阿里云重装系统记录2:Centos安装LAMNP环境
上次说了阿里云重装系统记录1:ECS两块云盘合并,今天记录一下安装centos安装LAMNP(Linux+Apache+Mysql+Nginx+PHP)环境,由于好玩吧新购了阿里云的RDS,所以数据库mysql就不需要安装,但是一下还是记录着。
1.如果已安装Apache和PHP,则卸载
yum -y remove httpd* php* mysql
2.更新软件库
yum -y update
说明:
yum -y update:【升级所有包,改变软件设置和系统设置,系统版本内核都升级】
yum -y upgrade:升级所有包,不改变软件设置和系统设置,系统版本升级,内核不改变
3.安装Nginx源
rpm -ivh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
4.安装epel源
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
5.安装RPMforge源,用于安装phpMyAdmin
rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
6.安装nginx,加入启动项,启动nginx
yum -y install nginx chkconfig --levels 235 nginx on /etc/init.d/nginx start
7.安装Apache,加入启动项,启动Apache
yum -y install httpd chkconfig --levels 345 httpd on /etc/init.d/httpd start
出现错误提示:
[root@localhost ~]# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server’s fully qualified domain name, using localhost.localdomain for ServerName
(98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
正常,下面有解决办法。
8.安装PHP
yum -y install php
9.为PHP5取得MySQL支持和安装PHP常用库
yum -y install php-mysql php-gd libjpeg* php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-bcmath php-mhash libmcrypt
10.安装phpmyadmin
yum -y install phpmyadmin
11.数据库
rpm --import http://yum.mariadb.org/RPM-GPG-KEY-MariaDB
vi /etc/yum.repos.d/MariaDB.repo
新增一条记录:
# MariaDB 10.0 CentOS repository list – created 2014-03-15 08:00 UTC
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.0/centos6-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
12.安装mysql,设置开机启动,启动mysql
yum clean all yum -y install MariaDB-server MariaDB-client chkconfig --levels 235 mysql on /etc/init.d/mysql start
安装mysql时间比较长。
出现错误:
Error Downloading Packages:
MariaDB-server-10.0.22-1.el6.x86_64: failure: rpms/MariaDB-10.0.22-centos6-x86_64-server.rpm from mariadb: [Errno 256] No more mirrors to try.
继续yum -y install MariaDB-server MariaDB-client重新安装,直到提示成功。
13.设置mysql密码及相关设置
mysql_secure_installation
14.创建网站相关目录
mkdir /home/data
ln -s /home/data /data
mkdir /www
mkdir /data/wwwroot
ln -s /data/wwwroot /www/
mkdir -p /data/wwwroot/{web,log,git}
mkdir -p /data/wwwroot/log/{web,other}
mkdir /data/conf
mkdir /data/conf/{sites-available,sites-enabled,shell}
mkdir /backup
ln -s /backup /data/
15.移动nginx配置文件
cp -p /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak mv /etc/nginx/conf.d/default.conf /data/conf/sites-available/nginx_main.conf ln -s /data/conf/sites-available/nginx_main.conf /data/conf/sites-enabled/nginx_main.conf
管理nginx配置文件只需要
vi /data/conf/sites-available/nginx_main.conf
移动nginx配置文件
cp -p /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak mv /etc/nginx/nginx.conf /data/conf/ ln -s /data/conf/nginx.conf /etc/nginx/
16.移动apache配置文件
cp -p /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak mv /etc/httpd/conf/httpd.conf /data/conf/ ln -s /data/conf/httpd.conf /etc/httpd/conf/
管理apache配置文件只需要
vi /data/conf/httpd.conf
17.移动mysql配置文件
cp -p /etc/my.cnf /etc/my.cnf.bak mv /etc/my.cnf /data/conf/ ln -s /data/conf/my.cnf /etc/
18.移动mysql数据库
cp -rp /var/lib/mysql /var/lib/mysql-bak mv /var/lib/mysql /data/ ln -s /data/mysql /var/lib/
19.移动php配置文件
cp -p /etc/php.ini /etc/php.ini.bak mv /etc/php.ini /data/conf/ ln -s /data/conf/php.ini /etc/
20.添加www组和www用户,并且将web目录权限给到
groupadd www useradd -g www www chown -R www:www /data/wwwroot/web
21.配置nginx
vi /data/conf/nginx.conf
修改成一下文件
user www www;
worker_processes 1; #如果网站没有出现io性能问题,最好不要修改,采用默认的1即可,如果非要设置,必须要和CPU的内核数匹配,否则要么就假死(主要是Windows),要么就出现502的错误(主要是Linux)
worker_cpu_affinity 0001;
error_log /var/log/nginx/error.log warn;
# 用来指定进程id的存储文件位置
pid /var/run/nginx.pid;
# 用于绑定worker进程和CPU,该值必须和Linux内核打开文件数关联起来,如将该值设置为65535就必须在Linux命令行中执行 ulimit -HSn 65535
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
#charset uft-8; # 强制声明会导致我爱美图在ie下首页加载内容失败
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# 是否开启高效文件传输模式,将tcp_nopush和tcp_nodelay两个指令设置为on用于防止网络阻塞
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# 隐藏nginx的版本显示,增强安全性
server_tokens off;
# 用于设置客户端连接保持活动的超时时间,单位为秒,默认为75s
#keepalive_timeout 0;
keepalive_timeout 65;
# 用于指定响应客户端的超时时间,这个超时仅限于两个连接活动之间的时间,默认为60s
#send_timeout 60;
# 下面是FastCGI的优化指令
# 连接到后端FastCGI的超时时间
fastcgi_connect_timeout 300;
# 向FastCGI传送请求的超时时间
fastcgi_send_timeout 300;
# 接收FastCGI应答的超时时间
fastcgi_read_timeout 300;
# 指定读取FastCGI应答第一部分需要多大的缓冲区
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
# 默认值是fastcgi_buffers的两倍
fastcgi_busy_buffers_size 128k;
# 表示在写入缓存文件时使用多大的数据块,默认为fastcgi_buffers的两倍
fastcgi_temp_file_write_size 128k;
# 为FastCGI缓存指定一个文件路径、目录结构等级、关键字区域存储时间和非活动删除时间
#fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2 keys_zone=TEST:10m inactive=5m;
# 开启FastCGI缓存并为其设定一个名称。开启缓存可以有效降低CPU的负载,并且防止502错误的发生。
# 但是同时也会引起很多问题,要视具体情况而定
#fastcgi_cache TEST;
# 用来指定应答代码的缓存时间,下面三条指令表示将200和303应答缓存1小时,301应答缓存1天,其他应答缓存1分钟。
#fastcgi_cache_valid 200 302 1h;
#fastcgi_cache_valid 301 1d;
#fastcgi_cache_valid any 1m;
# 配置Nginx的HttpGzip模块,开通的前提是安装的时候启用了该模块,使用 /usr/local/nginx/sbin/nginx -V 来查看安装的信息(大写的V)
# 是否开通gzip
gzip on;
# 允许压缩的页面最小字节数
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
# 压缩比,从1到9,越大压缩率越高但越占资源,默认为1
gzip_comp_level 2;
# 指定压缩的类型,text/html总是被压缩
gzip_types text/plain application/x-javascript text/css application/xml;
# 是否让浏览器缓存压缩过的数据,默认为off
gzip_vary on;
client_max_body_size 20m;
# server 用于对虚拟主机的设置,建议每个站点的设置放到外部配置文件中,然后使用include进行引用
# 这里设置一个默认的主机,当默认访问的时候返回403错误
server {
listen 80 default;
server_name _;
# 也可以修改成404或者500,根据自身情况进行设置
return 403;
}
#include /etc/nginx/conf.d/*.conf;
include /data/conf/sites-enabled/nginx_*;
}
22.配置apache,引入apache配置,并且将“Listen 80”改为“Listen 8080”
echo 'Include /data/conf/sites-enabled/apache_*' >> /data/conf/httpd.conf sed -i 's/Listen 80/Listen 8080/g' /data/conf/httpd.conf
23.修改apache配置
#在出现错误页的时候不显示服务器操作系统的名称
#在错误页中不显示Apache的版本
#禁止列出目录
#不在浏览器上显示树状目录结构
#设置默认首页文件,增加index.php
#允许程序性联机
#增加同时连接数
sed -i 's/ServerTokens OS/ServerTokens Prod/ s/ServerSignature On/ServerSignature Off/ s/Options Indexes FollowSymLinks/Options FollowSymLinks/ s/Options Indexes MultiViews FollowSymLinks/Options MultiViews FollowSymLinks/ s/DirectoryIndex index.html/DirectoryIndex index.html index.php/ s/KeepAlive Off/KeepAlive On/ s/MaxKeepAliveRequests 100/MaxKeepAliveRequests 1000/ s/User apache/User www/ s/Group apache/Group www/ s#/var/www/html#/data/wwwroot/web#' /data/conf/httpd.conf
分解:
ServerTokens OS改为 ServerTokens Prod
KeepAlive Off改为KeepAlive On
MaxKeepAliveRequests 100 改为MaxKeepAliveRequests 1000
User apache 和Group apache 改为
User www 和Group www
DocumentRoot “/var/www/html”改为DocumentRoot “/data/wwwroot/web”
<Directory “/var/www/html”>改为:<Directory “/data/wwwroot/web”>
Options Indexes FollowSymLinks 改为 Options FollowSymLinks
DirectoryIndex index.html index.html.var改为 DirectoryIndex index.html index.php index.html.var
ServerSignature On 改为ServerSignature Off
Options Indexes MultiViews FollowSymLinks改为 Options MultiViews FollowSymLinks
AddIcon /icons/bomb.gif /core改为AddIcon /icons/bomb.gif core
解决出现的错误:
遇到问题1:
httpd: Syntax error on line 1010 of /etc/httpd/conf/httpd.conf: Could not open config directory /data/conf/sites-enabled: Permission denied
原因:SElinux开启了。
#/usr/sbin/sestatus -v 【查看SELinux状态】
#vi /etc/selinux/config
把 SELINUX=enforcing 注释掉:#SELINUX=enforcing ,然后新加一行为:
SELINUX=disabled
重启init 6
#setenforce 0 【临时关闭(不用重启机器)】
遇到问题2:
[root@localhost]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliably determine the server’s fully qualified domain name, using localhost.localdomain for ServerName
[ OK ]
参考:http://www.2cto.com/os/201201/117797.html
vi /data/conf/httpd.conf
#ServerName www.example.com:80
改为:
ServerName localhost:8080
再次重启Apache服务。
删除默认测试页
rm -f /etc/httpd/conf.d/welcome.conf /var/www/error/noindex.html
24.php配置
#修改时区
#禁用的函数
#禁止显示php版本的信息
#禁止php脚本访问指定目录以外的目录
#禁止nginx与php5.4以下版本的安全漏洞
#不指定session路径
/data/conf/php.ini |awk -F: '{print $1}'|grep 'date.timezone = PRC
sed -i 's/;date.timezone =/date.timezone = PRC/ s/disable_functions =/disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname/ s/expose_php = On/expose_php = Off/ s/;open_basedir =/open_basedir = /tmp/:/var/tmp/:/data/wwwroot/web/:/usr/share/phpmyadmin// s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo = 0/ s/upload_max_filesize = 2M/upload_max_filesize = 5M/ s/max_input_time = 60/max_input_time = 30/ s/memory_limit = 128M/memory_limit = 64M/ s/error_reporting = E_ALL & ~E_DEPRECATED/error_reporting = E_ERROR/ s/session.save_path/;session.save_path/ s/display_errors = On/display_errors = Off/ s/register_globals = On/register_globals = Off/ s/short_open_tag = Off/short_open_tag = On/ s/log_errors = Off/log_errors = On/' /data/conf/php.ini
vi /data/conf/php.ini
short_open_tag = Off改为 short_open_tag = On
;open_basedir =改为 open_basedir = /tmp/:/var/tmp/:/data/wwwroot/web/:/usr/share/phpmyadmin/
disable_functions =改为disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname
expose_php = On改为expose_php = Off
max_input_time = 60改为max_input_time = 30
memory_limit = 128M改为memory_limit = 64M
error_reporting = E_ALL & ~E_DEPRECATED改为error_reporting = E_ERROR
;cgi.fix_pathinfo=1改为cgi.fix_pathinfo = 0
upload_max_filesize = 2M改为upload_max_filesize = 5M
;date.timezone =改为date.timezone = PRC
session.save_path = “/var/lib/php/session”改为;session.save_path = “/var/lib/php/session”
25.phpMyAdmin虚拟主机设置
"ServerName localhost:8080 NameVirtualHost *:8080 # 空主机头防范 & 禁用IP访问Apache服务器ServerName *Order deny,allow Deny from all############################ # phpmyadmin # ############################ Order allow,deny Allow from allDocumentRoot /usr/share/phpmyadmin/ ServerName $PMA_URL ErrorLog /data/wwwroot/log/$PMA_URL-error_log CustomLog /data/wwwroot/log/$PMA_URL-access_log common" > /data/conf/sites-available/apache_main.conf
26.建立软链接
ln -s /data/conf/sites-available/* /data/conf/sites-enabled/
设置/usr/share/phpmyadmin目录权限
chown www.www /usr/share/phpmyadmin -R
设置防火墙,开启80端口,开启数据库端口
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT /sbin/iptables -I INPUT -p tcp --dport 61920 -j ACCEPT /etc/rc.d/init.d/iptables save /etc/init.d/iptables restart
27.修改mysql端口
vi /data/conf/my.cnf
新增一段
[mysqld]
#修改为你想要改的端口
port=61920
28.重启所有服务
/etc/init.d/nginx restart /etc/init.d/httpd restart /etc/init.d/mysql restart
