1.1. introduction
By default, network access is turned off to a ECS instance. You can specify rules in a security group that allows access from an IP address range, port, or ECS security group.
You must specify port numbers (for TCP):
- 22 (ssh)
- 80 (http)
- 443 (https)
- 21, 20000~30000 (ftp)
Security groups document URL: https://www.alibabacloud.com/help/doc-detail/25475.htm
1.2. image environment description
1.2.1. image version description
Software version:
- Apache2.4.41
- PHP7.4.0、7.3.12、7.2.25、7.1.33、7.0.33、5.6.40、5.5.38、5.4.45、5.3.29
- MySQL5.7.28
- Redis5.0.7
- Memcached1.5.20
- Jemalloc5.2.1
- Pure-FTPd1.0.49
- phpMyAdmin4.4.15.10
Image Feature:
- Source compiler installation, download the latest and most stable version from the official, security optimization
- Providing multiple PHP versions (PHP-7.4, PHP-7.3, PHP-7.2, PHP-7.1,PHP-7.0, PHP-5.6, PHP-5.5, PHP-5.4, PHP-5.3)
- Jemalloc optimize MySQL/MariaDB
- Providing add a virtual host script, include Let's Encrypt SSL certificate
- Add ftp acount to manage via the shell script menu
- Provide MySQL/MariaDB, PHP, Redis, Memcached, phpMyAdmin upgrade script
- Provide local backup and remote backup (rsync between servers),Alibaba cloud OSS backup(Intranet) script
1.2.2. application installation directories
Install directory:
- Nginx:
/usr/local/nginx
- PHP:
/usr/local/php
- MySQL:
/usr/local/mysql
- Pureftpd:
/usr/local/pureftpd
- Redis:
/usr/local/redis
- Memcached:
/usr/local/memcached
- phpMyAdmin:
/data/wwwroot/default/phpMyAdmin
Data directory:
- Database data directory:
/data/mysql
- Web logs directory:
/data/wwwlogs
- Web Context default document root:
/data/wwwroot/default
- Index demo url:
http://<Public net IP>
- PHPINFO url:
http://<Public net IP>/phpinfo.php
- Opcache Control Panel url:
http://<Public net IP>/ocp.php
- phpMyAdmin install directory:
http://<Public net IP>/phpMyAdmin
- PHP xprober url:
http://<Public net IP>/xprober.php
1.2.3. how do use scripts to optimize the parameters
Because this image was build based on 1 Core 1G ECS,the configuration and parameters for MySQL/MariaDB,PHP are original without any change, highly recommended If this is not the case, run the following optimization script:
cd /root/oneinstack
./optimize.sh
[!WARNING]
- It may take 1 minute, please do not interrupt
- This script will automatically optimize Nginx, MySQL, PHP and other parameters according to the system configuration
As shown below:
1.3. how to change your php version
cd /root/oneinstack
./change_php_version.sh
As shown below:
1.4. migrating website from os disk to data disk
[!WARNING] If you purchased a data disk (And only one data disk), It is recommended to mount the data disk first, the site content, database storage data cloud disk, If there is no purchase data cloud disk Ignore the tutorial!
cd /root/oneinstack
./move_auto_fdisk.sh
As shown below:
1.5. db management
1.5.1. display default db root password
cd /root/oneinstack
grep dbrootpwd options.conf
As shown below:
1.5.2. change db root password
cd /root/oneinstack
./reset_db_root_password.sh
As shown below:
1.5.3. create database
Method 1: Command line creation
For example: create a database named oneinstack
mysql -uroot –p #Enter mysql console
Enter password: #Enter mysql root password
MySQL [(none)]> create database oneinstack; #Notice the semicolon at the end
MySQL [(none)]> show databases;
MySQL [(none)]> exit; #quit mysql console,Notice the semicolon at the end
As shown below:
Method 2: Via phpMyAdmin
Use following URL to open phpMyAdmin page:
http://<Public net IP>/phpMyAdmin
1.5.4. delete database
Method 1: Command line delete
For example: delete oneinstack
database
mysql -uroot –p #Enter mysql console
Enter password: #Enter mysql root password
MySQL [(none)]> drop database oneinstack;
MySQL [(none)]> show databases;
MySQL [(none)]> exit; #quit mysql console,Notice the semicolon at the end
Method 2: Via phpMyAdmin
Use following URL to open phpMyAdmin page:
http://<Public net IP>/phpMyAdmin
1.5.5. create a database user
[!WARNING] Remote Connection Create a new account (Account name can not be
root
)
For security purposes, we usually create a unique database connection account for each web application(Account name can not be root).
E.g:add a user named: db_user
,password: 123456
, Authorization for the localhost
to the oneinstack database all permissions,the commands are as follows:
mysql -uroot -p #Enter mysql console
Enter password: #Enter mysql root password
MySQL [(none)]> grant all privileges on db_name.* to db_user@'localhost' identified by '123456';
MySQL [(none)]> flush privileges;
MySQL [(none)]> exit; #quit mysql console,Notice the semicolon at the end
As shown below:
1.5.6. how to setup a remote db connection
For security reasons, OneinStack only allows the cloud host localhost to connect to the database,if you need a remote connection to the database,the following operations are required:
1. You must open port 3306 for Security groups
Reference documents:《Security group》
Database authorization
[!WARNING] Remote Connection Create a new account(Account name can not be
root
)
E.g:add a user named db_user
, password db_pass,Authorized as %
(%
Represents all ip can connect, you can set the designated ip) db_name
database all authority, the commands are as follows
# mysql -uroot -p
MySQL [(none)]> grant all privileges on db_name.* to db_user@'%' identified by 'db_pass';
MySQL [(none)]> flush privileges;
MySQL [(none)]> exit;
As shown below:
1.6. how to manage virtual host
1.6.1. how to add a virtual host
cd /root/oneinstack
./vhost.sh
As shown below:
In the above figure, the directory is the root directory of the Web site,the script is created automatically,Upload the code to the directory when deploying the site(the directory, subdirectories, and file permissions are all: www
), Add a virtual host will automatically create this directory.
- Apache the configuration file path:
/usr/local/apache/conf/vhost/demo.oneinstack.com.conf
- Apache
.htaccess
file path:/data/wwwroot/demo.oneinstack
1.6.2. how to delete a virtual host
cd /root/oneinstack
./vhost.sh --del
As shown below:
1.7. how to manage fto user accounts
cd /root/oneinstack
./pureftpd_vhost.sh
As shown below:
1.8. how to backup
Backup Set Parameters
cd /root/oneinstack
./backup_setup.sh
As shown below:
Perform the backup immediately:
cd /root/oneinstack
./backup.sh
Set Scheduled Task Automatic Scheduled Backup:
Example: Can be added to scheduled tasks, such as automatic backups every day 1:00
echo '0 1 * * * cd ~/oneinstack;./backup.sh > /dev/null 2>&1 & ' >> /var/spool/cron/root
View the local backup:
ls -l /data/backup
As shown below:
1.9. how to manage service
[!WARNING] If the operating system has systemd, perform a service restart, it will jump to systemd directly, if you see the following prompt, please ignore, it has been restarted
Redirecting to /bin/systemctl restart example.service
Apache:
service httpd {start|stop|status|restart|reload|configtest}
[!WARNING] Change the Nginx configuration file, it is strongly recommended to reload
PHP:
service php-fpm {start|stop|restart|reload|status}
MySQL:
service mysqld {start|stop|restart|reload|status}
Pure-Ftpd:
service pureftpd {start|stop|restart|status}
Redis:
service redis-server {start|stop|status|restart|reload}
Memcached:
service memcached {start|stop|status|restart|reload}
1.10. how to upgrade
cd /root/oneinstack
./upgrade.sh
As shown below:
1.11. how to add extensions
1.11.1. Add PHP Extensions
If swoole extension is added, the following command:
cd /root/oneinstack
./install.sh --php_extensions swoole
[!WARNING]
./install.sh --help
1.11.2. Add system components
cd /root/oneinstack
./addons.sh
[!WARNING] Support install and uninstall function
As shown below:
1.12. how to uninstall
[!WARNING] Some items can be uninstalled separately, such as RDS database, the database can be uninstalled separately
cd /root/oneinstack
./uninstall.sh
[!WARNING] Please backup your data
As shown below:
1.13. more
1.13.1. How to deploy a PHP website on a server
- Create the database required for the site,reference《Create database》
- Add a virtual host,reference 《How to add a virtual host》Create PHP vhost
- Create an FTP account,reference《How to manage FTP accounts》
- Deploy the code to the site root directory
[!WARNING] Ftp upload code do not need to modify permissions,default is already www; Download the code in server , you must modify the site root and subdirectories,Directory file permissions are www; If there is a problem with site permissions,Please refer to《About site root permissions》
wget Download the code to deploy a WordPress,As shown below:
Access http://demo.oneinstack.com
,enter the database address (localhost
), user named (root
), password(database root password).
As shown below::
1.13.2. about the php opcode cache
by default,in order to reduce PHP compile time,improve performance(Opcache is recommended for production environments), The PHP environment loads the Opcache module by default(PHP7.4~5.5), Please refer to the principle:《In-depth understanding of PHP Opcode caching principles》
But this will appear PHP code updates, take 2 to 3 minutes to take effect,This affects the efficiency of the site during the commissioning phase suggest that you close or refresh the cache every time there is a code update (Recommended method 2)
Method 1: Uninstall Opcache
cd /root/oneinstack
./addons.sh
As shown below:
Method 2: Refresh the PHP cache
Access http://<Public net IP>/ocp.php
,
Or direct access http://<Public net IP>/ocp.php?RESET=1
As shown below:
1.13.3. about site root permissions
Web site root permissions to follow:
file 644, folder 755, Permissions Users and groups www
If there is a file permissions problem, execute the following three commands:
chown -R www.www /data/wwwroot/
find /data/wwwroot/ -type d -exec chmod 755 {} \;
find /data/wwwroot/ -type f -exec chmod 644 {} \;
1.13.4. about redis and memcached
- Redis default port:
6379
- Memcached default port:
11211
- default only listen IP:
127.0.0.1
How to increase the maximum memory size of Redis?
vi /usr/local/redis/etc/redis.conf
maxmemory 1024000000
Unit: bytes
service redis-server restart # restart the redis for changes to take effect
How to increase the maximum memory size of memcached?
vi /etc/init.d/memcached
CACHESIZE=256
Unit: Megebyte
service memcached restart # restart the memcached for changes to take effect
How to change the listening port for redis?
vi /usr/local/redis/etc/redis.conf
bind 127.0.0.1
change to bind 0.0.0.0
service redis-server restart # restart the redis for changes to take effect
How to change the listening port for memcached?
vi /etc/init.d/memcached
OPTIONS="-l 127.0.0.1"
change to OPTIONS=""
service memcached restart # restart the memcached for changes to take effect
1.13.5. about iptables firewall
By default, iptables firewall is not running.