You are currently viewing Linux利用LNMP安裝Nginx

Linux利用LNMP安裝Nginx

LNMP安裝包,一個利用Linux Shell編寫的環境安裝腳本,可以在RHEL、Debian等衍生發行版本中快速安裝PHP、MySQL、Nginx,能夠避免自己手動安裝的煩惱,加上安裝採用編譯的方式,這樣能更好的利用樹莓派的性能。

安裝

下載LNMP

LNMP 1.8

下载版:(不含源码安装包文件,仅有安装脚本及配置文件) http://soft.vpser.net/lnmp/lnmp1.8.tar.gz 文件大小:170KB MD5:06e205b6764d98091fe0f52f56a354ae

完整版: http://soft.vpser.net/lnmp/lnmp1.8-full.tar.gz 文件大小:910MB MD5:a0fd27d87027580a2cf4cbb6fbfb01bc

樹莓派網路良好的情況下,我們選擇使用下載版⏬

按照慣例,先創建一個資料夾,避免檔案充滿了home目錄。

mkdir lnmp_1.8

然後通過wget 來下載檔案。

如果沒有安裝wget,可以通過 sudo apt install wget 來安裝。

cd lnmp_1.8

移動到lnmp_1.8的資料夾。

wget http://soft.vpser.net/lnmp/lnmp1.8.tar.gz -cO lnmp1.8.tar.gz && tar zxf lnmp1.8.tar.gz && cd lnmp1.8 && ./install.sh lnmp

然後通過官方提供的無人值守腳本,進行一鍵安裝。

圖片來源:lnmp.org

如上圖所示,就可以選擇自己想使用的DataBase了,或者是不安裝,不過這裡需要注意的是,MySQL 5.6、5.7或者是MariaDB 10 以上的版本,就需要1GB以上的RAM才能夠正常使用了。當然,如果只想安裝Database的話,可以將一鍵安裝指令最後面的./install.sh lnmp 替換成 ./install.sh db

Nginx設定

Nginx 資料夾用途

  • /usr/local/nginx/conf/vhost

存放需要反向代理的網頁的配置文件,根據不同服務定製所需,這裡提供一個範本。

# Nginx config with SSL HTTP/2 and reverse proxy
# This file gives you an example on how to secure you PP instance with SSL
server {
    # listen 80; # If you really need HTTP (unsecure) remove the "#" on the beginning. Not recommended!
    # listen [::]:80; # HTTP IPv6

    listen 443 ssl http2; # Listen on port 443 and enable ssl and HTTP/2
    listen [::]:443 ssl http2; # Same for IPv6

    # Put your domain name in here.
    server_name  photoprism.example.com;

    # - - - - - - - - - -
    # SSL security
    # - - - - - - - - - -
    ssl_certificate          /usr/local/nginx/conf/ssl/cloudflare-ssl.pem;
    ssl_certificate_key      /usr/local/nginx/conf/ssl/cloudflare-ssl.key;

    # Since the PP API is also used on Android, we have to keep TLS1.2 in here for a while.
    # A lot of the older Android devices do not support TLS1.3 yet :/
    ssl_protocols            TLSv1.2 TLSv1.3;

    # Use good and strong ciphers, disable weak and old ciphers
    ssl_ciphers              HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;

    # Enable HSTS (https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security)
    add_header Strict-Transport-Security "max-age=172800; includeSubdomains";

    # This checks if the certificate has been invalidated by the certificate authority
    # You can remove this section if you use self-singed certificates...
    # Enable OCSP stapling (http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox)
    # ssl_stapling on;
    # ssl_stapling_verify on;
    # ssl_trusted_certificate /etc/letsencrypt/live/photoprism.example.com/fullchain.pem;

    # DNS Servers to use for OCSP lookups
    resolver 8.8.8.8 1.1.1.1 9.9.9.9 valid=300s;
    resolver_timeout 5s;

    # - - - - - - - - -
    # Reverse Proxy
    # - - - - - - - - -
    proxy_redirect           off;
    proxy_set_header         X-Real-IP $remote_addr;                        # Let PP know the clients real IP
    proxy_set_header         X-Forwarded-For $proxy_add_x_forwarded_for;    # Let PP know that a proxy did forward this request
    proxy_set_header         Host $http_host;                               # Set Proxy host info

    proxy_http_version 1.1;                                                 # Required for WebSocket connection
    proxy_set_header Upgrade $http_upgrade;                                 # Allow protocol switch to websocket
    proxy_set_header Connection "upgrade";                                  # Do protocol switch
    proxy_set_header X-Forwarded-Proto $scheme;                             # Let PP know that this connection used HTTP or HTTPS

    client_max_body_size 500M;                                              # Bump the max body size, you may want to upload huge stuff via the upload GUI
    proxy_buffering off;                                                    # Do not hold back the request while the client sends data, give the stream directly to PP

    location / {
            # Optional; additional protection with Basic Auth.
            # Note: This breaks WebDAV without additional configuration
            #       You also have to create a .htpasswd file using the command:
            #       "htpasswd -c /etc/nginx/.pp_htpasswd my_secret_user"
            # - - -
            # auth_basic           "PhotoPrism Pre Auth";
            # auth_basic_user_file /etc/nginx/.pp_htpasswd;

            # pipes the traffic to PhotoPrism
            # Change this to your PhotoPrisms IP / DNS
            proxy_pass http://127.0.0.1:80;
    }
}
  • /usr/local/nginx/conf/ssl

存放SSL證書的地方。

個人習慣放在這裡,需要自己創建一個ssl的資料夾。

重新加載Nginx配置

sudo lnmp reload nginx

重新載入

sudo lnmp restart nginx

重新啟動


以上如此,便完成了最基本的Nginx使用啦。

參考資料

發佈留言

這個網站採用 Akismet 服務減少垃圾留言。進一步了解 Akismet 如何處理網站訪客的留言資料