rhel7.3安装配置LAMP服务器

time:2018.3.28

配置防火墙, 开启80端口, 3306端口

更改默认防火墙firewall为iptables
1.关闭firewall
systemctl stop firewalld.service # 停止firewall
systemctl disable firewalld.service # 禁止开机启动
2.安装iptables防火墙
yum install iptables-services.x86_64
编辑防火墙配置文件
vim /etc/sysconfig/iptables
在11行下添加

  1 # sample configuration for iptables service
  2 # you can edit this manually or use system-config-firewall
  3 # please do not ask us to add additional ports/services to this default configuration
  4 *filter
  5 :INPUT ACCEPT [0:0]
  6 :FORWARD ACCEPT [0:0]
  7 :OUTPUT ACCEPT [0:0]
  8 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  9 -A INPUT -p icmp -j ACCEPT
 10 -A INPUT -i lo -j ACCEPT
 11 -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

12 -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
13 -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT

14 -A INPUT -j REJECT --reject-with icmp-host-prohibited
15 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
16 COMMIT

重启服务生效
systemctl restart iptables.service

3.关闭SELINUX
注释7及12行, 增加第13行的内容

  1 
  2 # This file controls the state of SELinux on the system.
  3 # SELINUX= can take one of these three values:
  4 #     enforcing - SELinux security policy is enforced.
  5 #     permissive - SELinux prints warnings instead of enforcing.
  6 #     disabled - No SELinux policy is loaded.
  7 #SELINUX=enforcing
  8 # SELINUXTYPE= can take one of three two values:
  9 #     targeted - Targeted processes are protected,
 10 #     minimum - Modification of targeted policy. Only selected processes are protected. 
 11 #     mls - Multi Level Security protection.
 12 #SELINUXTYPE=targeted 
 13 SELINUX=disabled

使配置立即生效
setenforce 0

安装Apache, MariaDB, PHP

1.安装Apache

yum install httpd
提示已经安装

Package httpd-2.4.6-67.el7.centos.6.x86_64 already installed and latest version

启动并设置apache开机启动
systemctl start httpd.service
systemctl enable httpd.service

2.安装Mariadb

安装mariadb server与客户端
yum install mariadb-server.x86_64 mariadb.x86_64

启动服务
systemctl start mariadb.service

设置服务开机启动

[root@localhost ~]# systemctl enable mariadb.service 
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.

查看服务当前状态

[root@localhost ~]# systemctl enable mariadb.service 
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@localhost ~]# systemctl status mariadb.service 
● mariadb.service - MariaDB database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-03-28 02:17:48 EDT; 27s ago
 Main PID: 3567 (mysqld_safe)
   CGroup: /system.slice/mariadb.service
           ├─3567 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
           └─3730 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-di...

Mar 28 02:17:45 localhost.localdomain mariadb-prepare-db-dir[3486]: MySQL manual for more...
Mar 28 02:17:45 localhost.localdomain mariadb-prepare-db-dir[3486]: Please report any pro...
Mar 28 02:17:45 localhost.localdomain mariadb-prepare-db-dir[3486]: The latest informatio...
Mar 28 02:17:45 localhost.localdomain mariadb-prepare-db-dir[3486]: You can find addition...
Mar 28 02:17:45 localhost.localdomain mariadb-prepare-db-dir[3486]: http://dev.mysql.com
Mar 28 02:17:45 localhost.localdomain mariadb-prepare-db-dir[3486]: Consider joining Mari...
Mar 28 02:17:45 localhost.localdomain mariadb-prepare-db-dir[3486]: https://mariadb.org/g...
Mar 28 02:17:45 localhost.localdomain mysqld_safe[3567]: 180328 02:17:45 mysqld_safe Log....
Mar 28 02:17:46 localhost.localdomain mysqld_safe[3567]: 180328 02:17:46 mysqld_safe Sta...l
Mar 28 02:17:48 localhost.localdomain systemd[1]: Started MariaDB database server.
Hint: Some lines were ellipsized, use -l to show in full.

进入安全配置初始化MariaDB

[root@localhost ~]# mysql_secure_installation 

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
# 刚安装后root密码为空, 回车即可
Enter current password for root (enter for none): 
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
# 设置root密码
Set root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.
# 移除匿名用户
Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.
# 禁止root远程登录, 建议禁止, 由于笔者在实验环境安装, 所以不禁止此项
Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.
# 删除测试数据库
Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
# 重载权限表(刷新权限)
Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
[root@localhost ~]# mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.56-MariaDB MariaDB Server

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
# 查看版本
MariaDB [(none)]> select version();
+----------------+
| version()      |
+----------------+
| 5.5.56-MariaDB |
+----------------+
1 row in set (0.00 sec)

MariaDB [(none)]> Bye
[root@localhost ~]# 

3.安装PHP

安装PHP:
yum install php
安装PHP组件, 使PHP支持MariaDB

yum install php-mysql php-gd.x86_64 libjpeg* php-ldap.x86_64 php-odbc.x86_64 php-pear.noarch php-xml php-xmlrpc.x86_64 php-mhash
# 已经安装的组件:
Package libjpeg-turbo-1.2.90-5.el7.x86_64 already installed and latest version
Package php-common-5.4.16-43.el7_4.1.x86_64 already installed and latest version
Package php-common-5.4.16-43.el7_4.1.x86_64 already installed and latest version

重启MariaDB与apache

systemctl restart mariadb.service 
systemctl restart httpd.service

配置

1.配置Apache

vim /etc/httpd/conf/httpd.conf
添加:

ServerSignature On 
# 在错误页中显示Apache版本, Off不显示
#增加同时连接数
MaxKeepAliveRequests 500

修改:

Options Indexes FollowSymLinks #修改为：Options Includes ExecCGI

FollowSymLinks（允许服务器执行CGI及SSI，
禁止列出目录）

#AddHandler cgi-script .cgi #修改为：AddHandler cgi-script .cgi .pl （允许扩展名为.pl的CGI脚本运行）

AllowOverride None #修改为：AllowOverride All （允许.htaccess）

AddDefaultCharset UTF-8 #修改GB2312后中文乱码

#Options Indexes FollowSymLinks #修改为 Options FollowSymLinks（不在浏览器上显示树状目录结构）

DirectoryIndex index.html #修改为：DirectoryIndex index.html index.htm Default.html Default.htm
index.php（设置默认首页文件，增加index.php）

重启apache
systemctl restart httpd.service

2.php配置

;date.timezone =
#修改为
date.timezone = PRC

# 列出PHP禁用函数, 等号下面为增加的内容
disable_functions =
passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore
,dl,op posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,
posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_unam

#禁止显示php版本的信息, 修改为Off
expose_php = On

#取消注释, 支持php短标签
short_open_tag = On

#取消注释,设置表示允许访问当前目录(即PHP脚本文件所在之目录)和/tmp/目录,可以防止php木马跨站，如果改了之后安装程序有问题(例如：织梦内容管理系统)，可以注销此行，或者直接写上程序的目录/data/www.osyunwei.com/:/tmp/
open_basedir = .:/tmp/

测试

创建首页文件并编辑
vim /var/www/html/index.php

<html>
 <head>
  <title>PHP 测试</title>
 </head>
 <body>
 <?php echo '<p>Hello World</p>'; ?>
 <?php phpinfo(); ?>
 </body>
</html>

如果页面打不开，请确保firewalld防火墙已经关闭
systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall开机启动
注意：apache默认的程序目录是/var/www/html权限设置：chown apache.apache -R /var/www/html

浏览器访问服务器ip可见php版本信息即LAMP服务器搭建完成!