构建lamp（php-fpm方式）

一、准备一台centos7虚拟机，ip为192.168.10.30。同时作为httpd服务器，fpm服务器，mariadb服务器。192.168.10.20测试机

使用yum仓库下载mariadb     httpd版本：2.4.6，php-fpm版本：5.4.16，mariadb版本：5.5.64，php-mysql版本：5.4.16，php-mbstring版本：5.4.16

（1）安装并配置MariaDB服务

# yum -y install mariadb-server

编辑mariadb的配置文件添加常用选项

# vim /etc/my.cnf.d/server.cnf

skip_name_resolve=ON 跳过名称解析

innodb_file_per_table=ON 每表使用单独的表空间文件

启动mariadb并开机自启动

# systemctl start mariadb

# systemctl enable mariadb

本地连接测试：

# mysql

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 5.5.64-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>exit

Bye

安全加固

# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current

password for the root user.  If you've just installed MariaDB, and

you haven't set the root password yet, the password will be blank,

so you should just press enter here.

Enter current password for root (enter for none):         为空，直接回车

OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.

Set root password? [Y/n] Y      设置root密码

New password:                        输入新密码

Re-enter new password:          确认新密码

Password updated successfully!

Reloading privilege tables..

... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them.  This is intended only for testing, and to make the installation

go a bit smoother.  You should remove them before moving into a

production environment.

Remove anonymous users? [Y/n] Y         删除默认的匿名用户

... Success!

Normally, root should only be allowed to connect from 'localhost'.  This

ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y   禁止root管理员远程登陆，建议禁止

... Success!

By default, MariaDB comes with a database named 'test' that anyone can

access.  This is also intended only for testing, and should be removed

before moving into a production environment.

Remove test database and access to it? [Y/n] n    是否删除名为test的测试库

... skipping.

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

Reload privilege tables now? [Y/n] Y                     重载特权表

... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB

installation should now be secure.

Thanks for using MariaDB!

加固之后，再使用用户名密码登陆

# mysql -uroot -h127.0.0.1 -plhp@ssw0rd

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 10

Server version: 5.5.64-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

授权一个普通用户做后面的测试，用户名 myuser  密码mypass

MariaDB [(none)]> GRANT ALL ON testdb.* TO 'myuser'@'192.168.10.%' IDENTIFIED BY 'mypass';

Query OK, 0 rows affected (0.00 sec)

刷新授权表

    MariaDB [(none)]> FLUSH PRIVILEGES;

Query OK, 0 rows affected (0.00 sec)

退出sql用新建的用户测试连接

# mysql -umyuser -h192.168.10.30 -pmypass

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 11

Server version: 5.5.64-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

创建数据库testdb并指定默认字符集为utf8

MariaDB [(none)]> CREATE DATABASE testdb CHARACTER SET 'utf8';

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> exit 

Bye

(2)安装并配置pmp-fpm服务

确保没有和php同时安装

# yum info php

还在仓库中

# yum info php-fpm

还在仓库中

安装php-fpm和连接数据库的php-mysql和支持多字符的php-mbstring和加解密的php-mcrypt

# yum -y install php-fpm php-mysql php-mbstring php-mcrypt

服务配置文件：/etc/php-fpm.conf , /etc/php-fpm.d/*.conf

/etc/php-fpm.d/www.conf中的关键参数：

listen = 127.0.0.1:9000    监听的主机和端口，跨主机部署需要修改

;listen.backlog = -1  后援队列，等待队列，请求等待，-1表示无限制

listen.allowed_clients = 127.0.0.1 允许哪些主机有权限连接请求，跨主机部署amp时需要修改 

user = apache  运行进程的用户

group = apache   运行进程的组

pm = dynamic    连接池运行为动态

pm.max_children = 50  运行的最大子进程数

pm.start_servers = 5   服务刚启动是运行的子进程个数

pm.min_spare_servers = 5   最少空闲子进程个数

pm.max_spare_servers = 35  最大空闲子进程数

;pm.max_requests = 500    每个子进程响应500个请求后重新起一个子进程

;pm.status_path = /status   内置状态页

;ping.path = /ping    服务远程健康状态测试

;ping.response = pong  服务远程健康状态测试

php_value[session.save_path] = /var/lib/php/session  会话持久保持在这个目录

php环境配置文件：/etc/php.ini, /etc/php.d/*.ini

创建session保存的目录，默认没创建，在/etc/php-fpm.d/www.conf中定义

# mkdir -pv /var/lib/php/session

mkdir: created directory ‘/var/lib/php/session’

设置运行用户apache，组apache，和php-fpm一致

# chown apache:apache /var/lib/php/session/

启动php-fpm服务

# systemctl start php-fpm

# ss -tnl

（3）安装并配置httpd服务

安装启动httpd

# yum -y install httpd

# systemctl start httpd

# systemctl enable httpd

配置一个虚拟主机做测试

# vim /etc/httpd/conf.d/vhosts.conf

        ServerName www.b.net

        DocumentRoot "/apps/vhosts/b.net"

       

                Options None

                AllowOverride None

                Require all granted

       

创建虚拟主机对应的网页目录及文件

# mkdir -pv /apps/vhosts/b.net

# touch /apps/vhosts/b.net/index.html

# vim /apps/vhosts/b.net/index.html

        test page

语法检查

# httpd -t

重启httpd服务及关闭防火墙和SELinux

# systemctl restart httpd

# systemctl stop firewalld

关闭SELinux

# setenforce 0

测试

配置httpd通过fpm访问动态资源

增加/etc/httpd/conf.d/vhost.conf的参数

DirectoryIndex index.php 主页支持index.php

ProxyRequests Off 关闭正向代理

ProxyPassMatch   ^/(.*\.php)$   fcgi://127.0.0.1:9000/apps/vhosts/b.net/$1       正则表达式模式匹配，如果用户请求的URL是以任意字符开头但以.php结尾，那么我们就把他反代到 fcgi://127.0.0.1:9000端口 ，指定动态网页存放路径为/apps/vhosts/b.net/$1，$1为后向引用，引用第一个括号中的内容，在正则表达式外用$引用，在正则表达式中用\引用

进入虚拟主机配置文件目录

# cd /apps/vhosts/b.net/

将原来的静态页面改名保持，创建新的动态资源.php

# mv index.html test.html

# vim index.php

        phpinfo()

?>

重启服务测试

# systemctl restart httpd

（4）设置能通过phpmyadmin网页管理数据库

使用宿主机下载phpmyadmin图形工具用于图形化管理数据库：由于当前php版本为5.4.16，所以从https://www.phpmyadmin.net/files/找到降低版本phpMyAdmin-4.0.10.20-all-languages.zip,上传至centos7服务器/root目录下。

切换到/root目录对文件进行解压

# cd ~

# unzip phpMyAdmin-4.0.10.20-all-languages.zip

将解压后的文件移动至虚拟主机所在的DocumentRoot路径下的phpmyadmin目录

# mv phpMyAdmin-4.0.10.20-all-languages /apps/vhosts/b.net/phpmyadmin

切换当前目录到/apps/vhosts/b.net/phpmyadmin/目录

# cd /apps/vhosts/b.net/phpmyadmin/

复制其中的文件config.sample.inc.php 命名为config.inc.php 

# cp config.sample.inc.php config.inc.php

编辑配置文件config.inc.php,添加随机数，此版本默认有可以不填，有的版本没有必须填写

# vim config.inc.php 

测试机浏览器打开192.168.10.30/phpmyadmin/index.php即可访问

输入此前设置的数据库root用户名密码即可登陆