教學課程:在 Azure 中的 Linux 虛擬機器上安裝 LEMP 網頁伺服器Tutorial: Install a LEMP web server on a Linux virtual machine in Azure

本文會逐步引導您在 Azure 中的 Ubuntu VM 上部署 NGINX 網頁伺服器、MySQL 和 PHP (LEMP 堆疊)。This article walks you through how to deploy an NGINX web server, MySQL, and PHP (the LEMP stack) on an Ubuntu VM in Azure. LEMP 堆疊可替代熱門的 LAMP 堆疊 (後者也可以安裝在 Azure 中)。The LEMP stack is an alternative to the popular LAMP stack, which you can also install in Azure. 若要查看作用中的 LEMP 伺服器,您可以選擇安裝及設定 WordPress 網站。To see the LEMP server in action, you can optionally install and configure a WordPress site. 在本教學課程中,您將了解如何:In this tutorial you learn how to:

  • 建立 Ubuntu VM (LEMP 堆疊中的 'L')Create an Ubuntu VM (the 'L' in the LEMP stack)
  • 針對 Web 流量開啟連接埠 80Open port 80 for web traffic
  • 安裝 NGINX、MySQL 和 PHPInstall NGINX, MySQL, and PHP
  • 驗證安裝和設定Verify installation and configuration
  • 在 LEMP 伺服器上安裝 WordPressInstall WordPress on the LEMP server

此安裝程式適用於快速測試或概念證明。This setup is for quick tests or proof of concept.

開啟 Azure Cloud ShellOpen Azure Cloud Shell

Azure Cloud Shell 是裝載於 Azure 中的互動式殼層環境,並且會透過瀏覽器來使用。Azure Cloud Shell is an interactive shell environment hosted in Azure and used through your browse. Azure Cloud Shell 可讓您使用 bashPowerShell 殼層來執行各種可與 Azure 服務搭配運作的工具。Azure Cloud Shell allows you to use either bash or PowerShell shells to run a variety of tools to work with Azure services. Azure Cloud Shell 已預先安裝一些命令,可讓您執行本文的內容,而不必在本機環境上安裝任何工具。Azure Cloud Shell comes pre-installed with the commands to allow you to run the content of this article without having to install anything on your local environment.

若要在 Azure Cloud Shell 上執行本文所包含的任何程式碼,請開啟 Cloud Shell 工作階段、使用某個程式碼區塊上的 [複製] 按鈕來複製程式碼,然後使用 Ctrl+Shift+V (在 Windows 和 Linux 上) 或 Cmd+Shift+V (在 macOS 上) 將程式碼貼到 Cloud Shell 工作階段中。To run any code contained in this article on Azure Cloud Shell, open a Cloud Shell session, use the Copy button on a code block to copy the code, and paste it into the Cloud Shell session with Ctrl+Shift+V on Windows and Linux, or Cmd+Shift+V on macOS. 貼上的文字不會自動執行,因此請按 Enter 來執行程式碼。Pasted text is not automatically executed, so press Enter to run code.

您可以使用下列方式來啟動 Azure Cloud Shell:You can launch Azure Cloud Shell with:

選項Option 範例/連結Example/Link
選取程式碼區塊右上角的 [試試看] 。Select Try It in the upper-right corner of a code block. 這__不會__自動將文字複製到 Cloud Shell。This doesn't automatically copy text to Cloud Shell. Azure Cloud Shell 的試試看範例
在瀏覽器中開啟 Azure Cloud ShellOpen Azure Cloud Shell in your browser. <a href="https://shell.azure.com" title="啟動 Azure Cloud Shell
選取 Azure 入口網站右上角功能表上的 [Cloud Shell] 按鈕。Select the Cloud Shell button on the menu in the upper-right corner of the Azure portal. Azure 入口網站中的 [Cloud Shell] 按鈕

如果您選擇在本機安裝和使用 CLI,本教學課程會要求您執行 Azure CLI 2.0.30 版或更新版本。If you choose to install and use the CLI locally, this tutorial requires that you are running the Azure CLI version 2.0.30 or later. 執行 az --version 以尋找版本。Run az --version to find the version. 如果您需要安裝或升級,請參閱安裝 Azure CLIIf you need to install or upgrade, see Install Azure CLI.

建立資源群組Create a resource group

使用 az group create 命令來建立資源群組。Create a resource group with the az group create command. Azure 資源群組是在其中部署與管理 Azure 資源的邏輯容器。An Azure resource group is a logical container into which Azure resources are deployed and managed.

下列範例會在 eastus 位置建立名為 myResourceGroup 的資源群組。The following example creates a resource group named myResourceGroup in the eastus location.

az group create --name myResourceGroup --location eastus

建立虛擬機器Create a virtual machine

使用 az vm create 命令來建立 VM。Create a VM with the az vm create command.

下列範例會建立名為 myVM 的 VM,並建立 SSH 金鑰 (如果它們不存在於預設金鑰位置)。The following example creates a VM named myVM and creates SSH keys if they do not already exist in a default key location. 若要使用一組特定金鑰,請使用 --ssh-key-value 選項。To use a specific set of keys, use the --ssh-key-value option. 此命令也會將 azureuser 設定為管理員使用者名稱。The command also sets azureuser as an administrator user name. 稍後您會使用此名稱來連線到 VM。You use this name later to connect to the VM.

az vm create \
    --resource-group myResourceGroup \
    --name myVM \
    --image UbuntuLTS \
    --admin-username azureuser \
    --generate-ssh-keys

建立 VM 後,Azure CLI 會顯示類似下列範例的資訊。When the VM has been created, the Azure CLI shows information similar to the following example. 記下 publicIpAddressTake note of the publicIpAddress. 後面的步驟會使用此位址來存取 VM。This address is used to access the VM in later steps.

{
  "fqdns": "",
  "id": "/subscriptions/<subscription ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM",
  "location": "eastus",
  "macAddress": "00-0D-3A-23-9A-49",
  "powerState": "VM running",
  "privateIpAddress": "10.0.0.4",
  "publicIpAddress": "40.68.254.142",
  "resourceGroup": "myResourceGroup"
}

針對 Web 流量開啟連接埠 80Open port 80 for web traffic

依預設只能透過 SSH 連線至 Azure 中部署的 Linux VM。By default, only SSH connections are allowed into Linux VMs deployed in Azure. 因為此 VM 即將成為 Web 伺服器,所以您需要從網際網路開啟連接埠 80。Because this VM is going to be a web server, you need to open port 80 from the internet. 使用 az vm open-port 命令來開啟所需的連接埠。Use the az vm open-port command to open the desired port.

az vm open-port --port 80 --resource-group myResourceGroup --name myVM

透過 SSH 連線到您的 VMSSH into your VM

如果您還不知道您 VM 的公用 IP 位址,請執行 az network public-ip list 命令。If you don't already know the public IP address of your VM, run the az network public-ip list command. 後面有幾個步驟需要此 IP 位址。You need this IP address for several later steps.

az network public-ip list --resource-group myResourceGroup --query [].ipAddress

使用下列命令,建立與虛擬機器的 SSH 工作階段。Use the following command to create an SSH session with the virtual machine. 替換為您虛擬機器的正確公用 IP 位址。Substitute the correct public IP address of your virtual machine. 在此範例中,IP 位址是 40.68.254.142In this example, the IP address is 40.68.254.142. azureuser 是您在建立 VM 時所設定的管理員使用者名稱。azureuser is the administrator user name set when you created the VM.

ssh azureuser@40.68.254.142

安裝 NGINX、MySQL 和 PHPInstall NGINX, MySQL, and PHP

執行下列命令以更新 Ubuntu 套件來源,並安裝 NGINX、MySQL 和 PHP。Run the following command to update Ubuntu package sources and install NGINX, MySQL, and PHP.

sudo apt update && sudo apt install nginx && sudo apt install mysql-server php-mysql php-fpm

系統會提示您安裝套件和其他相依性。You are prompted to install the packages and other dependencies. 此程序會安裝使用 PHP 搭配 MySQL 時所需的基本必要 PHP 擴充功能。This process installs the minimum required PHP extensions needed to use PHP with MySQL.

驗證安裝和設定Verify installation and configuration

驗證 NGINXVerify NGINX

使用下列命令檢查 NGINX 的版本:Check the version of NGINX with the following command:

nginx -v

安裝 NGINX 後,且連接埠 80 對您的 VM 開啟,即可立即從網際網路存取網頁伺服器。With NGINX installed, and port 80 open to your VM, the web server can now be accessed from the internet. 若要檢視 NGINX 歡迎頁面,請開啟網頁瀏覽器,並輸入 VM 的公用 IP 位址。To view the NGINX welcome page, open a web browser, and enter the public IP address of the VM. 使用您在透過 SSH 連線到 VM 時所使用的公用 IP 位址:Use the public IP address you used to SSH to the VM:

NGINX 預設網頁

驗證並保護 MySQLVerify and secure MySQL

使用下列命令檢查 MySQL 的版本 (請注意 V 參數是大寫):Check the version of MySQL with the following command (note the capital V parameter):

mysql -V

若要協助保護 MySQL 的安裝 (包括設定根密碼),請執行 mysql_secure_installation 指令碼。To help secure the installation of MySQL, including setting a root password, run the mysql_secure_installation script.

sudo mysql_secure_installation

您可以選擇性地設定驗證密碼外掛程式 (建議選項)。You can optionally set up the Validate Password Plugin (recommended). 然後,設定 MySQL 根使用者的密碼,並針對您的環境設定其餘安全性設定。Then, set a password for the MySQL root user, and configure the remaining security settings for your environment. 我們建議您對所有問題回答 "Y" (是)。We recommend that you answer "Y" (yes) to all questions.

如果您想要試用 MySQL 功能 (建立 MySQL 資料庫、新增使用者或變更組態設定),請登入 MySQL。If you want to try MySQL features (create a MySQL database, add users, or change configuration settings), login to MySQL. 您不需要進行這個步驟也能完成本教學課程。This step is not required to complete this tutorial.

sudo mysql -u root -p

完成後,輸入 \q 以結束 mysql 提示字元。When done, exit the mysql prompt by typing \q.

驗證 PHPVerify PHP

使用下列命令檢查 PHP 的版本:Check the version of PHP with the following command:

php -v

將 NGINX 設定為使用 PHP FastCGI Process Manager (PHP-FPM)。Configure NGINX to use the PHP FastCGI Process Manager (PHP-FPM). 執行下列命令來備份原始的 NGINX 伺服器區塊組態檔,然後使用您選擇的編輯器編輯原始檔案:Run the following commands to back up the original NGINX server block config file and then edit the original file in an editor of your choice:

sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default_backup

sudo sensible-editor /etc/nginx/sites-available/default

在編輯器中,將 /etc/nginx/sites-available/default 的內容取代為下列項目。In the editor, replace the contents of /etc/nginx/sites-available/default with the following. 如需設定的說明,請參閱註解。See the comments for explanation of the settings. 以您 VM 的公用 IP 位址替代 yourPublicIPAddress,在 fastcgi_pass 中確認 PHP 版本,其餘設定則予以保留。Substitute the public IP address of your VM for yourPublicIPAddress, confirm the PHP version in fastcgi_pass, and leave the remaining settings. 然後儲存檔案。Then save the file.

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;
    # Homepage of website is index.php
    index index.php;

    server_name yourPublicIPAddress;

    location / {
        try_files $uri $uri/ =404;
    }

    # Include FastCGI configuration for NGINX
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    }
}

檢查 NGINX 組態中是否有語法錯誤:Check the NGINX configuration for syntax errors:

sudo nginx -t

如果語法正確,請使用下列命令重新啟動 NGINX:If the syntax is correct, restart NGINX with the following command:

sudo service nginx restart

如果您想要進一步測試,請建立要在瀏覽器中檢視的快速 PHP 資訊網頁。If you want to test further, create a quick PHP info page to view in a browser. 下列命令會建立 PHP 資訊網頁:The following command creates the PHP info page:

sudo sh -c 'echo "<?php phpinfo(); ?>" > /var/www/html/info.php'

現在您可以檢查您所建立的 PHP 資訊網頁。Now you can check the PHP info page you created. 開啟瀏覽器並前往 http://yourPublicIPAddress/info.phpOpen a browser and go to http://yourPublicIPAddress/info.php. 替換為您 VM 的公用 IP 位址。Substitute the public IP address of your VM. 該頁面看起來應該類似下圖。It should look similar to this image.

PHP 資訊網頁

安裝 WordPressInstall WordPress

如果您想要嘗試您的堆疊,請安裝範例應用程式。If you want to try your stack, install a sample app. 例如,下列步驟可安裝開放原始碼 WordPress 平台以建立網站和部落格。As an example, the following steps install the open source WordPress platform to create websites and blogs. 其他可嘗試的工作負載包括 DrupalMoodleOther workloads to try include Drupal and Moodle.

此 WordPress 設定只適用於概念證明。This WordPress setup is only for proof of concept. 若要在生產環境中使用建議的安全性設定安裝最新的 WordPress,請參閱 WordPress 文件To install the latest WordPress in production with recommended security settings, see the WordPress documentation.

安裝 WordPress 套件Install the WordPress package

執行以下命令:Run the following command:

sudo apt install wordpress

設定 WordPressConfigure WordPress

將 WordPress 設定為使用 MySQL 和 PHP。Configure WordPress to use MySQL and PHP.

在工作目錄中,建立文字檔 wordpress.sql 以設定 WordPress 的 MySQL 資料庫:In a working directory, create a text file wordpress.sql to configure the MySQL database for WordPress:

sudo sensible-editor wordpress.sql

新增下列命令,以您選擇的資料庫密碼替代 yourPassword (其他值維持不變)。Add the following commands, substituting a database password of your choice for yourPassword (leave other values unchanged). 如果您先前已設定 MySQL 安全性原則來驗證密碼強度,請確定此密碼符合強度需求。If you previously set up a MySQL security policy to validate password strength, make sure the password meets the strength requirements. 儲存檔案。Save the file.

CREATE DATABASE wordpress;
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER
ON wordpress.*
TO wordpress@localhost
IDENTIFIED BY 'yourPassword';
FLUSH PRIVILEGES;

執行下列命令來建立資料庫:Run the following command to create the database:

cat wordpress.sql | sudo mysql --defaults-extra-file=/etc/mysql/debian.cnf

wordpress.sql 檔案中包含資料庫認證,因此請在使用下列命令後將其刪除:Because the file wordpress.sql contains database credentials, delete it after use:

sudo rm wordpress.sql

若要設定 PHP,請執行下列命令來開啟您選擇的文字編輯器,並建立 /etc/wordpress/config-localhost.php 檔案:To configure PHP, run the following command to open a text editor of your choice and create the file /etc/wordpress/config-localhost.php:

sudo sensible-editor /etc/wordpress/config-localhost.php

將下列幾行複製到檔案,以您的 WordPress 資料庫密碼替代 yourPassword (其他值維持不變)。Copy the following lines to the file, substituting your WordPress database password for yourPassword (leave other values unchanged). 然後儲存檔案。Then save the file.

<?php
define('DB_NAME', 'wordpress');
define('DB_USER', 'wordpress');
define('DB_PASSWORD', 'yourPassword');
define('DB_HOST', 'localhost');
define('WP_CONTENT_DIR', '/usr/share/wordpress/wp-content');
?>

將 WordPress 安裝移至 Web 伺服器文件根目錄:Move the WordPress installation to the web server document root:

sudo ln -s /usr/share/wordpress /var/www/html/wordpress

sudo mv /etc/wordpress/config-localhost.php /etc/wordpress/config-default.php

您現在即可完成 WordPress 設定並且在平台上發佈。Now you can complete the WordPress setup and publish on the platform. 現在開啟瀏覽器並前往 http://yourPublicIPAddress/wordpressOpen a browser and go to http://yourPublicIPAddress/wordpress. 替換為您 VM 的公用 IP 位址。Substitute the public IP address of your VM. 該頁面看起來應該類似下圖。It should look similar to this image.

WordPress 安裝頁面

後續步驟Next steps

在本教學課程中,您已在 Azure 中部署 LEMP 伺服器。In this tutorial, you deployed a LEMP server in Azure. 您已了解如何︰You learned how to:

  • 建立 Ubuntu VMCreate an Ubuntu VM
  • 針對 Web 流量開啟連接埠 80Open port 80 for web traffic
  • 安裝 NGINX、MySQL 和 PHPInstall NGINX, MySQL, and PHP
  • 驗證安裝和設定Verify installation and configuration
  • 在 LEMP 堆疊上安裝 WordPressInstall WordPress on the LEMP stack

前進到下一個教學課程,以了解如何使用 SSL 憑證保護 Web 伺服器。Advance to the next tutorial to learn how to secure web servers with SSL certificates.