前言
此配置指南意在减少 Linux 初学者在看似正确或是错误的路上所浪费的时间
并以较快的速度搭建好一台功能完备可以运行的服务器
根据此配置指南所安装的软件几乎都是可以持续接收更新推送的
不需要为了额外寻找新版本浪费时间
主要安装项目:Nginx + PHP + MariaDB + Tools
并将上述软件调整为可用状态,顺带将一些设置更改从而避免一些严重问题
参考链接
https://nginx.org/en/linux_packages.html#RHEL-CentOS
https://downloads.mariadb.org/mariadb/repositories/#distro=CentOS&distro_release=centos8-amd64--centos8&mirror=nodesdirect&version=10.4
第一步:关闭 SElinux (可选项,推荐不关闭)
在深刻了解 SElinux 的作用后,现自用服务器已经全部开启 SElinux
sudo vim /etc/sysconfig/selinux
----- # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted -----
将 SELINUX=enforcing 修改为 SELINUX=disabled
并注释下面的 SELINUX=targeted
保存退出
reboot
第二步:开放防火墙端口
启动防火墙
systemctl start firewalld
开机自启
systemctl enable firewalld
查看所有已经打开的端口
firewall-cmd --zone=public --list-ports
开放防火墙端口
firewall-cmd --zone=public --add-port=80/tcp --permanent
推荐开放80 443 3306 以及一个自选的登录端口用于 ssh 连接 22端口经常被暴力访问
关闭防火墙端口
firewall-cmd --zone=public --remove-port=1234/tcp --permanent
这里只是举个栗子,1234端口并没有开启
更新防火墙规则
firewall-cmd --reload
第三步:修改登录端口
登录服务器,打开sshd_config
文件
vim /etc/ssh/sshd_config
在 Port 22 后加入自己喜欢的端口号这里举例的是 Port 12345
----- # If you want to change the port on a SELinux system, you have to tell # SELinux about this change. # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER Port 22 Port 12345 -----
保存退出后重启 sshd 服务
systemctl restart sshd
使用自定端口连接服务器,连接完成后编辑sshd_config
文件将 Port 22 删去后重启 sshd 即可
第四步:使 SSH 保持长时间连接
echo "ClientAliveInterval 30"/etc/ssh/sshd_config
重启 sshd
systemctl restart sshd
----- [root@vultrguest ~]# echo "ClientAliveInterval 30"/etc/ssh/sshd_config ClientAliveInterval 30/etc/ssh/sshd_config [root@vultrguest ~]# systemctl restart sshd -----
第五步:安装 nginx
安装扩展
sudo yum install yum-utils
编辑 nginx.repo 文件
vim /etc/yum.repos.d/nginx.repo
将下列代码复制进 nginx.repo
[nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true [nginx-mainline] name=nginx mainline repo baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true
启用 nginx 仓库
sudo yum-config-manager --enable nginx-mainline
安装 nginx
sudo yum install nginx
启动 nginx 并设置自启
systemctl start nginx systemctl enable nginx
此方法安装可安装最新版本,也会持续收到更新推送
第六步:配置 default.conf(原 nginx.conf server 模块)
vim /etc/nginx/conf.d/default.conf
找到 location ~ \.php$ 模块
----- #location ~ \.php$ { #root html; #fastcgi_pass 127.0.0.1:9000; #fastcgi_index index.php; #fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; #include fastcgi_params; #} -----
把原有模块删去,替换为以下代码:
location ~ \.php$ { root /var/www/html; #此处填写你的网站根目录 fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; }
找到 server下数第一个 location 模块
----- location / { root /usr/share/nginx/html; index index.html index.htm; } -----
在 index.html index.htm 后加入 index.php
保存重启 nginx
nginx -s reload
配置后的 nginx 已经可以解析 php 并正常工作了
第七步:修改网站根目录并更改用户组
删除原有的html文件夹
rm -rf /var/www/html
将 /usr/share/nginx/html/ 下的 html/ 目录移动到 /var/www/
mv /usr/share/nginx/html/ /var/www/
在 /usr/share/nginx/ 处建立 /var/www/html/ 的软链接并命名为 html
ln -s /var/www/html /usr/share/nginx/html
更改网站根目录用户组为nginx
chown -R nginx:nginx /var/www/html
给网站根目录设置755权限
chmod 755 /var/www/html
重启 nginx
systemctl restart nginx
第八步:安装 php7.4
安装 remi 源
dnf install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm
查看可用 php 模块
dnf module list php
----- [root@vultrguest ~]# dnf module list php Last metadata expiration check: 0:42:29 ago on Sun 22 Mar 2020 10:41:14 AM UTC. CentOS-8 - AppStream Name Stream Profiles Summary php 7.2 [d] common [d], devel, minimal PHP scripting language php 7.3 common, devel, minimal PHP scripting language Remi's Modular repository for Enterprise Linux 8 - x86_64 Name Stream Profiles Summary php remi-7.2 common [d], devel, minimal PHP scripting language php remi-7.3 common [d], devel, minimal PHP scripting language php remi-7.4 [e] common [d], devel, minimal PHP scripting language Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled -----
启用 php74 remi源
dnf module enable php:remi-7.4 -y
----- [root@vultrguest ~]# dnf module enable php:remi-7.4 -y Extra Packages for Enterprise Linux Modular 8 - x86_64 61 kB/s | 117 kB 00:01 Extra Packages for Enterprise Linux 8 - x86_64 2.3 MB/s | 6.1 MB 00:02 Remi's Modular repository for Enterprise Linux 8 - x86_64 152 kB/s | 539 kB 00:03 Safe Remi's RPM repository for Enterprise Linux 8 - x86_64 374 kB/s | 1.4 MB 00:03 Last metadata expiration check: 0:00:01 ago on Sun 22 Mar 2020 11:39:18 AM UTC. Dependencies resolved. ================================================================================= Package Architecture Version Repository Size ================================================================================= php remi-7.4 Transaction Summary ================================================================================= Complete! -----
安装 php74
dnf install -y php php-cli php-common ----- [root@vultrguest ~]# dnf install -y php php-cli php-common Last metadata expiration check: 0:03:08 ago on Sun 22 Mar 2020 11:39:18 AM UTC. Dependencies resolved. ============================================================================================ Package Architecture Version ============================================================================================ Installing: php x86_64 7.4.4-1.el8.remi remi-modular 3.0 M php-cli x86_64 7.4.4-1.el8.remi remi-modular 4.6 M php-common x86_64 7.4.4-1.el8.remi remi-modular 1.2 M Installing dependencies: apr x86_64 1.6.3-9.el8 AppStream 125 k apr-util x86_64 1.6.1-6.el8 AppStream 105 k centos-logos-httpd noarch 80.5-2.el8 AppStream 24 k httpd x86_64 2.4.37-16.module_el8.1.0+256+ae790463 AppStream 1.7 M httpd-filesystem noarch 2.4.37-16.module_el8.1.0+256+ae790463 AppStream 35 k httpd-tools x86_64 2.4.37-16.module_el8.1.0+256+ae790463 AppStream 103 k mod_http2 x86_64 1.11.3-3.module_el8.1.0+213+acce2796 AppStream 158 k oniguruma x86_64 6.8.2-1.el8 AppStream 188 k libxslt x86_64 1.1.32-3.el8 BaseOS 249 k libsodium x86_64 1.0.18-2.el8 epel 162 k php-json x86_64 7.4.4-1.el8.remi remi-modular 74 k Installing weak dependencies: apr-util-bdb x86_64 1.6.1-6.el8 AppStream 25 k apr-util-openssl x86_64 1.6.1-6.el8 AppStream 27 k nginx-filesystem noarch 1:1.14.1-9.module_el8.0.0+184+e34fea82 AppStream 24 k php-fpm x86_64 7.4.4-1.el8.remi remi-modular 1.6 M php-mbstring x86_64 7.4.4-1.el8.remi remi-modular 527 k php-opcache x86_64 7.4.4-1.el8.remi remi-modular 332 k php-pdo x86_64 7.4.4-1.el8.remi remi-modular 142 k php-sodium x86_64 7.4.4-1.el8.remi remi-modular 86 k php-xml x86_64 7.4.4-1.el8.remi remi-modular 214 k Enabling module streams: httpd 2.4 nginx 1.14 Transaction Summary ============================================================================================== Install 23 Packages -----
查看 PHP 版本
php -v
----- [root@vultrguest ~]# php -v PHP 7.4.4 (cli) (built: Mar 17 2020 10:40:21) ( NTS ) Copyright (c) The PHP Group Zend Engine v3.4.0, Copyright (c) Zend Technologies with Zend OPcache v7.4.4, Copyright (c), by Zend Technologies -----
安装 PHP 扩展
dnf install -y php-dom php-simplexml php-ssh2 php-xml php-xmlreader php-curl php-date php-exif php-filter php-ftp php-gd php-hash php-iconv php-json php-libxml php-pecl-imagick php-mbstring php-mysqlnd php-openssl php-pcre php-posix php-sockets php-spl php-tokenizer php-zlib
重启 php-fpm
systemctl restart php-fpm
自启 php-fpm
systemctl enable php-fpm
打开 PHP 配置文件
vim /etc/php-fpm.d/www.conf
找到
user = apache group = apache
将 user 和 group 都更改为 nginx
找到
listen = /run/php-fpm/www.sock
将这一行删去,并添加上
listen = 9000
找到原代码并修改为以下内容
pm.max_children = 50 pm.start_servers = 1 pm.min_spare_servers = 1 pm.max_spare_servers = 10
PHP进程开始后不会自行结束,修改代码节约内存
第九步:安装 MariaDB 10.4 并初步配置
vim /etc/yum.repos.d/MariaDB.repo
将以下内容复制进 MariaDB.repo
#MariaDB 10.4 CentOS repository list - created 2020-03-22 09:49 UTC #http://downloads.mariadb.org/mariadb/repositories/ [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.4/centos8-amd64 module_hotfixes=1 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1
安装
sudo dnf install MariaDB-server
启用,自启
sudo systemctl start mariadb sudo systemctl enable mariadb
配置mariaDB
MariaDB配置向导
(10.5 版本后 MariaDB 初始化命令已弃用,按照需求单独设置即可)
mysql_secure_installation
----- Enter current password for root (enter for none): 初次运行直接回车 Set root password? [Y/n] 是否设置root用户密码,输入y回车 New password: 设置密码 Re-enter new password: 重复输入密码 Remove anonymous users? [Y/n] 是否删除匿名用户,输入y回车 Disallow root login remotely? [Y/n] 是否禁止roo账户t远程登录,输入y回车 Remove test database and access to it? [Y/n] 是否删除测试数据库,输入y回车 Reload privilege tables now? [Y/n] 是否重新加载权限表,输入y回车 -----
输入密码登录数据库
mysql -uroot -p
这里站长发现一个问题,安装后不需要密码也能登录数据库...
测试后发现使用phpmyadmin依然需要密码,介于站长服务器是私用于是就偷懒没有修这个BUG...
这种方法安装的MariaDB 也会安装最新版并持续接收更新推送
第十步:安装常用工具包
dnf install -y bash-completion curl git unzip htop lsof tree gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel
一些实用的软件包和工具包,以后折腾的路上会经常用到
文章评论