近幾天都在整理Nginx相關內容,已經成功實現gzip壓縮、Alias中解析PHP文件、SSL訪問等功能。現使用Ansible部署LNMP環境,以期能接近生產環境要求。

操作過程在禁用iptablesSELinux的情況下進行,在VPS(23.105.199.121)上進行測試,操作系統是CentOS Linux release 7.0.1406 (Core),內核版本是2.6.32-042stab108.8

使用Ansible中的role部署代碼,role通過ansible-galaxy命令創建。

代碼 Google Drive

Code Structure

代碼由

  • hosts: inventory 主機清單
  • playbook.yml: 任務列表
  • group_vars: 模版變量
  • roles
    • common: 初始配置
    • mariadb: MariaDB數據庫相關
    • nginx: Nginx相關
    • php: PHP相關

代碼結構樹

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
[[email protected] ~]$ cd ~/ansible/lnmp/
[[email protected] lnmp]$ tree
.
├── group_vars
│   └── all
├── hosts
├── playbook.retry
├── playbook.yml
└── roles
├── common
│   ├── defaults
│   │   └── main.yml
│   ├── files
│   │   ├── epel.repo
│   │   └── RPM-GPG-KEY-EPEL-7
│   ├── handlers
│   │   └── main.yml
│   ├── meta
│   │   └── main.yml
│   ├── README.md
│   ├── tasks
│   │   └── main.yml
│   ├── templates
│   ├── tests
│   │   ├── inventory
│   │   └── test.yml
│   └── vars
│   └── main.yml
├── mariadb
│   ├── defaults
│   │   └── main.yml
│   ├── files
│   │   ├── MariaDB.repo
│   │   └── RPM-GPG-KEY-MariaDB
│   ├── handlers
│   │   └── main.yml
│   ├── meta
│   │   └── main.yml
│   ├── README.md
│   ├── tasks
│   │   └── main.yml
│   ├── templates
│   │   └── my.cnf.j2
│   ├── tests
│   │   ├── inventory
│   │   └── test.yml
│   └── vars
│   └── main.yml
├── nginx
│   ├── defaults
│   │   └── main.yml
│   ├── files
│   │   ├── dhparam.pem
│   │   ├── nginx.repo
│   │   └── ticket.key
│   ├── handlers
│   │   └── main.yml
│   ├── meta
│   │   └── main.yml
│   ├── README.md
│   ├── tasks
│   │   └── main.yml
│   ├── templates
│   │   ├── nginx.conf.j2
│   │   └── vhosts.conf.j2
│   ├── tests
│   │   ├── inventory
│   │   └── test.yml
│   └── vars
│   └── main.yml
└── php
├── defaults
│   └── main.yml
├── files
│   ├── php.ini
│   ├── remi-php70.repo
│   ├── remi.repo
│   ├── remi-safe.repo
│   └── RPM-GPG-KEY-remi
├── handlers
│   └── main.yml
├── meta
│   └── main.yml
├── README.md
├── tasks
│   └── main.yml
├── templates
│   └── www.conf.j2
├── tests
│   ├── inventory
│   └── test.yml
└── vars
└── main.yml

38 directories, 52 files
[[email protected] lnmp]$

Ansible Facts

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
[[email protected] lnmp]$ ansible-playbook -i hosts playbook.yml

PLAY [lnmp] ********************************************************************

TASK [setup] *******************************************************************
ok: [23.105.199.121]

TASK [common : Adds an SSH authorized key] *************************************
ok: [23.105.199.121]

TASK [common : Check epel.repo exists or not] **********************************
changed: [23.105.199.121]

TASK [common : Create EPEL GPG KEY] ********************************************
ok: [23.105.199.121]

TASK [common : Create EPEL Repo] ***********************************************
ok: [23.105.199.121]

TASK [common : Set TimeZone Asia/Shanghai] *************************************
changed: [23.105.199.121]

TASK [common : Set NTP, Install Chrony] ****************************************
ok: [23.105.199.121]

TASK [nginx : Check Nginx.repo exists or not] **********************************
changed: [23.105.199.121]

TASK [nginx : Create Nginx Repo] ***********************************************
ok: [23.105.199.121]

TASK [nginx : Install Nginx Dependency Packages] *******************************
skipping: [23.105.199.121] => (item=[u'zlib', u'zlib-devel', u'openssl', u'openssl-devel', u'pcre', u'pcre2-devel'])

TASK [nginx : Install Nginx Dependency Packages] *******************************
skipping: [23.105.199.121] => (item=[u'nginx'])

TASK [nginx : Check Nginx SSL Dir] *********************************************
changed: [23.105.199.121]

TASK [nginx : Create TLS Certificates] *****************************************
changed: [23.105.199.121]

TASK [nginx : Copy ticket.key & dhparam.pem] ***********************************
changed: [23.105.199.121] => (item=ticket.key)
changed: [23.105.199.121] => (item=dhparam.pem)

TASK [nginx : Configure Nginx Configuration File nginx.conf] *******************
changed: [23.105.199.121]

TASK [nginx : Disable /etc/nginx/conf.d/default.conf] **************************
changed: [23.105.199.121]

TASK [nginx : Configure Nginx Configuration File vhosts.conf] ******************
changed: [23.105.199.121]

TASK [nginx : Reload Nginx Service] ********************************************
changed: [23.105.199.121]

TASK [mariadb : Check MariaDB.repo exists or not] ******************************
changed: [23.105.199.121]

TASK [mariadb : Create MariaDB GPG KEY] ****************************************
ok: [23.105.199.121]

TASK [mariadb : Create MariaDB Repo] *******************************************
ok: [23.105.199.121]

TASK [mariadb : Insall MariaDB-server MariaDB-client] **************************
skipping: [23.105.199.121] => (item=[u'MariaDB-server', u'MariaDB-client', u'MySQL-python'])

TASK [mariadb : Start MariaDB Service] *****************************************
changed: [23.105.199.121]

TASK [mariadb : Copy .my.cnf file with pasword credentials] ********************
ok: [23.105.199.121]

TASK [mariadb : Create Database User] ******************************************
changed: [23.105.199.121]

TASK [mariadb : Delete Test Database] ******************************************
changed: [23.105.199.121]

TASK [mariadb : Removes all anonymous user accounts] ***************************
changed: [23.105.199.121]

TASK [mariadb : Disallow root login remotely] **********************************
ok: [23.105.199.121] => (item=DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1'))

TASK [mariadb : Get list of hosts for the root user.] **************************
ok: [23.105.199.121]

TASK [mariadb : Update MySQL root password for localhost root account.] ********
changed: [23.105.199.121] => (item=127.0.0.1)
changed: [23.105.199.121] => (item=::1)
changed: [23.105.199.121] => (item=localhost)

TASK [mariadb : Copy my.cnf file] **********************************************
changed: [23.105.199.121]

TASK [mariadb : Restart MariaDB Service] ***************************************
changed: [23.105.199.121]

TASK [php : Check Remi.repo exists or not] *************************************
changed: [23.105.199.121]

TASK [php : Create Remi GPG KEY] ***********************************************
ok: [23.105.199.121]

TASK [php : Create Remi Repo] **************************************************
ok: [23.105.199.121] => (item=remi.repo)
ok: [23.105.199.121] => (item=remi-safe.repo)

TASK [php : Install Relevent Packages] *****************************************
skipping: [23.105.199.121] => (item=[u'bzip2-devel', u'libmcrypt-devel', u'libxml2-devel', u'libxml2'])

TASK [php : Install php & php-fpm] *********************************************
skipping: [23.105.199.121] => (item=[u'php', u'php-fpm'])

TASK [php : Install php modules] ***********************************************
skipping: [23.105.199.121] => (item=[u'php-cli', u'php-devel', u'php-opcache', u'php-soap', u'php-pdo', u'php-mcrypt', u'php-pecl-xdebug', u'php-xml', u'php-mysql', u'php-gd', u'php-enchant', u'php-process', u'php-bcmath', u'php-ctype', u'php-libxml', u'php-xmlreader', u'php-xmlwriter', u'php-session', u'php-mbstring', u'php-gettext', u'php-ldap', u'php-mysqlnd'])

TASK [php : Configuration /etc/php.ini] ****************************************
changed: [23.105.199.121]

TASK [php : Configuration /etc/php-fpm.d/www.conf] *****************************
changed: [23.105.199.121]

TASK [php : Start php-fpm] *****************************************************
changed: [23.105.199.121]

RUNNING HANDLER [nginx : Start Nginx] ******************************************
ok: [23.105.199.121]

RUNNING HANDLER [nginx : Reload Nginx] *****************************************
changed: [23.105.199.121]

PLAY RECAP *********************************************************************
23.105.199.121 : ok=43 changed=27 unreachable=0 failed=0

[[email protected] lnmp]$

Change Log

  • 2016.03.29 00:35 Tue Asia/Beijing
    • 初稿完成

  • Note Time: 2016.03.29 00:35 Tue
  • Note Location: Asia/Beijing
  • Writer: lempstacker