一次LNMP安装笔记 新开了一台虚拟机测试机，于是进行了LNMP安装测试，以下是编译笔记。系统环境：CentOS6-X86_64MySQL版本：5.6.39Nginx版本：1.12.2PHP版本5.6.35安装LNMP所需依赖yum install -y gcc gcc-c++ bison-devel ncurses-devel perl cmake pcre pcre-devel openssl openssl-devel zlib zlib-devel automake libcurl curl-devel bzip2 bzip2-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel mcrypt mhash mhash-devel readline-devel libedit-devel sqlite-devel libiconv libmcrypt libmcrypt-devel icu libicu libicu-devel libxslt libxslt-devel编译MySQLcd /usr/src wget https://mirrors.ustc.edu.cn/mysql-ftp/Downloads/MySQL-5.6/mysql-5.6.39.tar.gz tar -zxvf mysql-5.6.39.tar.gz group add mysql useradd -s /sbin/nologin -g mysql mysql mkdir -p /usr/local/mysql/ cd /usr/src/mysql-5.6.39 cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/usr/local/mysql/data -DSYSCONFDIR=/etc -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_MEMORY_STORAGE_ENGINE=1 -DWITH_READLINE=1 -DMYSQL_TCP_PORT=3306 -DENABLED_LOCAL_INFILE=1 -DWITH_PARTITION_STORAGE_ENGINE=1 -DEXTRA_CHARSETS=all -DWITH_FEDERATED_STORAGE_ENGINE=1 -DEXTRA_CHARSETS=all -DDEFAULT_CHARSET=utf8mb4 -DDEFAULT_COLLATION=utf8mb4_general_ci -DWITH_EMBEDDED_SERVER=1 make && make install /usr/local/mysql/scripts ln -s /usr/local/mysql/bin/mysql /usr/bin/mysql ln -s /usr/local/mysql/bin/mysqlcheck /usr/bin/mysqlcheck ln -s /usr/local/mysql/bin/mysqld_safe /usr/bin/mysqld_safe ln -s /usr/local/mysql/bin/mysqldump /usr/bin/mysqldump ln -s /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql编译Nginxcd /usr/src wget http://nginx.org/download/nginx-1.12.2.tar.gz tar -zxvf nginx-1.12.2.tar.gz groupadd www useradd -s /sbin/nologin -g www www mkdir -p /usr/local/nginx cd /usr/src/nginx-1.12.2 ./configure --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --error-log-path=/usr/local/nginx/log/error.log --http-log-path=/home/wwwlogs/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --user=www --group=www --with-http_ssl_module --with-http_sub_module --with-http_stub_status_module --with-http_gzip_static_module --http-client-body-temp-path=/usr/local/nginx/temp/client/ --http-proxy-temp-path=/usr/local/nginx/temp/proxy/ --http-fastcgi-temp-path=/usr/local/nginx/temp/fcgi/ --http-uwsgi-temp-path=/usr/local/nginx/temp/uwsgi --http-scgi-temp-path=/usr/local/nginx/temp/scgi --with-pcre make && make install编译PHPmkdir -p /usr/local/php cd /usr/src wget http://cn2.php.net/distributions/php-5.6.35.tar.gz tar -zxvf php-5.6.35.tar.gz cd php-5.6.35/ ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-config-file-scan-dir=/usr/local/php/conf.d --enable-fpm --with-fpm-user=www --with-fpm-group=www --with-mysql=mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-iconv-dir --with-freetype-dir=/usr/local/freetype --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --enable-mbregex --enable-mbstring --with-mcrypt --enable-ftp --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --with-gettext --disable-fileinfo --enable-opcache --enable-intl --with-xsl make && make install cp /usr/src/php-5.6.35/php.ini-production /usr/local/php/etc/php.ini cp /usr/src/php-5.6.35/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm如果编译出现libiconv错误则在/usr/src/php-5.6.35/Makefile文件此行末尾添加-liconvEXTRA_LIBS = -lcrypt -lz -lexslt -lresolv -lcrypt -lrt -lmcrypt -lstdc++ -lpng -lz -ljpeg -lcurl -lz -lrt -lm -ldl -lnsl -lxml2 -lz -lm -ldl -lssl -lcrypto -lcurl -lxml2 -lz -lm -ldl -lssl -lcrypto -lfreetype -ldl -lm -licui18n -licuuc -licudata -ldl -lm -licuio -lxml2 -lz -lm -ldl -lxml2 -lz -lm -ldl -lcrypt -lxml2 -lz -lm -ldl -lxml2 -lz -lm -ldl -lxml2 -lz -lm -ldl -lxml2 -lz -lm -ldl -lxslt -lxml2 -lz -ldl -lm -lssl -lcrypto -lcrypt -liconv编辑Nginx的配置由于配置较为复杂，因此参考了军哥LNMP一键安装包的配置user www www; worker_processes 1; worker_rlimit_nofile 65535; error_log logs/error.log; error_log logs/error.log notice; error_log logs/error.log info; pid logs/nginx.pid; events { worker_connections 65535; use epoll; } http { include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 300m; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; server_tokens off; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; gzip on; include vhost/*.conf; } #在一个server字段中打开PHP支持 location ~ [^/]\.php(/|$) { try_files $uri =404; fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_index index.php; include fastcgi.conf; }附nginx启动脚本，脚本来自LNMP一键安装包#! /bin/sh # chkconfig: 2345 55 25 # Description: Startup script for nginx webserver on Debian. Place in /etc/init.d and # run 'update-rc.d -f nginx defaults', or use the appropriate command on your # distro. For CentOS/Redhat run: 'chkconfig --add nginx' ### BEGIN INIT INFO # Provides: nginx # Required-Start: $all # Required-Stop: $all # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: starts the nginx web server # Description: starts nginx using start-stop-daemon ### END INIT INFO # Author: licess # website: https://lnmp.org PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin NAME=nginx NGINX_BIN=/usr/local/nginx/sbin/$NAME CONFIGFILE=/usr/local/nginx/conf/$NAME.conf PIDFILE=/usr/local/nginx/logs/$NAME.pid if [ -s /bin/ss ]; then StatBin=/bin/ss else StatBin=/bin/netstat fi case "$1" in start) echo -n "Starting $NAME... " if $StatBin -tnpl | grep -q nginx;then echo "$NAME (pid `pidof $NAME`) already running." exit 1 fi $NGINX_BIN -c $CONFIGFILE if [ "$?" != 0 ] ; then echo " failed" exit 1 else echo " done" fi ;; stop) echo -n "Stoping $NAME... " if ! $StatBin -tnpl | grep -q nginx; then echo "$NAME is not running." exit 1 fi $NGINX_BIN -s stop if [ "$?" != 0 ] ; then echo " failed. Use force-quit" exit 1 else echo " done" fi ;; status) if $StatBin -tnpl | grep -q nginx; then PID=`pidof nginx` echo "$NAME (pid $PID) is running..." else echo "$NAME is stopped." exit 0 fi ;; force-quit|kill) echo -n "Terminating $NAME... " if ! $StatBin -tnpl | grep -q nginx; then echo "$NAME is is stopped." exit 1 fi kill `pidof $NAME` if [ "$?" != 0 ] ; then echo " failed" exit 1 else echo " done" fi ;; restart) $0 stop sleep 1 $0 start ;; reload) echo -n "Reload service $NAME... " if $StatBin -tnpl | grep -q nginx; then $NGINX_BIN -s reload echo " done" else echo "$NAME is not running, can't reload." exit 1 fi ;; configtest) echo -n "Test $NAME configure files... " $NGINX_BIN -t ;; *) echo "Usage: $0 {start|stop|restart|reload|status|configtest|force-quit|kill}" exit 1 ;; esac

Let's Encrypt免费泛域名SSL证书获取 Let's Encrypt在2018年3月正式支持泛域名证书，使用泛域名的好处就是可以一键支持所有二级域名，不必再单独为二级域名创建SSL证书。之前是使用certbot通过随机生成一个文件到域名所对应的网站目录，然后letsencrypt的机器人会通过GET请求相应域名并获取该随机文件的方式来确保申请者对域名的控制权，个人觉得此办法及其麻烦，想要SSL证书服务器就必须开放http服务，而现在申请泛域名SSL证书的办法可通过使用acme.sh脚本来申请，该脚本的原理是通过DNS解析商提供的API来添加/删除一条域名的TXT记录，然后让CA机构进行验证，以确保申请者对域名的所有权。该方法不必使用http方式来申请，大大方便了SSL证书的申请过程。参考文档：https://github.com/Neilpang/acme.shhttps://github.com/Neilpang/acme.sh/blob/master/dnsapi/README.md（DNS API使用方法）wget -O - https://get.acme.sh | sh chmod +x acme.sh首次运行acme.sh脚本会初始化并生成一些通过NS提供商API修改记录的配置文件，在dnsapi目录下，如果你的NS解析商为阿里云，就先获取阿里云API Key，然后修改dnsapi目录内相对应的模板，填入对应的API Keyexport Ali_Key=xxxxx export Ali_Secret=xxxxx完成API Key的编辑后，就可以开始执行申请证书的命令./acme.sh --issue -d *.你的域名.com 你的域名.com --dns dns_ali如果申请成功，脚本会有提示在/root/.acme.sh/*.你的域名.com目录下可找到证书文件

正则表达式笔记 \d 匹配数字0-9；\D 匹配非数字；\w 匹配任意单字符；\W 匹配非单字符；\s 匹配空白字符；\S 匹配非空字符；基本正则表达式. :匹配任意单个字符*：匹配前一个字符出现零次或者多次.*：匹配任意多个任意字符[] ：匹配集合中任意单个字符[x-y]：匹配连续的字串范围^：匹配字串开头$：匹配字串结尾[^]：匹配否定，对括号中集合取反\：匹配转义后字串{n,m}：匹配前一个字符重复n到m次{n,}：匹配前一个字符重复至少n次()：将(与)之间内容存储在保留空间，最大存储9个\n：通过\1至\9调用保留空间中的内容扩展正则表达式{n,m}：等同基本正则表达式的{n,m}+：匹配前一个字符出现一次或者多次?：匹配前一个字符出现零次或者一次|：匹配符号前或者后的字串()：匹配正则集合[:alpha:] 字母字符[:alnum:] 字母与数字字符[:cntrl:] 控制字符[:digit:] 数字字符[:xdigit:] 十六进制数字字符[:punct:] 标点符号[:graph:] 非空格字符[:print:] 任何可以显示的字符[:space:] 任何产生空白的字符[:blank:] 空格与tab键字符[:lower:] 小写字符[:upper:] 大写字符

免费SSL证书Let's encrypt申请流程及nginxSSL配置 wget https://dl.eff.org/certbot-autochmod a+x certbot-auto单域名./certbot-auto certonly --email youremail@example.com --agree-tos --webroot -w 网站目录 -d 域名多域名./certbot-auto certonly --email youremail@example.com --agree-tos --webroot -w 网站目录 -d 域名1 -d 域名2续期./certbot-auto certonly --renew-by-default --email youremail@example.com -d yourdomainnamenginxSSL段配置写法ssl on;ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers"EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"; ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;

Nginx HTTP301跳转写法 server { listen 80; server_name example.com; rewrite ^(.*) https://example.com$1 permanent; }