一、Nginx 安装及配置

1、安装:apt -y update && apt install nginx (可加 --no-install-recommends 只安装主要依赖项)

2、创建 www 用户:groupadd www && useradd -g www www

3、配置:

nano /etc/nginx/nginx.conf

user www;
worker_processes auto;
worker_rlimit_nofile 65535;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 2048;
    use epoll;
    multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 120;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip  on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_min_length 1k;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml text/javascript application/javascript application/x-javascript text/x-json application/json application/x-web-app-manifest+json text/css text/plain text/x-component font/opentype font/ttf application/x-font-ttf application/vnd.ms-fontobject image/x-icon;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

#mail {
#    # See sample authentication script at:
#    # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#    # auth_http localhost/auth.php;
#    # pop3_capabilities "TOP" "USER";
#    # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#    server {
#        listen     localhost:110;
#        protocol   pop3;
#        proxy      on;
#    }
# 
#    server {
#        listen     localhost:143;
#        protocol   imap;
#        proxy      on;
#    }
#}
}

4、添加 Typecho 配置文件:

nano /etc/nginx/conf.d/typecho.conf

server {
    listen 80;
    listen [::]:80;
    listen 443 http2 ssl;
    listen [::]:443 http2 ssl;
    server_name znov.org www.znov.org;
    ssl_certificate /www/ssl/cert.pem;
    ssl_certificate_key /www/ssl/key.pem.unsecure;
    root /www/typecho;
    index index.php index.html index.htm;

    location / {
        if (-f $request_filename/index.html){
            rewrite (.*) $1/index.html break;
        }
        if (-f $request_filename/index.php){
            rewrite (.*) $1/index.php;
        }
        if (!-f $request_filename){
            rewrite (.*) /index.php;
        }
    }

    location ~ \.php$ {
        try_files $uri /index.php =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.3-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\. {
        deny all;
    }

    location ~ .*\.(gif|jpg|png|jpeg|bmp|webp|webm|swf|mp3|flac|mp4|mkv|avi|exe|txt|bat|chm|pdf|epub|mobi|flv|ico|eot|ttf|otf|woff|svg)$ {
        expires     30d;
        access_log    off;
        valid_referers znov.org *.znov.org *.baidu.com *.google.com;
        if ($invalid_referer) {
            return 404;
        }
    }

    location ~ .*\.(js|css)?$ {
        expires 7d;
        access_log off;
    }

    #禁止Scrapy等工具的抓取
    if ($http_user_agent ~* (Scrapy|Curl|Wget|aria2c|HttpClient)) {
            return 403;
    }
    #禁止指定UA及UA为空的访问
    if ($http_user_agent ~ "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot|WinHttp|WebZIP|FetchURL|node-superagent|java/|FeedDemon|Jullo|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|Java|Feedly|Apache-HttpAsyncClient|UniversalFeedParser|ApacheBench|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|HttpClient|MJ12bot|heritrix|EasouSpider|Ezooms|BOT/0.1|YandexBot|FlightDeckReports|Linguee Bot|^$" ) {
            return 403;
    }
    #禁止非GET|HEAD|POST方式的抓取
    if ($request_method !~ ^(GET|HEAD|POST)$) {
            return 403;
    }
}

二、PHP 安装及配置

1、安装:apt install php7.3-fpm php7.3-mbstring php7.3-gd php7.3-xmlrpc php7.3-mysql php7.3-curl

2、配置:

1、nano /etc/php/7.3/fpm/php.ini

zlib.output_compression = On
zlib.output_compression_level = 5
max_execution_time = 3600
max_input_time = 3600
memory_limit = 128M
error_reporting = E_ERROR
post_max_size = 100M
cgi.fix_pathinfo=0
upload_max_filesize = 100M
date.timezone = PRC

[opcache]
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.max_wasted_percentage=5
opcache.use_cwd=0
opcache.validate_timestamps=1
opcache.revalidate_freq=60
opcache.save_comments=0
opcache.enable_file_override=1
opcache.file_cache=/tmp

2、nano /etc/php/7.3/fpm/pool.d/www.conf

user = www
group = www

# PHP-FPM 子进程副本创建的最大数,创建的越多并发能力越强。同时修改空闲时进程数 pm.min_spare_servers 和pm.max_spare_servers,不能比 pm.max_children 大。
pm.max_children = 5;

# 接收多少次请求后重新建立 PHP-FPM 子进程
pm.max_requests = 250

# PHP 脚本最大执行时间
request_terminate_timeout = 100

三、MariaDB 安装及配置

1、安装:apt install mariadb-server

2、修改密码:

mariadb
use mysql
UPDATE user SET Password = password('新密码') WHERE User = 'root';
flush privileges;

# 使用原生 MySQL 认证:
update mysql.user set plugin = 'mysql_native_password' where User='root';
flush privileges;
exit

3、配置:

mv /etc/mysql/my.cnf

#
# These groups are read by MariaDB server.
# Use it for options that only the server (but not clients) should see
#
# See the examples of server my.cnf files in /usr/share/mysql

# this is read by the standalone daemon and embedded servers
[server]

# this is only for the mysqld standalone daemon
[mysqld]

#
# * Basic Settings
#
user                    = mysql
pid-file                = /run/mysqld/mysqld.pid
socket                  = /run/mysqld/mysqld.sock
#port                   = 3306
basedir                 = /usr
datadir                 = /var/lib/mysql
tmpdir                  = /tmp
lc-messages-dir         = /usr/share/mysql
skip-external-locking

skip-bdb
skip-innodb

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address            = 127.0.0.1

#
# * Fine Tuning
#
key_buffer_size        = 16K
max_allowed_packet     = 1M
thread_stack           = 64K
thread_cache_size      = 8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
#myisam_recover_options = BACKUP
max_connections        = 20
table_cache            = 4
thread_concurrency     = 4

default-storage-engine=MYISAM
innodb=OFF

#
# * Query Cache Configuration
#
query_cache_limit      = 256K
query_cache_size        = 4M

#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
# As of 5.1 you can enable the log at runtime!
#general_log_file       = /var/log/mysql/mysql.log
#general_log            = 1
#
# Error log - should be very few entries.
#
log_error = /var/log/mysql/error.log
#
# Enable the slow query log to see queries with especially long duration
#slow_query_log_file    = /var/log/mysql/mariadb-slow.log
#long_query_time        = 10
#log_slow_rate_limit    = 1000
#log_slow_verbosity     = query_plan
#log-queries-not-using-indexes
#
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
#       other settings you may need to change.
#server-id              = 1
#log_bin                = /var/log/mysql/mysql-bin.log
expire_logs_days        = 3
#max_binlog_size        = 100M
#binlog_do_db           = include_database_name
#binlog_ignore_db       = exclude_database_name

#
# * Security Features
#
# Read the manual, too, if you want chroot!
#chroot = /var/lib/mysql/
#
# For generating SSL certificates you can use for example the GUI tool "tinyca".
#
#ssl-ca = /etc/mysql/cacert.pem
#ssl-cert = /etc/mysql/server-cert.pem
#ssl-key = /etc/mysql/server-key.pem
#
# Accept only connections using the latest and most secure TLS protocol version.
# ..when MariaDB is compiled with OpenSSL:
#ssl-cipher = TLSv1.2
# ..when MariaDB is compiled with YaSSL (default in Debian):
#ssl = on

#
# * Character sets
#
# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full
# utf8 4-byte character set. See also client.cnf
#
character-set-server  = utf8mb4
collation-server      = utf8mb4_general_ci

#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!

#
# * Unix socket authentication plugin is built-in since 10.0.22-6
#
# Needed so the root database user can authenticate without a password but
# only when running as the unix root user.
#
# Also available for other users if required.
# See https://mariadb.com/kb/en/unix_socket-authentication-plugin/

# this is only for embedded server
[embedded]

# This group is only read by MariaDB servers, not by MySQL.
# If you use the same .cnf file for MySQL and MariaDB,
# you can put MariaDB-only options here
[mariadb]

# This group is only read by MariaDB-10.3 servers.
# If you use the same .cnf file for MariaDB of different versions,
# use this group for options that older servers don't understand
[mariadb-10.3]

4、常用操作命令:

新建数据库:create database 库名;
删除数据库:drop database 库名;
查看数据库:show databases;
查看数据库参数:show variables;
查看数据库中的表:show tables;
查看某个列表中的所有数据:select  * from 表名;
查看创建数据库状态:show create database 库名;
使用哪个库:use 库名;
创建用户并支持中文:create database test character set=utf8mb4;
查看 test 字符集:show create database  test
直接在终端创建数据库:mysqladmin -u user -p create test
直接在终端删除数据库:mysqladmin -u root -p drop test
修改数据库默认字符集:alter database 库名 default character set=utf8mb4;
单个数据库备份:mysqldump -u root -p密码 --databases  test > test.sql
多个数据库备份:mysqldump -u root -p密码 --databases  db_name1 db_name2 > db_name12_backup.sql
恢复数据库:mysql -u root -p密码 database_name < db_backup.sql
恢复数据库到已经存在的数据库中:mysqlimport -u root -p密码 database_name < db_backup.sql

四、Typecho 安装

mkdir /www && cd /www
wget http://typecho.org/build.tar.gz
tar xvf build.tar.gz
mv build typecho
chown -R www:www /www/*

接下来浏览器输入域名按步骤安装即可。

五、部分操作命令

1、Nginx
Nginx 启动:systemctl start nginx
Nginx 停止:systemctl stop nginx
Nginx 重启:systemctl restart nginx
Nginx 状态:systemctl status nginx
Nginx 查错:nginx -t
Nginx 重载配置:nginx -s reload

2、PHP
启动、停止、重启、状态命令类似 Nginx

3、MariaDB
启动、停止、重启、状态命令类似 Nginx
Last modification:January 6th, 2020 at 02:57 pm
如果觉得我的文章对你有用,请随意赞赏