CentOS_5配置Apache2011-0520
CentOS 5配置Apache+php+mysql的详细说明
[链接] https://www.360docs.net/doc/66340967.html,/a/view/9695.html
本文测试环境为CentOS 5.6 X86_64,如果使用Red Hat AS3/4则不能使用yum命令管理rpm包。一.系统约定
软件源代码包存放位置/usr/local/src
源码包编译安装位置(prefix) /usr/local/software_name
脚本以及维护程序存放位置/usr/local/sbin
MySQL 数据库位置/var/lib/mysql此处修改为/data/dbdata
Apache 网站根目录/home/www/wwwroot此处修改为/data/www
Apache 虚拟主机日志根目录/home/www/logs
Apache 运行帐户www:www
二.系统环境部署及调整
1.检查系统是否正常
# more /var/log/messages (检查有无系统级错误信息)
# dmesg(检查硬件设备是否有错误信息)
# ifconfig(检查网卡设置是否正确)
# ping https://www.360docs.net/doc/66340967.html, (检查网络是否正常)
2.关闭不需要的服务
# ntsysv
以下仅列出需要启动的服务,未列出的服务一律关闭:
atd
crond
irqbalance
microcode_ctl
network
sendmail
sshd
syslog
3.重新启动系统
# init 6 或者reboot
4.配置vim
# vi /root/.bashrc
在alias mv='mv -i' 下面添加一行:alias vi='vim' 保存退出。
# echo 'syntax on' > /root/.vimrc
5.使用yum程序安装所需软件包(以下为标准的RPM包名称)
# yum install ntp vim-enhanced gccgcc-c++ flex bison autoconfautomake bzip2-devel ncurses-devellibjpeg-devellibpng-devellibtiff-develfreetype-devel pam-devel kernel
# yum install gccgcc-c++ flex bison autoconfautomake bzip2-devel
zlib-develncurses-devellibjpeg-devellibpng-devellibtiff-develfreetype-devel
pam-developenssl-devel libxml2-devel gettext-develpcre-devel
【引用】https://www.360docs.net/doc/66340967.html,/2007/12/27/centos-www.html
整合后
# yum install ntp vim-enhanced gccgcc-c++ flex bison autoconfautomake bzip2-devel zlib-develncurses-devellibjpeg-devellibpng-devellibtiff-develfreetype-devel
pam-developenssl-devel libxml2-devel gettext-develpcre-devel kernellibtool
6.定时校正服务器时钟,定时与中国国家授时中心授时服务器同步
# crontab -e
加入一行:
*/30 * * * * ntpdate 210.72.145.44
7.源代码编译安装所需包
(1) GD2
# cd /usr/local/src
编译出错,解决方法
yum install libtool*
解决办法:
wgethttps://www.360docs.net/doc/66340967.html,/pub/gnu/gettext/gettext-0.18.1.1.tar.gz
tar zvxf gettext-0.17.tar.gz
cd gettext-0.17
./configure
引用:https://www.360docs.net/doc/66340967.html,/hywpinbo/archive/2009/06/01/4232323.aspx
# tar xzvf gd-2.0.34.tar.gz
# cd gd-2.0.34
# ./configure --prefix=/usr/local/gd2
# make
# make install
(2) LibXML2
# cd /usr/local/src
wgetftp://https://www.360docs.net/doc/66340967.html,/libxml2/libxml2-2.7.8.tar.gz
# tar xzvf libxml2-2.6.29.tar.gz
# cd libxml2-2.6.29
# ./configure --prefix=/usr/local/libxml2
# make
# make install
(3) LibMcrypt
# cd /usr/local/src
#wget https://www.360docs.net/doc/66340967.html,/sourceforge/mcrypt/libmcrypt-2.5.8.tar.bz2 新增mcrypt-2.6.8.tar.gz
# tar xjvf libmcrypt-2.5.8.tar.bz2
# cd libmcrypt-2.5.8
# ./configure –prefix=/usr/local/libmcrypt
# make
# make install
64位
ln -s /usr/local/libmcrypt/lib/libmcrypt.so /usr/lib64/libmcrypt.so
ln -s /usr/local/libmcrypt/lib/https://www.360docs.net/doc/66340967.html, /usr/lib64/https://www.360docs.net/doc/66340967.html,
ln -s /usr/local/libmcrypt/lib/libmcrypt.so.4 /usr/lib64/libmcrypt.so.4
ln -s /usr/local/libmcrypt/lib/libmcrypt.so.4.4.8 /usr/lib64/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib64/libmhash.a
ln -s /usr/local/lib/https://www.360docs.net/doc/66340967.html, /usr/lib64/https://www.360docs.net/doc/66340967.html,
ln -s /usr/local/lib/libmhash.so /usr/lib64/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib64/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib64/libmhash.so.2.0.1
ln -s /usr/local/libmcrypt/bin/libmcrypt-config /usr/bin/libmcrypt-config
【引用】https://www.360docs.net/doc/66340967.html,/php-mcrypt-code-source.html
(4) Apache 日志截断程序
# cd /usr/local/src
# wget https://www.360docs.net/doc/66340967.html,/download/cronolog-1.6.2.tar.gz
# tar xzvf cronolog-1.6.2.tar.gz
# cd cronolog-1.6.2
# ./configure –prefix=/usr/local/cronolog
# make
# make install
8.升级OpenSSL和OpenSSH
# cd /usr/local/src
# wget https://www.360docs.net/doc/66340967.html,/source/openssl-0.9.8e.tar.gz
wget https://www.360docs.net/doc/66340967.html,/source/openssl-1.0.0c.tar.gz wgethttps://www.360docs.net/doc/66340967.html,/source/openssl-1.0.0d.tar.gz
wgethttps://www.360docs.net/doc/66340967.html,/pub/openssh/openssh-5.8.tar.gz
# tar xzvf openssl-0.9.8e.tar.gz
# cd openssl-0.9.8e
# ./config --prefix=/usr/local/openssl
# make
# make test
# make install
# cd ..
# tar xzvf openssh-4.6p1.tar.gz
# cd openssh-4.6p1
# ./configure \
"--prefix=/usr" \
"--with-pam" \
"--with-zlib" \
"--sysconfdir=/etc/ssh" \
"--with-ssl-dir=/usr/local/openssl" \
"--with-md5-passwords"
./configure --prefix=/usr --with-pam --with-zlib --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl --with-md5-passwords
# make
# make install
(1)禁用SSH V1 协议
vi /etc/ssh/ssh_config
找到:
#Protocol 2,1
改为:
Protocol 2
(2)禁止root直接登录
此处先建立一个普通系统用户:
# useradd username
# passwd username
找到:
#PermitRootLogin yes
改为:
PermitRootLogin no
(3)禁用服务器端GSSAPI
找到以下两行,并将它们注释:
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
(4)禁用DNS 名称解析
找到:
#UseDNS yeas
改为:
UseDNS no
(5)禁用客户端GSSAPI
# vi /etc/ssh/ssh_config
找到:
GSSAPIAuthentication yes
将这行注释掉。
最后,确认修改正确后重新启动SSH 服务
# servicesshd restart
# ssh -v
确认OpenSSH以及OpenSSL版本正确。
三、编译安装L.A.M.P环境
1. 下载软件
# cd /usr/local/src
# wget https://www.360docs.net/doc/66340967.html,/httpd/httpd-2.2.4.tar.bz2 wget https://www.360docs.net/doc/66340967.html,/apache/httpd/httpd-2.3.8.tar.gz
# wget https://www.360docs.net/doc/66340967.html,/env/mysql-5.0.27.tar.gz wgethttps://www.360docs.net/doc/66340967.html,/get/Downloads/MySQL-5.5/mysql-5.5.8.tar.gz wgethttps://www.360docs.net/doc/66340967.html,/archives/mysql-5.1/mysql-5.1.56.tar.gz 官方文档安装:
# Preconfiguration setup
shell>groupaddmysql
shell>useradd -g mysqlmysql
# Beginning of source-build specific instructions
shell> tar zxvf mysql-VERSION.tar.gz
shell> cd mysql-VERSION
shell>cmake .
shell> make
shell> make install
# End of source-build specific instructions
# Postinstallation setup
shell> cd /usr/local/mysql
shell>chown -R mysql .
shell>chgrp -R mysql .
shell> scripts/mysql_install_db --user=mysql
shell>chown -R root .
shell>chown -R mysqlvar
shell>cp support-files/https://www.360docs.net/doc/66340967.html,f /etc/https://www.360docs.net/doc/66340967.html,f #optional
shell> bin/mysqld_safe --user=mysql&
shell>cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql.server # Optional
官方文档end
# wget https://www.360docs.net/doc/66340967.html,/distributions/php-5.2.3.tar.bz2
升级php-5.3.4.tar.bz2
#wget
https://www.360docs.net/doc/66340967.html,/zend/optimizer/3.3.0/ZendOptimizer-3.3.0-linux-glibc21-i386.tar .gz
2. 编译安装MySQL
wget https://www.360docs.net/doc/66340967.html,/files/v2.8/cmake-2.8.4.tar.gz
tarzxvfcmake-2.8.4.tar.gz
cd cmake-2.8.4
./bootstrap
make
make install
tarzxvf mysql-5.5
# Preconfiguration setup
shell>groupaddmysql
shell>useradd -r -g mysqlmysql
# Beginning of source-build specific instructions
shell> tar zxvf mysql-VERSION.tar.gz
shell> cd mysql-VERSION
shell>cmake .
shell> make
shell> make install
# End of source-build specific instructions
# Postinstallation setup
shell> cd /usr/local/mysql
shell>chown -R mysql .
shell>chgrp -R mysql .
#shell> scripts/mysql_install_db --user=mysql
shell>mkdir -p /data/mysqldb /data/mysqllogs
shell>chown -R mysql:mysql /data/mysqldb /data/mysqllogs
shell> scripts/mysql_install_db --basedir=/usr/local/mysql --datadir=/data/mysqldb --user=mysql #shell>chown -R root .
#shell>chown -R mysql data
# Next command is optional
shell>cp support-files/https://www.360docs.net/doc/66340967.html,f /etc/https://www.360docs.net/doc/66340967.html,f
shell> vi /etc/https://www.360docs.net/doc/66340967.html,f
添加
basedir = /usr/local/mysql
datadir = /data/mysqldb
log-error = /data/mysqllogs/mysql_error.log
pid-file = /data/mysqllogs/mysql.pid
shell> bin/mysqld_safe --user=mysql&
# Next command is optional
shell>cp support-files/mysql.server /etc/init.d/mysql.server
# tar xzvf mysql-5.0.27.tar.gz
# cd mysql-5.0.27
# ./configure \
"--prefix=/usr/local/mysql" \
"--localstatedir=/var/lib/mysql" \ (注意:/var分区是否适合?)
"--with-comment=Source" \
"--with-server-suffix=-Comsenz" \
"--with-mysqld-user=mysql" \
"--without-debug" \
"--with-big-tables" \
"--with-charset=" \ (此处设置MySQL默认字符集)
"--with-collation= " \ (此处设置MySQL校正字符集)
"--with-extra-charsets=all" \
"--with-pthread" \
"--enable-static" \
"--enable-thread-safe-client" \
"--with-client-ldflags=-all-static" \
"--with-mysqld-ldflags=-all-static" \
"--enable-assembler" \
"--without-isam" \
"--without-innodb" \
"--without-ndb-debug"
# make
# make install
# useraddmysql
# cd /usr/local/mysql
# bin/mysql_install_db --user=mysql
# chown -R root:mysql .
# chown -R mysql /var/lib/mysql
# cp share/mysql/https://www.360docs.net/doc/66340967.html,f /etc/https://www.360docs.net/doc/66340967.html,f
# cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld
# chmod 755 /etc/rc.d/init.d/mysqld
# chkconfig --add mysqld
# chkconfig --level 3 mysqld on
# /etc/rc.d/init.d/mysqld start
# bin/mysqladmin -u root password 'password_for_root'
3. 编译安装Apache
# cd /usr/local/src
# tar xjvf httpd-2.2.4.tar.bz2
# cd httpd-2.2.4
# ./configure \
"--prefix=/usr/local/apache2" \
"--with-included-apr" \
"--enable-so" \
"--enable-deflate=shared" \
"--enable-expires=shared" \
"--enable-rewrite=shared" \
"--enable-static-support" \
"--disable-userdir"
# make
# make install
# echo '/usr/local/apache2/bin/apachectl start ' >> /etc/rc.local
--
./configure --prefix=/usr/local/apache2 --with-included-apr --enable-so --enable-deflate=shared --enable-expires=shared --enable-rewrite=shared --enable-static-support --disable-userdir
--
./configure --prefix=/usr/local/apache2 --with-included-apr --with-mysql=/usr/local/mysql
--enable-so --enable-deflate=shared --enable-expires=shared --enable-rewrite=shared
--enable-static-support --disable-userdir
20110523更新
./configure --prefix=/usr/local/apache2 --enable-modules=all --enable-mods-shared=all
--with-mysql=/usr/local/mysql --enable-cache --enable-file-cache --enable-mem-cache
--enable-disk-cache --enable-static-support --enable-static-htpasswd
--enable-static-htdigest--enable-static-rotatelogs --enable-static-logresolve --enable-static-htdbm --enable-static-ab --enable-static-checkgid --disable-cgid --disable-cgi --with-apr=/usr/local/apr/ --with-apr-util=/usr/local/apr-util/ --with-ssl=/usr/local/openssl --with-pcre=/usr/bin/pcre-config --enable-so --enable-deflate --enable-expires --enable-rewrite --enable-static-support
--disable-userdir
4. 编译安装PHP
# cd /usr/local/src
# tar xjvf php-5.2.3.tar.bz2
# cd php-5.2.3
# ./configure \
"--prefix=/usr/local/php" \
"--with-apxs2=/usr/local/apache2/bin/apxs" \
"--with-config-file-path=/usr/local/php/etc" \
"--with-mysql=/usr/local/mysql" \
"--with-libxml-dir=/usr/local/libxml2" \
"--with-gd=/usr/local/gd2" \
"--with-jpeg-dir" \
"--with-png-dir" \
"--with-bz2" \
"--with-freetype-dir" \
"--with-iconv-dir" \
"--with-zlib-dir " \
"--with-openssl=/usr/local/openssl" \
"--with-mcrypt=/usr/local/libmcrypt" \
"--enable-soap" \
"--enable-gd-native-ttf" \
"--enable-memory-limit" \
"--enable-ftp" \
"--enable-mbstring" \
"--enable-exif" \
"--disable-ipv6" \
"--disable-cgi" \
"--disable-cli"
./configure --prefix=/usr/local/php
--with-apxs2=/usr/local/apache2/bin/apxs--with-mysql=/usr/local/mysql
--with-config-file-path=/usr/local/php/etc --with-libxml-dir=/usr/local/libxml2
--with-gd=/usr/local/gd2 --with-jpeg-dir --with-png-dir --with-bz2 --with-freetype-dir
--with-iconv-dir --with-zlib-dir --with-openssl=/usr/local/openssl
--with-mcrypt=/usr/local/libmcrypt --enable-soap --enable-gd-native-ttf --enable-memory-limit --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --disable-cgi --disable-cli
./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache2/bin/apxs
--with-mysql=/usr/local/mysql --with-config-file-path=/usr/local/php/etc
--with-libxml-dir=/usr/local/libxml2 --with-gd=/usr/local/gd2 --with-jpeg-dir --with-png-dir
--with-bz2 --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-openssl=/usr/local/openssl
--with-mcrypt=/usr/local/libmcrypt --enable-soap --enable-gd-native-ttf --enable-memory-limit --enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --disable-cgi --disable-cli
./configure --prefix=/usr/local/php –-with-apxs2=/usr/local/apache2/bin/apxs
–-with-pear=/usr/share/php –with-zlib-dir –with-bz2 –with-libxml-dir=/usr
–with-gd=/usr/local/gd2 –enable-gd-native-ttf –enable-gd-jis-conv –with-freetype-dir
–with-jpeg-dir –with-png-dir –with-ttf=shared,/usr –enable-mbstring
–with-mysql=/usr/local/mysql –with-mysqli=/usr/local/mysql/bin/mysql_config
–with-config-file-path=/etc –with-iconv –disable-ipv6 –enable-static –enable-zend-multibyte
–enable-inline-optimization –enable-zend-multibyte –enable-sockets –enable-soap –with-openssl –with-gettext –enable-suhosin
make clean 之后再make
最后成功编译
./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache2/bin/apxs
--with-pear=/usr/share/php --with-mysql=/usr/local/mysql
--with-mysqli=/usr/local/mysql/bin/mysql_config --with-config-file-path=/usr/local/php/etc
--with-gd=/usr/local/gd2 --with-libxml-dir=/usr/lib --with-iconv-dir=/usr/local
--with-openssl=/usr/local/openssl --with-mcrypt=/usr/local/libmcrypt --with-mhash=/usr/lib64/ --with-zlib-dir --with-bz2 --with-freetype-dir --with-jpeg-dir --with-png-dir --with-openssl
--with-gettext --with-iconv --enable-mbstring --disable-ipv6 --enable-static
--enable-zend-multibyte --enable-inline-optimization --enable-zend-multibyte --enable-sockets --enable-soap --enable-gd-native-ttf --enable-gd-jis-conv --enable-suhosin --enable-zip
# make
# make ZEND_EXTRA_LIBS='-liconv'
# make install
# mkdir /usr/local/php/etc
# cp php.ini-dist /usr/local/php/etc/php.ini
5. 安装Zend Optimizer
# cd /usr/local/src
# tarxzvf ZendOptimizer-3.2.8-linux-glibc21-i386.tar.gz
# ./ZendOptimizer-3.2.8-linux-glibc21-i386/install.sh
安装Zend Optimizer过程的最后不要选择重启Apache。
6. 整合Apache与PHP
# vi /usr/local/apache2/conf/httpd.conf
找到:
AddType application/x-gzip .gz .tgz
在该行下面添加
AddType application/x-httpd-php .php
找到:
DirectoryIndex index.html
将该行改为
DirectoryIndex index.html index.htm index.php
找到:
#Includeconf/extra/httpd-mpm.conf
#Includeconf/extra/httpd-info.conf
#Includeconf/extra/httpd-vhosts.conf
#Includeconf/extra/httpd-default.conf
去掉前面的“#”号,取消注释。
注意:以上4 个扩展配置文件中的设置请按照相关原则进行合理配置!
修改完成后保存退出。
# /usr/local/apache2/bin/apachectl restart
7. 查看确认L.A.M.P环境信息、提升PHP 安全性
在网站根目录放置phpinfo.php脚本,检查phpinfo中的各项信息是否正确。
#viphpinfo.php
phpinfo();
?>
确认PHP 能够正常工作后,在php.ini 中进行设置提升PHP 安全性。
# vi /etc/php.ini
找到:
disable_functions =
设置为:
passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec, proc_open,proc_get_status,error_log,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog, readlink,symlink,leak,popepassthru,stream_socket_server
服务器安全性设置
1. 设置系统防火墙
# touch /usr/local/sbin/fw.sh
将以下脚本命令(绿色部分)粘贴到fw.sh 文件中。
#!/bin/bash
# Stop iptables service first
serviceiptables stop
# Load FTP Kernel modules
/sbin/modprobeip_conntrack_ftp
/sbin/modprobeip_nat_ftp
# Inital chains default policy
/sbin/iptables -F -t filter
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
# Enable Native Network Transfer
/sbin/iptables -A INPUT -i lo -j ACCEPT
# Accept Established Connections
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# ICMP Control
/sbin/iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
# WWW Service
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# FTP Service
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
# SSH Service
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# chmod 755 /usr/local/sbin/fw.sh
# echo '/usr/local/sbin/fw.sh' >> /etc/rc.local
# /usr/local/sbin/fw.sh
[引用自:https://www.360docs.net/doc/66340967.html,/a/200910/089695.html]
[设置Apache日志]
【引用】https://www.360docs.net/doc/66340967.html,/linux/cronolog/
整个安装过程结束,下面需要把日志的格式配置一下:
1、虚拟主机配置文件httpd-vhosts.conf
将Web日志设置CustomLog修改为以下格式
CustomLog "|/usr/local/sbin/cronolog /www/logs/example_%Y%m%d.log" combined
当然,错误日志设置ErrorLog也可以利用cronolog分割,设置为
ErrorLog "|/usr/local/sbin/cronolog /www/logs/error_%Y%m%d.log"
2、如果服务器上只有一个站点(当然这种情况比较少),直接按上面所说格式修改httpd.conf 文件日志设置部分。
说明:
绿色部分为cronolog安装后所在位置,系统版本不同可能位置不完全一样,以which 命令查看到的位置为准;
蓝色部分为设置的日志文件所在位置,根据需要修改;
红色部分为设置的日志文件标识性字符,根据需要修改;
%Y%m%d为日志文件分割方式,例子中为“年月日”,也可以修改成自己需要的。
测试报告:
打开http://localhost出错
解决方法:
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all,allow
End Successfully tested!