树莓派基本配置以及安装配置lnmp(Nginx+MySQL+PHP)

由于购买VPS支出了一笔费用,结果就想买个树莓派在家里搭搭网站。

当然并不是心血来潮,虽说做好了的准备,在开始玩树莓派搭环境时却遇到了很多问题。

期间用过apache伪静态死活搞不出来,然后用Nginx,PHP的支持网上的方法几乎没有一个对的,我参考文字自己尝试了N久才成功的,妈蛋。

至于搭好了网站,怎么让别人来访问呢,又是一个问题。我家没有固定的IP地址。公网的地址也是随机分配到的,有时分配的还是内网地址,于是考虑用Ngrox内网穿透了。

但是用完Ngrox后,测试DDos时,网站一下就死了,然后是Ngrok服务器的问题,当时我还找了很久的原因(打死后,貌似Ngrok服务器把我拉黑,心塞)。

之后好不容易Ngrok服务器重启了,终于不封我了,才开始又干了起来,这次加了个cdn,嗯,效果还不错。目前啊,还算稳定吧,一般的小学生大概大不死吧??(>﹏< 求别打QAQ)

1.写入固件后,直接SSH连接上树莓派:

用户名:pi
密码:raspberry

2.扩展 SD 卡上可用的空间:

sudo raspi-config

选择选择第一项 Expand Filesystem 扩展 SD 卡上可用的空间;选择执行后提示重启,重启后可以通过 df -h 命令看到效果。

3.修改密码: sudo raspi-config后 选择Change User Password 修改即可。

4.更新:

#更新软件列表。
sudo apt-get update
#更新软件。
sudo apt-get upgrade
#更新系统版本。
sudo apt-get dist-upgrade

5.安装字体以及设置。 树莓派默认不支持中文字体显示的,如果你把Locale改成了中文的话,系统是不会自动安装中文字体的,直接的效果是系统的很多信息都用中文显示,但是由于没有安装字体,所以全部变成了方块,所以完全不知道信息的内容是什么。

sudo apt-get install ttf-wqy-zenhei

然后在Internationalisation Options-Change Locale拉到最底下的位置选择zh_CN.UTF-8 UTF-8 下一个界面为系统初始的语言选择en_GB.UTF-8回车即可。

6.时区等设置。

时区和WIFI国家选择均在Internationalisation Options里面。选择时区为亚洲上海,Wi-Fi Country选择中国即可。

7.开启root账户: 可由pi用户登录后,在命令行下执行

sudo passwd root

执行此命令后系统会提示输入两遍的root密码,输入你想设的密码即可。

8.远程连接:

这里选择xrdp,可以直接用windows自带的远程桌面工具mstsc进行连接。

升级到root权限后

apt-get install xrdp

然后可以直接使用Windows的远程桌面工具直接输入树莓派IP地址进行远程访问了。

2016-12-10 update:更新到最新的树莓派版本后,单单安装xrdp会出现一些问题,如下:

connecting to sesman ip 127.0.0.1 port 3350 sesman connect ok sending login info to session manager,please wate… xrdp_mm_process_login_response:login successful for display 10 starting connecting connecting to 127.0.0.1 5910 error -problem connecting

实际测试下来还需要安装tightvncserver。

使用VNC连接:

sudo apt-get install tightvncserver

假如你不想使用以上的方法(使用xrdp远程),而只是想用vnc连接。安装好tightvncserver之后请一定先使用此命令设置一个VNC密码:

vncpasswd

(先输入操作密码两次,然后会询问是否设置一个查看(view-only)密码,按自己喜欢,设置后可以让别人连接观看你的树莓派,但不能操作。)

开机自动启动 设置开机启动,需要在/etc/init.d/中创建一个文件。例如tightvncserver (注:启动脚本的名称,有和程序名一致的习惯)

sudo vi /etc/init.d/tightvncserver

内容如下:(putty窗口中按右键=粘贴)

#!/bin/sh
### BEGIN INIT INFO
# Provides:          tightvncserver
# Required-Start:    $local_fs
# Required-Stop:     $local_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start/stop tightvncserver
### END INIT INFO
 
# More details see:
# http://www.penguintutor.com/linux/tightvnc
 
### Customize this entry
# Set the USER variable to the name of the user to start tightvncserver under
# 默认用户不是pi的请自行更改USER变量
export USER='pi'
### End customization required
 
eval cd ~$USER
 
case "$1" in
  start)
    # 启动命令行。此处自定义分辨率、控制台号码或其它参数。
    su $USER -c '/usr/bin/tightvncserver -depth 16 -geometry 800x600 :1'
    echo "Starting TightVNC server for $USER "
    ;;
  stop)
    # 终止命令行。此处控制台号码与启动一致。
    su $USER -c '/usr/bin/tightvncserver -kill :1'
    echo "Tightvncserver stopped"
    ;;
  *)
    echo "Usage: /etc/init.d/tightvncserver {start|stop}"
    exit 1
    ;;
esac
exit 0

然后给tightvncserver文件加执行权限,并更新开机启动列表。

sudo chmod 755 /etc/init.d/tightvncserver
sudo update-rc.d tightvncserver defaults

然后 启动服务

service tightvncserver start

附:手工启动与参数(以下用处不大,没兴趣请略过) 使用此命令手工启动VNC服务器程序:

tightvncserver -geometry 800x600 :1

如果首次启动,并且未曾使用vncpasswd命令设置密码,程序会要求设置一个。 开机启动很方便。如果没理由,真的不推荐手工启动。

命令行参数说明: :1,指定控制台的号码。 启动多个控制台,可以提供互不影响的多个桌面环境。(大多数人不用多用户操作所以没意义) 可以不加此参数,tightvncserver会自动寻找从1开始的下一个空闲控制台。 加上此参数,会强制使用指定的控制台,如果此控制台已经启动则报错。加此参数可有效防止无意多次启动程序(会启动多个控制台)白白浪费系统资源。

特殊的0号控制台 0号控制台就是连接真实显示器真正输出图像的那个桌面。 对于VNC客户端,不输入端口号登录,默认就登录到0号控制台,方便。 但是因为0号是真正的桌面,所以和开机启动桌面环境,或者自己用startx命令,都存在啰嗦的冲突。 到头来是个麻烦。因此自动启动的配置教程中,一律使用1号控制台。

-geometry 800×600,分辨率。可以不加。 终止VNC控制台: tightvncserver -kill :1 查看正在运行的控制台列表:

ps ax | grep Xtightvnc | grep -v grep

然后是安装配置lnmp(Nginx+MySQL+PHP)

安装篇 一、安装Nginx

apt-get install nginx
service nginx start
#安装chkconfig
apt-get install chkconfig
#添加开机启动
chkconfig nginx on

二、安装MySQL

apt-get install  mysql-server
service mysql start
chkconfig mysql on
service mysql restart

三、安装phpPHP以及组件,使PHP支持 MySQL、FastCGI模式

apt-get install php5-fpm php5-cgi php5-cli php5-curl php5-mysql php5-gd php5-mcrypt php5-memcache php5-sqlite
#启动php5-fpm
/etc/init.d/php5-fpm start
#设置开机启动php5-fpm
chkconfig php5-fpm on
#重启mysql
/etc/init.d/mysql restart
#重启nginx
/etc/init.d/nginx restart

配置篇 一、配置nginx支持php

cp /etc/nginx/nginx.conf  /etc/nginx/nginx.conf.bak
vim /etc/nginx/nginx.conf

下面贴上来我的配置:

user www-data www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;
    ##
    # Gzip Settings
    ##

    gzip on;
    #该指令用于开启或关闭gzip模块(on/off)

    gzip_disable "msie6";
    #禁用IE 6 gzip

     gzip_vary on;
    #在http header中添加Vary: Accept-Encoding ,给代理服务器用的

     gzip_proxied any;
    #这里设置无论header头是怎么样,都是无条件启用压缩

     gzip_comp_level 6;
    #gzip压缩比,数值范围是1-9,1压缩比最小但处理速度最快,9压缩比最大但处理速度最慢

     gzip_buffers 16 8k;
    #设置系统获取几个单位的缓存用于存储gzip的压缩结果数据流。16 8k代表以8k为单位,安装原始数据大小以8k为单位的16倍申请内存

     gzip_http_version 1.1;
    #识别http的协议版本

    #gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
    #默认压缩类型

     gzip_types
text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml text/javascript application/javascript application/x-javascript text/x-json application/json application/x-web-app-manifest+json text/css text/plain text/x-component font/opentype font/ttf application/x-font-ttf application/vnd.ms-fontobject image/x-icon;
    #进行压缩的文件类型,这里特别添加了对字体的文件类型

    #gzip_disable "MSIE [1-6]\.(?!.*SV1)";
    #禁用IE 6 gzip


	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
# 
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

接下来是站点的配置文件:

cp /etc/nginx/sites-available/default /etc/nginx/sites-available/wwww
vim /etc/nginx/sites-available/wwww
ln -s /etc/nginx/sites-available/wwww /etc/nginx/sites-enabled

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
	listen 80 ;
	listen [::]:80 ;
	server_name wwww.lvmoo.com;
	# 强制https访问
        rewrite ^/(.*) https://wwww.lvmoo.com/$1 permanent;
}
server {

	#启用HSTS
	add_header Strict-Transport-Security "max-age=10886400; includeSubDomains; preload";
	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
        listen 443 ssl  ;
        listen [::]:443 ssl ;
        ssl_certificate /srv/www/wwww.lvmoo.com.crt;
        ssl_certificate_key /srv/www/wwww.lvmoo.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /srv/www/html/wwww;

	# Add index.php to the list if you are using PHP
	index  index.php index.html index.htm index.nginx-debian.html;

	server_name wwww.lvmoo.com;

	location / {
        #typecho伪静态
        index index.html index.php; 
        if (-f $request_filename/index.html) { 
        rewrite (.*) $1/index.html break; 
}    
        if (-f $request_filename/index.php) { 
        rewrite (.*) $1/index.php; 
} 
        if (!-f $request_filename) { 
        rewrite (.*) /index.php; 
} 
        #typecho伪静态
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
            #最大上传附件
        client_max_body_size 32m;
    }



	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	location ~ \.php$ {
	#	include snippets/fastcgi-php.conf;
	#
	#	# With php5-cgi alone:
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
	#	fastcgi_pass 127.0.0.1:9000;
	#	# With php5-fpm:
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_param  SCRIPT_FILENAME  /srv/www/html/wwww$fastcgi_script_name;
        include fastcgi_params;
	}


	location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ {
	expires 30d;
	access_log off;
	}	

	location ~ .*\.(eot|ttf|otf|woff|svg)$ {
	expires 30d;
	access_log off;
	}

	location ~ .*\.(js|css)?$ {
	expires 7d;
	access_log off;
	}
	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}

server {
       listen 80;
       listen [::]:80;

       server_name lvmoo.com;

       root /srv/www/html;
       index index.html;

       location / {
               try_files $uri $uri/ =404;
       }
}

server {
       listen 80;
       listen [::]:80;

       server_name qq.lvmoo.com;

       root /srv/www/html/qq;
       index index.php  index.html;

       location / {
               try_files $uri $uri/ =404;
       }
}

二、配置php

vim /etc/php5/fpm/php.ini

date.timezone = PRC
#时区设置 把前面的分号去掉,改为date.timezone = PRC

#每个脚本运行的最长时间,单位秒
max_execution_time = 150

#每个脚本可以消耗的时间,单位也是秒
max_input_time = 300

#脚本运行最大消耗的内存,根据你的需求更改数值
memory_limit = 8M

#表单提交最大数据为 8M,此项不是限制上传单个文件的大小,而是针对整个表单的提交数据进行限制的。限制范围包括表单提交的所有内容.例如:发表贴子时,贴子标题,内容,附件等
post_max_size = 32M

#上载文件的最大许可大小
找到:upload_max_filesize = 32M

三、配置php-fpm

#备份原有配置文件
cp /etc/php5/fpm/pool.d/www.conf  /etc/php5/fpm/pool.d/www.confbak
vim  /etc/php5/fpm/pool.d/www.conf
   #修改用户为www-data
user = www-data
   #修改组为www-data
group = www-data
/etc/init.d/mysql restart
/etc/init.d/nginx  restart
/etc/init.d/php5-fpm restart

四、配置Mysql

安装完mysql-server 会提示可以运行mysql_secure_installation。运行mysql_secure_installation会执行几个设置: a)为root用户设置密码 b)删除匿名账号 c)取消root用户远程登录 d)删除test库和对test库的访问权限 e)刷新授权表使修改生效 通过这几项的设置能够提高mysql库的安全。建议生产环境中mysql安装这完成后一定要运行一次mysql_secure_installation,详细步骤请参看下面的命令:

[email protected]:/# mysql_secure_installation




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] n
 ... skipping.

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist
 ... Failed!  Not critical, keep moving...
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!


[email protected]:/#

五、安装配置phpmyadmin

apt-get install phpmyadmin
#在站点根目录建立链接
sudo ln -s /usr/share/phpmyadmin /srv/www/html

至此,整个配置到此结束。

期间走了很多弯路啊,一路心塞,故整理出这个文档出来,希望以后有同样需求的人能少走一点弯路,有所借鉴吧。

谢谢!

Licensed under CC BY-NC-SA 4.0
最后更新于 Jan 05, 2017 21:07 UTC