任务1 安装LAMP,基础配置解析PHP
1. 安装MySQL
cd /usr/local/src //软件压缩包都放在这里方便管理
下载源码包:mysql-5.6.43-linux-glibc2.12-x86_64.tar
所有的源码包都放在此目录下
解压mysql源码包
tar -zxf mysql-5.6.43-linux-glibc2.12-x86_64.tar.gz
安装和配置
(1)、创建MySQL用户
useradd -s /sbin/nologin mysql
(2)、初始化
mkdir -p /data/mysql #创建MySQL数据存储目录
chown -R mysql:mysql /data/mysql #更改权限
(3)、安装
yum install -y perl-Module-Install #安装脚本执行环境perl
(4).配置
cd /usr/local/mysql
./scripts/mysql_install_db --user=mysql --datadir=/data/mysql
如果执行脚本报错
安装 yum -y install autoconf
修改配置文件
cp support-file/my-default.cnf /etc/my.cnf
vim my-default.cnf
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
vim /etc/init.d/mysqld
chown 755 /etc/init.d/mysqld //修改启动脚本文件的属性
直接再后面添加路径
启动MySQL,设置开机自启
chkconfig --add mysql
//把mysql服务加到系统服务列表中
chkconfig mysql on
//开机就启动
service mysql start
//启动服务
查看服务是否启动。 MySQL 3306端口
2.安装Apache
1.解压源码包
2.编译安装
apr和apr-util可以理解为一个通用的函数库,主要是为上层应用提供支持。在这里httpd是依赖apr和apr-util的,如果不安装这两个东西,httpd就无法工作。先来安装apr和apr-util。
①安装apr
检查编译安装结果是否正确 如果输出是0就代表运行正确。
[root@localhost apr-1.6.5]# make && make install
[root@localhost apr-1.6.5]# echo $?
0
②安装apr-util
cd /usr/local/src/apr-util-1.6.1
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
make && make install
如果执行脚本报错(yum install -y expat-devel)
③安装httpd
cd /usr/local/src/httpd-2.4.46
./configure --prefix=/usr/local/apache2.4 --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-so --enable-mods-shared=most
make && make install
查看加载了哪些模块(shared字样的动态共享模块,static以静态形式存在)
④安装PHP
cd /usr/local/src
tar -zxf php-5.6.30.tar.gz
cd php-7.4.19
///为防止配置时出错提前安装库文件
yum install -y libxml2-devel openssl openssl-devel bzip2 bzip2-devel libpng libpng-devel freetype freetype-devel epel-release libmcrypt-devel sqlite-devel
./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache2.4/bin/apxs --with-config-file-path=/usr/local/php/etc --with-mysql=/usr/local/mysql --with-libxml-dir--with-gd --with-jpeg-dir --with-png-dir--with-freetype-dir --with-iconv-dir--with-zlib-dir --with-bz2 --with-openssl--with-mcrypt --enable-soap--enable-gd-native-ttf --enable-mbstring--enable-sockets --enable-exif
make && make install
mkdir /usr/local/php/etc/
cp php.ini-production /usr/local/php/etc/php.ini
⑥httpd解析PHP
编辑httpd的主配置文件
vim /usr/local/apache2.4/conf/httpd.conf
//搜索ServerName,把ServerName www.example.com:80前#去掉
<Directory />
AllowOverride none
Require all denied//将denied改为granted:目的允许所有请求访问
</Directory>
//搜索AddType application/x-gzip .gz .tgz,在下面添加一行 AddType application/x-httpd-php .php;
<IfModule dir_module>
DirectoryIndex index.html (index.php)//后面添加 index.php
</IfModule>
测试安装
① 测试配置文件是否正确
/usr/local/apache2.4/bin/apachectl -t
Syntax OK
/usr/local/apache2.4/bin/apachectl start
//启动httpd命令
测试是否正确解析PHP
//编写一个测试脚本
vim /usr/local/apache2.4/htdocs/1.php
<?
echo “php解析正确”
?>
任务2 Apache配置
1. 默认虚拟主机
vim /usr/local/apache2/conf/httpd.conf //搜索httpd-vhost,去掉#
编辑虚拟主机配置文件
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf //改为如下
创建虚拟主机站点的根目录
mkdir -p /data/wwwroot/aming.com /data/wwwroot/www.123.com
echo "aming.com" > /data/wwwroot/aming.com/index.html
echo "123.com" > /data/wwwroot/www.123.com/index.html
配置验证
[root@localhost ~]# curl -x 127.0.0.1:80 www.aming.com
“www.test0920.com”
[root@localhost ~]# curl -x 127.0.0.1:80 www.123.com
“www.test0920.com”
2.用户认证
vim /usr/local/apache2.4/conf/extra/httpd-vhost.conf
再第二模块修改为:
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
<Directory /data/wwwroot/www.123.com>
AllowOverride AuthConfig
AuthName "www.123.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</Directory>
测试
#htpasswd 为添加用户的工具 -c create 创建 -m 采用md5加密方式 /data/.htpasswd 为密码文件
[root@localhost wwwroot]# /usr/local/apache2.4/bin/htpasswd -cm /data/.htpasswd test
New password:
Re-type new password:
Adding password for user test
# 验证是否成功
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
修改hosts文件
C:\Windows\System32\drivers\etc\hosts
添加一行 :
IP地址 www.123.com
打开浏览器 输入网址 www.123.com
3、配置域名跳转
域名跳转的作用:
1. 一个站点有多个域名会对SEO有影响,说白了就是百度搜索关键词的排名有影响。
2. 如果之前某个域名不再使用了,但是搜索引擎还留着之前老域名的链接,这意味着用户可能会搜索我们的网站,并点击老域名,固需要把老域名做个跳转到新的域名,这样用户搜的时候也可以访问到网站。
2、配置测试
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
修改为一部分
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
ServerAlias 123.com
<IfModule mod_rewrite.c>
RewriteEngine on
rewriteCond %{HTTP_HOST} !^www.123.com$
RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L]
</IfModule>
</VirtualHost>
vim /usr/local/apache2.4/conf/httpd.conf
//LoadModule rewrite_module modules/mod_rewrite.so # 放开这一行注释
```bash
/usr/local/apache2.4/bin/apachectl graceful
//查看模块是否放开
/usr/local/apache2.4/bin/apachectl -M|grep -i rewrite
rewrite_module (shared)
测试状态码返回301 成功
4. 配置访问日志
打开主配置文件,搜索LogFormat可以找到日志文件。 可以根据需要自定义配置文件。
vim /usr/local/apache2.4/conf/httpd.conf
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
# 访问日志
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
ServerAlias 123.com
<IfModule mod_rewrite.c>
RewriteEngine on
rewriteCond %{HTTP_HOST} !^www.123.com$
RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L]
</IfModule>
CustomLog "logs/123.com-access_log" combined
</VirtualHost>
主要是增加这一行
// CustomLog "logs/123.com-access_log" combined
测试
5、访问日志不记录静态文件
配置
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
# 不记录静态文件日志
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
ServerAlias 123.com
<IfModule mod_rewrite.c>
RewriteEngine on
rewriteCond %{HTTP_HOST} !^www.123.com$
RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L]
</IfModule>
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
CustomLog "| /usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.log 86400" combined env=!img
</VirtualHost>
静态文件不记录日志 测试
6、配置静态元素过期时间
浏览器访问网站的图片时会把静态的文件缓存在本地电脑里,这样下次再访问时就不用去远程下载了,这样再次访问该站点速度就会变快。
日志文档当中有304状态码,通常就是静态文件缓存。
1、配置
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
# 配置静态元素过期时间
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
ServerAlias 123.com
<IfModule mod_rewrite.c>
RewriteEngine on
rewriteCond %{HTTP_HOST} !^www.123.com$
RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L]
</IfModule>
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
CustomLog "| /usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.log 86400" combined env=!img
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType image/gif "access plus 1 days"
ExpiresByType image/jpeg "access plus 24 hours"
ExpiresByType image/png "access plus 24 hours"
ExpiresByType text/css "now plus 2 hour"
ExpiresByType application/x-javascript "now plus 2 hours"
ExpiresByType application/javascript "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
</VirtualHost>
vim /usr/local/apache2.4/conf/httpd.conf
//LoadModule expires_module modules/mod_expires.so 放开这一行注释
测试
配置防盗链
防盗链: 就是不让别人盗用你网站上的资源,这个资源通常指的是图片、视频、歌曲、文档等。
1、配置
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
# 防盗链
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
ServerAlias 123.com
CustomLog "| /usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.log 86400" combined
<Directory /data/wwwroot/www.123.com>
SetEnvIfNoCase Referer "http://www.123.com" local_ref
SetEnvIfNoCase Referer "http://123.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
</VirtualHost>
测试
*
访问控制
1、需求介绍
对于一些比较重要的网站内容,除了可以使用用户认证限制访问之外,还可以通过限制IP、user_agent。
限制IP是限制来源IP,限制user_agent,通常是限制恶意或则不正确的请求。
2、配置
配置限制目录
[root@localhost extra]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
# 访问控制
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
ServerAlias 123.com
CustomLog "| /usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.log 86400" combined
<Directory /data/wwwroot/www.123.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
</VirtualHost>
测试
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
禁止解析PHP
1、需求介绍
由于网站可以执行PHP程序,容易让黑客上传PHP代码写的木马,所以为了避免这种情况,我们需要把能上传文件的目录直接禁止解析PHP代码。
2、配置
[root@localhost extra]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
# 禁止解析PHP
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
ServerAlias 123.com
CustomLog "| /usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.log 86400" combined
<Directory /data/wwwroot/www.123.com/upload>
php_admin_flag engine off
</Directory>
</VirtualHost>
3.测试
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
# 创建目录、模拟网站上传目录
[root@localhost extra]# mkdir /data/wwwroot/www.123.com/upload
[root@localhost extra]# cp /usr/local/apache2.4/htdocs/1.php /data/wwwroot/www.123.com/upload/
[root@localhost extra]# curl -x127.0.0.1:80 www.123.com/upload/1.php
<?php
echo "PHP解析正常"
?>
限制user_agent
1、需求介绍
爬虫之类的可以通过user_agent 浏览器标识限制
2、配置
[root@localhost extra]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
# 限制user_agent
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
ServerAlias 123.com
CustomLog "| /usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.log 86400" combined
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} .*baidu.com.* [NC]
RewriteRule .* - [F]
</IfModule>
</VirtualHost>
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
测试
[root@localhost extra]# curl -I -x127.0.0.1:80 www.123.com/upload/1.php
HTTP/1.1 403 Forbidden
Date: Sat, 22 May 2021 15:28:07 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.39
Content-Type: text/html; charset=iso-8859-1
[root@localhost extra]# curl -A "123123" -I -x127.0.0.1:80 www.123.com/upload/1.php
HTTP/1.1 200 OK
Date: Sat, 22 May 2021 15:28:29 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.39
X-Powered-By: PHP/5.6.39
Content-Type: text/html; charset=UTF-8
任务3 LAMP PHP配置
虽然PHP是以httpd一个模块的形式存在的,但是PHP本身也有自己的配置文件。
查看PHP配置文件所在位置
[root@localhost extra]# /usr/local/php/bin/php -i| grep -i "loaded configuration file"
Loaded Configuration File => /usr/local/php/etc/php.ini
PHP Warning: Unknown: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in Unknown on line 0
#这个警告是没有配置时间,编辑配置文件php.ini找到date.time.zone设置即可 Asia/Shanghai
1、PHP的disable_functions
1、需求介绍
PHP有很多内置函数,有些函数会调用会调取Linux系统命令,如果开放会影响系统安全,需要考虑禁用掉。
2、配置
vim /usr/local/php/etc/php.ini //搜索disable_functions
disable_functions = eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close phpinfo
重启生效
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
2.配置error_log
1、PHP的日志对于程序员来说非常重要,是排查问题的重要手段。
2、配置
[root@localhost extra]# vim /usr/local/php/etc/php.ini
log_errors = On
error_log = /var/log/php/php_errors.log
error_reporting = E_ALL & ~E_NOTTICE
display_errors = Off
[root@localhost extra]# mkdir /var/log/php
[root@localhost extra]# chmod 777 /var/log/php
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
测试
[root@localhost extra]# vim /data/wwwroot/www.123.com/test.php
<?php
echo 111
[root@localhost extra]# curl -A "123" -I -x127.0.0.1:80 www.123.com/test.php
HTTP/1.0 500 Internal Server Error
Date: Sat, 22 May 2021 16:10:47 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.39
X-Powered-By: PHP/5.6.39
Connection: close
Content-Type: text/html; charset=UTF-8
# 出现了状态码500 ,说明我们访问的页面是存在错误的,需要查看php 的错误日志
[root@localhost extra]# cat /var/log/php/php_errors.log
[23-May-2021 00:10:47 Asia/Shanghai] PHP Parse error: syntax error, unexpected end of file, expecting ',' or ';' in /data/wwwroot/www.123.com/test.php on line 3
# 通过日志可以判断是test.php第三行少了分号。
541
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
