兰空图床LSKY安装指南

1. 下载兰空图床

cd ~ && \
mkdir lsky && \
cd lsky && \
wget https://github.com/lsky-org/lsky-pro/releases/download/2.1/lsky-pro-2.1.zip && \
apt install -y unzip && \
unzip lsky-pro-2.1.zip && \
rm lsky-pro-2.1.zip && \
mkdir -p /var/www && \
cd .. && \
mv lsky /var/www

1. 将最新版本的兰空图床下载至服务器当前目录，“2.1/lsky-pro-2.1.zip”修改为最新版本：

   cd ~
   mkdir lsky
   cd lsky
   wget https://github.com/lsky-org/lsky-pro/releases/download/2.1/lsky-pro-2.1.zip
   

2. 解压文件并删除压缩包：

   apt install -y unzip
   unzip lsky-pro-2.1.zip
   rm lsky-pro-2.1.zip
   

3. 将兰空图床放至www目录：

   mkdir -p /var/www
   cd ..
   mv lsky /var/www
   

2. 配置运行环境

2.1 安装Nginx

2.1.1 apt一步到位

apt update && \
apt upgrade -y && \
apt install -y nginx && \
nginx -v

执行上述命令过程中可能会有内核更新提醒，直接回车执行完毕后重启即可：

reboot

2.1.2 编译安装Nginx(可选，需要自行修改后文nginx.conf文件)

1. 更新apt源：

   apt update && apt upgrade
   

2. 安装编译环境，包括gcc+、PCRE、gzip和OpenSSL：

   apt install build-essential libpcre3 libpcre3-dev zlib1g-dev openssl libssl-dev
   

3. 下载Nginx源码并解压:

   cd ~ && \
   wget http://nginx.org/download/nginx-1.23.1.tar.gz && \
   tar -xzvf nginx-1.23.1.tar.gz && \
   cd nginx-1.23.1 #进入解压后的nginx源码目录
   

4. 输入下列命令生成makefile文件，参数参考官方文档:

   ./configure \--prefix=/etc/nginx \--sbin-path=/usr/sbin/nginx \--conf-path=/etc/nginx/nginx.conf \--error-log-path=/var/log/nginx/error.log \--http-log-path=/var/log/nginx/access.log \--pid-path=/var/run/nginx.pid \--lock-path=/var/run/nginx.lock \--http-client-body-temp-path=/var/cache/nginx/client_temp \--http-proxy-temp-path=/var/cache/nginx/proxy_temp \--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \--http-scgi-temp-path=/var/cache/nginx/scgi_temp \--user=www-data \--group=www-data \--with-file-aio \--with-threads \--with-http_addition_module \--with-http_auth_request_module \--with-http_dav_module \--with-http_flv_module \--with-http_gunzip_module \--with-http_gzip_static_module \--with-http_mp4_module \--with-http_random_index_module \--with-http_realip_module \--with-http_secure_link_module \--with-http_slice_module \--with-http_ssl_module \--with-http_stub_status_module \--with-http_sub_module \--with-http_v2_module \--with-mail \--with-mail_ssl_module \--with-stream \--with-stream_realip_module \--with-stream_ssl_module \--with-stream_ssl_preread_module 
   

   • --prefix：Nginx主要安装路径，后续Nginx子目录依照这个变量展开
   • --user：设置Nginx进程启动时，所属的用户
   • --group：设置Nginx进程启动时，所属的用户组

   成功后应输出如下信息：

   Configuration summary
     + using threads
     + using system PCRE library
     + using system OpenSSL library
     + using system zlib library
   
     nginx path prefix: "/etc/nginx"
     nginx binary file: "/usr/sbin/nginx"
     nginx modules path: "/etc/nginx/modules"
     nginx configuration prefix: "/etc/nginx"
     nginx configuration file: "/etc/nginx/nginx.conf"
     nginx pid file: "/var/run/nginx.pid"
     nginx error log file: "/var/log/nginx/error.log"
     nginx http access log file: "/var/log/nginx/access.log"
     nginx http client request body temporary files: "/var/cache/nginx/client_temp"
     nginx http proxy temporary files: "/var/cache/nginx/proxy_temp"
     nginx http fastcgi temporary files: "/var/cache/nginx/fastcgi_temp"
     nginx http uwsgi temporary files: "/var/cache/nginx/uwsgi_temp"
     nginx http scgi temporary files: "/var/cache/nginx/scgi_temp"
   

5. 开始编译并安装:

   make && make install
   

6. 为Nginx配置用户并创建文件夹:

   groupadd -f www-data # www是第二步配置的用户组
   useradd -g www-data www-data # 用户组和用户名都叫www
   mkdir /var/cache/nginx # 创建临时文件存放目录
   nginx # 运行Nginx
   

   打开本地浏览器输入http://服务器ip:80查看能否进入Welcome to Nginx页面。

   • Nginx常用命令

     命令	命令含义
     nginx	打开 nginx
     nginx -t	测试配置文件是否有语法错误
     nginx -s reopen	重启Nginx
     nginx -s reload	重新加载Nginx配置文件
     nginx -s stop	强制停止Nginx服务
     nginx -s quit	安全地停止Nginx服务（即处理完所有请求后再停止服务）

2.2 安装PHP

1. 先看看现有库内有没有满足兰空要求的PHP8(当前版本要求PHP8.0.2+)：

   apt search php-fpm # 如果有就跳过第2步
   

2. 添加 SURY 存储库:

   apt install -y lsb-release ca-certificates apt-transport-https software-properties-common;
   echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/sury-php.list;
   wget -qO - https://packages.sury.org/php/apt.gpg | apt-key add -;
   apt update;
   

3. 安装php8.x及所需插件:

   apt install php-fpm # 这里开始要确认安装的php及其插件的版本是否符合要求
   apt install php-bcmath php-json php-mbstring php-tokenizer php-xml php-imagick
   apt install php-sqlite3 # 这个根据要用的数据库选择，我选的是sqlite3
   

   • 兰空github repo中的要求：

     • PHP >= 8.0.2

     • BCMath PHP 扩展

     • Ctype PHP 扩展

     • DOM PHP 拓展

     • Fileinfo PHP 扩展

     • JSON PHP 扩展

     • Mbstring PHP 扩展

     • OpenSSL PHP 扩展

     • PDO PHP 扩展

     • Tokenizer PHP 扩展

     • XML PHP 扩展

     • Imagick 拓展

     • exec、shell_exec 函数

     • readlink、symlink 函数

     • putenv、getenv 函数

     • chmod、chown、fileperms 函数

4. 修改php.ini，建议通过xftp等工具复制到本地修改再上传覆盖：

   vi /etc/php/8.1/fpm/php.ini
   

   1. 找到disable_functions，若 “=” 右侧存在exec、shell_exec、readlink、symlink、putenv、getenv函数，将其删除（默认状态下，等号右侧为空白）；

   2. 找到memory_limit，根据机器配置适当调大 “=” 右侧最大内存大小；

   3. 找到post_max_size，适当调大 “=” 右侧POST方法所能传输数据的最大大小；

   4. 找到upload_max_filesize，适当调大 “=” 右侧最大文件上传大小；

   5. 找到open_basedir，在其前面加上“;"（默认已添加）;

   6. 搜索Dynamic Extensions，你会在下面发现一堆前面跟着;的extension=xxx，对照兰空官方的依赖把该去掉的分号去掉(当然也可以全部去掉一了百了)：

      ;extension=bz2
      ;extension=curl
      ;extension=ffi
      ;extension=ftp
      extension=fileinfo
      ;extension=gd
      ;extension=gettext
      ;extension=gmp
      ;extension=intl
      ;extension=imap
      ;extension=ldap
      extension=mbstring
      ;extension=exif      ; Must be after mbstring as it depends on it
      ;extension=mysqli
      ;extension=oci8_12c  ; Use with Oracle Database 12c Instant Client
      ;extension=oci8_19  ; Use with Oracle Database 19 Instant Client
      ;extension=odbc
      extension=openssl
      # 下面的pdo_xxx根据要用的数据库选择，第2步下载的包可以参考这里的名称
      ;extension=pdo_firebird
      ;extension=pdo_mysql
      ;extension=pdo_oci
      ;extension=pdo_odbc
      ;extension=pdo_pgsql
      extension=pdo_sqlite # 我用的是sqlite
      ;extension=pgsql
      ;extension=shmop
      

5. 重启php-fpm服务：

   systemctl restart php8.1-fpm && systemctl status php8.1-fpm
   

3. 安装sqlite3

cd ~ && \
wget https://www.sqlite.org/2022/sqlite-autoconf-3390400.tar.gz && \
tar -xzvf sqlite-autoconf-3390400.tar.gz && \
mv sqlite-autoconf-3390400 sqlite3 && \
cd sqlite3 && \
apt install build-essential -y && \
./configure --prefix=/usr && \
make && \
make install && \
sqlite3 --version

1. 因为要求sqlite3.8.8+，只能编译安装。下载并解压sqlite3源码包(下载sqlite-autoconf-xxx的那个)：

   cd ~
   wget https://www.sqlite.org/2022/sqlite-autoconf-3390400.tar.gz
   tar -xzvf sqlite-autoconf-3390400.tar.gz
   mv sqlite-autoconf-3390400 sqlite3
   cd sqlite3
   

2. 配置安装路径

   apt install build-essential
   ./configure --prefix=/usr
   

3. 编译并安装

   make && make install
   

4. 网站配置

1. 编辑Nginx配置文件:

   cd /etc/nginx
   cp sites-available/default sites-available/lsky   # 编译安装跳过
   ln -s /etc/nginx/sites-available/lsky /etc/nginx/sites-enable/lsky # 编译安装跳过
   rm sites-enable/default
   vi sites-available/lsky # 编译安装直接在nginx.conf里面修改
   

   修改后的lsky文件如下：

   server {
   	listen 80 default_server;
   	listen [::]:80 default_server;
   	root /www/lsky/public; # 修改为 /www/lsky/public
   	index index.php index.html index.htm index.nginx-debian.html; # 加入index.php
   	server_name xxx.xxx.xxx.xxx; # 改成服务器的IP
   	location / {
   		try_files $uri $uri/  /index.php?$query_string;
   	}
   	location ~ \.php$ {
   		include snippets/fastcgi-php.conf; # 编译安装的这一行不一样，不用管
   		fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
   	}
   }
   

2. 顺便把client_max_body_size 10m;加入\etc\nginx\nginx.conf的http块中：

   vi nginx.conf
   

   大概是这样的：

   http {
   
   	sendfile on;
   	tcp_nopush on;
   	types_hash_max_size 2048;
   	# server_tokens off;
       client_max_body_size 10m; # 加这就行
   

   请注意：在文件上传大小限制方面，共有四个控制值。分别为：

   • PHP的post_max_size
   • PHP的upload_max_filesize
   • Nginx的client_max_body_size
   • 兰空图床管理界面对每个用户组上传文件大小的限制

   这四者所设定的值都必须大于等于您所想要设置的最大文件上传大小。例如，您想要上传最大大小为10M的图片，那么这四项设定值都必须大于等于10M。如设置错误，将出现无法上传大文件的问题！
   参考：https://blog.csdn.net/Bacon_Fish/article/details/125681902

3. 将兰空所在目录的所有文件夹、子文件夹、文件的权限，用户组和所有者改为 www-data，权限改为 0755：

   chown -R www-data:www-data /var/www/lsky # 修改所有权
   chmod -R 0755 /var/www/lsky
   

4. 在浏览器地址栏输入服务器ip进入安装面板，数据库类型选SQlite3，路径留空，设置邮箱和密码后点击安装。

5. 安装结束后进入首页，左上角用安装时设置的邮箱和密码登录即可。

5. 域名访问图床（可选）

1. 首先要有一个域名，在你的DNS域名解析中添加一条A记录指向你的服务器IP，如将blog.example.com指向127.127.127.127：

2. 等待DNS域名解析，直到你在服务器中ping域名时能够正确显示你的服务器IP：

   ping blog.example.com
   # 下面是正确的输出
   PING blog.example.com (127.127.127.127) 56(84) bytes of data.
   64 bytes from 127.127.127.127 (127.127.127.127): icmp_seq=1 ttl=64 time=1.82 ms
   64 bytes from 127.127.127.127 (127.127.127.127): icmp_seq=2 ttl=64 time=0.183 ms
   64 bytes from 127.127.127.127 (127.127.127.127): icmp_seq=3 ttl=64 time=0.160 ms
   

3. 把/etc/nginx/sites-available/lsky中的IP改为域名即可。

6. 获取SSL/TLS证书（可选）

apt install -y snapd && \
snap install --classic core && \
snap refresh core && \
apt remove certbot && \
snap install --classic certbot && \
ln -s /snap/bin/certbot /usr/bin/certbot && \
nginx -s quit && \
systemctl stop php8.1-fpm && \
certbot certonly --standalone && \
systemctl start php8.1-fpm && \
nginx

1. 下载snapd：

   apt install snapd # 执行完这一步后需要关闭当前终端/Session，重新打开在执行之后的步骤
   snap install --classic core && snap refresh core
   

2. 安装certbot：

   apt remove certbot # 如果之前用包管理器下载过certbot，需要先删除
   snap install --classic certbot
   ln -s /snap/bin/certbot /usr/bin/certbot
   

3. 暂停nginx和php-fpm服务：

   nginx -s quit && systemctl stop php8.1-fpm
   

4. 运行certbot，certbot会自动修改Nginx配置文件：

   certbot certonly --standalone
   # 按照提示完成注册即可
   Saving debug log to /var/log/letsencrypt/letsencrypt.log
   Enter email address (used for urgent renewal and security notices)
    (Enter 'c' to cancel): 输入你的邮箱
   
   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   Please read the Terms of Service at
   https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
   agree in order to register with the ACME server. Do you agree?
   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   (Y)es/(N)o: Y
   
   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   Would you be willing, once your first certificate is successfully issued, to
   share your email address with the Electronic Frontier Foundation, a founding
   partner of the Let's Encrypt project and the non-profit organization that
   develops Certbot? We'd like to send you email about our work encrypting the web,
   EFF news, campaigns, and ways to support digital freedom.
   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   (Y)es/(N)o: Y
   Account registered.
   
   Which names would you like to activate HTTPS for?
   We recommend selecting either all domains, or all domains in a VirtualHost/server block.
   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   1: blog.example.com
   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   Select the appropriate numbers separated by commas and/or spaces, or leave input
   blank to select all options shown (Enter 'c' to cancel): 1 # 也可能直接让你输入域名
   Requesting a certificate for blog.example.com
   
   Successfully received certificate.
   Certificate is saved at: /etc/letsencrypt/live/blog.example.com/fullchain.pem
   Key is saved at:         /etc/letsencrypt/live/blog.example.com/privkey.pem
   This certificate expires on 20xx-xx-xx.
   These files will be updated when the certificate renews.
   Certbot has set up a scheduled task to automatically renew this certificate in the background.
   
   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   If you like Certbot, please consider supporting our work by:
    * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
    * Donating to EFF:                    https://eff.org/donate-le
   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   

5. 你的证书已保存在/etc/letsencrypt/live/blog.example.com/文件夹下，别忘了重启服务：

   systemctl start php8.1-fpm && nginx
   

7. 使用HTTPS访问网站（可选）

1. 新建lsky_https配置:

   cp /etc/nginx/sites-available/lsky /etc/nginx/sites-available/lsky_https
   ln -s /etc/nginx/sites-available/lsky_https /etc/nginx/sites-enabled/lsky_https
   rm /etc/nginx/sites-enabled/lsky
   

   编辑后如下：

   server {
   	listen 443 ssl;
   	listen [::]:443 ssl;
   
   	# 这两个是刚刚生成的证书
       ssl_certificate /etc/letsencrypt/live/image.goukou007.xyz/fullchain.pem;
       ssl_certificate_key /etc/letsencrypt/live/image.goukou007.xyz/privkey.pem;
       
       ssl_session_cache    shared:SSL:1m;
       ssl_session_timeout  30m;
       ssl_prefer_server_ciphers on;
       ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
   
   	root /var/www/lsky/public;
   	index index.php index.html index.htm index.nginx-debian.html;
   	server_name image.goukou007.xyz;
   
       location / {
           try_files $uri $uri/  /index.php?$query_string;
       }
   	location ~ \.php$ {
   		include snippets/fastcgi-php.conf;
   		fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
   	}
   }
   
   # 将请求转成https
   server {
       listen 80;
       server_name image.goukou007.xyz;
       rewrite ^(.*)$ https://$host$1 permanent;
   }