CentOS7安装php类型CMS(Mariadb10.5)

CentOS7安装php类型CMS(Mariadb10.5)

测试环境

# uname -a
Linux localhost.localdomain 3.10.0-1160.15.2.el7.x86_64 #1 SMP Wed Feb 3 15:06:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

# cat /etc/redhat-release 

CentOS Linux release 7.9.2009 (Core)

# php -v 
php-fpm -vPHP 7.2.34 (cli) (built: Oct  1 2020 13:37:37) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.34, Copyright (c) 1999-2018, by Zend Technologies

# php-fpm -v
PHP 7.2.34 (fpm-fcgi) (built: Oct  1 2020 13:40:44)
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.34, Copyright (c) 1999-2018, by Zend Technologies

# mariadb --version
mariadb  Ver 15.1 Distrib 10.5.8-MariaDB, for Linux (x86_64) using readline 5.1

系统部署

yum update
vi /etc/selinux/config 

systemctl disable firewalld
systemctl disable postfix
vi /etc/ssh/sshd_config 


vi /etc/security/limits.conf    
root soft nofile 65535
root hard nofile 65535
* soft nofile 65535
* hard nofile 65535

# cat /etc/sysctl.conf 
vm.swappiness = 0
kernel.sysrq = 1

net.ipv4.neigh.default.gc_stale_time = 120

# see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2

# see details in https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_slow_start_after_idle = 0


reboot 


yum install vim wget curl net-tools unzip lrzsz 

MariaDB10.5安装

/etc/yum.repos.d/MariaDB.repo

# MariaDB 10.5 CentOS repository list - created 2021-02-22 04:46 UTC
# https://mariadb.org/download/
[mariadb]
name = MariaDB
baseurl = https://mirrors.nju.edu.cn/mariadb/yum/10.5/centos7-amd64
gpgkey=https://mirrors.nju.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck=1

yum install MariaDB-server MariaDB-client

MariaDB官方源

MariaDB配置

# cat /etc/my.cnf
[mysqld]    
user    = mysql
port    = 3306  
datadir=/data/mysql
# socket=/data/mysql/mysql.sock
socket=/var/lib/mysql/mysql.sock    
innodb_buffer_pool_size=128m    
skip_name_resolve = 1
open_files_limit  = 65535   
init_connect='SET collation_connection = utf8mb4_unicode_ci'
init_connect='SET NAMES utf8mb4'
character-set-server = utf8mb4
collation-server     = utf8mb4_unicode_ci

max_connections     = 10240
max_connect_errors  = 1000000
interactive_timeout = 600
wait_timeout        = 600   

# slow query
slow_query_log = 1
long_query_time = 0.5       
explicit_defaults_for_timestamp=0
log-error=/data/mysql/mysql-error.log

pid-file=/data/mysql/mysqld.pid 

#
# This group is read both by the client and the server
# use it for options that affect everything
#
[client-server]

#
# include *.cnf from the config directory
#
!includedir /etc/my.cnf.d

[mysqldump]
quick
max_allowed_packet = 32M



mkdir -p /data/mysql
chown -R mysql.mysql /data/mysql
mariadb-install-db /data/mysql


mariadb-install-db 
systemctl enable mariadb
systemctl start mariadb

创建CMS数据库 及账号授权

>  
> select version();  
> use mysql
> select Host,User,Password from user;
> delete from  user where User='';

> ALTER USER 'root'@'localhost' IDENTIFIED BY '123456789';
> ALTER USER 'mysql'@'localhost' IDENTIFIED BY '123456789';
> create database eycms;
> create database xrcms;
> grant all on eycms.*  to 'eycms'@'127.0.0.1' identified by 'eycms122333eycms' ;
> grant all on xrcms.*  to 'xrcms'@'127.0.0.1' identified by 'xrcms122333xrcms' ;
> flush privileges;

php-fpm安装

rpm -Uvh https://mirror.webtatic.com/yum/el7/epel-release.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum install -y php72w php72w-opcache php72w-xml php72w-gd php72w-devel php72w-mysql php72w-intl php72w-mbstring  php72w-pecl-imagick php72w-pecl-imagick-devel
yum install php72w-fpm


# grep -v ';' /etc/php-fpm.d/www.conf   
[www]

user = apache
group = apache
listen = /run/php-fpm/www.sock  
listen.owner = apache
listen.group = apache
listen.mode = 0660  
listen.allowed_clients = 127.0.0.1

pm = dynamic
pm.max_children = 20    
pm.start_servers = 5
pm.min_spare_servers = 5    
pm.max_spare_servers = 20
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on

php_value[session.save_handler] = files
php_value[session.save_path]    = /var/lib/php/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache


systemctl start php-fpm
systemctl enable php-fpm

Nginx安装

mkdir -p /data/src
cd /data/src
wget https://nginx.org/download/nginx-1.18.0.tar.gz

./configure --user=apache --group=apache --prefix=/usr/local/nginx --with-http_v2_module --with-stream --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module --with-http_ssl_module --with-pcre --with-http_realip_module --with-http_image_filter_module --with-file-aio  --with-ld-opt=-ljemalloc

make
make install

# cat /etc/logrotate.d/nginx 
/usr/local/nginx/logs/access.log {
    #compress
    nocompress
    daily
    copytruncate
    create
    notifempty
    rotate 14
    missingok
    dateext
    sharedscripts
    postrotate
        /bin/kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`   > /dev/null 2>/dev/null || true 
    endscript
}

dhparam文件

openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048

nginx配置文件

# cat /usr/local/nginx/conf/nginx.conf
user apache apache;
worker_processes  2;
worker_rlimit_nofile 65535;
error_log  /usr/local/nginx/logs/error.log debug;

events {
    use epoll;
    multi_accept on;
    accept_mutex off;
    worker_connections  65535;
}

http{
    include   mime.types;

    log_format  log_access  '$remote_addr - $remote_user [$time_local] "$http_host" "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" $http_x_forwarded_for '
                    '"$upstream_addr" "$upstream_status" "$upstream_response_time" "$request_time" "$upstream_cache_status"';
    access_log /usr/local/nginx/logs/access.log log_access;

    server_tokens off;
    default_type  application/octet-stream;
    underscores_in_headers on;
    server_names_hash_bucket_size 128;
    gzip  on; 
    gzip_min_length  1k;
    gzip_buffers   4  16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types       text/plain  application/x-javascript text/css application/xml application/x-httpd-php application/xhtml+xml;
    gzip_vary on;

    client_header_buffer_size 32k;  
    large_client_header_buffers 4 32k;  

    sendfile        on;  
    #aio on;
    #directio 4m;
    tcp_nopush     on;  
    tcp_nodelay on;

    proxy_cache_path /usr/local/nginx/proxy_cache_temp levels=1:1:1 keys_zone=pcache:10m max_size=128m;


    client_body_buffer_size 128k; 
    proxy_connect_timeout  600;   
    proxy_read_timeout   600;   
    proxy_send_timeout 600; 
    proxy_buffer_size 16k;   
    proxy_buffers 4 32k; 
    proxy_busy_buffers_size 54k; 
    proxy_temp_file_write_size 64k;
    proxy_ignore_client_abort on;
    proxy_hide_header X-Powered-By; 
    proxy_hide_header Server;


    ##############dns #################

    resolver 223.5.5.5 233.6.6.6 valid=60s;


    server {
        listen 80;
        add_header Strict-Transport-Security max-age=86400;
        return 301 https://$host$request_uri;
    }

    include /usr/local/nginx/conf/conf.d/*.conf;
}



# cat /usr/local/nginx/conf/conf.d/allgo_eycms.conf 
server {
        listen 443 ssl http2;
        server_name eycms.allgo.cc;
        # ssl on;

        ssl_certificate /usr/local/nginx/conf/ssl/fullchain.cer;
        ssl_certificate_key /usr/local/nginx/conf/ssl/allgo.cc.key;
        ssl_trusted_certificate /usr/local/nginx/conf/ssl/ca.cer;

        ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

        ssl_session_cache shared:SSL:20m;
        ssl_session_timeout 10m;


        ssl_protocols  TLSv1.1 TLSv1.2 TLSv1.3; 
        ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';
        ssl_prefer_server_ciphers   on; 
        add_header Strict-Transport-Security "max-age=31536000";
        ssl_stapling on;
        ssl_stapling_verify on;

        fastcgi_hide_header X-Powered-By;

        root   /data/eycms;
        index  index.php;

        location / {
            try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass unix:/run/php-fpm/www.sock;
            fastcgi_index   index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
            expires max;
            log_not_found off;
        }
}


# cat /usr/local/nginx/conf/conf.d/allgo_xrcms.conf 
server {
        listen 443 ssl http2;
        server_name xrcms.allgo.cc;
        # ssl on;

        ssl_certificate /usr/local/nginx/conf/ssl/fullchain.cer;
        ssl_certificate_key /usr/local/nginx/conf/ssl/allgo.cc.key;
        ssl_trusted_certificate /usr/local/nginx/conf/ssl/ca.cer;

        ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

        ssl_session_cache shared:SSL:20m;
        ssl_session_timeout 10m;

        ssl_protocols  TLSv1.1 TLSv1.2 TLSv1.3; 
        ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';
        ssl_prefer_server_ciphers   on; 
        add_header Strict-Transport-Security "max-age=31536000";
        ssl_stapling on;
        ssl_stapling_verify on;

        fastcgi_hide_header x-powered-by;

        root   /data/xrcms;
        index  index.php;

        location / {
            try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass unix:/run/php-fpm/www.sock;
            fastcgi_index   index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
            expires max;
            log_not_found off;
        }

        location ^~ /cache/ {
            deny all;
        }

        location ^~ /config/ {
            deny all;
        }

        location ^~ /dayrui/ {
            deny all;
        }

        location ^~ /template/ {
            deny all;
        }
}

CMS部署

CMS文件准备

mkdir -p /data/eycms
cd /data/eycms
wget https://qiniu.eyoucms.com/EyouCMS-V1.5.1-UTF8-SP3_140.zip
unzip EyouCMS-V1.5.1-UTF8-SP3_140.zip
rm -f EyouCMS-V1.5.1-UTF8-SP3_140.zip

mkdir -p /data/xrcms
cd /data/xrcms
wget https://www.xunruicms.com/member.php?action=down&cid=10&is_update=123
unzip XunRuiCMS-安装包-V4.3.14-2021-02-20.zip 
rm -f XunRuiCMS-安装包-V4.3.14-2021-02-20.zip 

cd /data
chown -R apache.apache eycms xrcms

易优CMS

1
1
1
1
1

迅睿CMS

1
1
1
1
1