PHP信创=麒麟V10系统PHP生产环境搭建与信创项目落地最佳方式
·
麒麟V10 PHP生产环境搭建 + 信创项目落地
一、背景理解
麒麟V10 = 国产操作系统,基于Linux,分两个版本:
- 银河麒麟V10(桌面版)
- 银河麒麟V10 Server(服务器版,生产环境用这个)
信创 = 信息技术应用创新,核心要求:国产CPU(鲲鹏/飞腾/龙芯)+ 国产OS + 国产数据库(达梦/人大金仓/GaussDB)
架构组合常见方案:
鲲鹏920(ARM64) + 麒麟V10 Server + Nginx + PHP + 达梦/MySQL
---
二、系统初始化
2.1 查看系统信息
# 查看系统版本
cat /etc/kylin-release
# 或
cat /etc/os-release
# 查看CPU架构(信创重点)
uname -m
# 鲲鹏/飞腾输出: aarch64
# 龙芯输出: mips64el 或 loongarch64
# x86输出: x86_64
# 查看内核
uname -r
# 查看内存/CPU
free -h
nproc
2.2 配置yum源(麒麟V10专用)
# 备份原有源
mv /etc/yum.repos.d/kylin_x86_64.repo /etc/yum.repos.d/kylin_x86_64.repo.bak
# 麒麟官方源(ARM64版本)
cat > /etc/yum.repos.d/kylin.repo << 'EOF'
[ks10-adv-os]
name=Kylin Linux Advanced Server 10 - Os
baseurl=https://update.cs2c.com.cn/NS/V10/V10SP3/os/adv/lic/base/aarch64/
gpgcheck=0
enabled=1
[ks10-adv-updates]
name=Kylin Linux Advanced Server 10 - Updates
baseurl=https://update.cs2c.com.cn/NS/V10/V10SP3/os/adv/lic/updates/aarch64/
gpgcheck=0
enabled=1
EOF
# 如果是x86架构,把aarch64换成x86_64
# 更新缓存
yum clean all
yum makecache
2.3 关闭防火墙和SELinux(生产环境按需配置)
# 关闭防火墙(或者配置规则)
systemctl stop firewalld
systemctl disable firewalld
# 关闭SELinux(PHP项目常见坑)
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
# 验证
getenforce
# 输出: Disabled
---
三、安装Nginx
# 安装nginx
yum install -y nginx
# 启动并设置开机自启
systemctl start nginx
systemctl enable nginx
# 查看版本
nginx -v
Nginx主配置文件 /etc/nginx/nginx.conf:
user nginx;
worker_processes auto; # 自动匹配CPU核心数
error_log /var/log/nginx/error.log warn;
pid /run/nginx.pid;
events {
worker_connections 1024;
use epoll; # Linux下最高效的IO模型
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
gzip_types text/plain text/css application/json application/javascript;
# 隐藏版本号(安全)
server_tokens off;
# 引入站点配置
include /etc/nginx/conf.d/*.conf;
}
---
四、安装PHP
麒麟V10默认源的PHP版本较老,推荐用 Remi源 或 手动编译。
方案A:yum安装(推荐,省事)
# 安装epel源
yum install -y epel-release
# 安装remi源(ARM64也支持)
yum install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm
# 启用PHP 8.1模块
yum module reset php
yum module enable php:remi-8.1
# 安装PHP及常用扩展
yum install -y php php-fpm php-cli \
php-mysqlnd \ # MySQL/MariaDB驱动
php-pdo \ # PDO
php-gd \ # 图片处理
php-mbstring \ # 多字节字符串(中文必装)
php-xml \ # XML处理
php-curl \ # HTTP请求
php-zip \ # ZIP压缩
php-redis \ # Redis扩展
php-opcache \ # 字节码缓存(性能必装)
php-json \ # JSON
php-bcmath \ # 高精度计算
php-intl # 国际化
# 查看版本
php -v
方案B:编译安装(版本可控,信创环境推荐)
# 安装编译依赖
yum install -y gcc gcc-c++ make cmake \
libxml2-devel openssl-devel curl-devel \
libjpeg-devel libpng-devel freetype-devel \
libzip-devel oniguruma-devel sqlite-devel \
bzip2-devel readline-devel
# 下载PHP源码(以8.1为例)
cd /usr/local/src
wget https://www.php.net/distributions/php-8.1.28.tar.gz
tar -zxvf php-8.1.28.tar.gz
cd php-8.1.28
# 编译配置
./configure \
--prefix=/usr/local/php \
--with-config-file-path=/usr/local/php/etc \
--enable-fpm \
--with-fpm-user=nginx \
--with-fpm-group=nginx \
--enable-mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-openssl \
--with-curl \
--with-zlib \
--with-zip \
--enable-mbstring \
--enable-opcache \
--enable-bcmath \
--with-gd \
--with-jpeg \
--with-freetype \
--enable-xml \
--enable-sockets \
--enable-pcntl \
--disable-debug
# 编译安装(-j后面是CPU核心数)
make -j$(nproc)
make install
# 创建软链接
ln -s /usr/local/php/bin/php /usr/bin/php
ln -s /usr/local/php/sbin/php-fpm /usr/sbin/php-fpm
# 复制配置文件
cp php.ini-production /usr/local/php/etc/php.ini
cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
cp /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf
---
五、配置PHP-FPM
/etc/php-fpm.d/www.conf 或编译版 /usr/local/php/etc/php-fpm.d/www.conf:
[www]
; 运行用户(和nginx一致)
user = nginx
group = nginx
; 监听方式:Unix socket比TCP快,推荐
listen = /run/php-fpm/www.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
; 进程管理模式
; static=固定数量 dynamic=动态 ondemand=按需
pm = dynamic
; 最大子进程数(根据内存调整,每个进程约30-50MB)
; 公式:(总内存 * 0.7) / 单进程内存
pm.max_children = 50
; 启动时的进程数
pm.start_servers = 10
; 最少空闲进程
pm.min_spare_servers = 5
; 最多空闲进程
pm.max_spare_servers = 20
; 每个进程处理多少请求后重启(防内存泄漏)
pm.max_requests = 500
; 慢日志(超过2秒记录)
slowlog = /var/log/php-fpm/www-slow.log
request_slowlog_timeout = 2s
; 环境变量传递
clear_env = no
/etc/php.ini 关键配置:
; 时区(信创项目必须设置)
date.timezone = Asia/Shanghai
; 上传文件大小
upload_max_filesize = 50M
post_max_size = 50M
; 内存限制
memory_limit = 256M
; 执行超时
max_execution_time = 60
; 错误处理(生产环境关闭错误显示)
display_errors = Off
log_errors = On
error_log = /var/log/php/error.log
; OPcache配置(性能提升50%+)
[opcache]
opcache.enable = 1
opcache.memory_consumption = 128
opcache.interned_strings_buffer = 8
opcache.max_accelerated_files = 10000
opcache.revalidate_freq = 60
opcache.fast_shutdown = 1
# 启动php-fpm
systemctl start php-fpm
systemctl enable php-fpm
# 查看状态
systemctl status php-fpm
---
六、配置Nginx + PHP站点
/etc/nginx/conf.d/myapp.conf:
server {
listen 80;
server_name yourdomain.com; # 换成你的域名或IP
root /var/www/myapp/public; # Laravel/ThinkPHP的public目录
index index.php index.html;
# 字符集
charset utf-8;
# 访问日志
access_log /var/log/nginx/myapp_access.log main;
error_log /var/log/nginx/myapp_error.log warn;
# 隐藏敏感文件
location ~ /\.(env|git|svn) {
deny all;
return 404;
}
# 静态资源缓存
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff2)$ {
expires 30d;
add_header Cache-Control "public, no-transform";
}
# PHP-FPM处理
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm/www.sock; # 对应php-fpm的listen
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
# 超时设置
fastcgi_connect_timeout 60;
fastcgi_send_timeout 60;
fastcgi_read_timeout 60;
}
# Laravel/ThinkPHP路由重写(伪静态)
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# 禁止访问composer文件
location ~* composer\.(json|lock)$ {
deny all;
}
}
# 测试nginx配置
nginx -t
# 重载配置
systemctl reload nginx
---
七、安装数据库
7.1 MySQL(兼容性最好)
# 麒麟V10直接装MariaDB(MySQL的开源分支,完全兼容)
yum install -y mariadb-server mariadb
systemctl start mariadb
systemctl enable mariadb
# 安全初始化
mysql_secure_installation
# 按提示:设置root密码、删除匿名用户、禁止root远程登录、删除test库
# 创建项目数据库和用户
mysql -u root -p << 'EOF'
CREATE DATABASE myapp CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'myapp_user'@'localhost' IDENTIFIED BY 'StrongPassword123!';
GRANT ALL PRIVILEGES ON myapp.* TO 'myapp_user'@'localhost';
FLUSH PRIVILEGES;
EOF
7.2 达梦数据库(信创首选,政府项目必用)
# 达梦需要从官网下载安装包,以DM8为例
# 官网: https://www.dameng.com/
# 创建安装用户
useradd -m dmdba
passwd dmdba
# 挂载安装镜像
mount -o loop dm8_20231109_x86_rh7_64.iso /mnt/dm
# 切换到dmdba用户安装
su - dmdba
cd /mnt/dm
./DMInstall.bin -i # 图形化安装,或 -q 静默安装
# 初始化数据库实例
/opt/dmdbms/bin/dminit \
PATH=/opt/dmdbms/data \
DB_NAME=DAMENG \
INSTANCE_NAME=DMSERVER \
PORT_NUM=5236 \
CHARSET=1 \ # 1=UTF-8
PAGE_SIZE=16 \
EXTENT_SIZE=32 \
LOG_SIZE=256
# 注册服务
/opt/dmdbms/script/root/dm_service_installer.sh \
-t dmserver \
-p DMSERVER \
-dm_ini /opt/dmdbms/data/DAMENG/dm.ini
systemctl start DmServiceDMSERVER
systemctl enable DmServiceDMSERVER
PHP连接达梦数据库(通过PDO ODBC或达梦专用扩展):
<?php
// 方式1:使用达梦官方PHP扩展(推荐)
// 需要安装 php_dm8_pdo.so 扩展
// 方式2:通过PDO ODBC连接
$dsn = 'odbc:Driver=DM8 ODBC DRIVER;Server=localhost;Port=5236;Database=DAMENG';
$pdo = new PDO($dsn, 'SYSDBA', 'SYSDBA001');
// 方式3:达梦PDO扩展(最常用)
$dsn = 'dm:host=localhost;port=5236;dbname=DAMENG';
$pdo = new PDO($dsn, 'SYSDBA', 'SYSDBA001', [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
]);
---
八、安装Redis(缓存/Session)
yum install -y redis
# 配置Redis
vim /etc/redis.conf
关键配置修改:
# 绑定地址(只允许本机访问)
bind 127.0.0.1
# 设置密码
requirepass YourRedisPassword123
# 最大内存(根据服务器调整)
maxmemory 512mb
# 内存淘汰策略
maxmemory-policy allkeys-lru
# 持久化(生产环境开启)
appendonly yes
appendfsync everysec
systemctl start redis
systemctl enable redis
# 测试
redis-cli -a YourRedisPassword123 ping
# 输出: PONG
---
九、部署PHP项目(以Laravel为例)
9.1 安装Composer
# 下载composer
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php --install-dir=/usr/local/bin --filename=composer
# 验证
composer --version
# 配置国内镜像(信创环境网络受限时必用)
composer config -g repo.packagist composer https://mirrors.aliyun.com/composer/
9.2 部署项目
# 创建项目目录
mkdir -p /var/www/myapp
cd /var/www/myapp
# 上传代码(或git clone)
git clone https://your-repo.git .
# 安装依赖(生产环境不装dev依赖)
composer install --no-dev --optimize-autoloader
# 设置权限
chown -R nginx:nginx /var/www/myapp
chmod -R 755 /var/www/myapp
chmod -R 777 /var/www/myapp/storage
chmod -R 777 /var/www/myapp/bootstrap/cache
# 配置环境变量
cp .env.example .env
vim .env
.env 关键配置:
APP_NAME=MyApp
APP_ENV=production
APP_KEY= # 运行 php artisan key:generate 生成
APP_DEBUG=false
APP_URL=http://yourdomain.com
# 数据库(MySQL)
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=myapp
DB_USERNAME=myapp_user
DB_PASSWORD=StrongPassword123!
# 达梦数据库配置
# DB_CONNECTION=dm
# DB_HOST=127.0.0.1
# DB_PORT=5236
# DB_DATABASE=DAMENG
# DB_USERNAME=SYSDBA
# DB_PASSWORD=SYSDBA001
# Redis
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=YourRedisPassword123
REDIS_PORT=6379
# Session存储到Redis
SESSION_DRIVER=redis
CACHE_DRIVER=redis
QUEUE_CONNECTION=redis
# 生成应用密钥
php artisan key:generate
# 运行数据库迁移
php artisan migrate --force
# 清理并缓存配置(生产环境必做,提升性能)
php artisan config:cache
php artisan route:cache
php artisan view:cache
---
十、ThinkPHP项目配置(国内信创项目常用)
Nginx配置(ThinkPHP6):
server {
listen 80;
server_name yourdomain.com;
root /var/www/thinkphp/public;
index index.php;
location / {
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
}
}
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
ThinkPHP连接达梦数据库 config/database.php:
<?php
return [
'default' => env('DB_CONNECTION', 'mysql'),
'connections' => [
// 达梦数据库配置
'dm' => [
'type' => 'pdo',
'dsn' => 'dm:host=127.0.0.1;port=5236;dbname=DAMENG',
'username' => 'SYSDBA',
'password' => 'SYSDBA001',
'charset' => 'utf8',
'prefix' => '',
'options' => [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
],
],
// MySQL配置
'mysql' => [
'type' => 'mysql',
'hostname' => '127.0.0.1',
'database' => 'myapp',
'username' => 'myapp_user',
'password' => 'StrongPassword123!',
'hostport' => '3306',
'charset' => 'utf8mb4',
'prefix' => '',
],
],
];
---
十一、HTTPS配置(生产必须)
# 安装certbot(如果有公网域名)
yum install -y certbot python3-certbot-nginx
certbot --nginx -d yourdomain.com
# 内网/信创环境用自签证书
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-keyout /etc/nginx/ssl/server.key \
-out /etc/nginx/ssl/server.crt \
-subj "/C=CN/ST=Beijing/L=Beijing/O=MyCompany/CN=yourdomain.com"
Nginx HTTPS配置:
server {
listen 443 ssl http2;
server_name yourdomain.com;
root /var/www/myapp/public;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# 其余配置同上...
}
# HTTP强制跳转HTTPS
server {
listen 80;
server_name yourdomain.com;
return 301 https://$host$request_uri;
}
---
十二、进程管理(队列/定时任务)
Supervisor管理Laravel队列
yum install -y supervisor
systemctl start supervisord
systemctl enable supervisord
/etc/supervisord.d/laravel-worker.ini:
[program:laravel-worker]
process_name=%(program_name)s_%(process_num)02d
command=php /var/www/myapp/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
autostart=true
autorestart=true
stopasgroup=true
killasgroup=true
user=nginx
numprocs=4
redirect_stderr=true
stdout_logfile=/var/log/supervisor/laravel-worker.log
stopwaitsecs=3600
supervisorctl reread
supervisorctl update
supervisorctl start laravel-worker:*
Crontab定时任务
# 编辑nginx用户的crontab
crontab -u nginx -e
# Laravel调度器(每分钟执行)
* * * * * php /var/www/myapp/artisan schedule:run >> /dev/null 2>&1
---
十三、日志管理
# 配置logrotate自动切割日志
cat > /etc/logrotate.d/nginx-php << 'EOF'
/var/log/nginx/*.log {
daily
missingok
rotate 30
compress
delaycompress
notifempty
sharedscripts
postrotate
nginx -s reopen
endscript
}
/var/log/php-fpm/*.log {
daily
missingok
rotate 30
compress
delaycompress
notifempty
sharedscripts
postrotate
kill -USR1 $(cat /run/php-fpm/php-fpm.pid)
endscript
}
EOF
---
十四、常见坑和解决方案
┌─────────────────┬─────────────────────────────┬────────────────────────────────┐
│ 问题 │ 原因 │ 解决方案 │
├─────────────────┼─────────────────────────────┼────────────────────────────────┤
│ PHP扩展找不到 │ ARM64架构包名不同 │ yum search php 找对应包名 │
├─────────────────┼─────────────────────────────┼────────────────────────────────┤
│ 达梦连接失败 │ 字符集不匹配 │ 建库时指定 CHARSET=1(UTF-8) │
├─────────────────┼─────────────────────────────┼────────────────────────────────┤
│ 文件上传失败 │ SELinux拦截 │ setenforce 0 或配置SELinux策略 │
├─────────────────┼─────────────────────────────┼────────────────────────────────┤
│ 中文乱码 │ 数据库字符集 │ 统一用 utf8mb4 │
├─────────────────┼─────────────────────────────┼────────────────────────────────┤
│ 502 Bad Gateway │ php-fpm未启动或socket路径错 │ 检查socket路径是否一致 │
├─────────────────┼─────────────────────────────┼────────────────────────────────┤
│ 权限拒绝 │ storage目录权限 │ chmod -R 777 storage │
├─────────────────┼─────────────────────────────┼────────────────────────────────┤
│ composer超时 │ 网络问题 │ 换阿里云镜像 │
├─────────────────┼─────────────────────────────┼────────────────────────────────┤
│ OPcache不生效 │ php.ini路径错 │ php --ini 查看加载的配置文件 │
└─────────────────┴─────────────────────────────┴────────────────────────────────┘
---
十五、一键检查脚本
#!/bin/bash
# check_env.sh - 环境检查脚本
echo "=== 系统信息 ==="
cat /etc/os-release | grep PRETTY_NAME
uname -m
echo ""
echo "=== 服务状态 ==="
for service in nginx php-fpm mariadb redis supervisord; do
status=$(systemctl is-active $service 2>/dev/null)
echo "$service: $status"
done
echo ""
echo "=== PHP信息 ==="
php -v | head -1
php -m | grep -E "opcache|redis|pdo|mbstring|gd|curl"
echo ""
echo "=== 端口监听 ==="
ss -tlnp | grep -E "80|443|3306|6379|5236"
echo ""
echo "=== 磁盘空间 ==="
df -h /
echo ""
echo "=== 内存使用 ==="
free -h
chmod +x check_env.sh
bash check_env.sh
---
总结:信创项目落地关键点
1. 架构确认:先确认CPU架构(ARM64/x86_64),选对安装包
2. 数据库选型:政府/央企项目优先达梦,商业项目MySQL也可
3. 字符集统一:OS、数据库、PHP、应用层全部UTF-8
4. SELinux:开发阶段关掉,上线前按需配置策略
5. OPcache:生产环境必开,性能差距明显
6. 日志规范:统一日志路径,配好logrotate
7. 安全加固:关闭PHP版本显示、Nginx版本显示、禁止访问敏感文件
更多推荐
所有评论(0)