在Linux系统里面，密钥登录是比较安全的一种方法，这里只说在debian 10里面，如何用密钥进行登录。

一，用ssh方式登录到debian系统，建议用putty这个软件

二，生成密钥，输入
ssh-keygen -t rsa(生成密钥)

按两次回车，即可完整的生成密钥了，就会在当前目录（一般为root目录）生成一个.ssh的文件夹

三，设置密钥

cd .ssh
查看目录内有哪些文件
ls -la
发现有id-rsa和id-rsa.pub两个文件，其中 id-rsa为私钥， id-rsa.pub 则为公钥

把公钥改一个文件名
cat id_rsa.pub >> authorized_keys

把改好的文件给上权限
chmod 600 authorized_keys
chmod 700 ~/.ssh

四，设置私钥
在.ssh目录内，查看私钥id_rsa的内容 ，命令：cat id_rsa

cat id_rsa查看密钥内容
然后把下面的所有的内容复制到一个记事本内，命名为：id_rsa

五，设置ssh用密钥登录的配置

nano /etc/ssh/sshd_config

把以下两个前面的注释去掉，让其生效
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

然后重启ssh

service sshd restart
或者
systemctl restart sshd.service

六，设置私钥

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
下载puttygen.exe，把私钥转换为putty可用模式

点File----->Load Private key，找到刚才另存为的id_rsa文件，打开，如下，点Save private key，然后保存为一个ppk的文件

七，用putty采用密钥登录，把上一步保存的ppk文件选中

如下图，直接输入root就可以登录了，不用密码

然后在/etc/ssh/sshd_conifg里面，把密码登录改为no，即为不用密码登录

PasswordAuthentication no

DEBIAN 配置域名并启用SSL

1.将SSL证书文件放在/etc/ssl目录下，放其他目录也可以。

miie_net.pem
miie_net.key

2. 建立网站跟目录

sudo mkdir /var/www/miienet

3.编辑NGINX主机配置文件

miie@miie:~$ cd /etc/nginx/sites-available
miie@miie:/etc/nginx/sites-available$ sudo cp default miienet

miie@miie:/etc/nginx/sites-available$ sudo vi miienet

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or WordPress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
        # 注释下面两行，不监听80端口
        #listen 80 default_server;
        #listen [::]:80 default_server;

        # SSL configuration
        #
        # 以下两行注释去掉，监听443端口，并去掉default_server
          listen 443 ssl ;
          listen [::]:443 ssl ;
        # 添加以下6行，导入证书
        ssl_certificate  /etc/ssl/miie_net.pem;
        ssl_certificate_key /etc/ssl/miie_net.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        # 配置网站跟目录
        root /var/www/miienet;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html index.php;

        # 配置网站域名
        server_name miie.net www.miie.net;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        # 启用PHP支持
        # pass PHP scripts to FastCGI server
        #
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                # With php-fpm (or other unix sockets):
                fastcgi_pass unix:/run/php/php7.4-fpm.sock;
                # With php-cgi (or other tcp sockets):
                #fastcgi_pass 127.0.0.1:9000;
        }



        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
# 配置http网站支持
server {
       listen 80;
       listen [::]:80;

       server_name www.miie.net miie.net;
# 配置http转发到https
       rewrite ^(.*)$ https://miie.net;
#
#       root /var/www/example.com;
#       index index.html;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
}

4.建立配置文件链接

sudo ln -s /etc/nginx/sites-available/miienet  /etc/nginx/sites-enabled/

5.测试并重启NGINX

sudo systemctl reload nginx
sudo systemctl restart nginx

DEBIAN11 安装NGINX PHP MARIADB

1.更新系统

更新系统，不更新也行。纯粹个人强迫症

miie@miie:~$ sudo apt update  && sudo apt upgrade
Hit:1 http://mirrors.ustc.edu.cn/debian bullseye InRelease
Get:2 http://mirrors.ustc.edu.cn/debian bullseye-updates InRelease [44.1 kB]
Fetched 44.1 kB in 0s (113 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

安装wget unzip

sudo apt install wget unzip

2.安装NGINX

miie@miie:~ $ sudo apt install nginx
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  fontconfig-config fonts-dejavu-core geoip-database libdeflate0 libfontconfig1 libgd3 libgeoip1 libicu67 libjbig0
  libjpeg62-turbo libnginx-mod-http-geoip libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail
  libnginx-mod-stream libnginx-mod-stream-geoip libtiff5 libwebp6 libxml2 libxpm4 libxslt1.1 nginx-common nginx-core
Suggested packages:
  libgd-tools geoip-bin fcgiwrap nginx-doc ssl-cert
The following NEW packages will be installed:
  fontconfig-config fonts-dejavu-core geoip-database libdeflate0 libfontconfig1 libgd3 libgeoip1 libicu67 libjbig0
  libjpeg62-turbo libnginx-mod-http-geoip libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail
  libnginx-mod-stream libnginx-mod-stream-geoip libtiff5 libwebp6 libxml2 libxpm4 libxslt1.1 nginx nginx-common nginx-core
0 upgraded, 24 newly installed, 0 to remove and 0 not upgraded.
Need to get 16.8 MB of archives.
After this operation, 56.3 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
........
Setting up libnginx-mod-http-image-filter (1.18.0-6.1+deb11u2) ...
Setting up nginx-core (1.18.0-6.1+deb11u2) ...
Upgrading binary: nginx.
Setting up nginx (1.18.0-6.1+deb11u2) ...
Processing triggers for libc-bin (2.31-13+deb11u3) ...
miie@miie:~$

3.安装MARIADB

miie@miie:~$ sudo apt install mariadb-server
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  galera-4 gawk libaio1 libcgi-fast-perl libcgi-pm-perl libclone-perl libconfig-inifiles-perl libdbd-mariadb-perl libdbi-perl
  libencode-locale-perl libfcgi-bin libfcgi-perl libfcgi0ldbl libgdbm-compat4 libgdbm6 libhtml-parser-perl libhtml-tagset-perl
  libhtml-template-perl libhttp-date-perl libhttp-message-perl libio-html-perl liblwp-mediatypes-perl libmariadb3 libmpfr6
  libperl5.32 libsigsegv2 libsnappy1v5 libterm-readkey-perl libtimedate-perl liburi-perl lsof mariadb-client-10.5
  mariadb-client-core-10.5 mariadb-common mariadb-server-10.5 mariadb-server-core-10.5 mysql-common perl perl-modules-5.32
  psmisc rsync socat
Suggested packages:
  gawk-doc libmldbm-perl libnet-daemon-perl libsql-statement-perl gdbm-l10n libdata-dump-perl libipc-sharedcache-perl
  libwww-perl mailx mariadb-test netcat-openbsd perl-doc libterm-readline-gnu-perl | libterm-readline-perl-perl make
  libtap-harness-archive-perl python3
The following NEW packages will be installed:
  galera-4 gawk libaio1 libcgi-fast-perl libcgi-pm-perl libclone-perl libconfig-inifiles-perl libdbd-mariadb-perl libdbi-perl
  libencode-locale-perl libfcgi-bin libfcgi-perl libfcgi0ldbl libgdbm-compat4 libgdbm6 libhtml-parser-perl libhtml-tagset-perl
  libhtml-template-perl libhttp-date-perl libhttp-message-perl libio-html-perl liblwp-mediatypes-perl libmariadb3 libmpfr6
  libperl5.32 libsigsegv2 libsnappy1v5 libterm-readkey-perl libtimedate-perl liburi-perl lsof mariadb-client-10.5
  mariadb-client-core-10.5 mariadb-common mariadb-server mariadb-server-10.5 mariadb-server-core-10.5 mysql-common perl
  perl-modules-5.32 psmisc rsync socat
0 upgraded, 43 newly installed, 0 to remove and 0 not upgraded.
Need to get 27.3 MB of archives.
After this operation, 210 MB of additional disk space will be used.
Do you want to continue? [Y/n]Y //输入Y按回车键
Setting up libhtml-template-perl (2.97-1.1) ...
Setting up libcgi-fast-perl (1:2.15-1) ...
Processing triggers for libc-bin (2.31-13+deb11u3) ...
miie@miie:~$

配置MARIADB

miie@miie:~$ sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] Y
Enabled successfully!
Reloading privilege tables..
 ... Success!


You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

创建数据库和用户

miie@miie:~$ sudo mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 40
Server version: 10.5.15-MariaDB-0+deb11u1 Debian 11

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE miie_db;
Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> GRANT ALL ON miie_db.* TO 'miie'@'localhost' IDENTIFIED BY '123' WITH GRANT OPTION;
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> exit;
Bye
miie@miie:~$

3.安装PHP

miie@miie:~$ sudo apt install php php-fpm php-mysql php-mbstring php-xml
//前三个是NMP运行的主程序基本模块，后两个是phpMyAdmin运行所需模块
Reading package lists... Done
Building dependency tree... Done
..................
Processing triggers for php7.4-cli (7.4.28-1+deb11u1) ...
Processing triggers for php7.4-fpm (7.4.28-1+deb11u1) ...
miie@miie:~$

在/var/www/html/文件夹里创建一个info.php文件，输入代码：，保存并关闭文件。
如果创建不成功请切换到root用户再试试。

miie@miie:~$ sudo echo "<?php phpinfo(); ?>" > /var/www/html/info.php
-bash: /var/www/html/info.php: Permission denied
miie@miie:~$ su
Password:
root@miie:/home/miie# echo "<?php phpinfo(); ?>" > /var/www/html/info.php
root@miie:/home/miie#

现在打开浏览器并键入以下地址，以查看Web服务器是否可以显示由此PHP脚本创建的内容。
http://IP/info.php
这里还没有配置NGINX，当然打不开的，打开的时候提示下载文件。

4.配置NGINX

//刚刚操作完忘了退出root用户了
root@miie:/var/www/html# cd /etc/nginx/sites-available
root@miie:/etc/nginx/sites-available# ls
default  default.bak

//编辑default文件
root@miie:/etc/nginx/sites-available# vi default
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or WordPress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        #修改这一行，添加index.php。
        index index.html index.htm index.nginx-debian.html index.php;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        #修改下面内容，去掉注释。
        # pass PHP scripts to FastCGI server
        #
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
        #
        #       With php-fpm (or other unix sockets):
                fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        #       With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        }



        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#       listen 80;
#       listen [::]:80;
#
#       server_name example.com;
#
#       root /var/www/example.com;
#       index index.html;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}
root@miie:/etc/nginx/sites-available#

修改完保存文件。执行以下命令确认配置文件无误并重启NGINX

root@miie:/etc/nginx/sites-available# systemctl reload nginx
root@miie:/etc/nginx/sites-available# systemctl restart nginx

现在打开浏览器并键入以下地址，可以查看PHP的信息页面，如果页面空白，请检查/var/www/html/info.php文件内容是否为“<?php phpinfo(); ?>”。
http://IP/info.php

5.安装PHPMYADMIN

root@miie:/var/www/html# ls
index.nginx-debian.html  info.php
root@miie:/var/www/html# wget https://files.phpmyadmin.net/phpMyAdmin/5.1.1/phpMyAdmin-5.1.1-all-languages.zip
--2022-08-31 13:19:11--  https://files.phpmyadmin.net/phpMyAdmin/5.1.1/phpMyAdmin-5.1.1-all-languages.zip
Resolving files.phpmyadmin.net (files.phpmyadmin.net)... 89.187.187.12, 89.187.187.20, 89.187.187.15, ...
Connecting to files.phpmyadmin.net (files.phpmyadmin.net)|89.187.187.12|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14801905 (14M) [application/zip]
Saving to: ‘phpMyAdmin-5.1.1-all-languages.zip’
phpMyAdmin-5.1.1-all-languages.z 100%[=======================================================>]  14.12M   860KB/s    in 15s
2022-08-31 13:19:28 (933 KB/s) - ‘phpMyAdmin-5.1.1-all-languages.zip’ saved [14801905/14801905]
root@miie:/var/www/html# ls
index.nginx-debian.html  info.php  phpMyAdmin-5.1.1-all-languages.zip
root@miie:/var/www/html# unzip  phpMyAdmin-5.1.1-all-languages.zip

解压完之后，在浏览器中打开
http://IP/phpMyAdmin-5.1.1-all-languages/
即可用刚刚设置的MARIADB的ROOT用户和密码以及自定的用户密码登录。

至此在Debian上安装NGINX PHP MariaDB已经完成并配置成功。

刚安装好的Debian默认还没有sudo功能。
1、安装sudo

root@host# apt-get install sudo

2、修改 /etc/sudoers 文件属性为可写

root@host# chmod +w /etc/sudoers

3、编辑 /etc/sudoers ,添加如下行

root@host# vim /etc/sudoers
root ALL=(ALL) ALL
user ALL=(ALL) ALL 用户user执行sudo时需要密码。
#user ALL=NOPASSWD:ALL 用户user执行sudo时不需要密码。
#user ALL=NOPASSWD:/etc/network/interfaces 用户user执行只有sudo执行/etc/network/interfaces的权限，执行时不需要密码。

4、修改/etc/sudoers 文件属性为只读

root@host# chmod -w /etc/sudoers

为什么服务器软件需要编译安装？一个流传很广的说法是编译安装性能更好，其实这是个谣言。

服务器CPU事实已经被Intel垄断了，就那么几种型号，编来编去生成的机器码是一样的。Intel宣传自己的编译工具Intel C++ Compiler 比GCC编译出来性能要提升10%-20%，这就是一广告，生产环境很少用人用它，何况它还要收费。

性能真不是问题，比如 strip 命令可以大大减小可执行文件的size，但是我装过几千遍软件，都没有见有人在安装脚本里面使用。

软件需要编译安装的真实理由有如下3点：

1.软件在编译期间需要配置，比如说nginx，需要在编译的时候指定包含哪些module，php,apache 也是一样。
同样的是数据库，mysql 通过编译安装，因为要定制存储引擎（是否支持innodb .. ）,而sqlite却绝少有人编译，都是直接下载二进制文件来用。

2.软件需要统一安装路径，每个team都会自己的安装目录约定，有些喜欢装在 /opt/下面，有些喜欢装在 /usr/local/ ,编译安装可以方便的指定这些路径（configure --prefix=xxx ）。

3.需要最新的版本，软件仓库的版本一般都比较低，这个理由其实不充分，生产环境倾向保守，不追求最新版本，但是对于geek来说，这可能是最重要的原因。

弄明白原因之后，就很容易判断编译还是下载。

LAMP一般指Linux上的Apache MySQL PHP开源软件包。 该术语是描述Linux操作系统，Apache Web服务器，MariaDB数据库和PHP编程的首字母缩写。在Debian发行版中MySQL已用MariaDB替代。
● 高亮行表示要输入的命令或系统的主要提示。

1.安装Apache

user@debian:~$ sudo apt install apache2  //输入安装命令按回车键
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libcurl4
  liblua5.2-0
Suggested packages:
  apache2-doc apache2-suexec-pristine | apache2-suexec-custom
The following NEW packages will be installed:
  apache2 apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libcurl4
  liblua5.2-0
0 upgraded, 10 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,632 kB of archives.
After this operation, 8,713 kB of additional disk space will be used.
Do you want to continue? [Y/n]   //输入Y或yes，按回车键

"Apache2"中有个数字2表示Apache的版本2，Apache的版本1已经很古老了，现在是版本2了。在有的发行版中Apache又叫httpd,Linux的世界中各个发行版的软件包五花八门，所以个人还是喜欢Debian的统一规范。
Apache安装完成后，安装程序将立即触发systemd系统和服务管理器启动Apache2服务，并使其在系统引导时自动启动。要检查Apache服务是否已启动并正常运行，请运行以下systemctl命令。

 user@debian:~$ systemctl status apache2 //输入命令按回车键
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2021-08-01 19:51:51 CST; 57s ago
     Docs: https://httpd.apache.org/docs/2.4/
 Main PID: 1697 (apache2)
    Tasks: 55 (limit: 4661)
   Memory: 15.6M
   CGroup: /system.slice/apache2.service
           ├─1697 /usr/sbin/apache2 -k start
           ├─1699 /usr/sbin/apache2 -k start
           └─1700 /usr/sbin/apache2 -k start

您还可以使用以下systemctl命令启动，停止，重新启动并获取Apache Web服务器的状态。

# systemctl start apache2.service
# systemctl restart apache2.service
# systemctl stop apache2.service
# systemctl reload apache2.service
# systemctl status apache2.service

现在您需要测试Apache是否已正确安装并可以提供Web页面。 打开Web浏览器并使用以下URL访问Apache Debian默认页面。
http://SERVER_IP/
或者
http://localhost/

2.安装MariaDB
Apache Web服务器启动并运行后，您需要安装数据库系统才能保留和管理您网站的数据。要安装MariaDB，请使用Debian的apt包管理器。

user@debian:~$ sudo apt install mariadb-server  //输入安装命令按回车键
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  galera-3 gawk libaio1 libcgi-fast-perl libcgi-pm-perl libconfig-inifiles-perl libdbd-mysql-perl libdbi-perl
  libfcgi-perl libhtml-template-perl libreadline5 libsigsegv2 libterm-readkey-perl mariadb-client-10.3
  mariadb-client-core-10.3 mariadb-server-10.3 mariadb-server-core-10.3 rsync socat
Suggested packages:
  gawk-doc libclone-perl libmldbm-perl libnet-daemon-perl libsql-statement-perl libipc-sharedcache-perl mailx
  mariadb-test netcat-openbsd tinyca
The following NEW packages will be installed:
  galera-3 gawk libaio1 libcgi-fast-perl libcgi-pm-perl libconfig-inifiles-perl libdbd-mysql-perl libdbi-perl
  libfcgi-perl libhtml-template-perl libreadline5 libsigsegv2 libterm-readkey-perl mariadb-client-10.3
  mariadb-client-core-10.3 mariadb-server mariadb-server-10.3 mariadb-server-core-10.3 rsync socat
0 upgraded, 20 newly installed, 0 to remove and 0 not upgraded.
Need to get 20.9 MB of archives.
After this operation, 167 MB of additional disk space will be used.
Do you want to continue? [Y/n]   //输入Y或yes，按回车键

安装MariaDB后，建议运行安全脚本mysql_secure_installation，该脚本将删除一些不安全的默认设置并禁用对数据库系统的访问。安全脚本将引导您完成以下一系列问题，您可以在其中对MariaDB设置进行一些更改。切换到root用户再执行，完成后退出root用户，使用sudo也可以。

user@debian:~$ sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):   //提示输入当前MariaDB(MySQL)root密码，直接按回车键
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y    //是否设置MariaDB(MySQL)root的密码，输入Y按回车键。
New password:    //输入MariaDB(MySQL)root的密码
Re-enter new password:    //再次输入MariaDB(MySQL)root的密码
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y    //是否删除匿名用户，输入Y按回车键
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y    //是否禁用root远程登录，输入Y按回车键
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y    //是否删除测试数据库，输入Y按回车键
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y    //是否在不重启的前提下更新设置，输入Y按回车键
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

创建名为“t_db”的数据库和名为“t”且具有数据库完全权限的用户，请运行以下命令。
在MariaDB(MySQL)命令提示符中，语句结尾必须加上分号后按回车键才能执行，否者不执行语句。如果没加分号按了回车键，没关系，在下一行里输入分号按回车键也会执行。

user@debian:~$ sudo mysql -uroot -p
Enter password:    //输入刚刚设置的MariaDB(MySQL)root的密码，不是Debian的root密码。
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 62
Server version: 10.3.29-MariaDB-0+deb10u1 Debian 10

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE t_db;    //创建数据库
Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> GRANT ALL ON t_db.* TO 't'@'localhost' IDENTIFIED BY '123' WITH GRANT OPTION;    //创建用户并授予管理权限
Query OK, 0 rows affected (0.000 sec)     

MariaDB [(none)]> FLUSH PRIVILEGES;        //更新数据库设置
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> exit;    //退出MariaDB(MySQL)
Bye

用刚刚创建的用户登录MariaDB来确认新用户是否具有数据库的完全权限。

user@debian:~$ mysql -ut -p
Enter password:    //输入用户t的密码
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 63
Server version: 10.3.29-MariaDB-0+deb10u1 Debian 10

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| t_db               |
+--------------------+
2 rows in set (0.000 sec)

MariaDB [(none)]> USE t_db;
Database changed
MariaDB [t_db]> SHOW TABLES;
Empty set (0.000 sec)

MariaDB [t_db]> exit;
Bye

3.安装PHP
PHP（超文本预处理器）是一种流行的脚本语言，用于构建用于显示Web内容和用户与数据库交互的逻辑。
安装PHP时，顺便把需要的PHP模块一起安装了。

user@debian:~$ sudo apt install php libapache2-mod-php php-mysql php-mbstring php-xml //前三个是AMP运行的主程序基本模块，后两个是phpMyAdmin运行所需模块
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  libapache2-mod-php7.3 php-common php7.3 php7.3-cli php7.3-common php7.3-json php7.3-mbstring php7.3-mysql
  php7.3-opcache php7.3-readline php7.3-xml
Suggested packages:
  php-pear
The following NEW packages will be installed:
  libapache2-mod-php libapache2-mod-php7.3 php php-common php-mbstring php-mysql php-xml php7.3 php7.3-cli
  php7.3-common php7.3-json php7.3-mbstring php7.3-mysql php7.3-opcache php7.3-readline php7.3-xml
0 upgraded, 16 newly installed, 0 to remove and 0 not upgraded.
Need to get 4,790 kB of archives.
After this operation, 20.1 MB of additional disk space will be used.
Do you want to continue? [Y/n]Y    //输入Y或yes，按回车键

如果要安装其他PHP模块，可以使用apt-cache命令和grep命令的组合进行搜索和安装。

user@debian:~$ apt-cache search php | egrep 'module' | grep default
libapache2-mod-php - server-side, HTML-embedded scripting language (Apache 2 module) (default)
php-bcmath - Bcmath module for PHP [default]
php-bz2 - bzip2 module for PHP [default]
php-curl - CURL module for PHP [default]
php-dev - Files for PHP module development (default)
php-enchant - Enchant module for PHP [default]
php-gd - GD module for PHP [default]
php-gmp - GMP module for PHP [default]
php-imap - IMAP module for PHP [default]
php-interbase - Interbase module for PHP [default]
php-intl - Internationalisation module for PHP [default]
php-json - JSON module for PHP [default]
php-ldap - LDAP module for PHP [default]
php-mbstring - MBSTRING module for PHP [default]
php-mysql - MySQL module for PHP [default]
php-odbc - ODBC module for PHP [default]
php-pgsql - PostgreSQL module for PHP [default]
php-pspell - pspell module for PHP [default]
php-readline - readline module for PHP [default]
php-recode - recode module for PHP [default]
php-snmp - SNMP module for PHP [default]
php-soap - SOAP module for PHP [default]
php-sqlite3 - SQLite3 module for PHP [default]
php-sybase - Sybase module for PHP [default]
php-tidy - tidy module for PHP [default]
php-xml - DOM, SimpleXML, WDDX, XML, and XSL module for PHP [default]
php-xmlrpc - XMLRPC-EPI module for PHP [default]
php-zip - Zip module for PHP [default]

重新加载Apache的配置并检查Apache运行状态。

user@debian:~$ systemctl reload apache2
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to reload 'apache2.service'.
Authenticating as: root
Password:    //输入Debian的root的密码，在命令前加sudo后可以不用输入密码
==== AUTHENTICATION COMPLETE ===
user@debian:~$ systemctl status apache2
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2021-08-01 20:34:39 CST; 5min ago
     Docs: https://httpd.apache.org/docs/2.4/
  Process: 12666 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
  Process: 12886 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
 Main PID: 12670 (apache2)
    Tasks: 6 (limit: 4661)
   Memory: 14.3M
   CGroup: /system.slice/apache2.service
           ├─12670 /usr/sbin/apache2 -k start
           ├─12890 /usr/sbin/apache2 -k start
           ├─12891 /usr/sbin/apache2 -k start
           ├─12892 /usr/sbin/apache2 -k start
           ├─12893 /usr/sbin/apache2 -k start
           └─12894 /usr/sbin/apache2 -k start

测试功能是否正常。在Apache上测试PHP，创建一个简单的PHP脚本来验证Apache是否可以处理PHP文件的请求。
在/var/www/html/文件夹里创建一个info.php文件，输入代码：<?php phpinfo(); ?>，保存并关闭文件。
如果创建不成功请切换到root用户再试试。

user@debian:~$ sudo echo "<?php phpinfo(); ?>" > /var/www/html/info.php
-bash: /var/www/html/info.php: Permission denied
user@debian:~$ su
Password:
root@debian:/home/x# echo "<?php phpinfo(); ?>" > /var/www/html/info.php
root@debian:/home/x#

现在打开浏览器并键入以下地址，以查看Web服务器是否可以显示由此PHP脚本创建的内容。
http://SERVER_IP/info.php
或者
http://localhost/info.php
如果您在Web浏览器中看到上面的页面，那么PHP安装正在按预期工作。 此外，此页面显示了有关PHP安装的一些基本详细信息，它对于调试非常有用，但同时它还会显示有关PHP的一些敏感信息。

4.安装phpMyAdmin
phpMyAdmin的官方网址是https://www.phpmyadmin.net。
可以自己下载phpMyAdmin上传到/var/www/html/文件夹，也可以wget下载解压缩到/var/www/html/文件夹，方法很多，请自行 探索。

user@debian:~$ wget https://files.phpmyadmin.net/phpMyAdmin/5.1.1/phpMyAdmin-5.1.1-all-languages.zip
--2021-08-01 20:54:03--  https://files.phpmyadmin.net/phpMyAdmin/5.1.1/phpMyAdmin-5.1.1-all-languages.zip
Resolving files.phpmyadmin.net (files.phpmyadmin.net)... 89.187.187.15, 2a02:6ea0:c800::7
Connecting to files.phpmyadmin.net (files.phpmyadmin.net)|89.187.187.15|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14801905 (14M) [application/zip]
Saving to: ‘phpMyAdmin-5.1.1-all-languages.zip’

phpMyAdmin-5.1.1-all-language 100%[=================================================>]  14.12M  5.69MB/s    in 2.5s

2021-08-01 20:54:07 (5.69 MB/s) - ‘phpMyAdmin-5.1.1-all-languages.zip’ saved [14801905/14801905]

user@debian:~$ ls     //查看phpMyAdmin压缩包文件名，那么长懒得一个一个敲。
Desktop  Documents  Downloads  Music  phpMyAdmin-5.1.1-all-languages.zip  Pictures  Public  Templates  Videos
user@debian:~$ sudo unzip phpMyAdmin-5.1.1-all-languages.zip -d /var/www/html/  //解压到指定文件夹
Archive:  phpMyAdmin-5.1.1-all-languages.zip
   creating: /var/www/html/phpMyAdmin-5.1.1-all-languages/
  inflating: /var/www/html/phpMyAdmin-5.1.1-all-languages/CONTRIBUTING.md
  inflating: /var/www/html/phpMyAdmin-5.1.1-all-languages/ChangeLog
.......

打开浏览器，在网址中输入http://localhost//phpMyAdmin-5.1.1-all-languages/即可看到登录页面。使用刚刚创建的用户t和密码登录phpMyAdmin就可以管理MariaDB(MySQL)数据库。

5.最后
在本文中，已经解释了如何在Debian 10服务器上安装Linux，Apache，MariaDB和PHP（LAMP）。
这只是在单机安装LAMP，仅供学习用。实际中因各种安全问题仍需做大量工作。
如果您对本文有疑问，请随时在评论部分询问。