DCC

CentOS 7 下 LEMP 的配置
CentOS 是 RHEL (Red Hat Enterprise Linux) 的免费版,由于红帽的大力推广,在...
扫描右侧二维码阅读全文
01
2017/12

CentOS 7 下 LEMP 的配置

CentOSRHEL (Red Hat Enterprise Linux) 的免费版,由于红帽的大力推广,在国内外很是流行。因为众多企业和开发者使用,首先要求的是保证稳定,所以 CentOS 下的软件从不追求最新版本。

而很多时候我们不得不用到最新的版本进行一些操作,本文就介绍在 CentOS / RHEL 7.x 下使用 EPEL 以及官网仓库安装较新版本的 LEMP。

本文所有操作均在 root 用户下进行,请自行切换至 root 用户或者赋予 sudo 权限。

初始化配置

关闭 SELinux

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config && setenforce 0

增加 epel 和 php 仓库

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
rpm -Uvh https://centos7.iuscommunity.org/ius-release.rpm
rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-7.rpm

卸载无用软件及升级系统

yum upgrade -y
yum groupinstall "Development Tools" -y
yum install -y centos-release centos-release-scl centos-release-xen
yum install -y kernel kernel-devel kernel-headers
yum install -y aspell-devel atk autoconf automake bash bash-completion bash-completion-extras bc bind-utils bison bluez-libs-devel boost-program-options bzip2 bzip2-devel ca-certificates clang clang-devel cmake coreutils cronie cronie-anacron crontabs cups-libs curl curl-devel cyrus-imapd cyrus-sasl cyrus-sasl-devel cyrus-sasl-md5 cyrus-sasl-plain deltarpm dh-autoreconf dialog diffutils dos2unix doxygen e2fsprogs e2fsprogs-devel enchant enchant-devel expect expect-devel fftw-libs-double figlet file firewalld flex freetype freetype-devel fribidi gawk gcc gcc-c++ gd gd-devel gdbm-devel gdk-pixbuf2 gettext gettext-devel ghostscript-devel ghostscript-fonts git gl-manpages glances glib2 glib2-devel gmp gmp-devel gperftools gperftools-devel graphviz gtk2 hdparm hicolor-icon-theme htop iftop ilmbase ilmbase-devel imake iotop ipset iptables* jasper-devel jasper-libs jbigkit-devel jbigkit-libs jemalloc jemalloc-devel jpegoptim jq krb5-devel lcms2 lcms2-devel libICE-devel libSM-devel libXaw libXcomposite libXcursor libXdamage-devel libXfixes-devel libXfont libXi libXinerama libXmu libXpm-devel libXrandr libXt-devel libXxf86vm-devel libaio libaio-devel libatomic_ops-devel libc-client libc-client-devel libbsd libbsd-devel libidn2 libidn2-devel libopendkim libopendkim-devel libcurl libcurl-devel libdrm libyaml libyaml-devel libdrm-devel libedit libedit-devel libevent libevent-devel libffi-devel libfontenc libidn libidn-devel libjpeg libjpeg-devel libmcrypt libmcrypt-devel libnghttp2 libnghttp2-devel libpng libpng-devel libraqm librsvg2 libtidy libtidy-devel libtiff libtiff-devel libtool libtool-libs libtool-ltdl-devel libuuid-devel libvpx libvpx-devel libwebp libwebp-devel libwmf-lite libxml2 libxml2-devel libxslt libxslt-devel libxslt-python libzip libzip-devel lsof lua lua-devel lynx lz4 m2crypto mailx make mesa-libGL-devel mesa-libGLU mesa-libGLU-devel mlocate moreutils mtr nano nc ncurses ncurses-devel net-snmp net-snmp-devel net-snmp-libs net-snmp-utils net-tools nghttp2 nload nmap-ncat ntpdate numactl openldap openldap-devel openssh openssl openssl-devel optipng pam pam-devel patch pbzip2 pcre pcre-devel perl-Crypt-SSLeay perl-ExtUtils-Embed perl-ExtUtils-MakeMaker perl-LWP-Protocol-https perl-Net-SSLeay perl-Test-Simple perl-Time-HiRes perl-XML-LibXML perl-XML-LibXSLT perl-libwww-perl pigz pkgconfig pngquant poppler-data pwgen pxz python-devel python2-pip python36u python36u-pip re2c readline readline-devel recode recode-devel rrdtool rsyslog screen strace subversion sudo sysstat t1lib t1lib-devel time tk-devel unzip urw-fonts uuid-devel uw-imap-devel vim vim-minimal virt-what wget which xorg-x11-font-utils xz yum-plugin-fastestmirror yum-plugin-security yum-plugin-versionlock yum-axelget yum-utils zlib zlib-devel GeoIP GeoIP-devel ImageMagick ImageMagick-c++ ImageMagick-c++-devel ImageMagick-devel OpenEXR-devel OpenEXR-libs
yum install -y devtoolset-7-* llvm-toolset-7-* 
yum update && yum upgrade -y

更改系统时间(可选)

sudo timedatectl set-timezone Asia/Shanghai

安装 Nginx

使用 Nginx 官方的仓库,导入 Nginx 的 key

rpm --import http://nginx.org/keys/nginx_signing.key

新建 Nginx 源

cat >> /etc/yum.repos.d/nginx.repo << EOF
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/mainline/centos/7/\$basearch/
gpgcheck=0
enabled=1
EOF

安装 Nginx

yum update -y
yum install nginx -y
nginx -V

为 Nginx 放行防火墙端口(以 firewall 为例)

firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --reload 

安装 PHP

webtatic 源安装 PHP

我们并不会从官方源拉取 PHP,因为官方版本太过于古老,于是我们选择 webtatic 维护的 PHP,安装较新的 PHP7.1

yum install mod_php72w php72w-{cli,bcmath,common,devel,fpm,gd,intl,mbstring,mysqlnd,odbc,opcache,pdo,xml,xmlrpc} -y

修改一下 /etc/php.ini 防止跨站攻击:

sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/php.ini 

开启 php-fpm 服务:

systemctl start php-fpm
systemctl enable php-fpm

创建 php info 测试文件

rm -rf /etc/nginx/conf.d/*
vi /etc/nginx/conf.d/example.conf

写入如下内容:

server {
        listen 80;
        root /usr/share/nginx/html;
        server_name _;
        index index.php index.html index.htm;
        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
}

PHP 测试文件写入为:

cat >> /usr/share/nginx/html/phpinfo.php << EOF
<?php phpinfo(); ?>
EOF

重启 Nginx 并查看 PHP 参数

systemctl restart nginx
systemctl enable nginx

浏览器中打开 http://<YOURIP>/phpinfo.php 即可查看。如果能够打开的话证明之前的安装是成功的。

安装 MySQL

再次安利大家用 Percona Server 代替 MySQLMariadb

增加 Percona Server 的仓库

yum install https://www.percona.com/redir/downloads/percona-release/redhat/latest/percona-release-0.1-6.noarch.rpm

然后安装

yum install Percona-Server-server-57 -y

为了安全考虑,安装过程中是不需要输入 MySQL root 密码的,我们直接启动 MySQL:

systemctl start mysql

然后 root 密码就会放在日志里了

cat /var/log/mysqld.log | grep "temporary password"

返回的结果大致如下:

A temporary password is generated for [email protected]: 123456

最后的那一串就是你的 root 密码啦

重置密码并增强安全性

mysql_secure_installation  

设置如下

[[email protected]]# mysql_secure_installation  

Securing the MySQL server deployment.

Enter password for user root: 

The existing password for the user account root has expired. Please set a new password.

New password: 

Re-enter new password: 

The 'validate_password' plugin is installed on the server.
The subsequent steps will run with the existing configuration
of the plugin.
Using existing password for root.

Estimated strength of the password: 100 
Change the password for root ? ((Press y|Y for Yes, any other key for No) : n

 ... skipping.
By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.

Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done!  

做好初始安全设置后,我们就可以进行创建数据库操作。

新建数据库和用户

  • 首先使用 root 登录 MySQL
mysql -u root -p  
  • 会提示输入密码,输入密码登陆后,创建一个名为 example 的数据库
CREATE DATABASE example DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;  

由于手机端的流行,我们已经不再使用 utf-8 编码,而改用 utf8mb4 这样我们就可以在 MySQL 数据库里储存 emoji 表情了。你甚至可以尝试使用 emoji 作为用户名或者密码。

  • 接着我们创建一个叫做 example_user 的用户,使用强大的密码并且赋予 example_database 数据库权限
GRANT ALL ON example.* TO 'example_user'@'localhost' IDENTIFIED BY '这里改成你要设置的强大的没人能猜出来的随机的密码'; 

终端会提示类似 Query OK, 0 rows affected, 1 warning 不用去管它

  • 然后刷新权限,没问题就可以退出结束安装了
FLUSH PRIVILEGES;
EXIT;    
Last modification:June 13th, 2018 at 11:55 am

Leave a Comment