c4rt1y

源码安装Lamp与配置大全

2017-09-05 Linux, apache, php, mysql

0x00.介绍

centos7搭建lamp源码安装环境,配置apache的401验证、重定向、禁止Http-User-Agent、日志分割、防盗链、权限设置和缓存配置,配置php优化和mysql优化

0x01.安装编译和基础文件

yum install gcc gcc-c++ zlib-devel pcre pcre-devel apr apr-devel -y ### 0x02.mysql
#2.1.下载mysql
wget http://syslab.comsenz.com/downloads/linux/mysql-5.1.40-linux-i686-icc-glibc23.tar.gz
#2.2.解压mysql
tar zxvf /usr/local/src/mysql-5.1.40-linux-i686-icc-glibc23.tar.gz
mv mysql-5.1.40-linux-i686-icc-glibc23 /usr/local/mysql
#2.3.添加mysql用户
useradd -s /sbin/nologin mysql
#2.4.添加目录,增加权限
cd /usr/local/mysql
mkdir -p /data/mysql
chown -R mysql:mysql /data/mysql
#2.5.编译运行
./scripts/mysql_install_db --user=mysql --datadir=/data/mysql
#2.6.拷贝文件
cp support-files/my-large.cnf /etc/my.cnf
cp support-files/mysql.server  /etc/init.d/mysqld
#2.7.启动文件增加执行权限
chmod 755 /etc/init.d/mysqld
#2.8.修改启动文件的mysql路径
vim /etc/init.d/mysqld
datadir=/data/mysql
#2.9.增加自启和启动mysql
chkconfig --add mysqld
chkconfig mysqld on
service mysqld start
#2.10.加入全局变量
vi /etc/profile
export PATH=$PATH:/usr/local/mysql/bin
#2.11.生效文件
source /etc/profile

0x03.httpd

#3.1.下载httpd
wget http://syslab.comsenz.com/downloads/linux/httpd-2.2.16.tar.gz
#3.2.解压httpd
tar zxf httpd-2.2.16.tar.gz
#3.3.运行编译安装
cd httpd-2.2.16
./configure --prefix=/usr/local/apache2 --with-included-apr --enable-so --enable-deflate=shared --enable-expires=shared --enable-rewrite=shared --with-pcre
make && make install

0x04.php

#4.1.下载php
wget http://am1.php.net/distributions/php-5.3.27.tar.gz
#4.2.解压php
tar zxf php-5.3.27.tar.gz
#4.3.运行编译安装
cd php-5.3.27
./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache2/bin/apxs --with-config-file-path=/usr/local/php/etc --with-mysql=/usr/local/mysql --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-bz2 --with-openssl --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-mbstring --enable-sockets --enable-exif --disable-ipv6
make && make install

0x05.整合

#5.1.设置httpd
vi /usr/local/apache2/conf/httpd.conf
#5.1.1.设置端口
ServerName localhost:80
#5.1.2.增加php解析
AddType application/x-httpd-php .php
#5.1.3.配置首页
DirectoryIndex index.html index.htm index.php
#5.1.4.允许http和https访问
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

#5.2.启动httpd
/usr/local/apache2/bin/apachectl start
#5.3.添加自启动
vi /etc/rc.local
/usr/local/apache2/bin/apachectl start

#5.4.配置文件查看
/usr/local/php/bin/php -i   查看编译选项
cat /usr/local/php/bin/php -m   查看编译模块
cat /usr/local/apache2/build/config.nice 查看编译选项
/usr/local/apache2/bin/apachectl -M    查看编译模块   
/usr/local/apache2/bin/httpd -M     查看编译模块
/usr/local/mysql/bin/mysqlbug | grep configure  #查看编译选项
/usr/local/nginx/sbin/nginx -V  #查看编译选项

###5.5.虚拟主机设置
#5.5.1.开启虚拟主机
vi /usr/local/apache2/conf/httpd.conf
Include conf/extra/httpd-vhosts.conf
#5.5.2.写入虚拟主机test.ocm
vi /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DoucmentRoot "/var/www/"
ServerName test.com
ServerAlias test.com
</VirtualHost>

<Directory /var/www/>
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
#5.5.3.重启httpd
/usr/local/apache2/bin/apachectl restart

#5.5.4.安装Dz
chown -R daemon config data uc_client/data uc_server/data
#5.5.5.本机设置hosts地址,然后进行访问,会发现OK

###5.6.apache 配置文件设置
vi /usr/local/apache2/conf/extra/httpd-vhosts.conf
#5.6.1.401验证
#对整个目录进行401验证
<Directory /var/www/>
    AuthOverride AuthConfig
    Auth Name "test"
    Auth Basic
    AuthUserFile /var/www/.htpasswd
    require valid-user
</Directory>

#对单文件进行401验证
方法一
<Filesmatch "admin.php">
    AuthOverride AuthConfig
    Auth Name "test"
    Auth Basic
    AuthUserFile /var/www/.htpasswd
    require valid-user
</Filesmatch>

/usr/local/apache2/bin/htpasswd -c /data/.htpasswd c4rt1y

方法二
<Directory "/var/www/admin.php"">
    AuthOverride AuthConfig
    Auth Name "test"
    Auth Basic
    AuthUserFile /var/www/.htpasswd
    require valid-user
</Directory>

方法三
<Files "/var/www/admin.php"">
    AuthOverride AuthConfig
    Auth Name "test"
    Auth Basic
    AuthUserFile /var/www/.htpasswd
    require valid-user
</Files>

#5.6.2.重定向
方法一
LoadModule rewrite_module modules/mod_rewrite.so
<IfModule mod_rewrite.c> 
    RewriteEngine on # 开启rewrite引擎
    RewriteCond %{HTTP_HOST} ^www.test.com$ [OR]   
    RewriteCond %{HTTP_HOST} ^test.com$        
    RewriteRule ^/(.*)$ http://www.c4rt1y.com/$1 [R=301,L] 
</IfModule>
#凡是打开test.com、www.test.com都会重定向到http://www.c4rt1y.com

方法二
无需开启rewrite
<If "(%{HTTP_HOST} == 'www.test.com') || (%{HTTP_HOST} == 'test.com') ">
    Redirect permanent / http://www.c4rt1y.com/
</If>
#如果是本地或者直接访问www.c4rt1y.com才允许访问
<ElseIf "!(%{HTTP_HOST} == 'www.c4rt1y.com') && !(%{HTTP_HOST} == 'localhost')">
        Require all denied
</ElseIf>

#5.6.3.禁止Http-User-Agent
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
方法一:使用mod_rewrite模块,并不推荐这个方法,除非你真的不懂其他方法了,不加[OR]默认是表示AND,只允许匹配Firefox、Too Bot/1.0的访问,其他的一律拒绝,i忽略大小写,可以用m##代替//
<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond expr "!(%{HTTP_USER_AGENT} =~ /Firefox/i)"  [NC]
    RewriteCond expr "!(%{HTTP_USER_AGENT} =~ m#Too Bot/1.0#i)"  [NC]
    RewriteRule  .*  -  [F]
</IfModule>

方法二:只允许匹配chrome,google的user_agent访问,其他的一律拒绝
<If "!(%{HTTP_USER_AGENT} =~ /google/i) && !(%{HTTP_USER_AGENT} =~ /chrome/i)">
    Require all denied
</If>

#5.6.4.日志记录
<IfModule log_config_module>
#自定义访问日志
LogFormat "%h %{X-FORWARDED-FOR}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" csr
#自定义错误日志
ErrorLogFormat "[%t] [%l] [pid %P] %F: %E: [client %a] %M"

SetEnvIf Request_URI ".*\.gif$" image-request
SetEnvIf Request_URI ".*\.jpg$" image-request
SetEnvIf Request_URI ".*\.png$" image-request
SetEnvIf Request_URI ".*\.bmp$" image-request
SetEnvIf Request_URI ".*\.swf$" image-request
SetEnvIf Request_URI ".*\.js$" image-request
SetEnvIf Request_URI ".*\.css$" image-request
SetEnvIf Request_URI ".*\.ico$" image-request

CustomLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache/logs/discuz_access_%Y%m%d.log 86400" combined env=!image-request

ErrorLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache/logs/discuz_error_%Y%m%d.log 86400"
</IfModule>

#5.6.5.防止盗链
SetEnvIfNoCase Referer "^http://www.test.com" local_ref
SetEnvIfNoCase Referer "^http://test.com" local_ref
<filesmatch "\.(mp3|mp4|zip|rar|jpg|gif|png|js|css|txt)"> 
    # 2.4版本以下的
    方法一:
    Order Deny,Allow 
    Allow from env=local_ref 

    方法二:
    Order Allow,Deny 
    Allow from env=local_ref
    Deny from !env=local_ref (可有可无)

    2.4版本以上,方法如下:
    Require all denied
    Require env local_ref
</filesmatch> 

#5.6.6.对某目录取消php执行权限
<Directory /var/www/upload>
php_flag engine off
</Directory>

#5.6.7.缓存
LoadModule expires_module modules/mod_expires.so

<IfModule mod_expires.c>
    ExpiresActive on
    ExpiresByType image/gif  "access plus 1 days"
    ExpiresByType image/jpeg "access plus 24 hours"
    ExpiresByType image/png "access plus 24 hours"
    ExpiresByType text/css "now plus 2 hour"
    ExpiresByType application/x-javascript "now plus 2 hours"
    ExpiresByType application/x-shockwave-flash "now plus 2 hours"
    ExpiresDefault "now plus 0 min"
</IfModule>

#5.6.8.php安全配置
vi /etc/php.ini
disable_functions=exec,passthru,popen,proc_open,shell_exec,system,phpinfo,assert,chroot,getcwd,scandir,delete,rmdir,rename,chgrp,chmod,chown,copy,mkdir,file

date.timezone = 'Asia/Chongqing'
display_error = off
log_errors = on
error_log = /path/logfile
error_reporting = E_ALL

配置open_basedir
方法一
vi /etc/php.ini
open_basedir=/dir1;/dir2

方法二
httpd.conf
php_admin_value open_basedir "/dir1;/dir2"

#5.6.9.php安装模块
#编译安装 libevent
wget wget http://www.monkey.org/~provos/libevent-1.4.12-stable.tar.gz 
tar zxvf libevent-1.4.12-stable.tar.gz 
cd libevent-1.4.12-stable
./configure --prefix=/usr/local/libevent
make && make install

#编译安装memcached
wget http://memcached.org/files/memcached-1.4.36.tar.gz
tar zxf memcached-1.4.36.tar.gz
cd memcached-1.4.36
./configure --prefix=/usr/local/memcached --with-libevent=/usr/local/libevent/
make && make install

#编译模块memcache
wget http://www.lishiming.net/data/attachment/forum/memcache-2.2.3.tgz
tar zxvf memcache-2.2.3.tgz
cd memcache-2.2.3
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --enable-memcache
make && make install

#增加memccache模块进入php环境
vi /usr/local/php/etc/php.ini
extension = "memcache.so"

#重启httpd

echo "<?php phpinfo();?>" > /var/www/test.php
curl 127.0.0.1/info.php |grep 'memcache'

#5.6.10.mysql优化
#5.6.10.1.编辑my.cnf文件
vi /etc/my.cnf
[mysqld]
skip-name-resolve
skip-innodb

#配置慢查询日志
log_show_queries = /var/log/mysql/slow_queries
log_query_time = 1    #大于1秒才输出的语句会写到上述文件中

#5.6.10.2.清空日志
rm -rf .mysql_history
ln -s /dev/null .mysql_history

#5.6.10.3 保证不乱码操作
mysqldump --default-character=gbk -uroot -p123456 discuz > discuz.sql
mysql --default-character=gbk -uroot -p123456  discuz < discuz.sql


#5.6.11 隐藏apache版本信息
vi /usr/local/apache2/conf/httpd.conf
ServerSignature Off
ServerTokens Prod
GoTop