一、安装基础组件
PHP
pacman -S php php-fpm php-gd php-sqlite
pacman -U php-ioncube-loader-14.4.1-1-x86_64.pkg.tar.zstNGINX
pacman -S nginxMySQL
pacman -U libmysqlclient80-8.0.42-1-x86_64.pkg.tar.zst mysql-clients80-8.0.42-1-x86_64.pkg.tar.zst mysql80-8.0.42-1-x86_64.pkg.tar.zst 二、修改配置
/etc/mysql/my.cnf
[mysqld]
# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
#
bind-address = 0.0.0.0
port = 3306
socket = /run/mysqld/mysqld.sock
#skip-networking
skip-name-resolve
skip-ssl
#ssl-ca = /srv/mysql/ca.pem
#ssl-cert = /srv/mysql/server-cert.pem
#ssl-key = /srv/mysql/server-key.pem
#sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_ZERO_DATE,NO_ZERO_IN_DATE,ERROR_FOR_DIVISION_BY_ZERO
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
# These are commonly set, remove the # and set as required.
basedir = /usr
datadir = /srv/mysql/data
# Point the following paths to different dedicated disks
#tmpdir = /tmp/
default-time-zone = '+8:00'
character-set-server = UTF8MB4
#default_authentication_plugin = mysql_native_password
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
sort_buffer_size = 1024M
# read_rnd_buffer_size = 2M
max_heap_table_size = 2048M
tmp_table_size = 2048M
max_connections = 16384
max_allowed_packet = 20M
innodb_data_home_dir = /srv/mysql/inno
innodb_log_group_home_dir = /srv/mysql/inno
innodb_data_file_path = ibdata1:10M:autoextend
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
innodb_buffer_pool_size = 128M
# innodb_log_group_home_dir = /srv/mysql/logs
# innodb_additional_mem_pool_size = 2M
innodb_log_file_size = 32M
innodb_log_buffer_size = 8M
innodb_flush_log_at_trx_commit = 1
innodb_lock_wait_timeout = 50
innodb_lock_wait_timeout = 1814400
#init_connect = 'SET collation_connection = utf8_general_ci,NAMES utf8'
#collation_server = utf8_general_ci
#character_set_client = utf8
#character_set_server = utf8
#skip-external-locking
#key_buffer_size = 16M
#max_allowed_packet = 1M
#table_open_cache = 64
#sort_buffer_size = 512K
#net_buffer_length = 8K
#read_buffer_size = 256K
#read_rnd_buffer_size = 512K
#myisam_sort_buffer_size = 8M
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
# Replication Master Server (default)
# binary logging is required for replication
#log-bin=mysql-bin
# binary logging format - mixed recommended
#binlog_format=mixed
# required unique id between 1 and 2^32 - 1
# defaults to 1 if master-host is not set
# but will not function as a master if omitted
#server-id = 1
# Replication Slave (comment out master section to use this)
#
# To configure this host as a replication slave, you can choose between
# two methods :
#
# 1) Use the CHANGE MASTER TO command (fully described in our manual) -
# the syntax is:
#
# CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>,
# MASTER_USER=<user>, MASTER_PASSWORD=<password> ;
#
# where you replace <host>, <user>, <password> by quoted strings and
# <port> by the master's port number (3306 by default).
#
# Example:
#
# CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306,
# MASTER_USER='joe', MASTER_PASSWORD='secret';
#
# OR
#
# 2) Set the variables below. However, in case you choose this method, then
# start replication for the first time (even unsuccessfully, for example
# if you mistyped the password in master-password and the slave fails to
# connect), the slave will create a master.info file, and any later
# change in this file to the variables' values below will be ignored and
# overridden by the content of the master.info file, unless you shutdown
# the slave server, delete master.info and restart the slaver server.
# For that reason, you may want to leave the lines below untouched
# (commented) and instead use CHANGE MASTER TO (see above)
#
# required unique id between 2 and 2^32 - 1
# (and different from the master)
# defaults to 2 if master-host is set
# but will not function as a slave if omitted
#server-id = 2
#
# The replication master for this slave - required
#master-host = <hostname>
#
# The username the slave will use for authentication when connecting
# to the master - required
#master-user = <username>
#
# The password the slave will authenticate with when connecting to
# the master - required
#master-password = <password>
#
# The port the master is listening on.
# optional - defaults to 3306
#master-port = <port>
#
# binary logging - not required for slaves, but recommended
#log-bin=mysql-bin
# The following options will be passed to all MySQL clients
[client]
password = <PASSWORD>
port = 3306
socket = /run/mysqld/mysqld.sock
# Here follows entries for some specific programs
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
default-character-set = utf8mb4
# Remove the next comment character if you are not familiar with SQL
#safe-updates
#ssl-ca = /srv/mysql/ca.pem
#ssl-cert = /srv/mysql/client-cert.pem
#ssl-key = /srv/mysql/client-key.pem
[myisamchk]
key_buffer_size = 20M
sort_buffer_size = 20M
read_buffer = 2M
write_buffer = 2M
[mysqlhotcopy]
interactive-timeoutmkdir -p /srv/mysql/{data,inno}
chown -R mysql:mysql /srv/mysql
mysqld --initialize --user=mysql --basedir=/usr --datadir=/srv/mysql/data --innodb_data_home_dir=/srv/mysql/inno --innodb_log_group_home_dir=/srv/mysql/innomysql修改密码
ALTER USER USER() IDENTIFIED BY 'password';
CREATE USER 'root'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;创建数据库
CREATE DATABASE whmcs;
CREATE USER 'whmcs'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON whmcs.* TO 'whmcs'@'localhost';
FLUSH PRIVILEGES;
EXIT;systemctl enable mysqld && systemctl restart mysqld/etc/nginx/xxx.com_ssl.conf
server {
listen 443 ssl;
server_name xxx.com;
ssl_certificate /etc/nginx/ssl/server.pem;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'HIGH:!aNULL:!MD5';
ssl_prefer_server_ciphers off;
root /srv/http/whmcs;
index index.html index.php;
#charset koi8-r;
access_log /var/log/nginx/fortu.cfd.access.log;
error_log /var/log/nginx/fortu.cfd.error.log;
# no size limit of uploaded file
client_max_body_size 0;
# 安全配置
location ~ /\.ht {
deny all;
}
location ~ /\.git {
deny all;
}
# WHMCS 特定配置
location ~* \.(tpl|twig)$ {
deny all;
}
location ~ ^/(downloads|utilities|vendor|.composer|whois.json) {
deny all;
}
# PHP 文件处理
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# 修复 HTTPS 代理问题
fastcgi_param HTTPS on;
fastcgi_param HTTP_X_FORWARDED_PROTO https;
fastcgi_param HTTP_X_FORWARDED_SSL on;
include fastcgi_params;
}
# 静态文件缓存
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
# URL 重写规则
location / {
try_files $uri $uri/ /index.php?$query_string;
}
#用于清除缓存,假设一个URL为http://my.domain.com/test.gif,通过访问
#http://git.magicwall.org/purge/test.gif可以清除该URL的缓存
location ~ /purge(/.*)
{
#设置只允许指定的IP或IP段才可以清除URL缓存
allow 172.16.0.0/24;
deny all;
#proxy_cache_purge staticCache $host$1$is_args$args ;
}
}三、下载 WHMCS
设置权限
chown -R http:http /srv/http/whmcs
chmod -R 755 /srv/http/whmcs四、设置PHP
配置 PHP-FPM
extension=curl
extension=ftp
extension=gd
extension=intl
extension=mysqli
extension=pdo_mysql
extension=zipsystemctl enable php-fpm && systemctl restart php-fpm五、安装
http://yourdomain.com/install/install.php