Ubuntu20 LNMP 环境安装

前置操作

1. 查看安全组配置
2. 关闭防火墙

   ufw status # 查看防火墙状态
   ufw disable # 关闭防火墙
   ufw enable # 开启防火墙
   ufw allow 80/tcp # 开放 80/tcp 端口
   ufw delete allow 80/tcp # 禁用 80/tcp 端口

安装 PHP

apt update # 更新包管理器
apt install php7.4 php7.4-fpm # 安装 php, php-fpm
php -v # 查看 php 版本
php -m # 查看 php 扩展

安装 Composer

# 下载 composer
php -r "readfile('https://getcomposer.org/installer');" | php
# 全局安装
mv composer.phar /usr/bin/composer
# 查看版本
composer -v
# 更换为 aliyun 镜像
composer config -g repo.packagist composer https://mirrors.aliyun.com/composer/

优化 PHP-FPM

vim /etc/php/7.4/fpm/php-fpm.conf
# 修改
emergency_restart_threshold = 10
emergency_restart_interval = 1m
process_control_timeout = 10s

vim /etc/php/7.4/fpm/pool.d/www.conf
# 修改
pm = static
pm.max_children = 100
pm.start_servers = 20
pm.min_spare_servers = 10
pm.max_spare_servers = 30
pm.max_requests = 500
slowlog = /var/log/php-fpm-slow.log
request_slowlog_timeout = 5s

安装 Nginx

apt install nginx # 安装 nginx
nginx -v # 查看 nginx 版本

# 配置 https 证书
mkdir /etc/nginx/cert
openssl dhparam -dsaparam -out /etc/nginx/cert/dhparam.pem 4096

# 优化 nginx
vim /etc/nginx/nginx.conf
# 修改
user www-data;
pid /run/nginx.pid;
worker_processes auto;
worker_cpu_affinity 0001 0010 0100 1000;
worker_rlimit_nofile 655350;
include /etc/nginx/modules-enabled/*.conf;
events {
        use epoll;
        worker_connections 655350;
        # multi_accept on;
}

# laravel-api.conf 文件配置
server {
        listen 80;
        server_name *.com;
        index index.php;
        root /data/prod/*/public/;

        rewrite ^(.*)$ https://$host$1 permanent;

        location / {
                try_files $uri $uri/ /index.php?$query_string;
        }

        location ~ \.php$ {
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                include fastcgi_params;
                fastcgi_index index.php;
                try_files $uri $uri/ = 404;
        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
                expires         30d;
                access_log      off;
                log_not_found   off;
        }

        location ~ .*\.(js|css)?$
        {
                expires     12h;
        }
}

server {
        listen 443 ssl http2;
        server_name *.com;
        index index.php;
        root /data/prod/*/public/;

        ssl_dhparam /etc/nginx/cert/dhparam.pem;
        ssl_certificate /etc/nginx/cert/*.com.pem;
        ssl_certificate_key /etc/nginx/cert/*.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
        ssl_session_cache builtin:1000 shared:SSL:10m;

        access_log /var/log/nginx/prod/*-access.log;
        error_log /var/log/nginx/prod/*-error.log;

        location /
        {
               try_files $uri $uri/ /index.php?$query_string;
        }

        location ~ \.php$
        {
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                include fastcgi_params;
                fastcgi_index index.php;
                try_files $uri $uri/ = 404;
        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
                expires      30d;
                access_log off;
                log_not_found off;
        }

        location ~ .*\.(js|css)?$
        {
                expires      12h;
        }
}

# vue.conf 文件配置
server {
        listen 80;
        server_name *.com;
        index index.html;
        root /data/prod/*/dist/;

        rewrite ^(.*)$ https://$host$1 permanent;

        location / {
                root /data/prod/*/dist;
                try_files $uri /index.html;
        }
}

server {
        listen 443 ssl http2;
        server_name *.com;
        index index.html;
        root /data/prod/*/dist/;

        ssl_dhparam /etc/nginx/cert/dhparam.pem;
        ssl_certificate /etc/nginx/cert/*.com.pem;
        ssl_certificate_key /etc/nginx/cert/*.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
        ssl_session_cache builtin:1000 shared:SSL:10m;

        access_log /var/log/nginx/prod/*-access.log;
        error_log /var/log/nginx/prod/*-error.log;

        location /
        {
                root /data/prod/*/dist;
                try_files $uri /index.html;
        }

        location ~ ^/(images|javascript|js|css|flash|media|static)/
        {
            expires 1d;
            access_log off;
            log_not_found off;
        }
}

配置 Nginx 与 PHP

1:

vim /etc/nginx/sites-available/default
# 增加 php 配置
location ~ \.php$ {
#       include snippets/fastcgi-php.conf;
#
#       # With php-fpm (or other unix sockets):
#       fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
#       # With php-cgi (or other tcp sockets):
#       fastcgi_pass 127.0.0.1:9000;

        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        fastcgi_index index.php;
        include fastcgi_params;
}

2:

vim /etc/nginx/fastcgi_params
# 增加配置
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

3:

vim /etc/php/7.4/fpm/pool.d/www.conf
# 修改
listen = /var/run/php/php7.4-fpm.sock

4:

vim /etc/php/7.4/fpm/php.ini
# 修改
cgi.fix_pathinfo=0

安装 Mysql8

# 安装 mysql 服务, mysql 客户端, mysql php 扩展
apt install mysql-server mysql-client php7.4-mysql
# 查看 mysql 版本
mysql -V
# 进入 mysql (初始安装 root 用户无需密码 可直接进入 或 sudo mysql 也可直接进入 mysql)
sudo mysql
# 重置密码
alter user 'root'@'localhost' identified with mysql_native_password by '新密码';
# 刷新权限
flush privileges;
# 查看用户信息
use mysql;
select user, host from user;
# 添加远程用户登录
create user 'root'@'%' identified by '密码';
grant all privileges on *.* to 'root'@'%' with grant option;
flush privileges;
# 修改 mysqld 配置文件, 注释掉 bind-addrerss = 127.0.0.1
vim /etc/mysql/mysql.conf.d/mysqld.cnf
# bind-address          = 127.0.0.1

安装 Redis

# 安装 redis
apt install redis
# 修改 redis 配置
vim /etc/redis/redis.conf
# bind 127.0.0.1 ::1 # 添加注释 允许远程访问
daemonize yes # 由 no 改为 yes 允许后台运行
requirepass 密码 # 打开注释 添加访问密码

启动服务 设置开机启动

# 查看服务状态
systemctl status nginx
# 启动服务
systemctl start nginx
# 重启服务
systemctl restart nginx
# 停止服务
systemctl stop nginx
# 开机启动
systemctl enable nginx
# 查看开机启动状态
systemctl is-enabled nginx
# nginx, php7.4-fpm, mysql, redis/redis-server, 

安装 Laravel 队列 进程监控器 Supervisor

vim /etc/supervisor/supervisord.conf
# 修改
loglevel=warn;
files = /etc/supervisor/conf.d/*.conf

# 添加配置文件
vim /etc/superrvisor/conf.d/laravel-*.conf
[program:laravel-test]
process_name=%(program_name)s_%(process_num)02d
command=php /data/prod/test/artisan queue:work redis --sleep=60 --tries=2
autostart=true
autorestart=true
user=www-data
numprocs=8
redirect_stderr=true
stdout_logfile=/var/log/supervisor/laravel-test.log

# 启动 supervisor
sudo supervisorctl reread
sudo supervisorctl update
sudo supervisorctl start laravel-*:*

设置定时任务

root 用户下执行 crontab -e
* * * * * cd /path-to-your-project && php artisan schedule:run >> /dev/null 2>&1

参考

ubuntu系统下安装LNMP集成环境的详细步骤
ubuntu20 安装和配置mysql8.0.23
为高性能优化 PHP-FPM
阿里云 Composer 全量镜像

本作品采用《CC 协议》，转载必须注明作者和本文链接