel
  epel-release-7-11.noarch
  [root@iZbp17dq2xryqoixibq5u1Z ~]# rpm -e epel-release-7-11.noarch
  warning: /etc/yum.repos.d/epel.repo saved as /etc/yum.repos.d/epel.repo.rpmsave
  [root@iZbp17dq2xryqoixibq5u1Z ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/epel-release.rpm
  Retrieving https://mirror.webtatic.com/yum/el7/epel-release.rpm
  warning: /var/tmp/rpm-tmp.PHnPwl: Header V4 RSA/SHA1 Signature, key ID 62e74ca5: NOKEY
  Preparing...                          ################################# [100%]
  Updating / installing...
     1:epel-release-7-5                 ################################# [100%]
  [root@iZbp17dq2xryqoixibq5u1Z ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
  Retrieving https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
  warning: /var/tmp/rpm-tmp.ohTozh: Header V4 RSA/SHA1 Signature, key ID 62e74ca5: NOKEY
  Preparing...                          ################################# [100%]
  Updating / installing...
     1:webtatic-release-7-3             ################################# [100%]

重新安装PHP和一些相关扩展

  yum install php72w-cli.x86_64 php72w-common.x86_64 php72w-gd.x86_64 php72w-ldap.x86_64 php72w-mbstring.x86_64 php72w-pdo.x86_64

安装PHP-FPM

  yum install php72w-fpm

再次查看PHP版本

  [root@iZbp17dq2xryqoixibq5u1Z ~]# php -v
  PHP 7.2.4 (cli) (built: Mar 30 2018 08:49:13) ( NTS )
  Copyright (c) 1997-2018 The PHP Group
  Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

启动PHP-FPM

  systemctl start php-fpm
  systemctl enable php-fpm.service      **开机自启动**

常用命令:

systemctl start php-fpm # 启动

systemctl stop php-fpm # 停止

systemctl restart php-fpm # 重启

systemctl enable php-fpm #开机自启动

安装Nginx

开始安装Nginx

  yum install nginx

安装完毕后,启动Nginx

  systemctl start nginx
  systemctl enable nginx        **系统启动时自动启动Nginx**

常用命令:

fuser -k 80/tcp # 杀死80端口

nginx -s stop # 停止

nginx -s reopen # 重启

nginx -s reload # 重新载入配置文件

网站部署

生成秘钥

  ssh-keygen -t rsa

提示一直回车就行,将生成的秘钥添加到项目托管的git库网站上,因为我的网站是放在Coding上,我直接添加在了项目部署秘钥

克隆项目

通过 git clone 命令将项目拉取到服务器上,我这边因为是Nginx,所以我拉取到 /var/www/ 目录下,

安装composer

  [root@iZbp17dq2xryqoixibq5u1Z project_fjylhjjsyxgs]# curl -sS https://getcomposer.org/installer | php
  All settings correct for using Composer
  Downloading...

  Composer (version 1.6.5) successfully installed to: /var/www/project_fjylhjjsyxgs/composer.phar
  Use it: php composer.phar

移动composer.phar文件到/usr/local/bin目录下 ,使命令全局可用,并更换Packagist中国全量镜像

  mv composer.phar /usr/local/bin/composer
  composer config -g repo.packagist composer https://packagist.phpcomposer.com

通过composer安装项目依赖,但是出现了报错

  [root@iZbp17dq2xryqoixibq5u1Z project_fjylhjjsyxgs]# composer install
  Loading composer repositories with package information
  Installing dependencies (including require-dev) from lock file
  Your requirements could not be resolved to an installable set of packages.

    Problem 1
      - Installation request for phar-io/manifest 1.0.1 -> satisfiable by phar-io/manifest[1.0.1].
      - phar-io/manifest 1.0.1 requires ext-dom * -> the requested PHP extension dom is missing from your system.
    Problem 2
      - Installation request for phpunit/php-code-coverage 5.3.0 -> satisfiable by phpunit/php-code-coverage[5.3.0].
      - phpunit/php-code-coverage 5.3.0 requires ext-dom * -> the requested PHP extension dom is missing from your system.
    Problem 3
      - Installation request for phpunit/phpunit 6.5.7 -> satisfiable by phpunit/phpunit[6.5.7].
      - phpunit/phpunit 6.5.7 requires ext-dom * -> the requested PHP extension dom is missing from your system.
    Problem 4
      - Installation request for theseer/tokenizer 1.1.0 -> satisfiable by theseer/tokenizer[1.1.0].
      - theseer/tokenizer 1.1.0 requires ext-dom * -> the requested PHP extension dom is missing from your system.

    To enable extensions, verify that they are enabled in your .ini files:
      - /etc/php.ini
      - /etc/php.d/bz2.ini
      - /etc/php.d/calendar.ini
      - /etc/php.d/ctype.ini
      - /etc/php.d/curl.ini
      - /etc/php.d/exif.ini
      - /etc/php.d/fileinfo.ini
      - /etc/php.d/ftp.ini
      - /etc/php.d/gd.ini
      - /etc/php.d/gettext.ini
      - /etc/php.d/gmp.ini
      - /etc/php.d/iconv.ini
      - /etc/php.d/json.ini
      - /etc/php.d/ldap.ini
      - /etc/php.d/mbstring.ini
      - /etc/php.d/pdo.ini
      - /etc/php.d/pdo_sqlite.ini
      - /etc/php.d/phar.ini
      - /etc/php.d/shmop.ini
      - /etc/php.d/simplexml.ini
      - /etc/php.d/sockets.ini
      - /etc/php.d/sqlite3.ini
      - /etc/php.d/tokenizer.ini
      - /etc/php.d/xml.ini
      - /etc/php.d/zip.ini
    You can also run `php --ini` inside terminal to see which files are used by PHP in CLI mode.

Google后发现,php-xml扩展有以上需要的相关软件包

  yum install php72w-xml.x86_64

重新执行composer install命令,依赖下载成功

设置Nginx配置文件

我本机homestead中的Nginx是通过 /etc/nginx/sites-available 目录设置对应多域名的nginx配置文件,但是不知道服务器上安装的Nginx,却没有这个目录,所以查看了下Nginx.conf文件,发现http模块中有如下一条配置

    本机homestead中Nginx.conf
    ##
      # Virtual Host Configs
      ##
      include /etc/nginx/conf.d/*.conf;
      include /etc/nginx/sites-enabled/*;

      服务器上安装的Nginx.conf
    # Load modular configuration files from the /etc/nginx/conf.d directory.
      # See http://nginx.org/en/docs/ngx_core_module.html#include
      # for more information.
      include /etc/nginx/conf.d/*.conf;

那好吧,我估计sites-available也是软连接的conf.d或者sites-enabled目录吧,所以我就直接将官方手册中Nginx配置复制了一份到/etc/nginx/conf.d/域名.conf,修改了一些配置

  server {
      listen 80;
      server_name 域名或公网IP;
      root 项目地址指向到public目录;

      add_header X-Frame-Options "SAMEORIGIN";
      add_header X-XSS-Protection "1; mode=block";
      add_header X-Content-Type-Options "nosniff";

      index index.html index.htm index.php;

      charset utf-8;

      location / {
          try_files $uri $uri/ /index.php?$query_string;
      }

      location = /favicon.ico { access_log off; log_not_found off; }
      location = /robots.txt  { access_log off; log_not_found off; }

      error_page 404 /index.php;

      location ~ \.php$ {
          fastcgi_split_path_info ^(.+\.php)(/.+)$;
          fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;       **这里有个坑下面讲**
          fastcgi_index index.php;
          include fastcgi_params;
      }

      location ~ /\.(?!well-known).* {
          deny all;
      }
  }

配置完毕,保存退出,通过域名访问,发现报502错误,查看下Nginx的错误日志,发现报如下错误

  2018/05/06 20:17:37 [crit] 5898#0: *66 connect() to unix:/var/run/php/php7.2-fpm.sock failed (2: No such file or directory) while connecting to upstream,

简单的讲下,php-fpm.sock文件就是让Nginx和PHP-FPM的进程间进行通信的文件,具体的含义,这边就不做详细介绍了。进这个目录查看下是否存在这个目录或文件,发现两个问题:

  • 目录错误,不是/var/run/php,而是/var/run/php-fpm
  • php7.2-fpm.sock这个文件未生成

    未生成原因:php5.3之后的版本,php-fpm.conf里的listen的默认配置是127.0.0.1:9000,也就是tcp的方式,不会生成php-fpm.sock。

    因为这次上线的网站没有什么并发量,unix socket方式要比tcp的方式快而且消耗资源少,所以我还是采用unix socket方式。定位到问题后,修改下 /etc/php-fpm.d/www.conf,也就是php-fpm的配置文件,关闭原来的listen方式,然后重启下php-fpm

    ;listen = 127.0.0.1:9000
    listen = /var/run/php-fpm/php7.2-fpm.sock

    这个时候,由于职业习惯,想把Nginx也重启下,然后就又碰到了一个问题

    [root@iZbp17dq2xryqoixibq5u1Z project_fjylhjjsyxgs]# nginx -s stop
    [root@iZbp17dq2xryqoixibq5u1Z project_fjylhjjsyxgs]# nginx -s reload
    nginx: [error] open() "/run/nginx.pid" failed (2: No such file or directory)

    这应该是因为把Nginx进程杀死后pid丢失了,下一次再开启nginx -s reload时无法启动。再次面向Google编程,发现还有挺多人碰到这个问题,所以解决方法马上就能搜索到了,执行如下命令

    nginx -c /etc/nginx/nginx.conf
    nginx -s reload

    ok,接着Navicat远程连接到服务器数据库,source下数据库完毕。现看起来应该是可以跑起网站来了。再次访问域名,发现还是502,再次查看Nginx日志,报如下错误:

    2018/05/06 20:37:00 [crit] 6078#0: *1 connect() to unix:/var/run/php-fpm/php7.2-fpm.sock failed (13: Permission denied) while connecting to upstream,

和上面报错看起来差不多,但是这次主要问题出在跑Nginx的用户是Nginx,而php-fpm.sock这个文件,监听的Nginx用户没有该权限,导致Nginx无法访问php-fpm.sock这个文件,自然监听就失去了效果,再次修改php-fpm配置文件和重启下php-fpm

  ; Set permissions for unix socket, if one is used. In Linux, read/write
  ; permissions must be set in order to allow connections from a web server. Many
  ; BSD-derived systems allow connections regardless of permissions.
  ; Default Values: user and group are set as the running user
  ;                 mode is set to 0660
  listen.owner = nginx
  listen.group = nginx
  listen.mode = 0660

重新访问下域名,发现访问任何路由都是白屏,这次状态码都是200了,但是没有任何输出,再次面向Google编程……发现问题:

由于nginx与php-fpm之间的一个小bug,会导致这样的现象: 网站中的静态页面 .html 都能正常访问,而 .php 文件虽然会返回200状态码, 但实际输出给浏览器的页面内容却是空白。 简而言之,原因是nginx无法正确的将 *.php 文件的地址传递给php-fpm去解析, 相当于php-fpm接受到了请求,但这请求却指向一个不存在的文件,于是返回空结果。 为了解决这个问题,需要改动nginx默认的fastcgiparams配置文件

/etc/nginx/fastcgi_params 文件的最后增加两行:

  fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;  
  fastcgi_param PATH_INFO     $fastcgi_script_name;  

再再再次访问域名,终于正常显示了,但是页面上又出现了新的错误:

*could not find driver(select from users where deleted = 0)**

任何有sql查询的页面都报如上错误,这个错误多半是因为pdo_mysql未打开或者未安装此模块造成,执行 php -m 发现还真没装,安装php72w-mysql又遇到一个坑

  yum install php72w-mysql

报如下错误,说缺少libmysqlclient.so.18依赖

  ......
  error: package: php72w-mysql 
  requires: libmysqlclient.so.18(libmysqlclient_18)(64bit)
  Available: 1:mariadb-libs-5.5.52-1.el7.x86_64 (base)
             libmysqlclient.so.18(libmysqlclient_18)(64bit)
  ......

这就很奇怪了,查看用户库文件目录内libmysqlclient.so.18已经存在

  [root@iZbp17dq2xryqoixibq5u1Z ~]# ll /usr/lib64/mysql/libmysqlclient.so.18
  libmysqlclient.so.18      libmysqlclient.so.18.1.0

这个坑花了一个小时,Google多次尝试无果后,认真思考下可能的原因,想了想可能是mysql版本的问题,修改下 /etc/yum.repos.d/mysql-community.repo 配置文件,将5.6的enabled设为1,5.5设为0,更新Mysql版本后,再次执行 yum install php72w-mysql 安装pdo_mysql模块成功…...

至此,网站访问终于成功!

后续的部署优化,另外开篇记录。

原文博客地址

Kill Time, Or Kiss Time.

本帖由系统于 1年前 自动加精
《L02 从零构建论坛系统》
以构建论坛项目 LaraBBS 为线索,展开对 Laravel 框架的全面学习。应用程序架构思路贴近 Laravel 框架的设计哲学。
《L03 构架 API 服务器》
你将学到如 RESTFul 设计风格、PostMan 的使用、OAuth 流程,JWT 概念及使用 和 API 开发相关的进阶知识。
讨论数量: 21

oneinstack 了解一下

1年前 评论

正式上线你好歹也要编译安装吧 懒得搞你可以用宝塔这种集成面板

1年前 评论

@CorePlusPlus 为什么要编译安装?我会选择一键安装包之类的。。。 扩展不够用时候再装 :joy:

1年前 评论

oneinstack 了解一下

1年前 评论

docker了解一下。

1年前 评论

@CorePlusPlus linux方面目前还是新手,以后会折腾学习下编译安装,宝塔面板有使用过,确实很方便。这次主要想再换个方式通过yum库安装环境,看是否有新的收获

1年前 评论

@shenjiayu 是的,docker还在学习中:smile:

1年前 评论

@Tao 一键部署工具确实很方便,不过多折腾,总会有些不一样的收获:smile:

1年前 评论
suhanyujie

哈 ,一路艰辛 终于成功了,恭喜楼主。。 :joy:

1年前 评论
ThinkCsly

:blush:

1年前 评论
keer

内容和标题不符。
这只是部署环境。我以为能看到网站的代码

1年前 评论

过程很详尽, 看似简单, 实则有难度. 感谢码字, 感谢标坑!

1年前 评论

不错,不错,正好我也需要。

1年前 评论

oneinstack 确实比 lnmp 一键安装要方便

PS: 两个都是一键安装包

1年前 评论
xianyunyehe

一键lnmp 了解下。yum安装不推荐!推荐源码编译

1年前 评论

@CorePlusPlus 求详解下为什么一定要自己编译好而不是这种别人预编译好的?

1年前 评论

@tradzero 编译性能能提升10%左右

1年前 评论

@CorePlusPlus 怎么提升的性能呢? 发行包不是也是别人预先编译好的吗

1年前 评论

@tradzero 你有这个时间来问我,为啥不去百度查一下呢?都是基本常识,百度不到答案你再去问别人!

1年前 评论

请勿发布不友善或者负能量的内容。与人为善,比聪明更重要!