原文:http://www.osyunwei.com/archives/7882.html
环境:
LSB Version: :core-4.1-amd64:core-4.1-noarch
Distributor ID: CentOS
Description: CentOS Linux release 7.0.1406 (Core)
Release: 7.0.1406
Codename: Core
查看是否安装防火墙:
[ouyangjun@iZ25dmhrwpjZ /]$ rpm -q 'iptables'
iptables-1.4.21-13.el7.x86_64
若iptables防火墙不存在,则安装
yum install iptables-services
查看防火墙相关文件的位置:
sudo find -name 'iptables*'
./usr/bin/iptables-xml
./usr/sbin/iptables-restore
./usr/sbin/iptables-save
./usr/sbin/iptables
./usr/src/kernels/3.10.0-123.el7.x86_64/include/config/ip6/nf/iptables.h
./usr/src/kernels/3.10.0-123.el7.x86_64/include/config/ip/nf/iptables.h
./usr/src/kernels/3.10.0-123.9.3.el7.x86_64/include/config/ip6/nf/iptables.h
./usr/src/kernels/3.10.0-123.9.3.el7.x86_64/include/config/ip/nf/iptables.h
./usr/share/man/man1/iptables-xml.1.gz
./usr/share/man/man8/iptables-extensions.8.gz
./usr/share/man/man8/iptables.8.gz
./usr/share/man/man8/iptables-save.8.gz
./usr/share/man/man8/iptables-restore.8.gz
./usr/share/doc/iptables-1.4.21
./usr/share/bash-completion/completions/iptables
./usr/share/augeas/lenses/dist/iptables.aug
./etc/sysconfig/iptables-config
./etc/selinux/targeted/modules/active/modules/iptables.pp
编辑防火墙配置文件
sudo vim /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
注意:备注:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,
正确的应该是添加到默认的22端口这条规则的下面
重启防火墙
[ouyangjun@iZ25dmhrwpjZ /]$ sudo systemctl restart iptables.service
[ouyangjun@iZ25dmhrwpjZ /]$ sudo systemctl enable iptables.service
ln -s '/usr/lib/systemd/system/iptables.service' '/etc/systemd/system/basic.target.wants/iptables.service'
[ouyangjun@iZ25dmhrwpjZ /]$
关闭SELINUX
vi /etc/selinux/config
#SELINUX=enforcing #注释掉
#SELINUXTYPE=targeted #注释掉
SELINUX=disabled #增加
:wq! #保存退出
setenforce 0 #使配置立即生效
安装httpd:
yum install httpd #根据提示,输入Y安装即可成功安装
systemctl start httpd.service #启动apache
systemctl stop httpd.service #停止apache
systemctl restart httpd.service #重启apache
systemctl enable httpd.service #设置apache开机启动
安装MariaDB
CentOS 7.0中,已经使用MariaDB替代了MySQL数据库
yum install mariadb mariadb-server #询问是否要安装,输入Y即可自动安装,直到安装完成
systemctl start mariadb.service #启动MariaDB
systemctl stop mariadb.service #停止MariaDB
systemctl restart mariadb.service #重启MariaDB
systemctl enable mariadb.service #设置开机启动
cp /usr/share/mysql/my-huge.cnf /etc/my.cnf #拷贝配置文件(注意:如果/etc目录下面默认有一个my.cnf,直接覆盖即可)
个人测试按以上方法安装在centos7.0环境启动不了mariadb
在百度上收缩将一下列表都安装上就可以正常启动了
sudo yum install mariadb-embedded.x86_64 mariadb-embedded-devel.x86_64 mariadb-libs.i686 mariadb-devel.x86_64 mariadb.x86_64 mariadb-server.x86_64 mariadb-test.x86_64 mariadb-bench.x86_64
//设置密码
mysql_secure_installation
回车,根据提示输入Y
输入2次密码,回车
根据提示一路输入Y
最后出现:Thanks for using MySQL!
MariaDB密码设置完成,重新启动 MariaDB:
systemctl restart mariadb.service #重启MariaDB
php安装:
yum install php #根据提示输入Y直到安装完成
安装PHP组件,使PHP支持 MariaDB
yum install php-mysql php-gd libjpeg* php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-bcmath php-mhash
#这里选择以上安装包进行安装,根据提示输入Y回车
systemctl restart mariadb.service #重启MariaDB
systemctl restart httpd.service #重启apache
配置篇
一、Apache配置
vim /etc/httpd/conf/httpd.conf #编辑文件
ServerSignature On #添加,在错误页中显示Apache的版本,Off为不显示
Options Indexes FollowSymLinks #修改为:Options Includes ExecCGI FollowSymLinks(允许服务器执行CGI及SSI,禁止列出目录)
#AddHandler cgi-script .cgi #修改为:AddHandler cgi-script .cgi .pl (允许扩展名为.pl的CGI脚本运行)
AllowOverride None #修改为:AllowOverride All (允许.htaccess)
AddDefaultCharset UTF-8 #修改为:AddDefaultCharset GB2312 (添加GB2312为默认编码)
#Options Indexes FollowSymLinks #修改为 Options FollowSymLinks(不在浏览器上显示树状目录结构)
DirectoryIndex index.html #修改为:DirectoryIndex index.html index.htm Default.html Default.htm index.php(设置默认首页文件,增加index.php)
MaxKeepAliveRequests 500 #添加MaxKeepAliveRequests 500 (增加同时连接数)
:wq! #保存退出
systemctl restart httpd.service #重启apache
rm -f /etc/httpd/conf.d/welcome.conf /var/www/error/noindex.html #删除默认测试页
二、php配置
vi /etc/php.ini #编辑
date.timezone = PRC #把前面的分号去掉,改为date.timezone = PRC
disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname
#列出PHP可以禁用的函数,如果某些程序需要用到这个函数,可以删除,取消禁用。
expose_php = Off #禁止显示php版本的信息
short_open_tag = ON #支持php短标签
open_basedir = .:/tmp/ #设置表示允许访问当前目录(即PHP脚本文件所在之目录)和/tmp/目录,可以防止php木马跨站,如果改了之后安装程序有问题(例如:织梦内容管理系统),可以注销此行,或者直接写上程序的目录/data/www.osyunwei.com/:/tmp/
:wq! #保存退出
systemctl restart mariadb.service #重启MariaDB
systemctl restart httpd.service #重启apache
测试篇
cd /var/www/html
vim index.php #输入下面内容
<?php
phpinfo();
?>
:wq! #保存退出