一、准备一台centos7虚拟机,ip为192.168.10.30。同时作为httpd服务器,fpm服务器,mariadb服务器。192.168.10.20测试机
使用yum仓库下载mariadb httpd版本:2.4.6,php-fpm版本:5.4.16,mariadb版本:5.5.64,php-mysql版本:5.4.16,php-mbstring版本:5.4.16
(1)安装并配置MariaDB服务
# yum -y install mariadb-server
编辑mariadb的配置文件添加常用选项
# vim /etc/my.cnf.d/server.cnf
skip_name_resolve=ON 跳过名称解析
innodb_file_per_table=ON 每表使用单独的表空间文件
启动mariadb并开机自启动
# systemctl start mariadb
# systemctl enable mariadb
本地连接测试:
# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.64-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>exit
Bye
安全加固
# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): 为空,直接回车
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y 设置root密码
New password: 输入新密码
Re-enter new password: 确认新密码
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y 删除默认的匿名用户
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y 禁止root管理员远程登陆,建议禁止
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] n 是否删除名为test的测试库
... skipping.
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y 重载特权表
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
加固之后,再使用用户名密码登陆
# mysql -uroot -h127.0.0.1 -plhp@ssw0rd
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.64-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
授权一个普通用户做后面的测试,用户名 myuser 密码mypass
MariaDB [(none)]> GRANT ALL ON testdb.* TO 'myuser'@'192.168.10.%' IDENTIFIED BY 'mypass';
Query OK, 0 rows affected (0.00 sec)
刷新授权表
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
退出sql用新建的用户测试连接
# mysql -umyuser -h192.168.10.30 -pmypass
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 5.5.64-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
创建数据库testdb并指定默认字符集为utf8
MariaDB [(none)]> CREATE DATABASE testdb CHARACTER SET 'utf8';
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> exit
Bye
(2)安装并配置pmp-fpm服务
确保没有和php同时安装
# yum info php
还在仓库中
# yum info php-fpm
还在仓库中
安装php-fpm和连接数据库的php-mysql和支持多字符的php-mbstring和加解密的php-mcrypt
# yum -y install php-fpm php-mysql php-mbstring php-mcrypt
服务配置文件:/etc/php-fpm.conf , /etc/php-fpm.d/*.conf
/etc/php-fpm.d/www.conf中的关键参数:
listen = 127.0.0.1:9000 监听的主机和端口,跨主机部署需要修改
;listen.backlog = -1 后援队列,等待队列,请求等待,-1表示无限制
listen.allowed_clients = 127.0.0.1 允许哪些主机有权限连接请求,跨主机部署amp时需要修改
user = apache 运行进程的用户
group = apache 运行进程的组
pm = dynamic 连接池运行为动态
pm.max_children = 50 运行的最大子进程数
pm.start_servers = 5 服务刚启动是运行的子进程个数
pm.min_spare_servers = 5 最少空闲子进程个数
pm.max_spare_servers = 35 最大空闲子进程数
;pm.max_requests = 500 每个子进程响应500个请求后重新起一个子进程
;pm.status_path = /status 内置状态页
;ping.path = /ping 服务远程健康状态测试
;ping.response = pong 服务远程健康状态测试
php_value[session.save_path] = /var/lib/php/session 会话持久保持在这个目录
php环境配置文件:/etc/php.ini, /etc/php.d/*.ini
创建session保存的目录,默认没创建,在/etc/php-fpm.d/www.conf中定义
# mkdir -pv /var/lib/php/session
mkdir: created directory ‘/var/lib/php/session’
设置运行用户apache,组apache,和php-fpm一致
# chown apache:apache /var/lib/php/session/
启动php-fpm服务
# systemctl start php-fpm
# ss -tnl
(3)安装并配置httpd服务
安装启动httpd
# yum -y install httpd
# systemctl start httpd
# systemctl enable httpd
配置一个虚拟主机做测试
# vim /etc/httpd/conf.d/vhosts.conf
ServerName www.b.net
DocumentRoot "/apps/vhosts/b.net"
Options None
AllowOverride None
Require all granted
创建虚拟主机对应的网页目录及文件
# mkdir -pv /apps/vhosts/b.net
# touch /apps/vhosts/b.net/index.html
# vim /apps/vhosts/b.net/index.html
test page
语法检查
# httpd -t
重启httpd服务及关闭防火墙和SELinux
# systemctl restart httpd
# systemctl stop firewalld
关闭SELinux
# setenforce 0
测试
配置httpd通过fpm访问动态资源
增加/etc/httpd/conf.d/vhost.conf的参数
DirectoryIndex index.php 主页支持index.php
ProxyRequests Off 关闭正向代理
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/apps/vhosts/b.net/$1 正则表达式模式匹配,如果用户请求的URL是以任意字符开头但以.php结尾,那么我们就把他反代到 fcgi://127.0.0.1:9000端口 ,指定动态网页存放路径为/apps/vhosts/b.net/$1,$1为后向引用,引用第一个括号中的内容,在正则表达式外用$引用,在正则表达式中用\引用
进入虚拟主机配置文件目录
# cd /apps/vhosts/b.net/
将原来的静态页面改名保持,创建新的动态资源.php
# mv index.html test.html
# vim index.php
phpinfo()
?>
重启服务测试
# systemctl restart httpd
(4)设置能通过phpmyadmin网页管理数据库
使用宿主机下载phpmyadmin图形工具用于图形化管理数据库:由于当前php版本为5.4.16,所以从https://www.phpmyadmin.net/files/找到降低版本phpMyAdmin-4.0.10.20-all-languages.zip,上传至centos7服务器/root目录下。
切换到/root目录对文件进行解压
# cd ~
# unzip phpMyAdmin-4.0.10.20-all-languages.zip
将解压后的文件移动至虚拟主机所在的DocumentRoot路径下的phpmyadmin目录
# mv phpMyAdmin-4.0.10.20-all-languages /apps/vhosts/b.net/phpmyadmin
切换当前目录到/apps/vhosts/b.net/phpmyadmin/目录
# cd /apps/vhosts/b.net/phpmyadmin/
复制其中的文件config.sample.inc.php 命名为config.inc.php
# cp config.sample.inc.php config.inc.php
编辑配置文件config.inc.php,添加随机数,此版本默认有可以不填,有的版本没有必须填写
# vim config.inc.php
测试机浏览器打开192.168.10.30/phpmyadmin/index.php即可访问
输入此前设置的数据库root用户名密码即可登陆