LAMPLinux+Apache+Mysql+PHP环境搭建.docx
《LAMPLinux+Apache+Mysql+PHP环境搭建.docx》由会员分享,可在线阅读,更多相关《LAMPLinux+Apache+Mysql+PHP环境搭建.docx(12页珍藏版)》请在冰点文库上搜索。
![LAMPLinux+Apache+Mysql+PHP环境搭建.docx](https://file1.bingdoc.com/fileroot1/2023-5/3/2a7b303e-3315-4964-849d-b4ba08d28844/2a7b303e-3315-4964-849d-b4ba08d288441.gif)
LAMPLinux+Apache+Mysql+PHP环境搭建
LAMP(Linux+Apache+Mysql+PHP)环境搭建
本文测试环境为CentOS5.0,如果使用RedHatAS3/4则不能使用yum命令管理rpm包。
一.系统约定
软件源代码包存放位置/usr/local/src
源码包编译安装位置(prefix)/usr/local/software_name
脚本以及维护程序存放位置/usr/local/sbin
MySQL数据库位置/var/lib/mysql
Apache网站根目录/home/www/wwwroot
Apache虚拟主机日志根目录/home/www/logs
Apache运行帐户www:
www
二.系统环境部署及调整
1.检查系统是否正常
#more/var/log/messages(检查有无系统级错误信息)
#dmesg(检查硬件设备是否有错误信息)
#ifconfig(检查网卡设置是否正确)
#pingwww.britepic.org(检查网络是否正常)
2.关闭不需要的服务
#ntsysv
以下仅列出需要启动的服务,未列出的服务一律关闭:
atd
crond
irqbalance
microcode_ctl
network
sendmail
sshd
syslog
3.重新启动系统
#init6
4.配置vim
#vi/root/.bashrc
在aliasmv='mv-i'下面添加一行:
aliasvi='vim'保存退出。
#echo'syntaxon'>/root/.vimrc
5.使用yum程序安装所需软件包(以下为标准的RPM包名称)
#yuminstallntpvim-enhancedgccgcc-c++flexbisonautoconfautomakebzip2-develncurses-devellibjpeg-devellibpng-devellibtiff-develfreetype-develpam-develkernel
6.定时校正服务器时钟,定时与中国国家授时中心授时服务器同步
#crontab-e
加入一行:
*/30****ntpdate210.72.145.44
7.源代码编译安装所需包
(1)GD2
#cd/usr/local/src
#wgethttp:
//www.libgd.org/releases/oldreleases/gd-2.0.34.tar.gz
#tarxzvfgd-2.0.34.tar.gz
#cdgd-2.0.34
#./configure--prefix=/usr/local/gd2
#make
#makeinstall
(2)LibXML2
#cd/usr/local/src
#wget[url=ftp:
//xmlsoft.org/libxml2/libxml2-2.6.29.tar.gz]ftp:
//xmlsoft.org/libxml2/libxml2-2.6.29.tar.gz[/url]
#tarxzvflibxml2-2.6.29.tar.gz
#cdlibxml2-2.6.29
#./configure--prefix=/usr/local/libxml2
#make
#makeinstall
(3)LibMcrypt
#cd/usr/local/src
#wget
#tarxjvflibmcrypt-2.5.8.tar.bz2
#cdlibmcrypt-2.5.8
#./configure–prefix=/usr/local/libmcrypt
#make
#makeinstall
(4)Apache日志截断程序
#cd/usr/local/src
#wgethttp:
//cronolog.org/download/cronolog-1.6.2.tar.gz
#tarxzvfcronolog-1.6.2.tar.gz
#cdcronolog-1.6.2
#./configure–prefix=/usr/local/cronolog
#make
#makeinstall
8.升级OpenSSL和OpenSSH
#cd/usr/local/src
#wgethttp:
//www.openssl.org/source/openssl-0.9.8e.tar.gz
#wgethttp:
//mirror.mcs.anl.gov/openssh/portable/openssh-4.6p1.tar.gz
#tarxzvfopenssl-0.9.8e.tar.gz
#cdopenssl-0.9.8e
#./config--prefix=/usr/local/openssl
#make
#maketest
#makeinstall
#cd..
#tarxzvfopenssh-4.6p1.tar.gz
#cdopenssh-4.6p1
#./configure\
"--prefix=/usr"\
"--with-pam"\
"--with-zlib"\
"--sysconfdir=/etc/ssh"\
"--with-ssl-dir=/usr/local/openssl"\
"--with-md5-passwords"
#make
#makeinstall
(1)禁用SSHV1协议
找到:
#Protocol2,1
改为:
Protocol2
(2)禁止root直接登录
此处先建立一个普通系统用户:
#useraddusername
#passwdusername
找到:
#PermitRootLoginyes
改为:
PermitRootLoginno
(3)禁用服务器端GSSAPI
找到以下两行,并将它们注释:
GSSAPIAuthenticationyes
GSSAPICleanupCredentialsyes
(4)禁用DNS名称解析
找到:
#UseDNSyeas
改为:
UseDNSno
(5)禁用客户端GSSAPI
#vi/etc/ssh/ssh_config
找到:
GSSAPIAuthenticationyes
将这行注释掉。
最后,确认修改正确后重新启动SSH服务
#servicesshdrestart
#ssh-v
确认OpenSSH以及OpenSSL版本正确。
三、编译安装L.A.M.P环境
1.下载软件
#cd/usr/local/src
#wget
#wget
#wget
#wget
2.编译安装MySQL
#tarxzvfmysql-5.0.27.tar.gz
#cdmysql-5.0.27
#./configure\
"--prefix=/usr/local/mysql"\
"--localstatedir=/var/lib/mysql"\(注意:
/var分区是否适合?
)
"--with-comment=Source"\
"--with-server-suffix=-Comsenz"\
"--with-mysqld-user=mysql"\
"--without-debug"\
"--with-big-tables"\
"--with-charset="\(此处设置MySQL默认字符集)
"--with-collation="\(此处设置MySQL校正字符集)
"--with-extra-charsets=all"\
"--with-pthread"\
"--enable-static"\
"--enable-thread-safe-client"\
"--with-client-ldflags=-all-static"\
"--with-mysqld-ldflags=-all-static"\
"--enable-assembler"\
"--without-isam"\
"--without-innodb"\
"--without-ndb-debug"
#make
#makeinstall
#useraddmysql
#cd/usr/local/mysql
#bin/mysql_install_db--user=mysql
#chown-Rroot:
mysql.
#chown-Rmysql/var/lib/mysql
#cpshare/mysql/my-f/etc/f
#cpshare/mysql/mysql.server/etc/rc.d/init.d/mysqld
#chmod755/etc/rc.d/init.d/mysqld
#chkconfig--addmysqld
#chkconfig--level3mysqldon
#/etc/rc.d/init.d/mysqldstart
#bin/mysqladmin-urootpassword'password_for_root'
3.编译安装Apache
#cd/usr/local/src
#tarxjvfhttpd-2.2.4.tar.bz2
#cdhttpd-2.2.4
#./configure\
"--prefix=/usr/local/apache2"\
"--with-included-apr"\
"--enable-so"\
"--enable-deflate=shared"\
"--enable-expires=shared"\
"--enable-rewrite=shared"\
"--enable-static-support"\
"--disable-userdir"
#make
#makeinstall
#echo'/usr/local/apache2/bin/apachectlstart'>>/etc/rc.local
4.编译安装PHP
#cd/usr/local/src
#tarxjvfphp-5.2.3.tar.bz2
#cdphp-5.2.3
#./configure\
"--prefix=/usr/local/php"\
"--with-apxs2=/usr/local/apache2/bin/apxs"\
"--with-config-file-path=/usr/local/php/etc"\
"--with-mysql=/usr/local/mysql"\
"--with-libxml-dir=/usr/local/libxml2"\
"--with-gd=/usr/local/gd2"\
"--with-jpeg-dir"\
"--with-png-dir"\
"--with-bz2"\
"--with-freetype-dir"\
"--with-iconv-dir"\
"--with-zlib-dir"\
"--with-openssl=/usr/local/openssl"\
"--with-mcrypt=/usr/local/libmcrypt"\
"--enable-soap"\
"--enable-gd-native-ttf"\
"--enable-memory-limit"\
"--enable-ftp"\
"--enable-mbstring"\
"--enable-exif"\
"--disable-ipv6"\
"--disable-cgi"\
"--disable-cli"
#make
#makeinstall
#mkdir/usr/local/php/etc
#cpphp.ini-dist/usr/local/php/etc/php.ini
5.安装ZendOptimizer
#cd/usr/local/src
#tarxzvfZendOptimizer-3.2.8-linux-glibc21-i386.tar.gz
#./ZendOptimizer-3.2.8-linux-glibc21-i386/install.sh
安装ZendOptimizer过程的最后不要选择重启Apache。
6.整合Apache与PHP
#vi/usr/local/apache2/conf/httpd.conf
找到:
AddTypeapplication/x-gzip.gz.tgz
在该行下面添加
AddTypeapplication/x-httpd-php.php
找到:
DirectoryIndexindex.html
将该行改为
DirectoryIndexindex.htmlindex.htmindex.php
找到:
#Includeconf/extra/httpd-mpm.conf
#Includeconf/extra/httpd-info.conf
#Includeconf/extra/httpd-vhosts.conf
#Includeconf/extra/httpd-default.conf
去掉前面的“#”号,取消注释。
注意:
以上4个扩展配置文件中的设置请按照相关原则进行合理配置!
修改完成后保存退出。
#/usr/local/apache2/bin/apachectlrestart
7.查看确认L.A.M.P环境信息、提升PHP安全性
在网站根目录放置phpinfo.php脚本,检查phpinfo中的各项信息是否正确。
#viphpinfo.php
php
phpinfo();
?
>
确认PHP能够正常工作后,在php.ini中进行设置提升PHP安全性。
#vi/etc/php.ini
找到:
disable_functions=
设置为:
phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_open,proc_get_status,error_log,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server
三、服务器安全性设置
1.设置系统防火墙
#touch/usr/local/sbin/fw.sh
将以下脚本命令(绿色部分)粘贴到fw.sh文件中。
#!
/bin/bash
#Stopiptablesservicefirst
serviceiptablesstop
#LoadFTPKernelmodules
/sbin/modprobeip_conntrack_ftp
/sbin/modprobeip_nat_ftp
#Initalchainsdefaultpolicy
/sbin/iptables-F-tfilter
/sbin/iptables-PINPUTDROP
/sbin/iptables-POUTPUTACCEPT
#EnableNativeNetworkTransfer
/sbin/iptables-AINPUT-ilo-jACCEPT
#AcceptEstablishedConnections
/sbin/iptables-AINPUT-mstate--stateESTABLISHED,RELATED-jACCEPT
#ICMPControl
/sbin/iptables-AINPUT-picmp-mlimit--limit1/s--limit-burst10-jACCEPT
#WWWService
/sbin/iptables-AINPUT-ptcp--dport80-jACCEPT
#FTPService
/sbin/iptables-AINPUT-ptcp--dport21-jACCEPT
#SSHService
/sbin/iptables-AINPUT-ptcp--dport22-jACCEPT
#chmod755/usr/local/sbin/fw.sh
#echo'/usr/local/sbin/fw.sh'>>/etc/rc.local
#/usr/local/sbin/fw.sh