近幾天都在整理Nginx相關內容,已經成功實現gzip壓縮、Alias中解析PHP文件、SSL訪問等功能。現使用Ansible部署LNMP環境,以期能接近生產環境要求。

操作過程在禁用iptablesSELinux的情況下進行,在VPS(23.105.199.121)上進行測試,操作系統是CentOS Linux release 7.0.1406 (Core),內核版本是2.6.32-042stab108.8

使用Ansible中的role部署代碼,role通過ansible-galaxy命令創建。

代碼 Google Drive

Code Structure

代碼由 * hosts: inventory 主機清單 * playbook.yml: 任務列表 * group_vars: 模版變量 * roles * common: 初始配置 * mariadb: MariaDB數據庫相關 * nginx: Nginx相關 * php: PHP相關

代碼結構樹

[flying@lemp ~]$ cd ~/ansible/lnmp/
[flying@lemp lnmp]$ tree
.
├── group_vars
│   └── all
├── hosts
├── playbook.retry
├── playbook.yml
└── roles
    ├── common
    │   ├── defaults
    │   │   └── main.yml
    │   ├── files
    │   │   ├── epel.repo
    │   │   └── RPM-GPG-KEY-EPEL-7
    │   ├── handlers
    │   │   └── main.yml
    │   ├── meta
    │   │   └── main.yml
    │   ├── README.md
    │   ├── tasks
    │   │   └── main.yml
    │   ├── templates
    │   ├── tests
    │   │   ├── inventory
    │   │   └── test.yml
    │   └── vars
    │       └── main.yml
    ├── mariadb
    │   ├── defaults
    │   │   └── main.yml
    │   ├── files
    │   │   ├── MariaDB.repo
    │   │   └── RPM-GPG-KEY-MariaDB
    │   ├── handlers
    │   │   └── main.yml
    │   ├── meta
    │   │   └── main.yml
    │   ├── README.md
    │   ├── tasks
    │   │   └── main.yml
    │   ├── templates
    │   │   └── my.cnf.j2
    │   ├── tests
    │   │   ├── inventory
    │   │   └── test.yml
    │   └── vars
    │       └── main.yml
    ├── nginx
    │   ├── defaults
    │   │   └── main.yml
    │   ├── files
    │   │   ├── dhparam.pem
    │   │   ├── nginx.repo
    │   │   └── ticket.key
    │   ├── handlers
    │   │   └── main.yml
    │   ├── meta
    │   │   └── main.yml
    │   ├── README.md
    │   ├── tasks
    │   │   └── main.yml
    │   ├── templates
    │   │   ├── nginx.conf.j2
    │   │   └── vhosts.conf.j2
    │   ├── tests
    │   │   ├── inventory
    │   │   └── test.yml
    │   └── vars
    │       └── main.yml
    └── php
        ├── defaults
        │   └── main.yml
        ├── files
        │   ├── php.ini
        │   ├── remi-php70.repo
        │   ├── remi.repo
        │   ├── remi-safe.repo
        │   └── RPM-GPG-KEY-remi
        ├── handlers
        │   └── main.yml
        ├── meta
        │   └── main.yml
        ├── README.md
        ├── tasks
        │   └── main.yml
        ├── templates
        │   └── www.conf.j2
        ├── tests
        │   ├── inventory
        │   └── test.yml
        └── vars
            └── main.yml

38 directories, 52 files
[flying@lemp lnmp]$

Ansible Facts

[flying@lemp lnmp]$ ansible-playbook -i hosts playbook.yml

PLAY [lnmp] ********************************************************************

TASK [setup] *******************************************************************
ok: [23.105.199.121]

TASK [common : Adds an SSH authorized key] *************************************
ok: [23.105.199.121]

TASK [common : Check epel.repo exists or not] **********************************
changed: [23.105.199.121]

TASK [common : Create EPEL GPG KEY] ********************************************
ok: [23.105.199.121]

TASK [common : Create EPEL Repo] ***********************************************
ok: [23.105.199.121]

TASK [common : Set TimeZone Asia/Shanghai] *************************************
changed: [23.105.199.121]

TASK [common : Set NTP, Install Chrony] ****************************************
ok: [23.105.199.121]

TASK [nginx : Check Nginx.repo exists or not] **********************************
changed: [23.105.199.121]

TASK [nginx : Create Nginx Repo] ***********************************************
ok: [23.105.199.121]

TASK [nginx : Install Nginx Dependency Packages] *******************************
skipping: [23.105.199.121] => (item=[u'zlib', u'zlib-devel', u'openssl', u'openssl-devel', u'pcre', u'pcre2-devel'])

TASK [nginx : Install Nginx Dependency Packages] *******************************
skipping: [23.105.199.121] => (item=[u'nginx'])

TASK [nginx : Check Nginx SSL Dir] *********************************************
changed: [23.105.199.121]

TASK [nginx : Create TLS Certificates] *****************************************
changed: [23.105.199.121]

TASK [nginx : Copy ticket.key & dhparam.pem] ***********************************
changed: [23.105.199.121] => (item=ticket.key)
changed: [23.105.199.121] => (item=dhparam.pem)

TASK [nginx : Configure Nginx Configuration File nginx.conf] *******************
changed: [23.105.199.121]

TASK [nginx : Disable /etc/nginx/conf.d/default.conf] **************************
changed: [23.105.199.121]

TASK [nginx : Configure Nginx Configuration File vhosts.conf] ******************
changed: [23.105.199.121]

TASK [nginx : Reload Nginx Service] ********************************************
changed: [23.105.199.121]

TASK [mariadb : Check MariaDB.repo exists or not] ******************************
changed: [23.105.199.121]

TASK [mariadb : Create MariaDB GPG KEY] ****************************************
ok: [23.105.199.121]

TASK [mariadb : Create MariaDB Repo] *******************************************
ok: [23.105.199.121]

TASK [mariadb : Insall MariaDB-server MariaDB-client] **************************
skipping: [23.105.199.121] => (item=[u'MariaDB-server', u'MariaDB-client', u'MySQL-python'])

TASK [mariadb : Start MariaDB Service] *****************************************
changed: [23.105.199.121]

TASK [mariadb : Copy .my.cnf file with pasword credentials] ********************
ok: [23.105.199.121]

TASK [mariadb : Create Database User] ******************************************
changed: [23.105.199.121]

TASK [mariadb : Delete Test Database] ******************************************
changed: [23.105.199.121]

TASK [mariadb : Removes all anonymous user accounts] ***************************
changed: [23.105.199.121]

TASK [mariadb : Disallow root login remotely] **********************************
ok: [23.105.199.121] => (item=DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1'))

TASK [mariadb : Get list of hosts for the root user.] **************************
ok: [23.105.199.121]

TASK [mariadb : Update MySQL root password for localhost root account.] ********
changed: [23.105.199.121] => (item=127.0.0.1)
changed: [23.105.199.121] => (item=::1)
changed: [23.105.199.121] => (item=localhost)

TASK [mariadb : Copy my.cnf file] **********************************************
changed: [23.105.199.121]

TASK [mariadb : Restart MariaDB Service] ***************************************
changed: [23.105.199.121]

TASK [php : Check Remi.repo exists or not] *************************************
changed: [23.105.199.121]

TASK [php : Create Remi GPG KEY] ***********************************************
ok: [23.105.199.121]

TASK [php : Create Remi Repo] **************************************************
ok: [23.105.199.121] => (item=remi.repo)
ok: [23.105.199.121] => (item=remi-safe.repo)

TASK [php : Install Relevent Packages] *****************************************
skipping: [23.105.199.121] => (item=[u'bzip2-devel', u'libmcrypt-devel', u'libxml2-devel', u'libxml2'])

TASK [php : Install php & php-fpm] *********************************************
skipping: [23.105.199.121] => (item=[u'php', u'php-fpm'])

TASK [php : Install php modules] ***********************************************
skipping: [23.105.199.121] => (item=[u'php-cli', u'php-devel', u'php-opcache', u'php-soap', u'php-pdo', u'php-mcrypt', u'php-pecl-xdebug', u'php-xml', u'php-mysql', u'php-gd', u'php-enchant', u'php-process', u'php-bcmath', u'php-ctype', u'php-libxml', u'php-xmlreader', u'php-xmlwriter', u'php-session', u'php-mbstring', u'php-gettext', u'php-ldap', u'php-mysqlnd'])

TASK [php : Configuration /etc/php.ini] ****************************************
changed: [23.105.199.121]

TASK [php : Configuration /etc/php-fpm.d/www.conf] *****************************
changed: [23.105.199.121]

TASK [php : Start php-fpm] *****************************************************
changed: [23.105.199.121]

RUNNING HANDLER [nginx : Start Nginx] ******************************************
ok: [23.105.199.121]

RUNNING HANDLER [nginx : Reload Nginx] *****************************************
changed: [23.105.199.121]

PLAY RECAP *********************************************************************
23.105.199.121             : ok=43   changed=27   unreachable=0    failed=0   

[flying@lemp lnmp]$

Change Log

  • 2016.03.29 00:35 Tue Asia/Beijing
    • 初稿完成

  • Note Time: 2016.03.29 00:35 Tue
  • Note Location: Asia/Beijing
  • Writer: lempstacker