安装Mariadb
- 添加rpm
sudo vi /etc/yum.repos.d/MariaDB.repo
MariaDb.repo内容
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey = https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck = 1
- 更新yum
sudo yum update - 安装
sudo yum install MariaDB-server MariaDB-client - 设置开机启动
sudo systemctl enable mariadb - 启动
sudo systemctl start mariadb - 初始化设定
sudo mysql_secure_installation
输入root用户密码(默认为空)
Enter current password for root (enter for none):
是否设置root用户密码(默认为yes)
Set root password? [Y/n]
移除默认匿名账户(默认为yes),该账户可以不用密码登录数据库
Remove anonymous users? [Y/n]
禁止root用户远程登录(默认为yes)
Disallow root login remotely? [Y/n]
移除test数据库及相关权限(默认为yes)
Remove test database and access to it? [Y/n]
重新加载权限表(默认为yes)
Reload privilege tables now? [Y/n]
安装nginx
- 添加rpm
sudo vi /etc/yum.repos.d/nginx.repo
nginx.repo内容
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
- 更新yum
sudo yum update - 安装
sudo yum install nginx - 设置开机启动
sudo systemctl enable nginx - 启动
sudo systemctl start nginx
安装PHP
- rpm方式添加EPEL源和remi源
sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-7.rpm
- 更新yum
sudo yum update - 更改PHP默认使用的repo为remi的(需要7.0版本把php71改为php70)
sudo yum-config-manager --enable remi-php71 - 安装
sudo yum install php-fpm - 安装mysql扩展
sudo yum install php-mysql - 设置开机启动
sudo systemctl enable php-fpm - 启动
sudo systemctl start php-fpm
配置
-
配置PHP
-
打开配置文件
sudo vi /etc/php.ini -
修改时区
date.timezone = "Asia/Shanghai"可以使用tzselect命令查看时区值
-
找到cgi.fix_pathinfo项,将值改为0
cgi.fix_pathinfo=0如果这个数字保持为1,php解释器将尽力处理尽可能接近所请求的文件的文件。 这是一个可能的安全风险。 如果此数字设置为0,相反,解释器将只处理确切的文件路径,一个更安全的选择。
同时还因为与nginx配合使用有漏洞,解释可参考http://xiumu.blog.51cto.com/311602/1722974 -
打开php-fpm配置文件
sudo vi /etc/php-fpm.d/www.conf
修改运行用户和组为nginx
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx修改监听地址为socket套接字 ```listen = /var/run/php-fpm/php7-fpm.sock``` 修改监听的套接字权限listen.owner = nginx
listen.group = nginx
listen.mode = 0660 -
-
配置nginx
- 打开配置文件
sudo vi /etc/nginx/conf.d/default.conf- 在index添加index.php
- 修改server_name
- 修改网站根目录root
- 取消"location ~ .php$ {"开头部分的注释
- 更改fastcgi_param行以帮助PHP解释器找到我们存储在文档根目录中的PHP脚本
- 更改fastcgi_pass行为PHP监听地址
修改完后的配置文件如下所示:
- 打开配置文件
server {
listen 80;
server_name example.com;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
root /var/www;
index index.php index.html index.htm;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php7-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
- 重启php-fpm和nginx
sudo systemctl restart php-fpm
sudo systemctl restart nginx
可能遇到的问题
- 日志文件时间不对
修改时区
sudo cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime - 403 Forbidden
- 网站目录权限
- 网站目录所属用户是否和nginx运行用户一致
- 关闭SELinux
修改/etc/selinux/config 文件 将SELINUX=enforcing改为SELINUX=disabled 重启机器
网友评论