CentOS 7.0默认使用的是firewall作为防火墙,这里改为iptables防火墙。
1、关闭firewall: systemctl stop firewalld.service #停止firewall systemctl disable firewalld.service #禁止firewall开机启动 2、安装iptables防火墙 yum install iptables-services #安装 vi /etc/sysconfig/iptables #编辑防火墙配置文件 -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT :wq! #保存退出 systemctl restart iptables.service #最后重启防火墙使配置生效 systemctl enable iptables.service #设置防火墙开机启动
安装所需组件和包:
alhost cmake-2.8.11.2]# yum install -y apr* autoconf automake bison bzip2 bzip2* cloog-ppl compat* cpp curl curl-devel fontconfig fontconfig-devel freetype freetype* freetype-devel gcc gcc-c++ gtk+-devel gd gettext gettext-devel glibc kernel kernel-headers keyutils keyutils-libs-devel krb5-devel libcom_err-devel libpng libpng-devel libjpeg* libsepol-devel libselinux-devel libstdc++-devel libtool* libgomp libxml2 libxml2-devel libXpm* libxml* libtiff libtiff* make mpfr ncurses* ntp openssl openssl-devel patch pcre-devel perl php-common php-gd policycoreutils telnet t1lib t1lib* nasm nasm* wget zlib-devel
安装cmake
[root@localhost cmake-2.8.11.2]# tar xf cmake-2.8.11.2.tar.gz [root@localhost cmake-2.8.11.2]# ./configure [root@localhost cmake-2.8.11.2]# make && make install
关闭selinux
vi /etc/selinux/config #SELINUX=enforcing #注释掉 #SELINUXTYPE=targeted #注释掉 SELINUX=disabled #增加 setenforce 0 #使配置立即生效
安装mysql
[root@localhost ~]# groupadd mysql [root@localhost ~]# useradd -g mysql mysql -s /sbin/nologin [root@localhost ~]# mkdir -p /mydata/data [root@localhost ~]# chown -R mysql.mysql /mydata/data/ [root@localhost ~]# mkdir -p /usr/local/mysql [root@localhost ~]# cd /usr/local/src [root@localhost src]# tar xf mysql-5.6.19.tar.gz [root@localhost src]# cd mysql-5.6.19/ [root@localhost mysql-5.6.19]# cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/data/mysql -DSYSCONFDIR=/etc [root@localhost mysql-5.6.19]#make && make install
[root@localhost mysql-5.6.19]# rm -rf /etc/my.cnf
[root@localhost mysql-5.6.19]# cd /usr/local/mysql/
[root@localhost mysql]# ./scripts/mysql_install_db --user=mysql --basedir=/usr/local/mysql --datadir=/mydata/data
[root@localhost mysql]# ln -s /usr/local/mysql/my.cnf /etc/my.cnf
[root@localhost mysql]# cp ./support-files/mysql.server /etc/rc.d/init.d/mysqld
[root@localhost mysql]# chmod 755 /etc/rc.d/init.d/mysqld
[root@localhost mysql]# chmod 755 /etc/init.d/mysqld
[root@localhost mysql]# chkconfig mysqld on
[root@localhost mysql]# service mysqld start
Starting MySQL. SUCCESS!
[root@localhost mysql]# vim /etc/profile.d/mysql.sh
PATH=$PATH:/usr/local/mysql/bin //添加变量路径
[root@localhost mysql]# source /etc/profile.d/mysql.sh
[root@localhost mysql]# ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql
[root@localhost mysql]# ln -s /usr/local/mysql/include/mysql /usr/include/mysql
[root@localhost mysql]# mkdir /var/lib/mysql
[root@localhost mysql]# ln -s /tmp/mysql.sock /var/lib/mysql/mysql.sock
[root@localhost mysql]# mysql_secure_installation 设置mysql root密码
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n]
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
Cleaning up...
安装nginx
[root@localhost src]# groupadd nginx [root@localhost src]# useradd -g nginx nginx -s /sbin/nologin [root@localhost src]# tar xf nginx-1.6.0.tar.gz[root@localhost ~]# yum -y install yasm libmcrypt libvpx tiff libpng freetype jpeg libgd t1lib[root@localhost src]# cd nginx-1.6.0/ [root@localhost nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --without-http_memcached_module --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module [root@localhost nginx-1.6.0]#make && make install [root@localhost nginx-1.6.0]# /usr/local/nginx/sbin/nginx 启动 [root@localhost nginx-1.6.0]# vim /etc/rc.d/init.d/nginx 配置启动文件 [root@localhost nginx-1.6.0]#chmod +x /etc/init.d/nginx 测试:
安装php:
安装所需组件和包,可以配置epel源来进行安装.如何配置可参照:http://www.cnblogs.com/ligao/p/6122904.html
[root@localhost ~]# yum -y install yasm libmcrypt libvpx tiff libpng freetype jpeg libgd t1lib注意:如果系统是64位,请执行以下两条命令,否则安装php会出错(32位系统不需要执行)
cp -frp /usr/lib64/libltdl.so* /usr/lib/ cp -frp /usr/lib64/libXpm.so* /usr/lib/
[root@localhost php-5.6.25]# export LD_LIBRARY_PATH=/usr/local/libgd/lib
[root@localhost src]# tar xf php-5.6.25.tar.gz
[root@localhost src]# cd php-5.6.25/
[root@localhost php-5.6.25]# ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-mysql-sock=/tmp/mysql.sock --with-pdo-mysql=/usr/local/mysql --with-gd --with-jpeg-dir=/usr/local/jpeg --with-xpm-dir=/usr/ --with-iconv --enable-libxml --enable-xml --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --enable-opcache --enable-mbregex --enable-fpm --enable-mbstring --enable-ftp --enable-gd-native-ttf --with-openssl --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --without-pear --with-gettext --enable-session --with-mcrypt --with-curl --enable-ctype
[root@localhost php-5.6.25]# make && make install
[root@localhost php-5.6.25]# cp php.ini-production /usr/local/php/etc/php.ini
[root@localhost php-5.6.25]# rm -rf /etc/php.ini
[root@localhost php-5.6.25]# ln -sv /usr/local/php/etc/php
php-fpm.conf.default php.ini
[root@localhost php-5.6.25]# ln -sv /usr/local/php/etc/php.ini /etc/php.ini
‘/etc/php.ini’ -> ‘/usr/local/php/etc/php.ini’
[root@localhost php-5.6.25]# cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
[root@localhost php-5.6.25]# ln -s /usr/local/php/etc/php-fpm.conf /etc/php-fpm.conf
[root@localhost php-5.6.25]# vim /usr/local/php/etc/php-fpm.conf
user = www #设置php-fpm运行账号为nginx
group = www #设置php-fpm运行组为nginx
pid = run/php-fpm.pid #取消前面的分号
[root@localhost php-5.6.25]# cp /usr/local/src/php-5.6.25/sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm
[root@localhost php-5.6.25]# chmod +x /etc/rc.d/init.d/php-fpm
[root@localhost php-5.6.25]# chkconfig php-fpm on
[root@localhost php-5.6.25]# vim /usr/local/php/etc/php.ini
找到:disable_functions =
修改为:disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname
#列出PHP可以禁用的函数,如果某些程序需要用到这个函数,可以删除,取消禁用。
找到:;date.timezone =
修改为:date.timezone = PRC #设置时区
找到:expose_php = On
修改为:expose_php = Off #禁止显示php版本的信息
找到:short_open_tag = Off
修改为:short_open_tag = ON #支持php短标签
找到opcache.enable=0
修改为opcache.enable=1 #php支持opcode缓存
找到:opcache.enable_cli=1 #php支持opcode缓存
修改为:opcache.enable_cli=0
在最后一行添加:zend_extension=opcache.so #开启opcode缓存功能
配置nginx支持php
vi /usr/local/nginx/conf/nginx.conf
修改/usr/local/nginx/conf/nginx.conf 配置文件,需做如下修改
user nginx nginx; #首行user去掉注释,修改Nginx运行组为www www;必须与/usr/local/php/etc/php-fpm.conf中的user,group配置相同,否则php运行出错
index index.html index.htm index.php; #添加index.php
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ .php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
#取消FastCGI server部分location的注释,注意fastcgi_param行的参数,改为$document_root$fastcgi_script_name,或者使用绝对路径
/etc/init.d/nginx restart #重启nginx
service php-fpm start #启动php-fpm
测试篇
cd /usr/local/nginx/html/ #进入nginx默认网站根目录
rm -rf /usr/local/nginx/html/* #删除默认测试页
vi index.php #新建index.php文件
<?php
phpinfo();
?>
chown www.www /usr/local/nginx/html/ -R #设置目录所有者
chmod 700 /usr/local/nginx/html/ -R #设置目录权限
测试:
