nginx-1.15.5+php7.2.1+ngfw应用防火墙一按安装脚本

脚本特点

  1. php7.2.1新版本
  2. nginx支持lua扩展和安装ngfw防火墙 #20190122 当前的 ngfw并不是非常完善而且没有维护,不适合生产环境,已取消
  3. 安装默认创建站点通过ip访问的,WEB目录位于 /home/public_html/
  4. 默认会加一条开启80端口的规则到防火墙
  5. 仅支持centos6 64位全系列
  6. 兼容的一键脚本不好搞,改了一些,除了没搞iptables 其实兼容centos 7了。
  7. 20191223兼容处理centos7 编译libiconv报错:./stdio.h:1010:1: error: 'gets' undeclared here (not in a function)

奇葩的有此系统没有预先安装好 gcc*和make wget
索性

#!/bin/bash
set -e
#以上设置脚本 出错就停止
yum install -y gcc* make unzip net-tools wget
cd /usr/tmp
if [ ! -d "/usr/local/libiconv" ];then
wget -nc --no-check-certificate https://www.isres.com/file/libiconv-1.14.tar.gz
tar zxvf libiconv-1.14.tar.gz

v=`cat /etc/redhat-release|sed -r 's/.* ([0-9]+)\..*/\1/'`
if [ $v -eq 7 ]; then

sed -i 's/_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");/#if defined(__GLIBC__) && !defined(__UCLIBC__) && !__GLIBC_PREREQ(2, 16)\n_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");\n#endif/' libiconv-1.14/srclib/stdio.in.h

fi
cd libiconv-1.14
./configure --prefix=/usr/local/libiconv
make && make install
else
echo "/usr/local/libiconv已存在"
fi

if [ ! -e "/usr/local/lib/libmhash.so" ];then
cd /usr/tmp
wget -nc --no-check-certificate https://www.isres.com/file/mhash-0.9.9.9.tar.gz
tar -zxvf  mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9
./configure
make && make install
else
echo "/usr/local/lib/libmhash.so已存在"
fi

if [ ! -e "/usr/local/lib/libmcrypt.so" ];then
cd /usr/tmp
wget -nc --no-check-certificate https://www.isres.com/file/libmcrypt-2.5.8.tar.gz
tar -zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure --prefix=/usr/local
make
make install

ln -s /usr/local/mysql/lib/libmysqlclient.so /usr/lib/ 
ln -s /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib/libmysqlclient.so.18
echo "/usr/local/lib">> /etc/ld.so.conf.d/local.conf
ldconfig -v 
else
echo "/usr/local/lib/libmcrypt.so已存在"
fi

if [ ! -d "/usr/local/php" ];then
rm -rf /usr/local/php
fi

cd /usr/tmp
wget -nc --no-check-certificate https://www.isres.com/file/php-7.2.1.tar.gz
tar -zxvf php-7.2.1.tar.gz
cd php-7.2.1

yum install -y php-mcrypt libmcrypt libmcrypt-devel libxml2-devel openssl-devel lib curl-devel libjpeg.x86_64 libpng.x86_64 freetype.x86_64 libjpeg-devel.x86_64 libpng-devel.x86_64 freetype-devel.x86_64 libjpeg-turbo-devel libmcrypt-devel mysql-devel --skip-broken
./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --enable-fpm --with-fpm-user=www --with-fpm-group=www --with-mysql=mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-iconv-dir --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-magic-quotes --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-mbstring --with-mcrypt --enable-ftp --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --without-pear --with-gettext --disable-fileinfo --enable-maintainer-zts
make && make install
if [ ! -e "/usr/local/php/etc/php-fpm.conf" ];then
mv /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
fi
cp php.ini-production /usr/local/php/etc/php.ini
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/init.d/php-fpm
chkconfig --add php-fpm
chkconfig php-fpm on


if id www &> /dev/null; then
echo "www用户已存在"
else
groupadd www
useradd -s /sbin/nologin -g www -M www
fi

cp /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf
sed -i 's/php-fpm.d\/\*.conf/php-fpm.d\/www.conf/g' /usr/local/php/etc/php-fpm.conf
service php-fpm start


cd /usr/tmp
wget -nc --no-check-certificate https://www.isres.com/file/pcre-8.34.tar.gz

tar -zxvf pcre-8.34.tar.gz
cd pcre-8.34
./configure
make && make install


cd /usr/tmp
yum -y install zip unzip ntsysv compat* apr* nasm* gcc gcc* gcc-c++ zlib zlib-devel glibc glibc-devel glib2 libxml glib2-devel libxml2 libxml2-devel bzip2 bzip2-devel libXpm libXpm-devel libidn libidn-devel libtool libtool-ltdl-devel* libmcrypt libmcrypt-devel libevent-devel libmcrypt* curl curl-devel perl perl-Net-SSLeay pcre pcre-devel ncurses ncurses-devel openssl openssl-devel openldap openldap-devel openldap-clients openldap-servers krb5 krb5-devel e2fsprogs e2fsprogs-devel libjpeg libpng libjpeg-devel libjpeg-6b libjpeg-devel-6b libpng-devel libtiff-devel freetype freetype-devel fontconfig-devel gd gd-devel kernel screen sysstat flex bison nss_ldap pam-devel compat-libstdc++-33 iiskip-broken --skip-broken


#缓存清理模块
cd /usr/tmp
wget -nc --no-check-certificate https://www.isres.com/file/ngx_cache_purge.zip
unzip ngx_cache_purge.zip


wget -nc --no-check-certificate https://www.isres.com/file/nginx-1.15.5.tar.gz
tar -zxvf nginx-1.15.5.tar.gz
cd nginx-1.15.5


./configure --prefix=/usr/local/nginx \
--user=www \
--group=www \
--with-mail \
--with-mail_ssl_module \
--with-http_ssl_module \
--with-http_flv_module \
--with-http_dav_module \
--with-http_sub_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-pcre \
--add-module=/usr/tmp/ngx_cache_purge-master/

make && make install

mv /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak

echo -e "user www www;\nworker_processes auto;\nerror_log  /usr/local/nginx/logs/nginx_error.log  crit;\npid        /usr/local/nginx/logs/nginx.pid;\nworker_rlimit_nofile 51200;\n\nevents\n    {\n        use epoll;\n        worker_connections 51200;\n    }\n\nhttp\n    {\n        include       mime.types;\n        default_type  application/octet-stream;\n\n        server_names_hash_bucket_size 128;\n        client_header_buffer_size 32k;\n        large_client_header_buffers 4 32k;\n        client_max_body_size 50m;\n\n        sendfile on;\n        tcp_nopush     on;\n\n        keepalive_timeout 60;\n\n        tcp_nodelay on;\n\n        fastcgi_connect_timeout 300;\n        fastcgi_send_timeout 300;\n        fastcgi_read_timeout 300;\n        fastcgi_buffer_size 64k;\n        fastcgi_buffers 4 64k;\n        fastcgi_busy_buffers_size 128k;\n        fastcgi_temp_file_write_size 256k;\n\n        gzip on;\n        gzip_min_length  1k;\n        gzip_buffers     4 16k;\n        gzip_http_version 1.0;\n        gzip_comp_level 2;\n        gzip_types       text/plain application/x-javascript text/css application/xml;\n        gzip_vary on;\n        gzip_proxied        expired no-cache no-store private auth;\n        gzip_disable        \"MSIE [1-6]\.\";\n\n        #limit_zone  crawler  \$binary_remote_addr  10m;\n\n        server_tokens off;\n        #log format\n        log_format  access  '\$remote_addr - \$remote_user [\$time_local] \"\$request\" '\n             '\$status \$body_bytes_sent \"\$http_referer\" '\n             '\"\$http_user_agent\" \$http_x_forwarded_for';\ninclude vhost/*.conf;\n}" > /usr/local/nginx/conf/nginx.conf

ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx

echo -e '#!/bin/sh\n# chkconfig: - 85 15 \n# description: nginx is a World Wide Web server. It is used to serve \n#               proxy and IMAP/POP3 proxy server\n# Description:        Start and Stop Nginx\n# Provides:        nginx\n# Default-Start:    2 3 4 5\n# Default-Stop:        0 1 6\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\nNAME=nginx\nNGINX_BIN=/usr/local/nginx/sbin/$NAME\nCONFIGFILE=/usr/local/nginx/conf/$NAME.conf\nPIDFILE=/home/www/pid/$NAME.pid\nSCRIPTNAME=/etc/init.d/$NAME\ncase "$1" in\nstart)\necho -n "Starting $NAME... "\nif netstat -tnpl | grep -q nginx;then\necho "$NAME (pid `pidof $NAME`) already running."\nexit 1\nfi\n$NGINX_BIN -c $CONFIGFILE\nif [ "$?" != 0 ] ; then\necho " failed"\nexit 1\nelse\necho " done"\nfi\n;;\nstop)\necho -n "Stoping $NAME... "\nif ! netstat -tnpl | grep -q nginx; then\necho "$NAME is not running."\nexit 1\nfi\n$NGINX_BIN -s stop\nif [ "$?" != 0 ] ; then\necho " failed. Use force-quit"\nexit 1\nelse\necho " done"\nfi\n;;\nstatus)\nif netstat -tnpl | grep -q nginx; then\nPID=`pidof nginx`\necho "$NAME (pid $PID) is running..."\nelse\necho "$NAME is stopped"\nexit 0       \nfi\n;;\nforce-quit)\necho -n "Terminating $NAME... "\nif ! netstat -tnpl | grep -q nginx; then\necho "$NAME is not running."\nexit 1\nfi\nkill `pidof $NAME`\nif [ "$?" != 0 ] ; then\necho " failed"\nexit 1\nelse\necho " done"   \nfi\n;;\nrestart)\n$SCRIPTNAME stop\nsleep 1\n$SCRIPTNAME start\n;;\nreload)                                                                                      \necho -n "Reload service $NAME... "\nif netstat -tnpl | grep -q nginx; then\n$NGINX_BIN -s reload\necho " done"\nelse\necho "$NAME is not running, can not reload."\nexit 1\nfi\n;;\nconfigtest)\necho -n "Test $NAME configure files... "\n$NGINX_BIN -t\n;;\n*)\necho "Usage: $SCRIPTNAME {start|stop|force-quit|restart|reload|status|configtest}"\nexit 1\n;;\nesac\n' >/etc/init.d/nginx

chmod a+x /etc/init.d/nginx
chkconfig --add nginx
chkconfig --level 2345 nginx on

mkdir /usr/local/nginx/conf/vhost
mkdir /home/public_html
echo -e "<?php\nphpinfo();" > /home/public_html/index.php

echo -e "server {\n        listen  80;\n        server_name localhost;\n        access_log  /home/public_html/access.log;\n        location / {\n            root   /home/public_html/;\n            index  index.php index.html index.htm;\n        }\n        error_page   500 502 503 504  /50x.html;\n        location = /50x.html {\n            root   /usr/local/nginx/html;\n        }\n       # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000\n        location ~ \.php\$ {\n        root   /home/public_html/;\n            fastcgi_pass   127.0.0.1:9000;\n            fastcgi_index  index.php;\n            fastcgi_param  SCRIPT_FILENAME  \$document_root\$fastcgi_script_name;\n            include        fastcgi_params;\n        }\n        location ~ /\.ht {\n            deny  all;\n        }\n}" > /usr/local/nginx/conf/vhost/default.conf

if [ ! -e "/lib64/libpcre.so.1" ];then
ln -s /lib64/libpcre.so.0.0.1 /lib64/libpcre.so.1
fi

service nginx restart

if [ $v -eq 7 ]; then

firewall-cmd --zone=public --permanent --add-port=80/tcp
systemctl restart firewalld

else

iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
/etc/rc.d/init.d/iptables save
service iptables restart

fi
cd /usr/tmp

标签: none

非特殊说明,本博所有文章均为博主原创。

最新文章

发表评论