架设www服务器

最新推荐文章于 2021-05-09 12:20:04 发布

枕上白发w

最新推荐文章于 2021-05-09 12:20:04 发布

阅读量1.8k

点赞数

分类专栏： Linux

本文链接：https://blog.csdn.net/w1043545633/article/details/79339509

版权

Linux 专栏收录该内容

6 篇文章 0 订阅

订阅专栏

linux版本为Centos7

系统中没有安装httpd、php、php-mysql、mysql，以及mariadb，但已经安装mariadb-libs，/etc/文件夹中存在my.cnf，配置如下：

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd

[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid

#
# include all files from the config directory
#
!includedir /etc/my.cnf.d

决定先不卸载mariadb-libs，直接安装httpd、php、php-mysql以及mysql

[root@bogon etc]# yum info mariadb-libs

接下来安装mysql：
1、在官网上下载压缩包mysql57-community-release-el7-8.noarch.rpm ，并配置YUM源

[root@bogon local]# yum localinstall /usr/local/mysql57-community-release-el7-8.noarch.rpm

检查mysql源是否安装成功

[root@bogon local]# yum repolist enabled | grep "mysql.*-community.*"
mysql-connectors-community/x86_64        MySQL Connectors Community           45
mysql-tools-community/x86_64             MySQL Tools Community                57
mysql57-community/x86_64                 MySQL 5.7 Community Server          247

2、安装mysql

[root@bogon local]# yum install mysql-community-server

3、安装完成后，查看/etc/my.cnf配置文件：

# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html

[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock

# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

Apache的基本设定：

1、设定测试用主机名为localhost且在/etc/hosts内需要有一行：

[root@www ~]# vim /etc/hosts
127.0.0.1   localhost.localdomain localhost

本系统内/etc/hosts文件配置如下：

27.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

因此不做改动

启动www服务器：

[root@bogon mysql]# service httpd start

查看www服务器状态：

[root@bogon mysql]# service httpd status
Redirecting to /bin/systemctl status httpd.service
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since 二 2018-02-20 14:16:34 CST; 1min 10s ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 12951 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─12951 /usr/sbin/httpd -DFOREGROUND
           ├─12952 /usr/sbin/httpd -DFOREGROUND
           ├─12953 /usr/sbin/httpd -DFOREGROUND
           ├─12954 /usr/sbin/httpd -DFOREGROUND
           ├─12955 /usr/sbin/httpd -DFOREGROUND
           └─12957 /usr/sbin/httpd -DFOREGROUND

2月 20 14:16:33 bogon systemd[1]: Starting The Apache HTTP Server...
2月 20 14:16:33 bogon httpd[12951]: AH00558: httpd: Could not reliably determine the server's fully qualified d...essage
2月 20 14:16:34 bogon systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.

查询本机ip地址：

[root@bogon mysql]# ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.109  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::e83:d7e7:1e7e:e315  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:db:fe:5a  txqueuelen 1000  (Ethernet)
        RX packets 414227  bytes 595010287 (567.4 MiB)
        RX errors 34  dropped 41  overruns 0  frame 0
        TX packets 204165  bytes 12230973 (11.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 19  base 0x2000  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:ed:a6:7e  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

使用浏览器打开网址“http://192.168.0.109/”，页面如下：
这里写图片描述

即为Apache服务器正常运行。

测试php模组是否正常运行：

1、在/var/www/html内建立一个测试档案：

[root@bogon mysql]# vim /var/www/html/phpinfo.php
<?php  phpinfo ();  ?>

<?php ... ?> 是嵌入在 HTML 檔案內的 PHP 程式語法，在這兩個標籤內的就是 PHP 的程式碼。phpinfo(); 是 PHP 程式提供的一個函式庫，這個函式庫可以顯示出 WWW 伺服器內的相關服務資訊，包括主要的 Apache 資訊與 PHP 資訊等等。

2、使用浏览器打开网址“http://192.168.0.109/phpinfo.php”，页面如下：

这里写图片描述

即为php模组启动成功。

mysql基本设定

1、启动mysql服务：

[root@bogon mysql]# service mysqld start
Redirecting to /bin/systemctl start mysqld.service

2、查看mysql运行状态：

[root@bogon mysql]# service mysqld status
Redirecting to /bin/systemctl status mysqld.service
● mysqld.service - MySQL Server
   Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
   Active: active (running) since 三 2018-02-21 18:41:02 CST; 5min ago
     Docs: man:mysqld(8)
           http://dev.mysql.com/doc/refman/en/using-systemd.html
  Process: 1686 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=0/SUCCESS)
  Process: 1164 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
 Main PID: 1689 (mysqld)
   CGroup: /system.slice/mysqld.service
           └─1689 /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mys...

2月 21 18:40:35 bogon systemd[1]: Starting MySQL Server...
2月 21 18:41:02 bogon systemd[1]: Started MySQL Server.

3、使用mysql的管理员账号root（与Linux的root无关）登录mysql，默认情况下刚刚初始化的root账号应该是没有密码的。

[root@bogon ~]# mysql -u root
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
[root@bogon ~]# mysqladmin -u root password 'xueyw123456'
mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'root'@'localhost' (using password: NO)'

发现无法登录mysql，尝试通过免密方式登录：修改my.cnf文件，在[mysqld]下添加skip-grant-tables

# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html

[mysqld]
skip-grant-tables
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock

重启mysql，再次尝试以root登录

[root@bogon ~]# service mysqld restart
Redirecting to /bin/systemctl restart mysqld.service
[root@bogon ~]# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.21 MySQL Community Server (GPL)

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

登录mysql后尝试修改root密码，出现No database selected错误，发现需要选择mysql数据库。

mysql> update user set password=password("xueyw123456") where user="root" and host="localhost";
ERROR 1046 (3D000): No database selected
mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

选择mysql数据库后再次修改密码，出现Unknown column 'password' in 'field list'错误。

mysql> update user set password=password("xueyw123456") where user="root" and host="localhost";
ERROR 1054 (42S22): Unknown column 'password' in 'field list'

查阅资料得知原来是mysql数据库下已经没有password这个字段了，password字段变为authentication_string。

mysql> update mysql.user set authentication_string=password('xueyw123456') where user='root';
Query OK, 1 row affected, 1 warning (0.11 sec)
Rows matched: 1  Changed: 1  Warnings: 1

修改密码后将my.cnf文件中的skip-grant-tables删掉，并重启mysql。

[root@bogon ~]# service mysqld restart
Redirecting to /bin/systemctl restart mysqld.service
[root@bogon ~]# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.21

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

输入修改过的密码登录成功。

防火墙与SELinux规则设定

centos7版本对防火墙进行加强,不再使用原来的iptables,启用firewall

1、查看已开放端口（默认不开放任何端口）

[root@bogon~]# firewall-cmd --list-ports

2、开放80端口

firewall-cmd –zone=public(作用域) –add-port=80/tcp(端口和访问类型) –permanent(永久生效)

[root@bogon sysconfig]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success

3、重启防火墙

[root@bogon sysconfig]# firewall-cmd --reload
success

4、查看80端口是否开放

[root@bogon~]# firewall-cmd --list-ports
80/tcp

5、停止防火墙

[root@bogon ~]# service firewalld stop
Redirecting to /bin/systemctl stop firewalld.service

5、删除端口

[root@bogon~]# firewall-cmd --zone=public --remove-port=80/tcp --permanent

6.SElinux设定

[root@bogon~]# getsebool -a | grep httpd  
[root@bogon~]# setsebool -P httpd_can_network_connect=1

测试外部客户端能否连接服务器

1、在/var/www/html中创建测试页index.html

<!DOCTYPE html>
<html>
<head>
</head>
<body>
<p>This is my HOme page</p>
</body>
</html>

2、在客户端使用浏览器打开http://192.168.0.112/发现无法读取，检查/var/log/httpd/error_log以及/var/log/messages的内容：

[root@bogon html]# tail /var/log/httpd/error_log 
[Thu Feb 22 12:04:39.801041 2018] [core:error] [pid 6314] (13)Permission denied: [client 192.168.0.110:49965] AH00035: access to /index.html denied (filesystem path '/var/www/html/index.html') because search permissions are missing on a component of the path

[root@bogon html]# tail /var/log/messages
Feb 22 12:04:38 localhost setroubleshoot: SELinux is preventing /usr/sbin/httpd from getattr access on the file /var/www/html/index.html. For complete SELinux messages run: sealert -l ed15e89e-3fd6-4bd9-9a6c-5ce6ad18cf8c
Feb 22 12:04:38 localhost python: SELinux is preventing /usr/sbin/httpd from getattr access on the file /var/www/html/index.html.#012#012*****  Plugin restorecon (99.5 confidence) suggests   ************************#012#012If you want to fix the label. #012/var/www/html/index.html default label should be httpd_sys_content_t.#012Then you can run restorecon.#012Do#012# /sbin/restorecon -v /var/www/html/index.html#012#012*****  Plugin catchall (1.49 confidence) suggests   **************************#012#012If you believe that httpd should be allowed getattr access on the index.html file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'httpd' --raw | audit2allow -M my-httpd#012# semodule -i my-httpd.pp#012

3、按照提示执行

[root@bogon html]# ausearch -c 'httpd' --raw | audit2allow -M my-httpd
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i my-httpd.pp

[root@bogon html]# semodule -i my-httpd.pp

4、在客户端打开http://192.168.0.112/，读取成功。

这里写图片描述

Apache模块配置：

1、安装mod_perl和mod_python：

使用yum搜索如下

[root@bogon modules]# yum search mod_perl
已加载插件：fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.163.com
================================ 匹配：mod_perl ================================
perl-CGI.noarch : Handle Common Gateway Interface requests and responses
perl-IO-Socket-SSL.noarch : Perl library for transparent SSL

[root@bogon modules]# yum search mod_python
已加载插件：fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.163.com
=============================== 匹配：mod_python ===============================
mod_wsgi.x86_64 : A WSGI interface for Python web applications in Apache

安装模块：

[root@bogon modules]# yum install perl-CGI.noarch mod_wsgi.x86_64

2、Options参数设定：

编辑/etc/httpd/conf/httpd.conf ，找到#AddHandler cgi-script .cgi，把前边的#去掉，然后在.cgi后面加上.pl

    # AddHandler allows you to map certain file extensions to "handlers":
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action directive (see below)
    #
    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    AddHandler cgi-script .cgi .pl

3、开放某个目录的CGI执行权限：

    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    AddHandler cgi-script .cgi .pl

    <Directory "/var/www/html/cgi">
      Options +ExecCGI
      AllowOverride None
      Order allow,deny
      Allow from all
    </Directory>

4、重启apache，接下來只要CGI 程式具有 x 權限即可执行。示例如下：

[root@bogon ~]# mkdir /var/www/html/cgi
[root@bogon ~]# vim /var/www/html/cgi/helloworld.pl

#!/usr/bin/perl
print "Content-type:text/html\r\n\r\n";
print "Hello, World.";

[root@bogon ~]# chmod a+x /var/www/html/cgi/helloworld.pl

5、在浏览器中输入http://192.168.0.112/cgi/helloworld.pl查看网页，但显示 500 Internal Server Error。

6、查看错误日志显示如下：

[root@bogon ~]#tail /var/log/httpd/error_log 
[Fri Feb 23 12:13:27.770662 2018] [cgi:error] [pid 3668] [client 192.168.0.110:52536] AH01215: (13)Permission denied: exec of '/var/www/html/cgi/helloworld.pl' failed

7、查询资料（https://serverfault.com/questions/691501/apache-permission-denied-exec-of-var-www-html-cgi-test-first-pl-failed）得知是SELinux阻止在一个非标准的目录中从apache内部运行CGI脚本。

8、使用以下命令检查cgi-bin目录策略：

[root@bogon ~]# semanage fcontext --list | grep cgi-bin
/var/www/[^/]*/cgi-bin(/.*)?                       all files          system_u:object_r:httpd_sys_script_exec_t:s0 
/var/www/html/[^/]*/cgi-bin(/.*)?                  all files          system_u:object_r:httpd_sys_script_exec_t:s0 
/usr/lib/cgi-bin(/.*)?                             all files          system_u:object_r:httpd_sys_script_exec_t:s0 
/var/www/cgi-bin(/.*)?                             all files          system_u:object_r:httpd_sys_script_exec_t:s0 
/usr/lib/mailman.*/cgi-bin/.*                      regular file       system_u:object_r:mailman_cgi_exec_t:s0 
/usr/lib/cgi-bin/(nph-)?cgiwrap(d)?                regular file       system_u:object_r:httpd_suexec_exec_t:s0 
/var/www/cgi-bin/munin.*                           all files          system_u:object_r:munin_script_exec_t:s0 
/var/www/cgi-bin/apcgui(/.*)?                      all files          system_u:object_r:apcupsd_cgi_script_exec_t:s0 
/usr/lib/dirsrv/cgi-bin(/.*)?                      all files          system_u:object_r:dirsrvadmin_script_exec_t:s0 
...

这意味着，在apache标准的cgi-bin目录中创建的每个文件都将被自动授予SELinux类型httpdsysscriptexect，并且可由httpd执行。

9、将/var/www/html/cgi添加到以上类型中：

[root@bogon ~]# semanage fcontext -a -t httpd_sys_script_exec_t "/var/www/html/cgi(/.*)?"
[root@bogon ~]# restorecon -R -v /var/www/html/cgi/
restorecon reset /var/www/html/cgi context unconfined_u:object_r:httpd_sys_content_t:s0->unconfined_u:object_r:httpd_sys_script_exec_t:s0
restorecon reset /var/www/html/cgi/helloworld.pl context unconfined_u:object_r:httpd_sys_content_t:s0->unconfined_u:object_r:httpd_sys_script_exec_t:s0

10、查看是否添加成功：

[root@bogon ~]# semanage fcontext --list | grep cgi
...
/var/www/html/cgi(/.*)?                            all files          system_u:object_r:httpd_sys_script_exec_t:s0 
...

11、在浏览器中输入网址http://192.168.0.112/cgi/helloworld.pl，成功看到Helloworld页面。

.htaccess设定：

1、建立保护目录资料：

[root@bogon ~]# mkdir /var/www/html/protect
[root@bogon ~]# vim /var/www/html/protect/index.html
<html>
<head><title>This is a page for test</title></head>
<body>If you see this page, you can enter this protected page.
</body>
</html>

2、以root身份更改httpd.conf设定

[root@localhost ~]# vim /etc/httpd/conf/httpd.conf 
#确保下面这几行是存在的：
AccessFileName .htaccess
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>

#在某个不受影响的地方加入这一段：
<Directory "/var/www/html/protect">
    AllowOverride AuthConfig
    Order allow,deny
    Allow from all
</Directory>

实际操作中发现/etc/httpd/conf/httpd.conf中存在下面这几行：

# The following lines prevent .htaccess and .htpasswd files from being 
# viewed by Web clients. 
#
<Files ".ht*">
    Require all denied
</Files>

决定只添加目录权限（即上述第二段）。

3、建立保护目录下的.htaccess档案：

[root@localhost protect]# vim .htaccess
#加入下面这几行
AuthName  "Protect test by .htacess"
Authtype  Basic
AuthUserFile /var/www/apache.passwd
require user test

设定好后立即生效，不需要重启apache。

4、建立密码档案htapasswd

#htpasswd用法为：
[root@localhost ~]htpasswd [-cmdD] 密碼檔檔名 使用者帳號
#1.建立apache.passwd，账号为test
[root@localhost ~]# htpasswd -c /var/www/apache.passwd test
New password:
Re-type new password: 
Adding password for user test
[root@localhost ~]# cat /var/www/apache.passwd 
test:$apr1$1L/fsMAt$M10oKS9OtBtbEQebnEbw20

#2、在已经存在的apache.passwd内增加test1这个账号：
[root@localhost ~]# htpasswd  /var/www/apache.passwd test1
New password: 
Re-type new password: 
Adding password for user test1

再次强调，这个档案档名需要与.htaccess内的AuthUserFile相同，且不要放在浏览器可以浏览到的目录。

5、测试

使用浏览器打开http://172.16.150.151/protect/，发现无需认证登陆可以直接浏览网页。

于是在httpd.conf设定档中添加如下几行：

# The following lines prevent .htaccess and .htpasswd files from being 
# viewed by Web clients. 
#
<Files ".ht*">
    Require all denied
</Files>

AccessFileName .htaccess
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>

再次打开网页发现设定生效，需要认证才能浏览网页。

常用登陆档分析软件：

①webalizer

1、在官网上http://www.webalizer.org/download.html下载源码包，解压缩：

[root@localhost softwares]# tar -jxvf webalizer-2.23-08-src.tar.bz2

2、在编译过程中发现需要安装zlib，在官网上http://www.zlib.net/下载源码包，解压缩、编译：

[root@localhost local]# mv /softwares/zlib-1.2.11.tar.gz
[root@localhost local]# tar -zxvf zlib-1.2.11.tar.gz 
[root@localhost local]# mv zlib-1.2.11 zlib
[root@localhost zlib]# cd zlib
[root@localhost zlib]# ./configure 
[root@localhost zlib]# make
[root@localhost zlib]# make install

3、配置zlib的系统文件：

[root@localhost lib]# vim /etc/ld.so.conf.d/zlib.conf
#在文件中添加一行
/usr/local/zlib
#加载配置好的文件
[root@localhost lib]# ldconfig

4、继续编译webalizer，发现错误：

configure: error: png library not found.. please install libpng

尝试使用yum安装libpng：

[root@localhost webalizer-2.23-08]# yum install libpng.x86_64
#显示libpng.x86_64已经被安装，
[root@localhost webalizer-2.23-08]# yum install libpng-devel.x86_64

5、继续编译webalizer，发现错误：

configure: error: gd library not found.. please install libgd

尝试使用yum安装libgd：

[root@localhost webalizer-2.23-08]# yum install libgdata.x86_64
#显示libgdata.x86_64已经被安装
[root@localhost webalizer-2.23-08]# yum install libgdata-devel.x86_64 libgdither-devel.x86_64 compat-libgdata13.x86_64
#仍然显示错误，需要安装libgd