任务1 安装LAMP,基础配置解析PHP
- 安装MySQL
[root@localhost ~]# cd /usr/local/src
[root@localhost src]# tar -zxvf mysql-5.6.45-linux-glibc2.12-x86_64.tar.gz //解压
[root@localhost src]# mv mysql-5.6.45-linux-glibc2.12-x86_64 /usr/local/mysql //移动到mysql目录下
[root@localhost mysql]# useradd -s /sbin/nologin mysql //建立mysql用户
[root@localhost mysql]# mkdir -p /data/mysql //创建存放数据的一个目录
[root@localhost mysql]# chown -R mysql:mysql /data/mysql // 更改权限,将用户组和用户都设置成mysql
[root@localhost mysql]# ls -al /data/mysql/ //查看所属组
[root@localhost mysql]# yum install -y perl-Module-Install //安装perl环境
[root@localhost mysql]# ./scripts/mysql_install_db --user=mysql --datadir=/data/mysql //定义运行用户和数据库的安装目录
[root@localhost mysql]# cp support-files/my-default.cnf /etc/my.cnf //拷贝配置文件
[root@localhost mysql]# vim /etc/my.cnf //修改配置文件
basedir = /usr/local/mysql //mysql的安装目录
datadir = /data/mysql //存放数据的目录
port = 3306 // MySQL服务监听的端口号
server_id = 132 // 该MySQL服务的ID号
socket = /tmp/mysql.sock // 服务监听的套接字地址
[root@localhost mysql]# cp support-files/mysql.server /etc/init.d/mysqld //拷贝启动脚本
[root@localhost mysql]# vim /etc/init.d/mysqld //修改配置文件
basedir=/usr/local/mysql
datadir=/data/mysql //要与mysql配置文件的内容要对应
[root@localhost mysql]# chkconfig --add mysqld //把mysql服务加到系统服务列表中
[root@localhost mysql]# chkconfig mysqld on //设置开机自启
[root@localhost mysql]# service mysqld start //启动服务
安装成功
2.安装Apache
(1) 安装apr
[root@localhost src]# tar -zxvf apr-1.6.5.tar.gz
[root@localhost src]# tar -zxvf apr-util-1.6.1.tar.gz
[root@localhost src]# tar -zxvf httpd-2.4.49.tar.gz //解压
[root@localhost apr-1.6.5]# yum install -y libtool* //创建libtool库
[root@localhost apr-1.6.5]# ./configure --prefix=/usr/local/apr //编译
[root@localhost apr-1.6.5]# make &&make install //安装
- 安装apr-util
[root@localhost apr-1.6.5]# cd /usr/local/src/apr-util-1.6.1 //切换目录
[root@localhost apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr //编译 安装目录并且依赖apr
[root@localhost apr-util-1.6.1]# yum install -y expat-devel //安装expat库
[root@localhost apr-1.6.5]# ./configure --prefix=/usr/local/apr //编译
[root@localhost apr-util-1.6.1]# make &&make install //安装
- 安装httpd
[root@localhost apr-util-1.6.1]# cd /usr/local/src
[root@localhost src]# cd httpd-2.4.49 //切换目录
[root@localhost httpd-2.4.49]# yum install -y pcre pcre-devel //安装库
[root@localhosthttpd-2.4.49]#./configure --prefix=/usr/local/apache2.4 --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-so --enable-mods-shared=most //编译
// ./configure --prefix=/usr/1ocal/apache2.4
//--perefix指定安装目录
--with-apr=/usr/local/apr
--with-apr-util=/usr/local/apr-util
--enable-so
//--enable-so表示启用DSO
--enable-mods-shared=most
//--enable -mods- shared表示以共享形式安装模块
[root@localhost httpd-2.4.49]# make -j4 && make install // 安装
[root@localhost httpd-2.4.49]# /usr/local/apache2.4/bin/apachectl -M // 查看加载模块
安装成功
3.安装PHP
[root@localhost src]# tar -zxvf php-5.6.30.tar.gz //解压
[root@localhost src]# tar -zxvf php-5.6.30.tar.gz
[root@localhost src]# yum install -y libxml2-devel
[root@localhost src]# yum install -y openssl-devel
[root@localhost src]# yum install -y bzip2 bzip2-devel
[root@localhost src]# yum install -y libpng libpng-devel
[root@localhost src]# yum install -y freetype freetype-devel
[root@localhost src]# yum install -y epel-release
[root@localhost src]# yum install -y libmcrypt-devel //提前安装库文件防止配置时出错
[root@localhost src]# cd php-5.6.30
[root@localhost php-5.6.30]# ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache2.4/bin/apxs --with-config-file-path=/usr/local/php/etc --with-mysql=/usr/local/mysql --with-libxml-dir--with-gd --with-jpeg-dir --with-png-dir--with-freetype-dir --with-iconv-dir--with-zlib-dir --with-bz2 --with-openssl--with-mcrypt --enable-soap--enable-gd-native-ttf --enable-mbstring--enable-sockets --enable-exif //编译
安装完成
[root@localhost php-5.6.30]# cp php.ini-production /usr/local/php/etc/php.ini //复制配置文件
4.httpd解析PHP
[root@localhost ~]# vim /usr/local/apache2.4/conf/httpd.conf 修改httpd主配置文件
- 搜索ServerName,把ServerName www.example.com:80前的#去掉
(2)<Directory />
AllowOverride none
Require all denied
</Directory>
改成:
<Directory />
AllowOverride none
Require all granted
</Directory> //目的允许所有请求访问
(3)
搜索AddType application/x-gzip .gz .tgz,在下面添加一行AddType application/x-httpd-php.php
(4)<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
改成:
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
[root@localhost apache2.4]# /usr/local/apache2.4/bin/apachectl -t //测试配置文件
[root@localhost apache2.4]# /usr/local/apache2.4/bin/apachectl start
[root@localhost apache2.4]# yum install -y net-tools
[root@localhost apache2.4]# netstat -lnp |grep httpd
tcp6 0 0 :::80 :::* LISTEN 5070/httpd
[root@localhost apache2.4]# curl localhost //使用curl命令简单测试
[root@localhost apache2.4]# vim /usr/local/apache2.4/htdocs/1.php //编写一个测试脚本
<?
echo “php解析正确”
?>
任务2 Apache 配置
- 默认虚拟主机
[root@localhost apache2.4]# vim /usr/local/apache2.4/conf/httpd.conf //修改配置
搜索vhosts 把Include conf/extra/httpd-vhosts.conf前#去掉
[root@localhost extra]# cp httpd-vhosts.conf httpd-vhosts.conf-bak //备份配置文件
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/usr/local/apache2.4/docs/abc.com" //虚拟主机站点根目录
ServerName abc.com //自定义网站域名
ServerAlias www.abc.com www.aaa.com //网站第二域名
ErrorLog "logs/abc.com-error_log" //站点错误日志
CustomLog "logs/abc.com-access_log" common //站点访问日志
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache2.4/docs/111.example.com"
ServerName 111.com
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
[root@localhost extra]# cd /usr/local/apache2.4
[root@localhost apache2.4]# mkdir docs
[root@localhost apache2.4]# cd docs/
[root@localhost docs]# mkdir abc.com //根据网站名称,创建网络文件
[root@localhost docs]# mkdir 111.com //根据网站名称,创建网络文件
[root@localhost docs]# cd /usr/local/apache2.4/conf/
[root@localhost conf]# cd extra/
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful //重新加载服务
[root@localhost extra]# cd /usr/local/apache2.4/docs/
[root@localhost docs]# curl -xlocalhost:80 www.abc.com
abc.com
[root@localhost docs]# curl -xlocalhost:80 www.111.com
abc.com
[root@localhost docs]# curl -xlocalhost:80 111.com
111.com111.com111.com111.com111.com111.com111.com111 //测试链接
2.用户认证
[root@localhost local]# cd /usr/local/apache2.4/conf/
[root@localhost conf]# cd extra/ //目录跳转
[root@localhost extra]# vim httpd-vhosts.conf //配置文件
<Directory /usr/local/apache2.4/docs/abc.com>
AllowOverride AuthConfig
AuthName "abc.com user auth"
AuthType Basic
AuthUserFile /usr/local/apache2.4/docs/.htpasswd
require valid-user
</Directory>
[root@localhost abc.com]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK //测试配置文件
[root@localhost abc.com]# /usr/local/apache2.4/bin/apachectl graceful //重新加载文件
[root@localhostextra]#/usr/local/apache2.4/bin/htpasswd-cm/usr/local/apache2.4/docs/.htpasswd abc //创建用户
[root@localhost extra]# curl -xlocalhost:80 abc.com -I
[root@localhost extra]# curl -xlocalhost:80 abc.com -I
3.域名跳转
[root@localhost extra]# vim httpd-vhosts.conf 修改配置
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost docs]# mkdir www.111.com
[root@localhost docs]# cd www.111.com
[root@localhost www.111.com]# vim index.html
[root@localhost www.111.com]# vim 123.php
<?php
echo "www.111.com/123.php";
?>
[root@localhost www.111.com]# cd /usr/local/apache2.4/conf/extra/
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -M | grep -i rewrite //无返回值需修改
[root@localhost extra]# vim /usr/local/apache2.4/conf/httpd.conf
//搜索rewrite,把LoadModule rewrite_module modules/mod_rewrite.so前面#去掉
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -M | grep -i rewrite
rewrite_module (shared) rewrite_module (shared)
[root@localhost extra]# curl -xlocalhost:80 2111.com.cn -I
HTTP/1.1 301 Moved Permanently
Date: Thu, 07 Oct 2021 06:29:31 GMT
Server: Apache/2.4.49 (Unix) PHP/5.6.30
Location: http://www.123.com/
Content-Type: text/html; charset=iso-8859-1
验证成功
4.访问日志
[root@localhost extra]# vim httpd-vhosts.conf //修改配置
CustomLog "logs/abc.com-access_log" common
修改成
CustomLog "logs/abc.com-access_log" combined
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t //验证
Syntax OK
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
[root@localhost extra]# cd /usr/local/apache2.4/logs/
[root@localhost logs]# cat abc.com-access_log //配置验证
5.访问日志不记录静态文件
配置
[root@localhost extra]# vim httpd-vhosts.conf //修改配置文件如下:
增加内容:
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
# CustomLog "logs/www.111.com-access_log" combined env=!img //环境变量的判断
在CustomLog "logs/abc.com-access_log" combined前加#
[root@localhost extra]# cd /usr/local/apache2.4/docs/
[root@localhost docs]# cd www.111.com/
[root@localhost www.111.com]# mkdir images
[root@localhost www.111.com]# cd images
[root@localhost images]# yum install -y lrzsz //安装rz
[root@localhost images]# rz //上传图片(以 .png 形式命名 )
保存配置后,测试配置文件是否正确,没有错误重新加载服务:
[root@localhost images]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost images]# /usr/local/apache2.4/bin/apachectl graceful
配置验证
[root@localhost images]# curl -xlocalhost:80 www.111.com/images/linux.png -I 访问图片
[root@localhost logs]# tailf abc.com-access_log //查看日志
6.访问日记切割
将CustomLog "logs/123.com-access_log" combined env=!img
改为CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/www.111.com-access_%Y%m%d.log 86400" combined env=!img
存配置后,测试配置文件是否正确,没有错误重新加载服务:
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
(2)配置验证
[root@localhost images]# curl -xlocalhost:80 www.111.com -I
[root@localhost images]# ll /usr/local/apache2.4/logs/
[root@localhostimages]#cat/usr/local/apache2.4/logs/www.111.com-access_20210930.log
(3)验证成功
7.静态元素过期时间
配置
[root@localhost extra]# vim httpd-vhosts.conf //修改配置文件如下:
增加内容:
<IfModule mod_expires.c>
ExpiresActive on //打开该功能的开关
ExpiresByType image/gif "access plus 1 days"
ExpiresByType image/jpeg "access plus 24 hours"
ExpiresByType image/png "access plus 24 hours"
ExpiresByType text/css "now plus 2 hour"
ExpiresByType application/x-javascript "now plus 2 hours"
ExpiresByType application/javascript "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
把CustomLog "logs/abc.com-access_log" combined前#删掉
保存配置后,测试配置文件是否正确,没有错误重新加载服务:
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
配置验证
检查httpd是否加载expires模块:
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -M |grep -i expires
[root@localhost extra]# vim /usr/local/apache2.4/conf/httpd.conf //修改配置文件:把LoadModule expires_module modules/mod_expires.so前面#删掉
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -M|grep -i expires
expires_module (shared) //正确加载expires模块
进行测试
[root@localhost images]# curl -xlocalhost:80 www.111.com/images/linux.png -I
完成
8.配置静态防盗链
配置
配置防盗链先编辑主机配置文件:
[root@localhost extra]# vim httpd-vhosts.conf //修改配置文件如下:
增加内容:
<Directory /data/wwwroot/www.111.com>
SetEnvIfNoCase Referer "http://www.111.com" local_ref
SetEnvIfNoCase Referer "http://111.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
保存配置后,测试配置文件是否正确,没有错误重新加载服务:
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
配置验证
[root@localhost conf]# curl -e "http://www.douxue.com/123.php"
9.访问控制-Diretory/FileMatch
[root@localhost extra]# vim httpd-vhosts.conf //修改配置文件如下:
增加内容:
<Directory /usr/local/apache2.4/docs/www.111.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
保存配置后,测试配置文件是否正确,没有错误重新加载服务:
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
配置验证
[root@localhost www.111.com]# curl -x192.168.121.128:80 www.111.com/admin/123.php -I
[root@localhost www.111.com]# curl -x127.0.0.1:80 www.111.com/admin/123.php -I
验证成功
针对文件配置
编辑配置文件:
[root@localhost extra]# vim httpd-vhosts.conf //修改配置文件如下:
增加内容:
<Directory /usr/local/apache2.4/docs/www.111.com>
<filesMatch admin.php(.*)>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</filesMatch>
</Directory>
保存配置后,测试配置文件是否正确,没有错误重新加载服务:
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
配置验证
[root@localhost www.111.com]# curl -x127.0.0.1:80 www.111.com/admin.php -I
[root@localhost www.111.com]# curl -x192.168.121.128:80 www.111.com/admin.php -I
验证成功
10.访问控制-禁止解析PHP
#vim /usr/local/apache2 .4/conf/extra/httpd-vhosts.conf //配置
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/testdomain.com"
ServerName www.testdomain.com
ServerAlias testdomain.com
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.1og 86400"combined
<Directory /data/wwwroot/testdomain.com/upload>
php_admin_flag engine off
</Directory>
</VirtualHost>
检查配置
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
[root@localhost extra] cp /usr/local/apache2 .4/htdocs/1. php /at/wwwroot/www.111.com/upload/
配置验证
11.访问控制-user_agent
[root@localhost extra]# vim httpd-vhosts.conf //修改配置文件如下:
增加内容:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} .*baidu.com.* [NC]
RewriteRule .* - [F]
</IfModule>
保存配置后,测试配置文件是否正确,没有错误重新加载服务:
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
(3)配置验证
[root@localhost www.111.com]# curl -x192.168.121.128:80 www.111.com/upload/123.php
任务3 PHP配置
- PHP基础配置
查看PHP配置文件得位置
[root@localhost www.111.com]# /usr/local/php/bin/php -i |grep -i "loaded configuration file"
[root@localhost www.111.com]# vim /usr/local/php/etc/php.ini
搜索disable_functions,编辑如下:
disable_functions=eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,1eak,popepassthru,stream_socket_server,popen,proc_open,proc_close
定义date.timezone,减少警告:
[root@localhost www.111.com]# vim /usr/local/php/etc/php.ini
找到date.timezone设置如下:
date.timezone =Asia/Shanghai
2.日志相关配置
配置error_log
[root@localhost www.111.com]# vim /usr/local/php/etc/php.ini
搜索log_errors, 改成log_errors=On //记录错误日志//默认开启
搜索error. log,改为error_log = /var/log/php/php_errors.log //记录错误日志目录位置
搜索error_reporting 改为error_reporting = E ALL & ~E_ NOTICE //记录错误日志级别
搜索display_errors,改为display_errors = Off
配置完php.ini,可以额外配置
[root@localhost www.111.com]# mkdir /var/log/php //创建错误日志目录
[root@localhost www.111.com]# chmod 777 /var/log/php //增加权限
[root@localhost www.111.com]# /usr/local/apache2.4/bin/apachectl graceful //重新加载服务
下面做一个演示:
# vim /data/wwwroot、.111.com/test.php
<?php
echo 111
# curl -A "123" -I -x127.0.0.1:80 .111. com/test .php
状态码500
# cat /var/1og/php/php_errors.log
//显示错误日志
3.配置open_basedir
先在php.ini中设置open_basedir:
[root@localhost www.111.com]# vim /usr/local/php/etc/php.ini
搜索open_basedir,改成open_ basedir = /tmp:/usr/local/apache2.4/docs/abc.com
保存配置后,测试配置文件是否正确,没有错误重新加载服务:
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
[root@localhost extra]# cp /usr/local/apache2.4/htdocs/1.php /data/wwwroot/testdomain.com/
[root@localhost extra]# curl -xlocalhost:80 -I 111.com/1.php
4.虚拟主机配置open_basedir
[root@localhost extra]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/testdomain.com"
ServerName www.testdomain.com
ServerAlias testdomain.com
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.1og 86400"combined
php_admin_value open_basedir "/data/wwwroot/testdomain.com/:/tmp/"
</VirtualHost>
//起作用的是php_admin_value,它定义了php.ini的参数
保存配置后,测试配置文件是否正确,没有错误重新加载服务:
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
任务4 PHP扩展模块安装
保存配置后,测试配置文件是否正确,没有错误重新加载服务:
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
任务四 PHP扩展模块安装
[root@localhost apache2.4]# /usr/local/php/bin/php -m //查看PHP加载了哪些模块
[root@localhost apache2.4]# cd /usr/local/src
[root@localhost src]# wget http://pecl.php.net/get/redis-2.2.5.tgz
[root@localhost src]# ls -al
[root@localhost src]# tar -zxvf redis-2.2.5.tgz
[root@localhost src]# mv redis-2.2.5 phpredis-develop
[root@localhost src]# cd phpredis-develop
[root@localhost phpredis-develop]# yum install -y autoconf
[root@localhost phpredis-develop]# /usr/local/php/bin/phpize
Configuring for:
PHP Api Version: 20131106
Zend Module Api No: 20131226
Zend Extension Api No: 220131226
[root@localhost phpredis-develop]#./configure --with-php-config=/usr/local/php/bin
/php-config
[root@localhost phpredis-develop]# make -j4 && make install
// make install时候编译好的就会放在这个目录里
[root@localhost phpredis-develop]# vim /usr/local/php/etc/php.ini
extension = redis.so //增加一行配置(可以放在文件最后一行)
[root@localhost phpredis-develop]# /usr/local/php/bin/php -m |grep redis //查看是否加载了redis模块