CentOS+Nginx+Tomcat+Mysql+PHP环境搭建及系统部署

==============安装centos 7.0=======================
选择最小安装,将相关的"调试工具"、“兼容性程序库”、“开发工具”选中。
此操作是为了减少后期安装或编译相关服务时出现依赖、或环境的问题。
硬盘分区,可根据个人的习惯而定,不清楚的可以直接选择系统自动分区,
由于个人的习惯,本人的分区如下,仅供参考:
/boot 500M 用于启动Linux的核心文件
swap 5120M(5G) Linux下的交换分区,又称为虚拟内存,一般是物理内存的2倍,但不建议超过8G
/ 51200M(50G) 所有系统的文件等,都在该分区下
/home 剩下的空间 用户主目录,新建的用户的目录将会出现在这里

成都创新互联公司是一家集网站建设,鲤城企业网站建设,鲤城品牌网站建设,网站定制,鲤城网站建设报价,网络营销,网络优化,鲤城网站推广为一体的创新建站企业,帮助传统企业提升企业形象加强企业竞争力。可充分满足这一群体相比中小企业更为丰富、高端、多元的互联网需求。同时我们时刻保持专业、时尚、前沿,时刻以成就客户成长自我,坚持不断学习、思考、沉淀、净化自己,让我们为更多的企业打造出实用型网站。

================关闭不需要的安全设置,使用其他的安全管理================
vi /etc/selinux/config //关闭Selinux
SELINUX=disabled //原为enforcing改为disabled
------------------------或使用以下命令关闭SELINUX---------------------------------------
sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
setenforce 0

systemctl stop firewalld //停止系统默认的防火墙
systemctl mask firewalld //屏蔽服务(让它不能启动)
reboot //重启让selinux配置生效

=================管理工具安装======================
安装ifconfig、ntsysv、updatedb、lrzsz(上传下载)、wget(远程http下载)功能
yum install -y chkconfig net-tools telnet ntsysv mlocate lrzsz wget lsof setuptool system-config-securitylevel-tui system-config-network-gui system-config-network-tui system-config-date tcpdump
yum install -y vim nano //安装编辑器

==============更新Centos 7.0 repo源=====================
yum install -y epel-release
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/epel-release.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum clean all
yum makecache
yum install -y python-pip
pip install --upgrade pip
pip install requests

=====安装nginx yum安装的第三方repo源文件(使用编译安装则不需要)=======
mkdir /root/software
cd /root/software
wget https://mirrors.ustc.edu.cn/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm
rpm -ivh epel-release-7-11.noarch.rpm
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm

=====安装MySQL yum安装的第三方repo源文件(使用编译安装则不需要)=======
cd /root/software //进入源文件集中文件夹
wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm //下载
yum localinstall -y mysql57-community-release-el7-8.noarch.rpm //通过rpm安装得到repo源
yum repolist enabled | grep "mysql.-community." //检查mysql源是否安装成功

=================各种环境的预装======================
yum install -y make cmake gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers gd gd-devel perl expat expat-devel nss_ldap unixODBC-devel libxslt-devel libevent-devel libtool-ltdl bison libtool zip unzip gmp-devel //安装各种环境所需要的插件
yum install -y pcre pcre-devel //安装PCRE(可与预装环境同步进行)
yum update -y //升级补丁

=======================安装mysql及初始设置mysql=======================
yum install -y bison-devel libaio-devel //预装mysql环境
yum install -y perl-Data-Dumper //预装mysql所需环境
yum install -y mysql-server //安装mysqld
service mysqld start //启动mysql
systemctl enable mysqld.service //开机自启动

grep 'temporary password' /var/log/mysqld.log //mysql5.7版本后,初始密码不再为空,默认随机生成,可通过该命令查询
mysql -u root -p //进入mysql
alter user root@localhost identified by '三种或以上的八位字符'; 默认需要先修改密码,才能其他操作
exit; //退出mysql管理
----------------------------设置mysql 不分大小写----------------------
vi /etc/my.cnf
[mysqld]
lower_case_table_names=1 //必须在[mysqld] 中

-------------------------配置mysql支持UTF-8-------------------------
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
lower_case_table_names=1
character-set-server=utf8
max_connections=500
innodb_log_file_size=60M
innodb_buffer_pool_size=128M
symbolic-links=0

[client]
default-character-set=utf8
socket=/var/lib/mysql/mysql.sock

[mysqld_safe]
open-files-limit = 8192
log-error=/var/log/mysqld.log
socket=/var/lib/mysql/mysql.sock
pid-file=/var/run/mysqld/mysqld.pid

service mysqld restart //重启mysql

=================MySQL运维小知识======================
MySQL高占用CPU、内存,有可能是由于进程未能及时释放,可以通过简单的设置,可以有效的解决这个问题。
mysql -uroot -p
mysql> show global variables like '%timeout';
mysql> set global interactive_timeout=100;
-----------------上述的,在重启mysqld.service后失效-----------------------------------
vi /etc/my.cnf
[mysqld]
interactive_timeout=20
wait_timeout=20
------------------------------上述,任何时候都生效-------------------------
-----------------------------mysql创建远程用户并授权---------------------------
mysql -uroot -p
mysql> create user root identified by '123456';
mysql> grant all privileges on . to 'root'@'%'identified by '123456' with grant option;
mysql> flush privileges;
-----------------------------mysql创建数据库-----------------------------
mysql> CREATE DATABASE lottery DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
----------------------------mysql修改指定用户的密码-------------------------------
update mysql.user set password=password('新密码') where User="test" and Host="localhost";
---------------------------mysql删除指定用户-------------------------------------
delete from user where User='test' and Host='localhost';

====================安装PHP环境==========================
yum install -y php56w php56w-cli php56w-common php56w-gd php56w-ldap php56w-mbstring php56w-mcrypt php56w-mysql php56w-pdo php56w-devel
yum install -y traceroute net-snmp-devel vim sysstat tree mysql-devel ntpdate libjpeg* bind-utils
yum install -y php56w-imap php56w-odbc php56w-pear php56w-xml php56w-xmlrpc php56w-mhash libmcrypt php56w-bcmath
yum install -y php56w-fpm
vi /etc/php-fpm.d/www.conf

user = nginx //默认为apache,修改与nginx一致的用户 需要安装nginx后才能改
group = nginx //默认为apache,修改与nginx一致的组 需要安装nginx后才能改

vi /etc/php.ini

session.save_path = "/var/lib/php/session" //设置session的位置,否则PHP运行会出错

chmod 777 /var/lib/php/session //设置文件夹属性
chkconfig php-fpm on

=============安装yum nginx============
yum install -y automake autoconf libtool make
yum install -y nginx
chkconfig nginx on
cd /etc/nginx
mkdir vhost //放虚拟主机配置文件的位置
vi nginx.conf
-------------在server{}中添加如下内容---------------------------
~~~~在server的root下添加如下内容,默认首页文件名~
index index.php default.php index.html index.htm;
~~在server中添加支持PHP的语句~~~
location ~ .php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
---------------------在http{}的最后,添加如下内容---------------------------
include vhost/*.conf; //添加完成后保存退出
nginx -t //检查nginx.conf及vhost下的配置文件是否正确
service php-fpm start //启动PHP-FPM
service nginx restart //重启nginx服务
------------------虚拟主机配置示例------------------------------
server {
listen 808;
server_name 10.17.162.113:808;
root /home/website/phpmyadmin/wwwroot;
location / {
index index.php index.html index.shtml;
}

location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/website/phpmyadmin/wwwroot$fastcgi_script_name;
include fastcgi_params;
}

#log...
}
------------------Nginx 反向代理转发(无条件访问HTTPS)---------------------------
server {
listen 80;
server_name huizhong.itrxm.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443;
server_name huizhong.itrxm.com;
ssl on;
ssl_certificate /etc/nginx/vhost/ssl/huizhong.itrxm.com-certificate.crt;
ssl_certificate_key /etc/nginx/vhost/ssl/huizhong.itrxm.com-private.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass https://10.17.162.113:6443;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_next_upstream off;
proxy_buffer_size 32k;
proxy_buffers 64 32k;
proxy_busy_buffers_size 1m;
proxy_temp_file_write_size 512k;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
}
-------------------------------Nginx访问TomCat WebApps下某个目录---------------
server {
listen 80;
server_name hhcphb.itrxm.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass http://59.188.14.217:8080/HBH5/;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#root html;
#index index.html;
proxy_next_upstream off;
proxy_buffer_size 32k;
proxy_buffers 64 32k;
proxy_busy_buffers_size 1m;
proxy_temp_file_write_size 512k;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /HBH5/ {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass http://59.188.14.217:8080/HBH5/;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#root html;
#index index.html;
proxy_next_upstream off;
proxy_buffer_size 32k;
proxy_buffers 64 32k;
proxy_busy_buffers_size 1m;
proxy_temp_file_write_size 512k;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
}

================JAVA开发环境安装=============
yum search java-1.7 //搜索java-1.7的版本
yum install -y java-1.7.0-openjdk-devel.x86_64 //安装java-1.7.0版本开发环境
cd /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.161-2.6.12.0.el7_4.x86_64/ //进入安装目录
vi /etc/profile //环境配置
-------------------在文件最后面,添加上-----------------------
export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.161-2.6.12.0.el7_4.x86_64 //版本不同,路径不一样,需要注意这个问题
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

source /etc/profile //立即生效
javac //运行测试
-----------------------显示以下内容说明配置成功---------------------------
[root@apisrv lib]# javac
Usage: javac
where possible options include:
-g Generate all debugging info
-g:none Generate no debugging info
-g:{lines,vars,source} Generate only some debugging info
-nowarn Generate no warnings
-verbose Output messages about what the compiler is doing
-deprecation Output source locations where deprecated APIs are used
-classpath Specify where to find user class files and annotation processors
-cp Specify where to find user class files and annotation processors
-sourcepath Specify where to find input source files
-bootclasspath Override location of bootstrap class files
-extdirs Override location of installed extensions
-endorseddirs Override location of endorsed standards path
-proc:{none,only} Control whether annotation processing and/or compilation is done.
-processor [,,...] Names of the annotation processors to run; bypasses default discovery process
-processorpath Specify where to find annotation processors
-parameters Generate metadata for reflection on method parameters
-d Specify where to place generated class files
-s Specify where to place generated source files
-h Specify where to place generated native header files
-implicit:{none,class} Specify whether or not to generate class files for implicitly referenced files
-encoding Specify character encoding used by source files
-source Provide source compatibility with specified release
-target Generate class files for specific VM version
-profile Check that API used is available in the specified profile
-version Version information
-help Print a synopsis of standard options
-Akey[=value] Options to pass to annotation processors
-X Print a synopsis of nonstandard options
-J Pass directly to the runtime system
-Werror Terminate compilation if warnings occur
@ Read options and filenames from file

注:若输入javac显示:bash: javac: 未找到命令… 则说明配置失败,检查环境变量路径是否正确。

================Tomcat安装=============
mkdir /opt/tomcat
sudo groupadd tomcat
sudo useradd -s /bin/nologin -g tomcat -d /opt/tomcat/tomcat tomcat
mkdir /root/software //创建专用于存放下载的软件,个人习惯,也可放在/usr/local下等。
cd /root/software
wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-7/v7.0.82/bin/apache-tomcat-7.0.82.tar.gz
sudo tar -zxvf apache-tomcat-7.0.82.tar.gz -C /opt/tomcat/tomcat --strip-components=1
cd /opt/tomcat/tomcat
chmod -R 754 bin/
chgrp -R tomcat /opt/tomcat/tomcat
chmod -R g+r conf
chmod g+x conf
chown -R tomcat webapps/ work/ temp/ logs/

=================创建服务启动文件==================
sudo vi /etc/systemd/system/tomcat.service
-------------------------------内容如下----------------------------------------------------
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target

[Service]
Type=forking

Environment=JAVA_HOME=/usr/lib/jvm/jre
Environment=CATALINA_PID=/opt/tomcat/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat/tomcat
Environment=CATALINA_BASE=/opt/tomcat/tomcat
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'

ExecStart=/opt/tomcat/tomcat/bin/startup.sh
ExecStop=/bin/kill -15 $MAINPID

User=tomcat
Group=tomcat

[Install]
WantedBy=multi-user.target

systemctl daemon-reload //重载一下服务单元
systemctl enable tomcat.service
systemctl start tomcat.service

===========安装haveged(进程守护)====================
sudo yum install -y haveged
sudo systemctl start haveged.service
sudo systemctl enable haveged.service

访问 http://[Your-Host-IP]:8080 预览是否正常。

================配置Tomcat 管理界面==========================
sudo vi /opt/tomcat/tomcat/conf/tomcat-users.xml
-------------------------在内输入以下内容-------------------





sudo systemctl restart tomcat.service

==============catalina.out 日志分割===================
yum install -y cronolog
修改bin/catalina.sh文件 标红的为修改的内容,

shift
touch “$CATALINA_OUT”
if [ “$1” = “-security” ] ; then
if [ $have_tty -eq 1 ]; then
echo “Using Security Manager”
fi
shift
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Djava.security.manager \
-Djava.security.policy==”\”$CATALINA_BASE/conf/catalina.policy\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap “$@” start \

“$CATALINA_OUT” 2>&1 “&”
else
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap “$@” start \
“$CATALINA_OUT” 2>&1 “&”
fi
改为:
shift

touch "$CATALINA_OUT" 注释掉

if [ “$1” = “-security” ] ; then
if [ $have_tty -eq 1 ]; then
echo “Using Security Manager”
fi
shift
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Djava.security.manager \
-Djava.security.policy==”\”$CATALINA_BASE/conf/catalina.policy\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap "$@" start 2>&1 | /usr/sbin/cronolog "$CATALINA_BASE"/logs/catalina.%Y-%m-%d.out >> /dev/null &
else
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap “$@” start 2>&1 | /usr/sbin/cronolog "$CATALINA_BASE"/logs/catalina.%Y-%m-%d.out >> /dev/null &
fi

====================tomcat日志分割定期删除catalina.out=============
每天晚上11点50切割日志文件,同时删除超过30天的日志
log_path=/opt/tomcat/logs
d=date +%Y-%m-%d
d90=date -d'30 day ago' +%Y-%m-%d
cd ${log_path} && cp catalina.out $log_path/cron/catalina.out.$d.log
echo > catalina.out
rm -rf $log_path/cron/catalina.out.${d90}.log

添加权限
chmod 777 /shell/log.sh
编辑crontab
crontab -e
50 23 * sh /shell/log.sh
----------------------另一种方法---------------------------
crontab -e

  • 5 find /usr/logs/ -name ".20" -ctime +7 -exec rm -rf {} \;

systemctl start tomcat7.service

===============配置访问同一个项目下不同的文件夹===========
先将原本的配置注释掉,然后新增如下内容:





================SSL环境搭建==================================
在nginx的conf中,进行做对应的修改
server {
listen 80;
server_name 域名地址;
rewrite ^(.*)$ https://$host$1 permanent;
}

server {
listen 443;
server_name x;
ssl on;
ssl_certificate /etc/nginx/vhost/ssl/certificate.crt;
ssl_certificate_key /etc/nginx/vhost/ssl/private.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

     location / {
          client_max_body_size    16m;
          client_body_buffer_size 128k;
          proxy_pass                          http://IP地址:8080;
          proxy_set_header        Host $host;
          proxy_set_header        X-Real-IP $remote_addr;
          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header           X-Forwarded-Proto https;
          proxy_next_upstream   off;

          proxy_connect_timeout   30;
          proxy_read_timeout      300;
          proxy_send_timeout      300;
    }
}

在tomcat 中的server.xml中修改:

修改为:
protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
keystoreFile="/opt/tomcat/tomcat/conf/cert/201802031124.pfx" //绝对路径,否则容易出错
keystoreType="PKCS12"
keystorePass="201802031124"
clientAuth="false"
SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>
并新加节点:
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"/>

重启tomcat服务
systemctl restart tomcat.service

注:没有若只有key及crt文件的证书,可以进入
https://www.myssl.cn/tools/merge-pfx-cert.html
中进行生成一个pfx文件的证书,并设置一个密码。

=================通过VisualVM对Tomcat性能监控==================
JMX下载地址:http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-jmx-remote.jar
catalina-jmx-remote.jar包下载完成后放到Tomcat的lib目录下

vim catalina.sh
----------------------------------在注释下面添加如下内容------------------------------------
CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=7090
-Dcom.sun.management.jmxremote.ssl=false
-Djava.rmi.server.hostname=被监控的服务器IP地址
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.password.file=/var/tomcat/tomcat/conf/jmxremote.password
-Dcom.sun.management.jmxremote.access.file=/var/tomcat/tomcat/conf/jmxremote.access"

cd /var/tomcat/tomcat/conf
vim jmxremote.access

monitorRole readonly
controlRole readwrite

vim jmxremote.password //要与运行tomcat的权限一致

monitorRole 25DWdl2&D^W
controlRole 25DWdl2&D^W

chmod 0400 jmxremote.password //密码文件应该是只读的,只能由Tomcat运行用户
systemctl restart tomcat.service

至此,整套环境及系统搭建部署完毕。


网站名称:CentOS+Nginx+Tomcat+Mysql+PHP环境搭建及系统部署
地址分享:http://ybzwz.com/article/giheej.html