CentOS 6.8 配置 LAMP(Linux+Apache+PHP+MySQL)环境

前期准备

1、配置防火墙,开启 80 端口、3306 端口

[root@hexingxing ~]# vi /etc/sysconfig/iptables #编辑防火墙规则

 

将以下两条记录添加到默认的 22 端口这条规则的下面

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT #允许 80 端口通过防火墙
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT #允许 3306 端口通过防火墙
[root@hexingxing ~]# cat /etc/sysconfig/iptables #检查配置是否正确,正常的配置如下:

########################################################
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
########################################################
[root@hexingxing ~]# /etc/init.d/iptables restart #重启防火墙使配置生效

 

2、关闭 SELINUX

[root@hexingxing ~]# vi /etc/selinux/config
#SELINUX=enforcing #注释掉此行
#SELINUXTYPE=targeted #注释掉此行
SELINUX=disabled #增加此记录
[root@hexingxing ~]# :wq #保存退出
[root@hexingxing ~]# shutdown -r now #重启

 

安装服务

一、安装 Apache

[root@hexingxing ~]# yum install httpd #安装 Apache 服务
[root@hexingxing ~]# /etc/init.d/httpd start #启动 Apache

备注:Apache 启动之后如果提示以下错误:

正在启动 httpd:httpd: Could not reliably determine the server's fully qualif domain name, using ::1 for ServerName

解决方法:

[root@hexingxing ~]# vi /etc/httpd/conf/httpd.conf #编辑 Apache 配置

找到 #ServerName www.example.com:80
修改为 ServerName localhost:80 #这里设置为你自己的域名,如果没有域名,可以设置为 localhost
[root@hexingxing ~]# :wq #保存退出

[root@hexingxing ~]# chkconfig httpd on #设为开机启动
[root@hexingxing ~]# /etc/init.d/httpd restart #重启 Apache

  

测试服务

在客户端浏览器输入服务器 IP 地址,如果配置正确,可以看到 Apache 相关的配置信息

 

二、安装 MySQL
1、安装 MySQL

[root@hexingxing ~]# yum install mysql mysql-server #安装 MySQL 服务
[root@hexingxing ~]# /etc/init.d/mysqld start #启动 MySQL
[root@hexingxing ~]# chkconfig mysqld on #设为开机启动
[root@hexingxing ~]# cp /usr/share/mysql/my-medium.cnf /etc/my.cnf #拷贝配置文件

 

2、为 root 账户设置密码

[root@hexingxing ~]# mysql_secure_installation  #设置 MySQL 密码
 
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):  #初次配置无密码可直接回车,有密码输入密码回车
OK, successfully used password, moving on…
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n]   #是否设置 root 用户密码,输入 y 并回车或直接回车
New password:   #设置 root 用户的密码
Re-enter new password:   #再输入一次你设置的密码
Password updated successfully!
Reloading privilege tables..
… Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]   #是否删除匿名用户, 生产环境建议删除,所以直接回车
… Success!
 
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]   #是否禁止 root 远程登录, 根据自己的需求选择 Y/n 并回车, 建议禁止
… Success!
 
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]   #是否删除 test 数据库, 直接回车
- Dropping test database…
… Success!
 
- Removing privileges on test database…
… Success!
 
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]   #是否重新加载权限表,直接回车
… Success!
 
Cleaning up…

All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
 
Thanks for using MySQL!   #最后看到这个提示说明已经配置成功

// 安装 MySQL 简单的记忆:首次配置出现 Enter current password for root (enter for none): 时,无密码可直接回车,后续配置如果有密码输入密码回车;然后根据提示输入 Y,首次配置需要相输入密码和确认密码,第二次即提示是否变换密码;输入 2 次密码,回车;根据提示一直输入 Y;最后出现:Thanks for using MySQL! 即表示成功。

MySql 密码设置完成,重新启动 MySQL:

[root@hexingxing ~]# /etc/init.d/mysqld restart #重启
[root@hexingxing ~]# /etc/init.d/mysqld stop #停止
[root@hexingxing ~]# /etc/init.d/mysqld start #启动

 

三、安装 PHP
1、安装 PHP

[root@hexingxing ~]# yum install php #安装 PHP 服务

 

2、安装 PHP 组件,使 PHP 支持 MySQL

[root@hexingxing ~]# yum install php-mysql php-gd libjpeg* php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-bcmath php-mhash libmcrypt #安装 PHP 组件
[root@hexingxing ~]# /etc/init.d/mysqld restart #重启 MySql
[root@hexingxing ~]# /etc/init.d/httpd restart #重启 Apache

 

测试服务

[root@hexingxing ~]# cd /var/www/html
[root@hexingxing ~]# vi index.php #编辑一个 phpinfo 的测试页面内容
[root@hexingxing ~]# :wq #保存退出

在客户端浏览器输入服务器 IP 地址,可以看到 PHP 相关的配置信息

调整配置

一、Apache 配置

[root@hexingxing ~]# vi /etc/httpd/conf/httpd.conf #编辑 Apache 配置文件
ServerTokens OS #在 44 行 修改为:ServerTokens Prod(在出现错误页的时候不显示服务器操作系统的名称)
ServerSignature On #在 536 行 修改为:ServerSignature Off(在错误页中不显示 Apache 的版本)
Options Indexes FollowSymLinks #在 331 行 修改为:Options Includes ExecCGI FollowSymLinks(允许服务器执行 CGI 及 SSI,禁止列出目录)
#AddHandler cgi-script .cgi #在 796 行 修改为:AddHandler cgi-script .cgi .pl(允许扩展名为.pl 的 CGI 脚本运行)
AllowOverride None #在 338 行 修改为:AllowOverride All(允许.htaccess)
AddDefaultCharset UTF-8 #在 759 行 修改为:AddDefaultCharset GB2312 (添加 GB2312 为默认编码)
Options Indexes MultiViews FollowSymLinks #在 554 行 修改为 Options MultiViews FollowSymLinks(不在浏览器上显示树状目录结构)
DirectoryIndex index.html index.html.var #在 402 行 修改为:DirectoryIndex index.html index.htm Default.html Default.htm index.php Default.php index.html.var #设置默认首页文件,增加 index.php
KeepAlive Off #在 76 行 修改为:KeepAlive On(允许程序性联机)
MaxKeepAliveRequests 100 #在 83 行 修改为:MaxKeepAliveRequests 1000(增加同时连接数)
[root@hexingxing ~]# :wq #保存退出
[root@hexingxing ~]# /etc/init.d/httpd restart #重启
[root@hexingxing ~]# rm -f /etc/httpd/conf.d/welcome.conf /var/www/error/noindex.html #删除默认测试页

二、PHP 配置

[root@hexingxing ~]# vi /etc/php.ini #编辑
date.timezone = PRC #在 946 行 把前面的分号去掉,改为 date.timezone = PRC
disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname
#在 386 行 列出 PHP 可以禁用的函数,如果某些程序需要用到这个函数,可以删除,取消禁用。
expose_php = Off #在 432 行 禁止显示 php 版本的信息
magic_quotes_gpc = On #在 745 行 打开 magic_quotes_gpc 来防止 SQL 注入
short_open_tag = ON #在 229 行支持 php 短标签
open_basedir = .:/tmp/ #在 380 行 设置表示允许访问当前目录 (即 PHP 脚本文件所在之目录) 和/tmp/目录, 可以防止 php 木马跨站, 如果改了之后安装程序有问题,可以注销此行,或者直接写上程序的目录/data/www.osyunwei.com/:/tmp/
[root@hexingxing ~]# :wq #保存退出
[root@hexingxing ~]# /etc/init.d/mysqld restart #重启 MySql
[root@hexingxing ~]# /etc/init.d/httpd restart #重启 Apche

PS1:
Apache 解析 PHP,修改 httpd.conf 文件,添加
Addtype application/x-httpd-php .php .phtml
Addtype application/x-httpd-php-source .phps
PS2:
Apache 默认的程序目录是 /var/www/html

测试网站服务页面

在 /var/www/html 目录下新建 html 或 php 文件测试是否可访问