Linux服务器搭建实战
项目一:Web服务器搭建
需求分析
搭建一台生产级Web服务器,要求:
- 支持静态文件和PHP应用
- 支持HTTPS
- 支持多站点
- 日志记录完善
环境准备
# 系统更新
sudo apt update && sudo apt upgrade -y
# 安装必要软件
sudo apt install -y nginx php8.0-fpm php8.0-mysql \
mariadb-server certbot python3-certbot-nginx
# 启动服务
sudo systemctl start nginx
sudo systemctl enable nginx
sudo systemctl start mariadb
sudo systemctl enable mariadbNginx配置
# /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
# Gzip压缩
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml;
# 安全头
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}站点配置
# /etc/nginx/sites-available/example.com
server {
listen 80;
server_name example.com www.example.com;
root /var/www/example.com;
index index.php index.html;
# 日志
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
# 静态文件
location / {
try_files $uri $uri/ =404;
}
# PHP处理
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# 禁止访问隐藏文件
location ~ /\. {
deny all;
}
# 静态资源缓存
location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2)$ {
expires 30d;
add_header Cache-Control "public, immutable";
}
}SSL配置
# 获取Let's Encrypt证书
sudo certbot --nginx -d example.com -d www.example.com
# 测试自动续期
sudo certbot renew --dry-run项目二:数据库服务器搭建
MySQL/MariaDB安装配置
# 安装MariaDB
sudo apt install -y mariadb-server
# 安全配置
sudo mysql_secure_installation
# 启动服务
sudo systemctl start mariadb
sudo systemctl enable mariadb数据库配置优化
# /etc/mysql/mariadb.conf.d/50-server.cnf
[mysqld]
# 基础设置
user = mysql
port = 3306
bind-address = 0.0.0.0
datadir = /var/lib/mysql
# 字符集
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
# 连接设置
max_connections = 200
max_connect_errors = 100
wait_timeout = 28800
interactive_timeout = 28800
# 缓存设置
key_buffer_size = 256M
max_allowed_packet = 64M
table_open_cache = 400
sort_buffer_size = 2M
read_buffer_size = 2M
read_rnd_buffer_size = 8M
join_buffer_size = 8M
# InnoDB设置
innodb_buffer_pool_size = 1G
innodb_log_file_size = 256M
innodb_log_buffer_size = 8M
innodb_flush_log_at_trx_commit = 1
innodb_lock_wait_timeout = 50
# 日志设置
log_error = /var/log/mysql/error.log
slow_query_log = 1
slow_query_log_file = /var/log/mysql/slow.log
long_query_time = 2创建应用数据库
-- 创建数据库
CREATE DATABASE myapp CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-- 创建用户
CREATE USER 'myapp_user'@'%' IDENTIFIED BY 'strong_password';
-- 授权
GRANT ALL PRIVILEGES ON myapp.* TO 'myapp_user'@'%';
FLUSH PRIVILEGES;
-- 查看权限
SHOW GRANTS FOR 'myapp_user'@'%';项目三:监控服务器搭建
Prometheus + Grafana安装
# 安装Prometheus
wget https://github.com/prometheus/prometheus/releases/download/v2.45.0/prometheus-2.45.0.linux-amd64.tar.gz
tar xzf prometheus-2.45.0.linux-amd64.tar.gz
sudo mv prometheus-2.45.0.linux-amd64 /opt/prometheus
# 创建服务文件
sudo tee /etc/systemd/system/prometheus.service << EOF
[Unit]
Description=Prometheus
After=network.target
[Service]
Type=simple
User=prometheus
ExecStart=/opt/prometheus/prometheus --config.file=/opt/prometheus/prometheus.yml
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
# 安装Grafana
sudo apt install -y grafana
sudo systemctl start grafana-server
sudo systemctl enable grafana-serverNode Exporter安装
# 安装Node Exporter
wget https://github.com/prometheus/node_exporter/releases/download/v1.6.0/node_exporter-1.6.0.linux-amd64.tar.gz
tar xzf node_exporter-1.6.0.linux-amd64.tar.gz
sudo mv node_exporter-1.6.0.linux-amd64/node_exporter /usr/local/bin/
# 创建服务
sudo tee /etc/systemd/system/node_exporter.service << EOF
[Unit]
Description=Node Exporter
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/node_exporter
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl start node_exporter
sudo systemctl enable node_exporterPrometheus配置
# prometheus.yml
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
- job_name: 'prometheus'
static_configs:
- targets: ['localhost:9090']
- job_name: 'node_exporter'
static_configs:
- targets: ['localhost:9100']
labels:
instance: 'server1'项目四:日志服务器搭建
ELK Stack安装
# 安装Elasticsearch
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list
sudo apt update && sudo apt install elasticsearch
# 配置Elasticsearch
sudo tee /etc/elasticsearch/elasticsearch.yml << EOF
cluster.name: logs-cluster
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: localhost
http.port: 9200
discovery.type: single-node
EOF
# 安装Kibana
sudo apt install kibana
# 安装Logstash
sudo apt install logstash
# 启动服务
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch
sudo systemctl start kibana
sudo systemctl enable kibanaLogstash配置
# /etc/logstash/conf.d/nginx.conf
input {
file {
path => "/var/log/nginx/access.log"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "nginx-access-%{+YYYY.MM.dd}"
}
}项目五:备份服务器搭建
自动备份脚本
#!/bin/bash
# /opt/scripts/backup.sh
# 配置
BACKUP_DIR="/backup"
DATE=$(date +%Y%m%d)
RETENTION_DAYS=7
# 日志函数
log() {
echo "$(date '+%Y-%m-%d %H:%M:%S') $1" >> /var/log/backup.log
}
# 创建备份目录
mkdir -p $BACKUP_DIR/$DATE
# 备份MySQL数据库
backup_mysql() {
log "开始备份MySQL数据库..."
databases=$(mysql -e "SHOW DATABASES;" | grep -Ev "(Database|information_schema|performance_schema)")
for db in $databases; do
mysqldump --single-transaction $db | gzip > $BACKUP_DIR/$DATE/mysql_$db.sql.gz
log "数据库 $db 备份完成"
done
}
# 备份网站文件
backup_web() {
log "开始备份网站文件..."
tar -czf $BACKUP_DIR/$DATE/www.tar.gz /var/www
log "网站文件备份完成"
}
# 备份配置文件
backup_config() {
log "开始备份配置文件..."
tar -czf $BACKUP_DIR/$DATE/config.tar.gz /etc/nginx /etc/mysql /etc/ssh
log "配置文件备份完成"
}
# 清理旧备份
cleanup() {
log "清理超过 $RETENTION_DAYS 天的旧备份..."
find $BACKUP_DIR -type d -mtime +$RETENTION_DAYS -exec rm -rf {} \;
log "清理完成"
}
# 执行备份
main() {
log "========== 开始备份 =========="
backup_mysql
backup_web
backup_config
cleanup
log "========== 备份完成 =========="
}
main定时任务配置
# 添加到crontab
crontab -e
# 每天凌晨2点执行备份
0 2 * * * /opt/scripts/backup.sh
# 每周日凌晨3点同步到远程服务器
0 3 * * 0 rsync -avz --delete /backup/ backup-server:/backup/💡 项目实战建议:
- 先在测试环境验证,再部署生产
- 做好文档记录和版本控制
- 定期备份和测试恢复
- 持续监控和优化
🔗 相关笔记: 08.01_Web服务部署 10.01_Shell自动化脚本 11.01_性能优化