LAMP环境配置文档
L.A.M.P环境配置文档更新—CentOS 5.0 本文测试环境为CentOS 5.0,如果使用Red Hat AS3/4则不能使用yum命令管理rpm包。
一.系统约定 软件源代码包存放位置 /usr/local/src 源码包编译安装位置(prefix) /usr/local/software_name 脚本以及维护程序存放位置 /usr/local/sbin MySQL 数据库位置 /var/lib/mysql Apache 网站根目录 /home/www/wwwroot Apache 虚拟主机日志根目录 /home/www/logs Apache 运行帐户 www:www
二.系统环境部署及调整
1.检查系统是否正常
# more /var/log/messages (检查有无系统级错误信息)
# dmesg (检查硬件设备是否有错误信息)
# ifconfig(检查网卡设置是否正确)
# ping www.163.com (检查网络是否正常)
2.关闭不需要的服务
# ntsysv
以下仅列出需要启动的服务,未列出的服务一律关闭:
atd
crond
irqbalance
microcode_ctl
network
sendmail
sshd
syslog
3.重新启动系统
# init 6
4.配置 vim
# vi /root/.bashrc
在 alias mv='mv -i' 下面添加一行:alias vi='vim' 保存退出。
# echo 'syntax on' > /root/.vimrc
5.使用yum程序安装所需软件包(以下为标准的RPM包名称)
# yum install ntp vim-enhanced gcc gcc-c++ flex bison autoconf automake bzip2-devel ncurses-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel pam-devel kernel
6.定时校正服务器时钟,定时与中国国家授时中心授时服务器同步
# crontab -e
加入一行:
*/30 * * * * ntpdate 210.72.145.44
7.源代码编译安装所需包
(1) GD2
# cd /usr/local/src
# wget http://www.libgd.org/releases/oldreleases/gd-2.0.34.tar.gz
# tar xzvf gd-2.0.34.tar.gz
# cd gd-2.0.34
# ./configure --prefix=/usr/local/gd2
# make
# make install
(2) LibXML2
# cd /usr/local/src
# wget ftp://xmlsoft.org/libxml2/libxml2-2.6.29.tar.gz
# tar xzvf libxml2-2.6.29.tar.gz
# cd libxml2-2.6.29
# ./configure --prefix=/usr/local/libxml2
# make
# make install
(3) LibMcrypt
# cd /usr/local/src
#wget http://jaist.dl.sourceforge.net/sourceforge/mcrypt/libmcrypt-2.5.8.tar.bz2
# tar xjvf libmcrypt-2.5.8.tar.bz2
# cd libmcrypt-2.5.8
# ./configure –prefix=/usr/local/libmcrypt
# make
# make install
(4) Apache 日志截断程序
# cd /usr/local/src
# wget http://cronolog.org/download/cronolog-1.6.2.tar.gz
# tar xzvf cronolog-1.6.2.tar.gz
# cd cronolog-1.6.2
# ./configure –prefix=/usr/local/cronolog
# make
# make install
8.升级OpenSSL和OpenSSH
# cd /usr/local/src
# wget http://www.openssl.org/source/openssl-0.9.8e.tar.gz
# wget http://mirror.mcs.anl.gov/openssh/portable/openssh-4.6p1.tar.gz
# tar xzvf openssl-0.9.8e.tar.gz
# cd openssl-0.9.8e
# ./config --prefix=/usr/local/openssl
# make
# make test
# make install
# cd ..
# tar xzvf openssh-4.6p1.tar.gz
# cd openssh-4.6p1
# ./configure \
"--prefix=/usr" \
"--with-pam" \
"--with-zlib" \
"--sysconfdir=/etc/ssh" \
"--with-ssl-dir=/usr/local/openssl" \
"--with-md5-passwords"
# make
# make install
(1)禁用 SSH V1 协议
找到:
#Protocol 2,1
改为:
Protocol 2
(2)禁止root直接登录
此处先建立一个普通系统用户:
# useradd username
# passwd username
找到:
#PermitRootLogin yes
改为:
PermitRootLogin no
(3)禁用服务器端GSSAPI
找到以下两行,并将它们注释:
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
(4)禁用 DNS 名称解析 找到:
#UseDNS yeas
改为:
UseDNS no
(5)禁用客户端 GSSAPI
# vi /etc/ssh/ssh_config
找到:
GSSAPIAuthentication yes
将这行注释掉。
最后,确认修改正确后重新启动 SSH 服务
# service sshd restart
# ssh -v
确认 OpenSSH 以及 OpenSSL 版本正确。
三、编译安装L.A.M.P环境
-
下载软件
# cd /usr/local/src # wget http://apache.mirror.phpchina.com/httpd/httpd-2.2.4.tar.bz2 # wget http://download.discuz.net/env/mysql-5.0.27.tar.gz # wget http://cn.php.net/distributions/php-5.2.3.tar.bz2 #wget http://downloads.phpchina.com/zend/optimizer/3.3.0/ZendOptimizer-3.3.0-linux-glibc21-i386.tar.gz
-
编译安装MySQL
# tar xzvf mysql-5.0.27.tar.gz # cd mysql-5.0.27 # ./configure \ "--prefix=/usr/local/mysql" \ "--localstatedir=/var/lib/mysql" \ (注意:/var 分区是否适合?) "--with-comment=Source" \ "--with-server-suffix=-Comsenz" \ "--with-mysqld-user=mysql" \ "--without-debug" \ "--with-big-tables" \ "--with-charset=" \ (此处设置MySQL默认字符集) "--with-collation= " \ (此处设置MySQL校正字符集) "--with-extra-charsets=all" \ "--with-pthread" \ "--enable-static" \ "--enable-thread-safe-client" \ "--with-client-ldflags=-all-static" \ "--with-mysqld-ldflags=-all-static" \ "--enable-assembler" \ "--without-isam" \ "--without-innodb" \ "--without-ndb-debug" # make # make install # useradd mysql # cd /usr/local/mysql # bin/mysql_install_db --user=mysql # chown -R root:mysql . # chown -R mysql /var/lib/mysql # cp share/mysql/my-huge.cnf /etc/my.cnf # cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld # chmod 755 /etc/rc.d/init.d/mysqld # chkconfig --add mysqld # chkconfig --level 3 mysqld on # /etc/rc.d/init.d/mysqld start # bin/mysqladmin -u root password 'password_for_root'
-
编译安装Apache
# cd /usr/local/src # tar xjvf httpd-2.2.4.tar.bz2 # cd httpd-2.2.4 # ./configure \ "--prefix=/usr/local/apache2" \ "--with-included-apr" \ "--enable-so" \ "--enable-deflate=shared" \ "--enable-expires=shared" \ "--enable-rewrite=shared" \ "--enable-static-support" \ "--disable-userdir" # make # make install # echo '/usr/local/apache2/bin/apachectl start ' >> /etc/rc.local
-
编译安装PHP
# cd /usr/local/src # tar xjvf php-5.2.3.tar.bz2 # cd php-5.2.3 # ./configure \ "--prefix=/usr/local/php" \ "--with-apxs2=/usr/local/apache2/bin/apxs" \ "--with-config-file-path=/usr/local/php/etc" \ "--with-mysql=/usr/local/mysql" \ "--with-libxml-dir=/usr/local/libxml2" \ "--with-gd=/usr/local/gd2" \ "--with-jpeg-dir" \ "--with-png-dir" \ "--with-bz2" \ "--with-freetype-dir" \ "--with-iconv-dir" \ "--with-zlib-dir " \ "--with-openssl=/usr/local/openssl" \ "--with-mcrypt=/usr/local/libmcrypt" \ "--enable-soap" \ "--enable-gd-native-ttf" \ "--enable-memory-limit" \ "--enable-ftp" \ "--enable-mbstring" \ "--enable-exif" \ "--disable-ipv6" \ "--disable-cgi" \ "--disable-cli" # make # make install # mkdir /usr/local/php/etc # cp php.ini-dist /usr/local/php/etc/php.ini
-
安装Zend Optimizer
# cd /usr/local/src # tar xzvf ZendOptimizer-3.2.8-linux-glibc21-i386.tar.gz # ./ZendOptimizer-3.2.8-linux-glibc21-i386/install.sh 安装Zend Optimizer过程的最后不要选择重启Apache。
-
整合Apache与PHP
# vi /usr/local/apache2/conf/httpd.conf 找到: AddType application/x-gzip .gz .tgz 在该行下面添加 AddType application/x-httpd-php .php
找到:
将该行改为
找到:
Include conf/extra/httpd-mpm.conf
Include conf/extra/httpd-info.conf
Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-default.conf
去掉前面的“#”号,取消注释。
注意:以上 4 个扩展配置文件中的设置请按照相关原则进行合理配置!
修改完成后保存退出。
/usr/local/apache2/bin/apachectl restart
7. 查看确认L.A.M.P环境信息、提升 PHP 安全性
在网站根目录放置 phpinfo.php 脚本,检查phpinfo中的各项信息是否正确。
vi phpinfo.php
<?php phpinfo(); ?>
确认 PHP 能够正常工作后,在 php.ini 中进行设置提升 PHP 安全性。
vi /etc/php.ini
找到:
disable_functions =
设置为:
phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_open,proc_get_status,error_log,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server
三、服务器安全性设置
1. 设置系统防火墙
# touch /usr/local/sbin/fw.sh
将以下脚本命令(绿色部分)粘贴到 fw.sh 文件中。
!/bin/bash
Stop iptables service first
service iptables stop
Load FTP Kernel modules
/sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_nat_ftp
Inital chains default policy
/sbin/iptables -F -t filter /sbin/iptables -P INPUT DROP /sbin/iptables -P OUTPUT ACCEPT
Enable Native Network Transfer
/sbin/iptables -A INPUT -i lo -j ACCEPT
Accept Established Connections
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
ICMP Control
/sbin/iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
WWW Service
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
FTP Service
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
SSH Service
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
chmod 755 /usr/local/sbin/fw.sh
echo '/usr/local/sbin/fw.sh' >> /etc/rc.local
/usr/local/sbin/fw.sh
```
Markdown 语法
- 加粗**内容**
- 斜体*内容*
- 删除线~~内容~~
- 引用> 引用内容
- 代码`代码`
- 代码块```编程语言↵代码```
- 链接[链接标题](url)
- 无序列表- 内容
- 有序列表1. 内容
- 缩进内容
- 图片![alt](url)
-
2020-05-07 09:45:51
-
2013-06-29 12:37:21
-
2012-11-25 12:53:19
-
2012-12-04 11:55:04
-
2013-06-26 10:51:38
-
2018-12-29 14:08:05
-
2012-12-04 11:46:15
-
2020-07-06 19:26:57
-
2018-09-16 09:39:43
-
2018-12-26 14:49:53
-
2017-11-08 15:42:54
-
2008-08-01 19:04:35
-
2013-07-11 12:43:07
-
2014-10-17 13:28:43
-
2008-08-07 18:36:36
-
2015-08-03 20:18:40
-
2019-11-09 19:12:56
-
22018-03-31 10:34:20
-
2015-01-28 16:51:12
-
5Hi3516CV610 如何使用SD卡升级固件
-
5cat /dev/logmpp 报错 <3>[ vi] [func]:vi_send_frame_node [line]:99 [info]:vi pic queue is full!
-
50如何获取vpss chn的图像修改后发送至vo
-
5FPGA通过Bt1120传YUV422数据过来,vi接收不到数据——3516dv500
-
50SS928 运行PQtools 拼接 推到设备里有一半画面会异常
-
53536AV100的sample_vdec输出到CVBS显示
-
10海思板子mpp怎么在vi阶段改变视频数据尺寸
-
10HI3559AV100 多摄像头同步模式
-
9海思ss928单路摄像头vio中加入opencv处理并显示
-
10EB-RV1126-BC-191板子运行自己编码的程序
举报类型
- 内容涉黄/赌/毒
- 内容侵权/抄袭
- 政治相关
- 涉嫌广告
- 侮辱谩骂
- 其他
详细说明