Centos 8 配置指南

22/03/2020 2957点热度 0条评论

前言

此配置指南意在减少 Linux 初学者在看似正确或是错误的路上所浪费的时间

并以较快的速度搭建好一台功能完备可以运行的服务器

根据此配置指南所安装的软件几乎都是可以持续接收更新推送的

不需要为了额外寻找新版本浪费时间

 

主要安装项目:Nginx + PHP + MariaDB + Tools

并将上述软件调整为可用状态,顺带将一些设置更改从而避免一些严重问题

 

参考链接

https://nginx.org/en/linux_packages.html#RHEL-CentOS
https://downloads.mariadb.org/mariadb/repositories/#distro=CentOS&distro_release=centos8-amd64--centos8&mirror=nodesdirect&version=10.4

 

第一步:关闭 SElinux  (可选项,推荐不关闭)

在深刻了解 SElinux 的作用后,现自用服务器已经全部开启 SElinux

sudo vim /etc/sysconfig/selinux
-----
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
-----

将 SELINUX=enforcing 修改为 SELINUX=disabled

并注释下面的 SELINUX=targeted

保存退出

reboot

第二步:开放防火墙端口

启动防火墙

systemctl start firewalld

开机自启

systemctl enable firewalld

查看所有已经打开的端口

firewall-cmd --zone=public --list-ports

开放防火墙端口

firewall-cmd --zone=public --add-port=80/tcp --permanent

推荐开放80 443 3306 以及一个自选的登录端口用于 ssh 连接 22端口经常被暴力访问

关闭防火墙端口

firewall-cmd --zone=public --remove-port=1234/tcp --permanent

这里只是举个栗子,1234端口并没有开启

更新防火墙规则

firewall-cmd --reload

第三步:修改登录端口

登录服务器,打开sshd_config文件

vim /etc/ssh/sshd_config

在 Port  22 后加入自己喜欢的端口号这里举例的是 Port  12345

-----
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
Port 22
Port 12345
-----

保存退出后重启 sshd 服务

systemctl restart sshd

使用自定端口连接服务器,连接完成后编辑sshd_config文件将 Port 22 删去后重启 sshd 即可

第四步:使 SSH 保持长时间连接

echo "ClientAliveInterval 30"/etc/ssh/sshd_config

重启 sshd

systemctl restart sshd
-----
[[email protected] ~]# echo "ClientAliveInterval 30"/etc/ssh/sshd_config
ClientAliveInterval 30/etc/ssh/sshd_config
[[email protected] ~]# systemctl restart sshd
-----

第五步:安装 nginx

安装扩展

sudo yum install yum-utils

编辑 nginx.repo 文件

vim /etc/yum.repos.d/nginx.repo

将下列代码复制进 nginx.repo

[nginx-stable] 
name=nginx stable repo 
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ 
gpgcheck=1 
enabled=1 
gpgkey=https://nginx.org/keys/nginx_signing.key 
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo 
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ 
gpgcheck=1 
enabled=0 
gpgkey=https://nginx.org/keys/nginx_signing.key 
module_hotfixes=true

启用 nginx 仓库

sudo yum-config-manager --enable nginx-mainline

安装 nginx

sudo yum install nginx

启动 nginx 并设置自启

systemctl start nginx
systemctl enable nginx

此方法安装可安装最新版本,也会持续收到更新推送

第六步:配置 default.conf(原 nginx.conf  server 模块)

vim /etc/nginx/conf.d/default.conf

找到 location ~ \.php$ 模块

-----
#location ~ \.php$ { 
#root          html;
#fastcgi_pass  127.0.0.1:9000; 
#fastcgi_index index.php; 
#fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; 
#include fastcgi_params; 
#}
-----

把原有模块删去,替换为以下代码:

location ~ \.php$ {
root /var/www/html; #此处填写你的网站根目录
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

找到 server下数第一个 location 模块

-----
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
-----

在 index.html  index.htm 后加入 index.php

保存重启 nginx

nginx -s reload

配置后的 nginx 已经可以解析 php 并正常工作了

第七步:修改网站根目录并更改用户组

删除原有的html文件夹

rm -rf /var/www/html

将 /usr/share/nginx/html/ 下的 html/ 目录移动到 /var/www/

mv /usr/share/nginx/html/  /var/www/

在 /usr/share/nginx/ 处建立 /var/www/html/ 的软链接并命名为 html

ln -s /var/www/html  /usr/share/nginx/html

更改网站根目录用户组为nginx

chown -R nginx:nginx /var/www/html

给网站根目录设置755权限

chmod 755 /var/www/html

重启 nginx

systemctl restart nginx

第八步:安装 php7.4

安装 remi 源

dnf install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm

查看可用 php 模块

dnf module list php
-----
[[email protected] ~]# dnf module list php
Last metadata expiration check: 0:42:29 ago on Sun 22 Mar 2020 10:41:14 AM UTC.
CentOS-8 - AppStream
Name           Stream          Profiles                       Summary
php            7.2 [d]         common [d], devel, minimal     PHP scripting language
php            7.3             common, devel, minimal         PHP scripting language

Remi's Modular repository for Enterprise Linux 8 - x86_64
Name           Stream          Profiles                       Summary
php            remi-7.2        common [d], devel, minimal     PHP scripting language
php            remi-7.3        common [d], devel, minimal     PHP scripting language
php            remi-7.4 [e]    common [d], devel, minimal     PHP scripting language

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
-----

启用 php74 remi源

dnf module enable php:remi-7.4 -y
-----
[[email protected] ~]# dnf module enable php:remi-7.4 -y
Extra Packages for Enterprise Linux Modular 8 - x86_64 61 kB/s | 117 kB 00:01
Extra Packages for Enterprise Linux 8 - x86_64 2.3 MB/s | 6.1 MB 00:02
Remi's Modular repository for Enterprise Linux 8 - x86_64 152 kB/s | 539 kB 00:03
Safe Remi's RPM repository for Enterprise Linux 8 - x86_64 374 kB/s | 1.4 MB 00:03
Last metadata expiration check: 0:00:01 ago on Sun 22 Mar 2020 11:39:18 AM UTC.
Dependencies resolved.
=================================================================================
Package        Architecture        Version        Repository        Size
=================================================================================
php remi-7.4
Transaction Summary
=================================================================================
Complete!
-----

安装 php74

dnf install -y php php-cli php-common

-----
[[email protected] ~]# dnf install -y php php-cli php-common
Last metadata expiration check: 0:03:08 ago on Sun 22 Mar 2020 11:39:18 AM UTC.
Dependencies resolved.
============================================================================================
Package                 Architecture   Version
============================================================================================
Installing:
php                     x86_64         7.4.4-1.el8.remi remi-modular 3.0 M
php-cli                 x86_64         7.4.4-1.el8.remi remi-modular 4.6 M
php-common              x86_64         7.4.4-1.el8.remi remi-modular 1.2 M
Installing dependencies:
apr                     x86_64         1.6.3-9.el8 AppStream 125 k
apr-util                x86_64         1.6.1-6.el8 AppStream 105 k
centos-logos-httpd      noarch         80.5-2.el8 AppStream 24 k
httpd                   x86_64         2.4.37-16.module_el8.1.0+256+ae790463 AppStream 1.7 M
httpd-filesystem        noarch         2.4.37-16.module_el8.1.0+256+ae790463 AppStream 35 k
httpd-tools             x86_64         2.4.37-16.module_el8.1.0+256+ae790463 AppStream 103 k
mod_http2               x86_64         1.11.3-3.module_el8.1.0+213+acce2796 AppStream 158 k
oniguruma               x86_64         6.8.2-1.el8 AppStream 188 k
libxslt                 x86_64         1.1.32-3.el8 BaseOS 249 k
libsodium               x86_64         1.0.18-2.el8 epel 162 k
php-json                x86_64         7.4.4-1.el8.remi remi-modular 74 k
Installing weak dependencies:
apr-util-bdb            x86_64         1.6.1-6.el8 AppStream 25 k
apr-util-openssl        x86_64         1.6.1-6.el8 AppStream 27 k
nginx-filesystem        noarch         1:1.14.1-9.module_el8.0.0+184+e34fea82 AppStream 24 k
php-fpm                 x86_64         7.4.4-1.el8.remi remi-modular 1.6 M
php-mbstring            x86_64         7.4.4-1.el8.remi remi-modular 527 k
php-opcache             x86_64         7.4.4-1.el8.remi remi-modular 332 k
php-pdo                 x86_64         7.4.4-1.el8.remi remi-modular 142 k
php-sodium              x86_64         7.4.4-1.el8.remi remi-modular 86 k
php-xml                 x86_64         7.4.4-1.el8.remi remi-modular 214 k
Enabling module streams:
httpd                                             2.4
nginx                                             1.14

Transaction Summary
==============================================================================================
Install 23 Packages
-----

 

查看 PHP 版本

php -v
-----
[[email protected] ~]# php -v
PHP 7.4.4 (cli) (built: Mar 17 2020 10:40:21) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.4, Copyright (c), by Zend Technologies
-----

安装 PHP 扩展

dnf install -y php-dom php-simplexml php-ssh2 php-xml php-xmlreader php-curl php-date php-exif php-filter php-ftp php-gd php-hash php-iconv php-json php-libxml php-pecl-imagick php-mbstring php-mysqlnd php-openssl php-pcre php-posix php-sockets php-spl php-tokenizer php-zlib

重启 php-fpm

systemctl restart php-fpm

自启 php-fpm

systemctl enable php-fpm

打开 PHP 配置文件

vim /etc/php-fpm.d/www.conf

找到

user = apache

group = apache

将 user 和 group 都更改为 nginx

找到

listen = /run/php-fpm/www.sock

将这一行删去,并添加上

listen = 9000

找到原代码并修改为以下内容

pm.max_children  = 50

pm.start_servers = 1

pm.min_spare_servers = 1

pm.max_spare_servers = 10

PHP进程开始后不会自行结束,修改代码节约内存

第九步:安装 MariaDB 10.4 并初步配置

vim /etc/yum.repos.d/MariaDB.repo

将以下内容复制进 MariaDB.repo

#MariaDB 10.4 CentOS repository list - created 2020-03-22 09:49 UTC
#http://downloads.mariadb.org/mariadb/repositories/ 
[mariadb] 
name = MariaDB 
baseurl = http://yum.mariadb.org/10.4/centos8-amd64 
module_hotfixes=1 
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB 
gpgcheck=1

安装

sudo dnf install MariaDB-server

启用,自启

sudo systemctl start mariadb
sudo systemctl enable mariadb

配置mariaDB

MariaDB配置向导

(10.5 版本后 MariaDB 初始化命令已弃用,按照需求单独设置即可)

mysql_secure_installation
-----
Enter current password for root (enter for none):    初次运行直接回车
Set root password? [Y/n]    是否设置root用户密码,输入y回车
New password:    设置密码
Re-enter new password:    重复输入密码
Remove anonymous users? [Y/n]    是否删除匿名用户,输入y回车
Disallow root login remotely? [Y/n]    是否禁止roo账户t远程登录,输入y回车
Remove test database and access to it? [Y/n]    是否删除测试数据库,输入y回车
Reload privilege tables now? [Y/n]    是否重新加载权限表,输入y回车
-----

输入密码登录数据库

mysql -uroot -p

这里站长发现一个问题,安装后不需要密码也能登录数据库...

测试后发现使用phpmyadmin依然需要密码,介于站长服务器是私用于是就偷懒没有修这个BUG...

这种方法安装的MariaDB 也会安装最新版并持续接收更新推送

第十步:安装常用工具包

dnf install -y bash-completion curl git unzip htop lsof tree gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel

一些实用的软件包和工具包,以后折腾的路上会经常用到

pen Lens

这个人很懒,什么都没留下

文章评论