CentOS 6.3安装配置LAMP服务器(Linux+Apache+MySQL+PHP5)
http://yanghuawu.blog.51cto.com/2638960/1062949
客户端系统环境:Windows 7 ultimate(x86)sp1 简体中文旗舰版
※ 本文档描述了如何在Linux服务器配置Apache、Mysql、PHP5
LAMP(Linux-Apache-MySQL-PHP)网站架构是目前国际流行的Web框架,该框架包括:Linux操作系 统,Apache网络服务器,MySQL数据库,Perl、PHP或者Python编程语言,所有组成产品均是开源软件,是国际上成熟的架构框架,很多流 行的商业应用都是采取这个架构,和Java/J2EE架构相比,LAMP具有Web资源丰富、轻量、快速开发等特点,微软的.NET架构相比,LAMP具 有通用、跨平台、高性能、低价格的优势,因此LAMP无论是性能、质量还是价格都是企业搭建网站的首选平台。
[root@server ~]# service iptables status
注意:用法:iptables {start|stop|restart|condrestart|status|panic|save}
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[root@server ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@server ~]# vim /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT #允许80(http)端口通过防火墙
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT #允许3306(mysql)端口通过防火墙
很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面。
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT #允许80(http)端口通过防火墙
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT #允许3306(mysql)端口通过防火墙
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
[root@server ~]# service iptables restart
iptables:将链设置为政策 ACCEPT:filter [确定]
[root@server ~]# service iptables status
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306
7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[root@server ~]# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing #注释掉强制
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
#SELINUXTYPE=targeted #注释掉
[root@server ~]# rpm -qa |grep httpd
[root@server ~]# yum -y install httpd #根据提示,输入Y安装即可成功安装
[root@server ~]# service httpd start
正在启动 httpd:httpd: apr_sockaddr_info_get() failed for server
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[root@server ~]# chkconfig httpd on
[root@server ~]# service httpd restart
正在启动 httpd:httpd: apr_sockaddr_info_get() failed for server
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[root@server ~]# service httpd status
[root@server ~]# rpm –qa |grep mysql
[root@server ~]# yum -y install mysql mysql-server #是否要安装,输入Y即可自动安装,直到安装完成
[root@server ~]# service mysqld start
[root@server ~]# chkconfig mysqld on
[root@server ~]# cp /etc/my.cnf /etc/my.cnfbak
[root@server ~]# cp /usr/share/mysql/my-medium.cnf /etc/my.cnf
cp:是否覆盖"/etc/my.cnf"? y #拷贝配置文件(注意:如果/etc目录下面默认有一个my.cnf,直接覆盖即可)
[root@server ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): #按回车键
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] y #输入y
Re-enter new password: #重输入新密码
Password updated successfully!
Reloading privilege tables..
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
Remove anonymous users? [Y/n] y #输入y
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y #输入y
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y #输入y
- Dropping test database...
- Removing privileges on test database...
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y #输入y
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL! #最后出现:Thanks for using MySQL!
[root@server ~]# service mysqld restart
[root@server ~]# service mysqld stop
[root@server ~]# service mysqld start
[root@server ~]# rpm –qa |grep php
[root@server ~]# yum -y install php #根据提示输入Y直到安装完成
[root@server ~]# yum install php-mysql php-gd libjpeg* php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-bcmath php-mhash libmcrypt
[root@server ~]# service mysqld restart
[root@server ~]# service httpd restart
正在启动 httpd:httpd: apr_sockaddr_info_get() failed for server
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[root@server ~]# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.confbak #备份
[root@server ~]# vim /etc/httpd/conf/httpd.conf #编辑文件
44 ServerTokens OS #在44行 修改为:ServerTokens Prod (在出现错误页的时候不显示服务器操作系统的名称)
536 ServerSignature On #在536行 修改为:ServerSignature Off (在错误页中不显示Apache的版本)
331 Options Indexes FollowSymLinks #在331行 修改为:Options Includes ExecCGI FollowSymLinks(允许服务器执行CGI及SSI,禁止列出目录)
796 #AddHandler cgi-script .cgi #在796行 取消“#” 修改为:AddHandler cgi-script .cgi .pl (允许扩展名为.pl的CGI脚本运行)
338 AllowOverride None #在338行 修改为:AllowOverride All (允许.htaccess)
759 AddDefaultCharset UTF-8 #在759行 修改为:AddDefaultCharset GB2312 (添加GB2312为默认编码)
554 Options Indexes MultiViews FollowSymLinks #在554行 修改为 Options MultiViews FollowSymLinks(不在浏览器上显示树状目录结构)
402 DirectoryIndex index.html index.html.var #在402行 修改为:DirectoryIndex index.html index.htm Default.html Default.htm index.php Default.php index.html.var (设置默认首页文件,增加index.php)
76 KeepAlive Off #在76行 修改为:KeepAlive On (允许程序性联机)
83 MaxKeepAliveRequests 100 #在83行 修改为:MaxKeepAliveRequests 1000 (增加同时连接数)
[root@server ~]# service httpd restart
正在启动 httpd:httpd: apr_sockaddr_info_get() failed for server
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[root@server ~]# cp /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.confbak #备份
[root@server ~]# cp /var/www/error/noindex.html /var/www/error/noindex.htmlbak #备份
[root@server ~]# rm -f /etc/httpd/conf.d/welcome.conf /var/www/error/noindex.html #删除默认2个测试页
[root@server ~]# service httpd restart
正在启动 httpd:httpd: apr_sockaddr_info_get() failed for server
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[root@server ~]# cp /etc/php.ini /etc/php.inibak #备份
[root@server ~]# vim /etc/php.ini #编辑
946 ;date.timezone = PRC #在946行 把前面的分号去掉,改为date.timezone = PRC
386 disable_functions = #在386行 添加disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname 列出PHP可以禁用的函数,如果某些程序需要用到这个函数,可以删除,取消禁用。
432 expose_php = On #在432行 修改为:expose_php = Off禁止显示php版本的信息
745 magic_quotes_gpc = Off #在745行 修改为:magic_quotes_gpc = On打开magic_quotes_gpc来防止SQL注入
229 short_open_tag = Off #在229行 修改为short_open_tag = On,支持php短标签
380 ;open_basedir = #在380行 把前面的分号去掉,改为open_basedir = .:/tmp/ 设置表示允许访问当前目录(即PHP脚本文件所在之目录)和/tmp/目录,可以防止php木马跨站,如果改了之后安装程序有问题,可以注销此行,或者直 接写上程序的目录/data/www.osyunwei.com/:/tmp/
[root@server ~]# service mysqld restart
[root@server ~]# service httpd restart
正在启动 httpd:httpd: apr_sockaddr_info_get() failed for server
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
在/var/www/html/目录下,创建一个index.php文件,并且编辑,如下:
[root@server ~]# cd /var/www/html/
[root@server html]# touch index.php
[root@server html]# vim index.php #编辑输入下面内容
在客户端浏览器输入服务器:http://10.1.4.44地址,可以看到相关的配置信息!
apache默认的程序目录是/var/www/html
[root@server ~]# chown apache.apache -R /var/www/html
至此,CentOS 6.3安装配置LAMP服务器(Linux+Apache+PHP5+MySQL)完成!