1、升级OpenSSL和OpenSSH
tar xzvf openssl-0.9.8e.tar.gz
cd openssl-0.9.8e
./config --prefix=/usr/local/openssl
make
make test
make install
tar xzvf openssh-4.7p1.tar.gz
cd openssh-4.7p1
./configure \
"--prefix=/usr" \
"--with-pam" \
"--with-zlib" \
"--sysconfdir=/etc/ssh" \
"--with-ssl-dir=/usr/local/openssl" \
"--with-md5-passwords"
./configure --prefix=/usr --with-pam --with-zlib --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl --with-md5-passwords
(注意,如果 configure 时提示 PAM 有错误,那一般是因为系统中没有安装 pam-devel RPM 包,找到安装光盘,安装 pam-devel 就可以解决啦)
make
make install
2、安装mysql
cd /usr/local/src
tar zxvf mysql-5.0.86-linux-i686-icc-glibc23.tar.gz
mv mysql-5.0.86-linux-i686-icc-glibc23 /usr/local/
ln -s /usr/local/mysql-5.0.86-linux-i686-icc-glibc23/ /usr/local/mysql
groupadd mysql
useradd -g mysql mysql -d /home/mysql -s /sbin/nologin
chown -R mysql:mysql /usr/local/mysql
chown -R mysql:mysql /usr/local/mysql-5.0.86-linux-i686-icc-glibc23/
cd /usr/local/mysql
./scripts/mysql_install_db --user=mysql
cp ./support-files/mysql.server /etc/rc.d/init.d/mysqld
chmod 755 /etc/rc.d/init.d/mysqld
chkconfig --add mysqld
chkconfig --level 3 mysqld on
cp ./support-files/my-huge.cnf /etc/my.cnf
mv /usr/local/mysql/data /var/lib/mysql
chown -R mysql:mysql /var/lib/mysql
编辑/etc/my.cnf
在 [mysqld] 段增加
datadir = /var/lib/mysql
skip-innodb
wait-timeout = 10
max_connections = 512
max_connect_errors = 10000000
在 [mysqld] 段修改
max_allowed_packet = 16M
thread_cache_size = CPU个数*2
将 log-bin 注释
service mysqld start
bin/mysqladmin -u root password password
其中红色的password是要设置的root密码
登陆mysql,创建一个新用户和数据库
/usr/local/mysql/bin/mysql -u root -p \
输入密码:
mysql> CREATE USER 'ecshop-app'@'%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.01 sec)
mysql> CREATE DATABASE IF NOT EXISTS `ecshop`;
Query OK, 1 row affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON `ecshop` . * TO 'ecshop-app'@'%';
Query OK, 0 rows affected (0.00 sec)
创建好数据库测试一下能否访问?
提示一下:要让iptalbles对mysql端口放行;
具体方法参考:http://little-bill.iteye.com/blog/1553878
3、安装 GD 库 ( 让 PHP 支持 GIF,PNG,JPEG)
a.安装ZLIB2
tar -zxvf zlib-1.2.3.tar.gz
cd zlib-1.2.3
./configure --prefix=/usr/local/zlib
make
make install
b.安装 jpeg6 建立目录:
mkdir -p /usr/local/jpeg6
mkdir -p /usr/local/jpeg6/bin
mkdir -p /usr/local/jpeg6/lib
mkdir -p /usr/local/jpeg6/include
mkdir -p /usr/local/jpeg6/man
mkdir -p /usr/local/jpeg6/man1
mkdir -p /usr/local/jpeg6/man/man1
tar -zvxf jpegsrc.v6b.tar.gz
cd jpeg6
./configure --prefix=/usr/local/jpeg6/ --enable-shared --enable-static
make
make install
c.libpng 包 ( 支持 PNG)
tar -zvxf libpng-(version).tar.gz
cd libpng-(version)
./configure --prefix=/usr/local/libpng
make
make install
c. 安装 freetype
cd /root/Software/
tar -zvxf freetype-(version).tar.gz
cd freetype-(version)
mkdir -p /usr/local/freetype
./configure --prefix=/usr/local/freetype
make
make install
d. 安装 Curl 库
cd /root/Software/
tar -zxf curl-(version).tar.gz
mkdir -p /usr/local/curl
cd curl-(version)
./configure --prefix=/usr/local/curl
make
make install
e. 安装 Curl 库
tar -zxf curl-(version).tar.gz
mkdir -p /usr/local/curl
./configure --prefix=/usr/local/curl
make
make install
f.LibXML2
tar xjvf libxml2-2.6.30.tar.bz2
cd libxml2-2.6.30
./configure --prefix=/usr/local/libxml2
make
make install
g.LibMcrypt
cd /usr/local/src
tar xjvf libmcrypt-2.5.8.tar.bz2
cd libmcrypt-2.5.8
./configure --prefix=/usr/local/libmcrypt
make
make install
安装GD2
cd /usr/local/src
tar xzvf gd-2.0.34.tar.gz
cd gd-2.0.34
./configure --prefix=/usr/local/gd2
make
make install
--------------------------------------------------
onfigure.ac:64: error: possibly undefined macro: AM_ICONV
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
make: *** [configure] Error 1
解决办法 ,编译加m4_pattern_allow参数
即:./configure --enable-m4_pattern_allow
便能顺利编译安装
4、Apache日志截断程序
tar xzvf cronolog-1.7.0-beta.tar.gz
cd cronolog-1.7.0-beta
./configure --prefix=/usr/local/cronolog
make
make install
5. 编译安装Apache
cd /usr/local/src
tar xjvf httpd-2.2.6.tar.bz2
cd httpd-2.2.6
./configure \
"--prefix=/usr/local/apache2" \
"--with-included-apr" \
"--enable-so" \
"--enable-deflate=shared" \
"--enable-expires=shared" \
"--enable-rewrite=shared" \
"--enable-static-support" \
"--disable-userdir"
or
./configure --prefix=/usr/local/apache2 --with-included-apr --enable-so --enable-deflate=shared --enable-
expires=shared --enable-rewrite=shared --enable-static-support --disable-userdir
make
make install
让Apache在系统启动时自动启动:
1.在/etc/rc.d/rc.local中增加启动apache的命令,例如:/usr/local/apache2/bin/apachectl start
(推荐方法1)
2. 将apache注册为系统服务
首先将apachectl命令拷贝至/etc/rc.d/init.d目录下,改名为httpd
使用编辑器打开httpd文件,并在第一行#!/bin/sh下增加两行文字如下
chkconfig: 35 70 30
description: Apache
接着注册该服务
chkconfig --add httpd
一切OK了,启动服务
service httpd start
--------------------------------------------------------------------------------------
6. 编译安装PHP
tar xjvf php-5.2.4.tar.bz2
cd php-5.2.4
./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache2/bin/apxs --with-config-file-path=/usr/local/php/etc
--with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-libxml-dir=/usr/local/libxml2
--with-gd=/usr/local/gd2 --with-jpeg-dir --with-png-dir --with-bz2 --with-freetype-dir --with-iconv-dir --with-zlib-dir
--with-openssl=/usr/local/openssl --with-mcrypt=/usr/local/libmcrypt --enable-soap --enable-gd-native-ttf --enable-ftp
--enable-mbstring --enable-exif --disable-ipv6 --disable-cgi --disable-cli
make
make install
mkdir /usr/local/php/etc
cp php.ini-dist /usr/local/php/etc/php.ini
7. 安装Zend Optimizer
tar xzvf ZendOptimizer-3.3.0-linux-glibc21-i386.tar.gz
./ZendOptimizer-3.3.0-linux-glibc21-i386/install.sh
安装Zend Optimizer过程的最后不要选择重启Apache。
8. 整合Apache与PHP
vi /usr/local/apache2/conf/httpd.conf
找到:
AddType application/x-gzip .gz .tgz
在该行下面添加
AddType application/x-httpd-php .php
找到:
---------------------------------------------------
DirectoryIndex index.html
---------------------------------------------------
将该行改为
---------------------------------------------------
DirectoryIndex index.html index.htm index.php
---------------------------------------------------
# /usr/local/apache2/bin/apachectl restart
root@localhost fgn]# /usr/local/apache/bin/apachectl restart
httpd: Syntax error on line 53 of /usr/local/apache/conf/httpd.conf: Cannot load /usr/local/apache/modules/libphp4.so into server: /usr/local/apache/modules/libphp4.so: cannot restore segment prot after reloc: Permission denied
解决:
这是因为SELINUX的问题,需要关闭SELINX,执行:/usr/sbin/setenforce 0
重启系统;
9. 查看确认L.A.M.P环境信息、提升 PHP 安全性
在网站根目录放置 phpinfo.php 脚本,检查phpinfo中的各项信息是否正确。
确认 PHP 能够正常工作后,在 php.ini 中进行设置提升 PHP 安全性。
vi /usr/local/php/etc/php.ini
找到:
disable_functions =
设置为:
disable_functions =
phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server
完成