Isa uye Gadzira LEMP Stack muDebian 9

 

LEMP stack chidimbu chinomiririra anotevera mapakeji akabatanidzwa pamwechete: Linux kernel, Nginx web server, MariaDB database (kana MySQL) uye PHP server-parutivi programming mutauro). Izvi zvidimbu zve software zvinoshandiswa zvakanyanya pamaseva paInternet nhasi kuendesa zvine simba mawebhusaiti kana anoshanda ewebhu kunyorera.

Nginx ndeyemazuvano uye zviwanikwa zvinoshanda webhu server, inoshingairira kuvandudzwa, uye yechipiri inoshandiswa zvakanyanya pa internet mushure meApache HTTP server nekuda kwekuti inoshandisa asynchronous chiitiko chinotungamirwa nzira kubata zvikumbiro.

Iyi dzidziso inokutungamira iwe maitiro ekuisa uye kugadzirisa LEMP stack (Nginx naMariaDB uye PHP7) pane ichangoburwa kuburitswa kweDebian 9.

ZVINODIWA

  • Kwazvino kuburitswa kweDebian 9 inoshanda sisitimu, iyo inogona kuwanikwa kubva kunotevera chinongedzo https://www.debian.org/CD/http-ftp/ , Yakaiswa kubva pakutanga paVPS, muchina muchina kana zvakananga pamushandisi wekuzvipira.
  • Kutungamira kupinda kune server koni kana kure kure SSH kubatana
  • Iyo network interface yakagadzirirwa neiyo static IP kero yemuchina
  • Iri rakanyoreswa zita reruzita neA uye CNAME (www) DNS zvinyorwa zvakagadziriswa padivi rezita nameserver. Pane iri gwaro tinoshandisa iyo linuxbox.cf semuenzaniso wedomeini. Iyo IP kero yevhavha yakagadzirirwa neIP kero iri yeC yekamuri yega nzvimbo, NAT-ed muinternet kuburikidza neiyo main router. Iyo domain inozoonekwa kubva internet nechiteshi chichiendesa iyo Apache 80 uye 443 zviteshi kubva kune huru router kune IP kero yeiyo yemukati server.

Nhanho 1: Kutanga Kugadziridza

Padanho rekutanga, pinda nemudzi kana nemushandisi ane midzi yerudzi mune yako system uye gadziridza Debian 9 zvinoriumba (kernel kukwidziridzwa, mapakeji ekuvandudza uye ekuchengetedza patches) nekuburitsa inotevera mirairo.

sudo apt update

sudo apt upgrade

sudo apt dist-kusimudzira

Tevere, iwe unoita shuwa kuti iwe unowedzera zita rinotsanangudza rako remuchina hostname nekumhanya pazasi rairo. Shure kwaizvozvo, iwe unofanirwa kutangazve iyo sisitimu kuti ushandise iro nyowani hostname zvinoenderana.

sudo hostnamectl set-hostname hostname.yourdomain.com

sudo init 6

Tevere, enda kumberi uye nekuisa net-zvishandiso wget, curl uye bash-yekupedzisa zvinoshandiswa kuitira kuti uzvishandise gare gare kubata zviri nyore yako Debian server.

sudo apt kuisa net-zvishandiso sudo wget curl bash-kupera

Danho 2: Isai Nginx Web Server

Nginx ndeyemazuvano uye zviwanikwa zvinoshanda webhu server inoshandiswa kuratidza mapeji ewebhu kune vashanyi painternet. Isa Nginx web server kubva kuDebian 9 repamutemo marekodhi nekumhanyisa iri pazasi rairo mune yako server koni.

sudo apt-get install nginx

Kuiswa kweNginx web server

Sezvinoratidzwa mumufananidzo uri pamusoro uyu apt package maneja anozotarisa zvimwe zvinotsamira zvepakeji uye ndokubvunza iwe kana uchibvuma kuenderera negadziriro yekumisikidza. Pindura hongu (y) kuitira kuisa Nginx.

Tevere, mhanya netstat raira kuti uratidze masokisi enetiweki pane yako system uye uone kana nginx daemon iri kuteerera pachiteshi 80 / TCP. Neimwe nzira, iwe ungangoda kuburitsa systemctl raira kuitira kuti utarise mamiriro eininx daemon sezvakaratidzwa mumufananidzo uri pazasi.

sudo netstat -tlp

sudo netstat -tlpn

sudo systemctl status nginx.service

Tarisa nginx sevhisi

Kamwe iyo nginx server yamuka uye ichimhanya mune yako system, nyaya ifconfig raira kuti uratidze maratidziro enetiweki uye nyora IP kero dzemuchina wako. Wobva wavhura bhurawuza uye shanyira Nginx default peji rewebhu kuburikidza neHTTP protocol nekuwedzera iyo IP kero mubrowser yako. Meseji "Wakagamuchirwa kuNginx!" inofanira kuratidzwa pawindow yako yebrowser.

http://www.linuxbox.cf

or

http://192.168.1.14

Nginx welcome page

Nhanho 3: Activate Nginx HTTP / 2.0 Protocol

Nokusingaperi, izvo zvaburitswa zveNginx mabhinari zvinopihwa neDebian 9 repositori zvakavakwa neHTTP / 2.0 protocol. HTTP / 2.0 inosanganisirwa muzvirongwa zveTSL / SSL uye inogona kusimudzira mutoro kumhanya kwemapeji ewebhu kuburikidza nemaitiro akachengetedzwa.

Ose mabhurawuza emazuva ano, akadai seChannel kana Firefox anofanirwa kutsigira iyi protocol nekumira. Nekudaro, ziva kuti Microsoft Internet Explorer uye Microsoft Edge mabhurawuza haakwanise kuenzanisa iyo http2 protocol parizvino.

Kuti ugone kugonesa iyo HTTP / 2.0 protocol muNginx paDebian 9, unofanirwa kuita shanduko kune nginx default faira faira kana kugadzira nyowani yekumisikidza faira uye wedzera iyo TLS block yekodhi ye443 server. Kuti uite izvi, tanga waita backup yemiNginx masayiti-anowanikwa default gadziriso nekupa iri pazasi rairo. Simbisa kuti iyo backup yakabudirira nekunyora masosi-anowanikwa dhairekitori yezvinyorwa.

sudo cp /etc/nginx/sites-available/default{,.achek}

ls / etc / nginx / nzvimbo-dzinowanikwa /

Tevere, gadzira Nginx TLS yekumisikidza faira uchishandisa chinyorwa chinyorwa uye wedzera zvinotevera zvirimo.

sudo nano /etc/nginx/sites-available/default.ssl

default-ssl faira excerpt:

 server {
                teerera 443 ssl http2 default_server;
                teerera [::]: 443 ssl http2 default_server;
                #server_name  www.domain.tld;
                server_name _;
                                
                mudzi / var / www / html;
                                
                kupinda_log /var/log/nginx/access.log;
                kukanganisa_log /var/log/nginx/error.log;
                
                #SSL Zvitupa
                ssl_certificate "/etc/nginx/ssl/cert.pem";
                ssl_certificate_key "/etc/nginx/ssl/privekey.pem";
                ssl_dhparam /etc/nginx/ssl/dhparam.pem;
                
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                #ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
 
                ssl_session_cache yakagovaniswa: SSL: 1m;
                ssl_session_timeout 10m;
                ssl_ciphers PAMUSORO:! aNULL:! MD5;
                ssl_prefer_server_ciphers pa;
               
                add_header Yakasimba-Yekutakura-Chengetedzo "max-age = 31536000;
                #includeSubDomains "nguva dzose;
 
                nzvimbo / {
                index index.php index.html index.htm;
                    edza_files $ uri $ uri / /index.php?$args $ uri / = 404;
                }
 
                gadza $ cache_uri $ request_uri;
                
                nzvimbo ~ /.well-known {
                bvumira zvese;
                               }
               nzvimbo ~ .php $ {
                                inosanganisira snippets / fastcgi-php.conf;
                #
                # # Na php-fpm (kana mamwe masokisi eunix):
                              fastcgi_pass unix: /var/run/php/php7.0-fpm.sock;
                # # Na php-cgi (kana mamwe masokisi etcp):
                # fastcgi_pass 127.0.0.1: 9000;
                }
 
                # kuramba kupinda kune .htaccess mafaera, kana iro gwaro raApache midzi
                # inobvumirana neimwe nginx
                #
                # nzvimbo ~ /.ht {
                # kuramba zvese;
                #}
    }

Chirevo chinogonesa kushandiswa kweHTTP / 2.0 protocol inomiririrwa neshoko http2 kubva pazasi mutsara.

 teerera 443 ssl http2 default_server;

Kana mabhurawuza evashanyi vako akasatsigira HTTP2 protocol, bvisa iyo http2 izwi kubva kumaseva ako masisitimu kuitira kudzima protocol uye kutangazve nginx sevhisi kushandisa shanduko.

Kana iwe uine dura rakanyoreswa kana iwe ukashandisa chaiyo inomiririra yakavakirwa pane IP kero iwe unofanirwa kuwedzera rako rezita zita kana IP kero mushure me server_name raira sekuratidzwa kuri pazasi muenzaniso.

server_name www.chinbox.cf linuxbox.cf;

Paunenge uchinge wapedza kugadzirisa Nginx default yekumisikidza faira nezvakarongwa pamusoro

Mune iri pamusoro nginx TSL yekumisikidza faira isu tatsanangura nzira yeTLS chitupa uye kiyi. Sezvo isu tisina makiyi akaiswa mune yako system parizvino, bvisa unotevera kuraira kuti ugadzire wega-wakasainwa SSL chitupa faira uye kiyi Paunenge uchigadzira SSL chitupa iwe waizobvunzwa nhevedzano yemibvunzo. Wedzera mavara maviri etsamba yenyika yako, dunhu kana dunhu, zita reguta rako, zita resangano rako, zita reyuniti yesangano rako, zita rakajairika re server yako uye kero yeemail inoshanda. Iwe unofanirwa kuteerera Zita Rinozivikanwa kuseta kuitira kuti ienzane nemuchina wako FQDN rekodhi kubva kuDNS server kana yako server IP kero iyo ichazoshandiswa kuwana iyo peji rewebhu. Chitupa uye kiyi zvichachengetwa mune dhairekitori nyowani pasi pe nginx dhairekitori, inonzi ssl sezvakaratidzwa mune pazasi skrini.

sudo mkdir / nezvimwe / nginx / ssl

sudo anovhura req -x509 -node-mazuva 365 -newkey rsa: 2048 -keyout /etc/nginx/ssl/privekey.pem -out /etc/nginx/ssl/cert.pem

ls / etc / nginx / ssl /

Gadzira SSL chitupa

Zvakare, gadzira idzva rakasimba Diffie-Hellman cipher, iyo inogona kuwanikwa mune iri pamusoro faira rekumisikidza pa ssl_dhparam chirevo mutsara, nekupa iwo pazasi kuraira:

sudo inovhura dhparam -out /etc/nginx/ssl/dhparam.pem 2048

SSL Cert yakagadzirwa

Chekupedzisira, mushure mekunge wagadzira iyo Diffie-Hellman kiyi, gonesa iyo TLS yekumisikidza faira nekugadzira yekufananidzira chinongedzo che kushora-ssl configuration faira kubva nzvimbo-dzinowanikwa directory to nzvimbo-dzakagoneswa dhairekitori nekuburitsa unotevera kuraira.

ln -s / etc / nginx / saiti-anowanikwa / default-ssl / etc / nginx / nzvimbo-inogoneswa /

Tevere, edza Nginx yekumisikidza faira yezvikanganiso zve syntax uye, kana zvese zvakanaka, tangazve Nginx daemon kuti ushandise shanduko dzese nekumhanyisa iri pazasi mirairo.

sudo nginx -t

sudo systemctl regin nginx.service

Kuti usimbise kana Nginx webhu server iri inosunga pachiteshi cheSSL, buritsa netstat raira uye tarisa kana chiteshi 443 inoratidzwa mumamiriro ekuteerera.

netstat –tlpn | grep nginx

Iyi pazasi skrini yakaratidza matanho ari pamusoro.

Tarisa sevhisi netstat

Wobva waenda kuzita rako rezita kana yako IP kero ye server kuburikidza neHTTP protocol kubva kubhurawuza kuratidza nginx default peji. Nekuti urikushandisa wega-kusaina zvitupa, kukanganisa kunofanirwa kuratidzwa mubrowser yako. Simbisa iko kukanganisa kuitira kuti upfuure kune nginx default main peji.

Yako wakasayina SSL chitupa yambiro

Kana Nginx ikasapa default index.html peji mune webroot dhairekitori, bvisa unotevera kuraira kuti ugadzire iyo index peji.

echo "peji rekuyedza" | tee /var/www/html/index.html

SSL peji rekuyedza

Kuti usimbise kuvepo kweHTTP / 2.0 protocol yakashambadzirwa naNginx, bvisa iri pazasi rairo Tsvaga h2 Izwi muzvibvumirano zvakashambadzirwa neseva.

openssl s_client -batanidza localhost: 443 -nextprotoneg ”

Kwayedza SSL chitupa nemuvhura opensl

Iwe unogona zvakare kuona mamiriro ehukama uye tarisa kana http2 protocol yakashambadzirwa neNginx kubva kuBrowser browser nekudzvanya F12 basa kiyi uye kukumbira iyo peji. Kuti uratidze protocol inoshandiswa nechikumbiro, enda kuNetwork tab, penya panzira paType menyu uye chengeta Protocol yakaiswa. HTTP2 protocol inofanirwa kuratidzwa se h2 mune yazvino protocol ikholamu, sezvakaratidzwa mune pazasi skrini.

Chitupa chekuyedza mubrowser

Nhanho 4: Isa PHP7.0

Nginx webhu server inogona kushandira zvine simba zvewebhu zvirimo nerubatsiro rwePHP programming mutauro muturikiri kuburikidza nePHP FastCGI maneja maneja uko Nginx inopfuudza iyo zvikumbiro zvekugadziriswa FastCGI maneja wemaitiro anogona kuwanikwa nekuisa iyo php-fpm pre-yakanyorwa package yakapihwa neDebian 9 yepamutemo reposheni.

Kuti ugadzire php-fpm process maneja uye PHP7.0 muturikiri mune ino system pamwe nemamwe mapakeji ayo anotendera PHP kutaurirana neNginx web server, buritsa pazasi rairo pane yako server koni:

sudo inokodzera kuisa php7.0 php7.0-fpm php7.0-curl php7.0-gd

Kana muturikiri wePHP7.0 aiswa zvinobudirira musystem yako, tanga uye tarisa php7.0-fpm daemon nekupa rairo pazasi:

sudo systemctl kutanga php7.0-fpm

sudo systemctl chimiro php7.0-fpm

Mune iri pamusoro faira reTLS rekumisikidzwa kweNginx, isu takatowedzera mabhaisikopo ePHP FastCGI maneja wekuita kuitira kushandira zvine simba zvemukati. Bhokisi rekodhi rinoita kuti Nginx ishandise muturikiri wePHP inoratidzwa mune iripazasi, saka hapana matanho anodikanwa kuenderera mberi kugadzirisa Nginx TSL yekumisikidza faira. Iyo hashtag # chiratidzo kubva pakutanga kwemitsara mune pazasi skrini ndiwo makomendi. Mitsara yakataurwa kubva kumafaira ekumisikidza haifuratirwe nekusarongeka neNginx webhu server.

nzvimbo ~ .php $ {inosanganisira zvidhori / fastcgi-php.conf; fastcgi_pass unix: /run/php/php7.0-fpm.sock; }

Bvumira PHP muNginx

Kuti uedze uye usimbise kana Nginx inogona kunyatsopasa mafaera php kune processor yePHP, gadzira iyo PHP info.php test yekumisikidza faira nekuburitsa pazasi rairo

sudo su -c 'echo " "> /Var/www/html/info.php '

Wobva washanyira php info peji muwebhu browser yako nekufamba kune rako dura dura zita kana yeruzhinji IP kero inoteverwa ne /info.php sezvakaratidzwa mumufananidzo uri pazasi.

https://www.linuxbox.cf/info.php

or

http://192.168.1.14/info.php

phpinfo kuburitsa

Iwe unogona zvakare kutarisa kana HTTP / 2.0 protocol yakashambadzirwa neseva nekutsvaga mutsara $ _SERVER ['SERVER_PROTOCOL'] pane PHP Anoshanduka.

Kuisa mamwe maPHP.7.0 ma module, mhanyisa iyo apt kutsvaga php7.0 raira kuti uwane yakatarwa PHP module uye uiise. Kana iwe uri kuronga kuisa Yemukati Management Sisitimu, senge WordPress, pamusoro peyako LEMP stack, buritsa unotevera kuraira kuti uise mamwe akawedzera PHP ma module.

Sudo apt kuisa php7.0-mcrypt php7.0-mbstring

Nekudaro, iwo achangomisikidzwa PHP ma module haabvumidzwe nekutadza pane yako system. Kuti ugone kumisikidza nyowani yakaiswa PHP module yeNinx, iwe unofanirwa kutangazve PHP-FPM sevhisi nekupa iri pazasi rairo.

sudo systemctl restart php7.0-fpm.service

Nhanho 5: Isa MariaDB Dhatabhesi

Pakupedzisira, chidimbu chekupedzisira cheRAMP stack puzzle chisipo mudhatabhesi. Iyo MariaDB dhatabhesi LEMP chikamu chinoshandiswa kuchengetedza zvinyorwa mumatafura nemakoramu uye zvine simba kugadzirisa data rewebhu kunyorera. Kuti ugadzire MariaDB dhatabhesi manejimendi manejimendi muDebian 9 ine inodiwa PHP module yekuwana iyo dhatabhesi kubva kumafaira ePP, bvisa iri pazasi rairo mune yako server koni. Shure kwaizvozvo, tangazve PHP-FPM daemon kuitira kuti ishandise iyo PHP MySQL module inodiwa kuti uwane iyo dhatabhesi.

sudo apt kuisa mariadb-server mariadb-mutengi php7.0-mysql

sudo systemctl restart php7.0-fpm.service

Nekukanganisa, iyo system midzi account kana vashandisi vane midzi irombo vanogona kuwana iyo dhatabhesi pasina kupa password. Kuti ushandure hunhu uhu, kuti MySQL ikumbire password nguva yega yega mushandisi wesisitimu paanoedza kuwana iyo dhatabhesi, pinda mukati meMySQL dhatabhesi kubva kune yekuraira mutsara interface, uine midzi irombo, uye ita inotevera mirairo muMySQL koni:

sudo mysql

MariaDB> shandisa mysql; MariaDB> kugadzirisa mushandisi seti plugin = '' apo Mushandisi = 'mudzi'; MariaDB> rombo rakanaka; MariaDB> kubuda

MariaDB

Panhanho rinotevera, ita shuwa kuti unochengetedza MariaDB nekushandisa yekuchengetedza script mysql_secure_installation yakapihwa neiyo yekuisa package kubva kuDebian yakatambanudza zvinyorwa Ndichiri kumhanyisa script inobvunza yakateedzana mibvunzo yakagadzirirwa kuchengetedza dhatabhesi yeMariaDB, senge: kushandura MySQL midzi password, kubvisa vashandisi vasingazivikanwe, kudzima midzi midzi yekunze uye kudzima bvunzo dhatabhesi. Dzorera script nekupa rairo pazasi uye vimbisa iwe kuti hongu kumibvunzo yese yakabvunzwa kuitira kuchengetedza zvizere daemon yeMySQL. Shandisa pazasi script kuburitsa kunze kwekutungamira.

sudo mysql_secure_installation

Cherechedza: KUTAURA ZVOSE ZVINHU ZVENYAYA YOKUTSVA INOKWAKURIRWA KWOSE MariaDB

VASHANDI MUZVIMBO ZVOKUSHANDISA! TADZAI VERENGA ZVINHU ZVOSE ZVINOKOSHA!

Kuti upinde muMariaDB kuti uichengetedze, tinoda iyo iripo

password yemidzi midziyo. Kana iwe uchangoisa MariaDB, uye

hausati wamisa iyo password password, password ichave isina chinhu,

saka iwe unofanirwa kungovhara kupinda muno.

Pinda purogiramu yemazuva emudzidzi (pinda pasina):

Zvakanaka, kubudirira kushandisa password, achifamba ...

Kugadzirisa midzi yephasiwedi kunovimbisa kuti hakuna munhu anogona kupinda muMariaDB

root user using the right authorization.

Iwe unotova ne password password yakaiswa, saka iwe unogona kupindura zvakachengeteka 'n'.

Shandura midzi yedemo? [Y / n] y

Nyaya itsva

Dzorera zvakare password itsva:

Purogiramu inoshandiswa kubudirira

Kudzokororazve matafura eropafadzo ..

... kubudirira!

Nokusakwanisa, kuiswa kwaMariaDB kune munhu asingazivikanwi, anoshandisa chero munhu

kuti upinde muMariaDB pasina kuve nekodhi yekushandisa yakashandiswa

ivo. Izvi zvinongotarirwa chete kuongororwa, uye kugadzira kuiswa

enda zvishoma zvishoma. Iwe unofanira kuzvibvisa usati waenda kune a

chimiro chekuita.

Bvisa vashandisi vasingazivikanwe? [Y / n] y

... kubudirira!

Kazhinji, mudzi unofanirwa kubvumidzwa kuti ubatane kubva 'localhost'. Izvi

rinovimbisa kuti mumwe munhu haagoni kufungidzira pamusi wepwediki kubva kunhare.

Rega kudzivirira midzi kure? [Y / n] y

... kubudirira!

By default, MariaDB inouya ne database inonzi 'test' inogona chero munhu

access. Izvi zvinotarisirwawo chete kuongororwa, uye inofanira kubviswa

tisati taenda kunzvimbo yekugadzira.

Bvisa test database uye uwane nayo? [Y / n] y

- Kudonhedza bvunzo dhata…

... kubudirira!

- Kubvisa ropafadzo pane bvunzo dhata…

... kubudirira!

Kudzokororazve maropafadzo ematafura kuchaita kuti zvinhu zvose zvigadziridzwe kusvika ikozvino

inotanga kushanda pakarepo.

Kudzoserazve matafura eropafadzo zvino? [Y / n] y

... kubudirira!

Kuchenesa…

Zvese zvakaitwa! Kana iwe wapedza ese matanho ari pamusoro, yako MariaDB

kuiswa kunofanira kunge ikozvino kwakachengeteka.

Ndinotenda nekushandisa MariaDB!

Chekupedzisira, kuitira kuti uedze MariaDB mashandiro, pinda mudhatabhesi kubva kunyaradzo uye ita unotevera kuraira. Rondedzero yedhatabhesi dhatabhesi inofanirwa kuratidzwa muMariaDB koni. Siya MariaDB koni ne mbudo Statement.

mysql -u mudzi -p

MariaDB [(hapana)]> ratidza dhatabhesi; + -------------------- + | Dhatabhesi | + -------------------- + | ruzivo_schema | | mysql | | mashandiro_schema | + -------------------- + 3 mitsara mune set (0.00 sec) MariaDB [(hapana)]> kubuda

MariaDB ratidza dhatabhesi

Izvo 'zvese! Nginx webhu server, dhatabhesi yeMariaDB, uye mutauro wePHP wakaiswa pane yako Debian 9 muchina Iwe unogona ikozvino kutanga kuvaka zvine simba mawebhusaiti kana webhu kunyorera kune vashanyi vako.

mabviro