记录在树莓派上编译安装LNMP环境全过程

Posted by 橙叶 on Sat, Sep 30, 2017

树莓派体积小巧,但也限制了其性能。这使得在树莓派上只能选择资源占用较小的服务。如果用作HTTP服务器,Apache+MySQL就未免太臃肿了。在这里,推荐的配合是Nginx+MairaDB

1.准备

设备:树莓派3 Model B

系统:raspbian

2.下载Nginx/PCRE/OpenSSL源码包

Nginx:http://nginx.org/en/download.html

PCRE:https://ftp.pcre.org/pub/pcre/

OpenSSL:https://www.openssl.org/source/(不要下载fips版本)

PHP:http://php.net/get/php-7.0.23.tar.gz/from/a/mirror

MairaDB:https://downloads.mariadb.org/mariadb/10.2.8/

3.安装

创建一个目录用来存放源码,然后将下载的源码解压后放进去:
mkdir code
mv *.tar.gz ./code
cd code
tar -zxvf *.tar.gz

pi@raspberrypi:~/code $ ls nginx-1.12.1 pcre-8.41 openssl-1.1.0f.tar.gz

1.安装PCRE/Nginx

进入PCRE源码目录,执行
 ./configure
pi@raspberrypi:~/code $ cd pcre-8.41/
pi@raspberrypi:~/code/pcre-8.41 $ sudo ./configure

进入Nginx源码目录,编译安装Nginx:

./configure \
--prefix=/etc/nginx \
--with-pcre=/home/code/pcre-8.41 \
--sbin-path=/usr/sbin/nginx \
--with-http_ssl_module \
--with-openssl=/home/code/openssl-1.1.0f

其中在

--with-pcre=

指定的是pcre的源码目录。

--with-openssl=

指向openssl的源码目录。

然后开始编译:

make && sudo make install

如果编译时出现问题,可能是PCRE源码的问题,改用apt-get安装pcre即可:

sudo apt-get install libpcre3 libpcre3-dev

,然后在Nginx源码目录下执行

./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --with-http_ssl_module --with-openssl=/openssl

,再执行

make && sudo make install

然后静静等待编译完成。

编译完成后,启动Nginx:

sudo /usr/local/sbin/nginx

在浏览器中访问树莓派的地址,出现下图说明安装成功。

2.安装PHP

①apt-get安装(via:https://segmentfault.com/a/1190000008664157)

在/etc/apt/source.list中添加一行:
deb http://mirrordirector.raspbian.org/raspbian/ stretch main contrib non-free rpi
接着创建一个文件 sudo vi /etc/apt/preferences,添加以下内容:
Package: *
Pin: release n=jessie
Pin-Priority: 600
更新源,安装PHP:
sudo apt-get update
sudo apt-get install -t stretch php7.0 php7.0-curl php7.0-gd php7.0-fpm php7.0-cli php7.0-opcache php7.0-mbstring php7.0-xml php7.0-zip
安装好之后执行 php -v 可以查看版本。

②源码安装

将下载的源码解压到之前创建的目录中:
cd code
wget http://cn2.php.net/get/php-7.0.23.tar.gz/from/this/mirror
tar -zxvf php-7.0.23.tar.gz
安装依赖:
sudo apt-get install libxml2* libbz2-dev libjpeg-dev libmcrypt-dev libxslt1-dev libxslt1.1 libpq-dev build-essential git make
添加php用户和组:
groupadd -r www && useradd -r -g www -s /bin/false -d /usr/local/php -M php
编译配置:
 ./configure \
--prefix=/usr/local/php \
--exec-prefix=/usr/local/php \
--bindir=/usr/local/php/bin \
--sbindir=/usr/local/php/sbin \
--includedir=/usr/local/php/include \
--libdir=/usr/local/php/lib/php \
--mandir=/usr/local/php/php/man \
--with-config-file-path=/usr/local/php/etc \
--with-mysql-sock=/var/lib/mysql/mysql.sock \
--with-mcrypt=/usr/include \
--with-mhash \
--with-openssl \
--with-mysql=shared,mysqlnd \
--with-mysqli=shared,mysqlnd \
--with-pdo-mysql=shared,mysqlnd \
--with-gd \
--with-iconv \
--with-zlib \
--enable-zip \
--enable-inline-optimization \
--disable-debug \
--disable-rpath \
--enable-shared \
--enable-xml \
--enable-bcmath \
--enable-shmop \
--enable-sysvsem \
--enable-mbregex \
--enable-mbstring \
--enable-ftp \
--enable-gd-native-ttf \
--enable-pcntl \
--enable-sockets \
--with-xmlrpc \
--enable-soap \
--without-pear \
--with-gettext \
--enable-session \
--with-curl \
--with-freetype-dir \
--enable-opcache \
--enable-redis \
--enable-fpm \
--enable-fastcgi \
--with-fpm-user=www \
--with-fpm-group=www \
--without-gdbm \
--with-fpm-user=nginx \
--with-fpm-group=nginx \
--disable-fileinfo
时间还是有些长的,耐心等待,configure完后就可以继续编译了:
make && sudo make install
配置php-fpm:
cd /usr/local/php/etc
cp php-fpm.conf.default php-fpm.conf
cd /usr/local/php/etc/php-fpm.d
cp www.conf.default www.conf
启动php-fpm:
/usr/local/php/sbin/php-fpm

3.安装MairaDB/MySQL

①apt-get安装MairaDB

sudo apt-get install mariadb-server
安装过程中会提示设置MariaDB的密码:

稍等,MairaDB就安装完毕了。使用以下命令就可以登陆MariaDB:

mysql -u root -p

②编译安装MariaDB

MariaDB不使用./configure的方式编译配置,而是使用cmake,所以需要先安装cmake工具。
wget https://cmake.org/files/v3.5/cmake-3.5.2-Linux-i386.tar.gz     #下载cmake源码
tar -zxvf *.tar.gz       #解压源码
cd cmake-3.5.2           #进入源码目录
./configure              #编译配置
sudo make && sudo make install     #编译并安装
编译cmake的过程有些漫长,耐心等待。完成后查看是否已经正常安装:
pi@raspberrypi:~/cmake-3.5.2 $ cmake --version
cmake version 3.5.2

CMake suite maintained and supported by Kitware (kitware.com/cmake).

开始安装MairDB,首先添加用户和组:

sudo groupadd mysql
sudo useradd -s /sbin/nologin -g mysql -M mysql #创建mariadb用户

检查创建的用户:

pi@raspberrypi:~/cmake-3.5.2 $ tail -1 /etc/passwd
mysql❌1001:1001::/home/mysql:/sbin/nologin

到官网上下载MaiaDB源码:https://downloads.mariadb.org/mariadb/10.2.9/

下载完后解压,进入源码目录。使用cmake配置源码:

cmake . \
  -DCMAKE_BUILD_TYPE:STRING=Release \
  -DCMAKE_INSTALL_PREFIX:PATH=/usr/local/mysql \
  -DENABLE_DEBUG_SYNC:BOOL=OFF \
  -DMYSQL_DATADIR:PATH=/var/lib/mysql \
  -DUSE_ARIA_FOR_TMP_TABLES:BOOL=ON \
  -DWITHOUT_PBXT_STORAGE_ENGINE:BOOL=ON \
  -DWITH_ARCHIVE_STORAGE_ENGINE:BOOL=ON \
  -DWITH_ARIA_STORAGE_ENGINE:BOOL=ON \
  -DWITH_BLACKHOLE_STORAGE_ENGINE:BOOL=OFF \
  -DWITH_EMBEDDED_SERVER:BOOL=OFF \
  -DWITH_EXTRA_CHARSETS:STRING=all \
  -DWITH_FEDERATEDX_STORAGE_ENGINE:BOOL=OFF \
  -DWITH_FEEDBACK:BOOL=OFF \
  -DWITH_INNOBASE_STORAGE_ENGINE:BOOL=ON \
  -DWITH_LIBWRAP:BOOL=OFF \
  -DWITH_PARTITION_STORAGE_ENGINE:BOOL=ON \
  -DWITH_PERFSCHEMA_STORAGE_ENGINE:BOOL=ON \
  -DWITH_SSL:STRING=system \
  -DWITH_ZLIB:STRING=system

编译安装(

-j4

:同时使用4线程,这是为了提高编译的速度,编译时会同时跑满树莓派的4个核心,所以如果你的树莓派没有散热措施,建议不要使用这个选项):

sudo make -j4 && sudo make install

这个过程仍然十分漫长……两个小时左右。(如果可以的话,建议用交叉编译环境)

完成安装后,要对MairaDB进一步地配置:

mkdir /var/run/mysqld
mkdir /var/log/mysql
mkdir -p /var/lib/mysql
mkdir /etc/mysql
chown -R mysql:mysql /usr/local/mysql/
chown -R mysql:mysql /var/run/mysqld/
chown -R mysql:mysql /var/log/mysql/
chown -R mysql:mysql /var/lib/mysql/

复制配置文件:

cp support-files/my-medium.cnf /etc/mysql/my.cnf

修改root用户密码:

/usr/local/mysql/bin/mysqladmin -u root password 'password'

附录

PHP的推荐配置文件(via:TypeCodes)

php.ini

php.ini是php运行核心配置文件:

######避免PHP信息暴露在http头中
expose_php = Off

######避免暴露php调用mysql的错误信息
display_errors = Off

######在关闭display_errors后开启PHP错误日志(路径在php-fpm.conf中配置)
log_errors = On

######设置PHP的扩展库路径
extension_dir = "/usr/local/php7/lib/php/extensions/no-debug-non-zts-20141001/"

######设置PHP的opcache和mysql动态库
zend_extension=opcache.so
extension=mysqli.so
extension=pdo_mysql.so

######设置PHP的时区
date.timezone = PRC

######开启opcache
[opcache]
; Determines if Zend OPCache is enabled
opcache.enable=1

######设置PHP脚本允许访问的目录(需要根据实际情况配置)
;open_basedir = /usr/share/nginx/html;

php-fpm.conf

php-fpm.conf是php-fpm进程服务的配置文件:

######设置错误日志的路径
error_log = /var/log/php-fpm/error.log
######引入www.conf文件中的配置
include=/usr/local/php7/etc/php-fpm.d/*.conf

www.conf(位于php-fpm.d目录)

www.conf这是php-fpm进程服务的扩展配置文件:

######设置用户和用户组
user = nginx
group = nginx

######根据nginx.conf中的配置fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;设置PHP监听
; listen = 127.0.0.1:9000 #####不建议使用
listen = /var/run/php-fpm/php-fpm.sock

######开启慢日志
slowlog = /var/log/php-fpm/$pool-slow.log
request_slowlog_timeout = 10s

######设置php的session目录(所属用户和用户组都是nginx)
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session

适用于ownCloud/Nextcloud的Nginx配置文件

upstream php-handler {
    server 127.0.0.1:9000;
    #server unix:/var/run/php5-fpm.sock;
}

server { listen 80; server_name cloud.dreampacific.cn; # enforce https return 301 https://$server_name$request_uri; }

server { listen 443 ssl; server_name cloud.dreampacific.cn;

ssl_certificate /etc/nginx/cert/nextcloud.crt;
ssl_certificate_key /etc/nginx/cert/nextcloud.key;

# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

# Path to the root of your installation
root /usr/share/nginx/html/nextcloud/;

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;

location = /.well-known/carddav {
  return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
  return 301 $scheme://$host/remote.php/dav;
}

# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

location / {
    rewrite ^ /index.php$uri;
}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
}

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
    include fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    #Avoid sending the security headers twice
    fastcgi_param modHeadersAvailable true;
    fastcgi_param front_controller_active true;
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
    fastcgi_request_buffering off;
}

location ~ ^/(?:updater|ocs-provider)(?:$|/) {
    try_files $uri/ =404;
    index index.php;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
    try_files $uri /index.php$uri$is_args$args;
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers (It is intended to
    # have those duplicated to the ones above)
    # Before enabling Strict-Transport-Security headers please read into
    # this topic first.
    add_header Strict-Transport-Security "max-age=15768000;
    includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    # Optional: Don't log access to assets
    access_log off;
}

location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
    try_files $uri /index.php$uri$is_args$args;
    # Optional: Don't log access to other assets
    access_log off;
}

}

 



comments powered by Disqus