RHEL7.3搭建LAMP安装ownCloud

Time:18.03.30

---

配置Yum源

配置网易云CentOS源

[使用本地源在安装php5.6或7版本时会出现openssl1.0.2依赖缺失错误, 而openssl1.0.2在拓展源中获得, iso镜像中只包含基本源]
1.删除原有Yum包
rpm -qa |grep yum|xargs rpm -e --nodeps
2.下载网易源Yum包

wget http://mirrors.163.com/centos/7/os/x86_64/Packages/yum-plugin-fastestmirror-1.1.31-42.el7.noarch.rpm;wget http://mirrors.163.com/centos/7/os/x86_64/Packages/yum-updateonboot-1.1.31-42.el7.noarch.rpm;wget http://mirrors.163.com/centos/7/os/x86_64/Packages/yum-utils-1.1.31-42.el7.noarch.rpm;wget http://mirrors.163.com/centos/7/os/x86_64/Packages/yum-metadata-parser-1.1.4-10.el7.x86_64.rpm;wget http://mirrors.163.com/centos/7/os/x86_64/Packages/yum-3.4.3-154.el7.centos.noarch.rpm

3.安装并修复报错:

rpm -ivh yum-*
# 错误信息
error: Failed dependencies:
    rpm >= 0:4.11.3-22 is needed by yum-3.4.3-154.el7.centos.noarch
# 升级更新Yum依赖的python-urlgrabber和rpm包
wget http://mirrors.163.com/centos/7/os/x86_64/Packages/rpm-4.11.3-25.el7.x86_64.rpm
wget http://mirrors.163.com/centos/7/os/x86_64/Packages/python-urlgrabber-3.10-8.el7.noarch.rpm
# 安装：
rpm -Uvh rpm-4.11.3-25.el7.x86_64.rpm --nodeps
rpm -Uvh python-urlgrabber-3.10-8.el7.noarch.rpm --nodeps
# 重新安装Yum包
rpm -ivh yum-*

4.更新yum源

vim /etc/yum.repos.d/CentOS-Base.repo
# 内容:
#CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$7 - Base - 163.com
#mirrorlist=http://mirrorlist.centos.org/?release=$7&arch=$basearch&repo=os
baseurl=http://mirrors.163.com/centos/7/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7
 
#released updates
[updates]
name=CentOS-$7 - Updates - 163.com
#mirrorlist=http://mirrorlist.centos.org/?release=$7&arch=$basearch&repo=updates
baseurl=http://mirrors.163.com/centos/7/updates/$basearch/
gpgcheck=1
gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7
 
#additional packages that may be useful
[extras]
name=CentOS-$7 - Extras - 163.com
#mirrorlist=http://mirrorlist.centos.org/?release=$7&arch=$basearch&repo=extras
baseurl=http://mirrors.163.com/centos/7/extras/$basearch/
gpgcheck=1
gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7
 
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$7 - Plus - 163.com
baseurl=http://mirrors.163.com/centos/7/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7

• 清楚yum缓存

yum clean all

• 生成缓存

yum makecache

配置本地源[可选]

1.挂载光驱:

[root@bogon ~]# ls /dev/cd*
/dev/cdrom
[root@bogon ~]# echo '/dev/cdrom /rhel7/dvd/ iso9660 loop,ro 0 0' >> /etc/fstab 
[root@bogon ~]# mount -a

2.编辑repo文件

vim /etc/yum.repos.d/rhel-dvd.repo
#　复制以下内容
[base]
name=rhel7dvd
baseurl=file:///rhel7/dvd
gpgcheck=0
enabled=1
＃　测试yum源是否配置成功
yum makecache
# 出现读条则配置成功

安装Apache, PHP, MariaDB

1.安装Apache, MariaDB并启动服务, 设置开机自启动

yum install -y httpd mariadb mariadb-server

systemctl start httpd mariadb
systemctl enable httpd mariadb

4.配置MariaDB并为ownCloud添加用户和数据库

# mysql_secure_installation 

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
# 回车即可
Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

[root@localhost ~]# mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.56-MariaDB MariaDB Server

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database owncloud;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> create user 'oc_user'@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on owncloud.* to 'oc_user'@'localhost';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> Bye

5.安装php7.0, 参考
安装 epel 和 webtatic repository:

yum install epel-release
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

安装PHP7及其组件(未安装组件会导致500错误)

yum install php70w php70w-fpm php70w-opcache php70w-cli php70w-opcache php70w-xml php70w-mcrypt php70w-gd php70w-devel php70w-mysql php70w-intl php70w-mbstring -y
# 查看版本
php -v
PHP 7.0.27 (cli) (built: Jan 14 2018 09:00:22) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.0.27, Copyright (c) 1999-2017, by Zend Technologies

6.从官网下载最新版owncloud, 下载地址:

wget https://download.owncloud.org/community/owncloud-10.0.7.tar.bz2
tar xjvf owncloud-10.0.7.tar.bz2 -C /var/www/html/
# 赋予apache权限, 未赋予权限会导致403错误
chown -R apache.apache /var/www/html/

7.关闭selinux并测试

vim /etc/selinux/config
# 注释7及12行, 增加第13行
 1 
  2 # This file controls the state of SELinux on the system.
  3 # SELINUX= can take one of these three values:
  4 #     enforcing - SELinux security policy is enforced.
  5 #     permissive - SELinux prints warnings instead of enforcing.
  6 #     disabled - No SELinux policy is loaded.
  7 #SELINUX=enforcing
  8 # SELINUXTYPE= can take one of three two values:
  9 #     targeted - Targeted processes are protected,
 10 #     minimum - Modification of targeted policy. Only selected processes are protected. 
 11 #     mls - Multi Level Security protection.
 12 #SELINUXTYPE=targeted 
 13 SELINUX=disabled
 14
 #

使配置立即生效
setenforce 0

8.配置防火墙, 开启80端口
更改默认防火墙firewall为iptables
1.关闭firewall
systemctl stop firewalld.service # 停止firewall
systemctl disable firewalld.service # 禁止开机启动
2.安装iptables防火墙
yum install iptables-services.x86_64
编辑防火墙配置文件
vim /etc/sysconfig/iptables
在11行下添加

  1 # sample configuration for iptables service
  2 # you can edit this manually or use system-config-firewall
  3 # please do not ask us to add additional ports/services to this default configuration
  4 *filter
  5 :INPUT ACCEPT [0:0]
  6 :FORWARD ACCEPT [0:0]
  7 :OUTPUT ACCEPT [0:0]
  8 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  9 -A INPUT -p icmp -j ACCEPT
 10 -A INPUT -i lo -j ACCEPT
 11 -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

12 -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

13 -A INPUT -j REJECT --reject-with icmp-host-prohibited
14 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
15 COMMIT

重启服务生效
systemctl restart iptables.service
重启mariadb, Apache验证部署是否成功
systemctl restart mariadb httpd
首次登陆需要创建管理员账户密码, 并指定数据库
在账户下方指定Mariadb并输入:
账户: oc_user
密码: password
数据库: owncloud
地址: localhost:3306