本文共 9325 字,大约阅读时间需要 31 分钟。
LAMP
Linux + Apache(httpd) + MySQL + PHPMySQL的安装
wget [下载地址] 文件名类似这样:mysql-5.6.35-linux-glibc2.5-x86_64.tar.gztar zxvf 解压mv mysql-5.6.35-linux-glibc2.5-x86_64 /usr/local/mysql 移动目录并改名cd /usr/local/mysql 放置目录useradd mysqlmkdir /data/ 数据目录./scripts/mysql_install_db --user=mysql --datadir=/data/mysql 初始化vim /etc/my.cnf 编辑内容为:[mysqld]datadir=/data/mysqlsocket=/tmp/mysql.sockcp support-files/mysql.server /etc/init.d/mysqldvi /etc/init.d/mysqld定义basedir(/usr/local/mysql)和datadir(/data/mysql)/etc/init.d/mysqld startservice mysqld startMariadb的安装
cd /usr/local/src wget [下载地址] 文件名类似mariadb-10.2.6-linux-glibc_214-x86_64.tar.gztar zxvf mariadb-10.2.6-linux-glibc_214-x86_64.tar.gz 解压mv mariadb-10.2.6-linux-glibc_214-x86_64 /usr/local/mariadb 移动并改名cd /usr/local/mariadb./scripts/mysql_install_db --user=mysql --basedir=/usr/local/mariadb/ --datadir=/data/mariadb 初始化cp support-files/my-small.cnf /usr/local/mariadb/my.cnfcp support-files/mysql.server /etc/init.d/mariadbvim /etc/init.d/mariadb //定义basedir、datadir、conf以及启动参数/etc/init.d/mariadb startApache(httpd)的安装
wget wget wget apr和apr-util是一个通用的函数库,它让httpd可以不关心底层的操作系统平台,可以很方便地移植(从linux移植到windows)解压cd apr-1.6.3/./configure --prefix=/usr/local/apr!make && make install完成apr的安装cd /usr/local/src/apr-util-1.6.1./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/aprmake && make install完成apr-util的安装cd /usr/local/src/httpd-2.4.29./configure \ (反斜杠是脱义字符,加上它可以把一行命令写成多行)--prefix=/usr/local/apache2.4 \--with-apr=/usr/local/apr \--with-apr-util=/usr/local/apr-util \--enable-so \--enable-mods-shared=mostmake && make install完成Apache的安装PHP5的安装
wget tar -jxvf php-5.6.30.tar.gzcd php-5.6.30./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache2.4/bin/apxs --with-config-file-path=/usr/local/php/etc --with-mysql=/usr/local/mysql --with-pdo-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-bz2 --with-openssl --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-mbstring --enable-sockets --enable-exifmake && make installcp php.ini-production /usr/local/php/etc/php.iniPHP7的安装
wget tar -zxvf php-7.1.6.tar.bz2cd php-7.1.6./configure --prefix=/usr/local/php7 --with-apxs2=/usr/local/apache2.4/bin/apxs --with-config-file-path=/usr/local/php7/etc --with-pdo-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-bz2 --with-openssl --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-mbstring --enable-sockets --enable-exifmake && make installcp php.ini-production /usr/local/php7/etc/php.iniApache和PHP结合
vim /usr/local/apache2.4/conf/httpd.conf 编辑文件修改以下内容#ServerName www.example.com:80 将井号去掉LoadModule php7_module modules/libphp7.so 前面加上井号,注释掉,因为同时安装了php5和7,注释其中一个Require all denied 改为 Require all grantedAddType application/x-compress .Z AddType application/x-gzip .gz .tgz 下增加一行AddType application/x-httpd-php .php/usr/local/apache2.4/bin/apachectl -t 测试配置文件的语法/usr/local/apache2.4/bin/apachectl graceful 重新加载配置Apache默认虚拟主机
vim /usr/local/apache2/conf/httpd.conf //搜索httpd-vhost,去掉#vim /usr/local/apache2/conf/extra/httpd-vhosts.conf //改为如下<VirtualHost :80>ServerAdmin admin@aminglinux.comDocumentRoot "/data/wwwroot/aming.com"ServerName aming.comServerAlias www.aming.comErrorLog "logs/aming.com-error_log"CustomLog "logs/aming.com-access_log" common</VirtualHost><VirtualHost :80>DocumentRoot "/data/wwwroot/www.123.com"ServerName www.123.com</VirtualHost>域名跳转
需求,把123.com域名跳转到www.123.com,配置如下:<VirtualHost :80>DocumentRoot "/data/wwwroot/www.123.com"ServerName www.123.comServerAlias 123.com<IfModule mod_rewrite.c> //需要mod_rewrite模块支持RewriteEngine on //打开rewrite功能RewriteCond %{HTTP_HOST} !^www.123.com$ //定义rewrite的条件,主机名(域名)不是www.123.com,满足条件RewriteRule ^/(.\)$ [R=301,L] //定义rewrite规则,当满足上面的条件时,这条规则才会执行 301指永久跳转</IfModule></VirtualHost> /usr/local/apache2/bin/apachectl -M|grep -i rewrite //若无该模块,需要编辑配置文件httpd.conf,删除rewrite_module (shared) 前面的#访问日志
/usr/local/apache2.4/logs/ 日志文件所在目录vim /usr/local/apache2.4/conf/httpd.conf //搜索LogFormat 可以编辑日志格式LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined user-agent 用户代理(如浏览器) referer 访问的上一网址(如通过超链接点进来,则显示超链接所在网址;直接输网址进入不显示)LogFormat "%h %l %u %t \"%r\" %>s %b" common 把虚拟主机配置文件改成如下: <VirtualHost :80>DocumentRoot "/data/wwwroot/www.123.com"ServerName www.123.comServerAlias 123.comCustomLog "logs/123.com-access_log" combined</VirtualHost>网站大多元素为静态文件,如图片、css、js等,这些元素可以不用记录 把虚拟主机配置文件改成如下: <VirtualHost :80>DocumentRoot "/data/wwwroot/www.123.com"ServerName www.123.comServerAlias 123.comSetEnvIf Request_URI ".*\.gif$" imgSetEnvIf Request_URI ".*\.jpg$" imgSetEnvIf Request_URI ".*\.png$" imgSetEnvIf Request_URI ".*\.bmp$" imgSetEnvIf Request_URI ".*\.swf$" imgSetEnvIf Request_URI ".*\.js$" imgSetEnvIf Request_URI ".*\.css$" img CustomLog "logs/123.com-access_log" combined env=!img</VirtualHost>日志切割 把虚拟主机配置文件改成如下: <VirtualHost :80>DocumentRoot "/data/wwwroot/www.123.com"ServerName www.123.comServerAlias 123.comSetEnvIf Request_URI ".*\.gif$" imgSetEnvIf Request_URI ".*\.jpg$" imgSetEnvIf Request_URI ".*\.png$" imgSetEnvIf Request_URI ".*\.bmp$" imgSetEnvIf Request_URI ".*\.swf$" imgSetEnvIf Request_URI ".*\.js$" imgSetEnvIf Request_URI ".\\.css$" img CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.log 86400" combined env=!img // -l 以系统时间为准 86400 一天有86400秒,意即以一天切割</VirtualHost>浏览器访问网站的图片时会把静态的文件缓存在本地电脑里,这样下次再访问时就不用去远程下载了增加配置<IfModule mod_expires.c>ExpiresActive on //打开该功能的开关ExpiresByType image/gif "access plus 1 days"ExpiresByType image/jpeg "access plus 24 hours"ExpiresByType image/png "access plus 24 hours"ExpiresByType text/css "now plus 2 hour"ExpiresByType application/x-javascript "now plus 2 hours"ExpiresByType application/javascript "now plus 2 hours"ExpiresByType application/x-shockwave-flash "now plus 2 hours"ExpiresDefault "now plus 0 min" 其余文件不需要缓存</IfModule>需要在配置文件中打开expires_module配置防盗链
从第三方引用网址,资源不是自己的,但是借用超链接取得资源点通过限制referer来实现防盗链的功能配置文件增加如下内容<Directory /data/wwwroot/www.123.com> 被保护站点SetEnvIfNoCase Referer "" local_ref 白名单SetEnvIfNoCase Referer "" local_ref 白名单SetEnvIfNoCase Referer "^$" local_ref 白名单,直接输入网址的形式<filesmatch ".(txt|doc|mp3|zip|rar|jpg|gif)">Order Allow,DenyAllow from env=local_ref</filesmatch></Directory>curl -e "" 指定referer访问访问控制
<Directory /data/wwwroot/www.123.com/admin/>Order deny,allow //先执行下面的deny语句,再执行allow,allow的效果刷新,即除127.0.0.1外不允许访问。若顺序改变,则都不允许访问Deny from allAllow from 127.0.0.1</Directory><Directory /data/wwwroot/www.123.com>
<FilesMatch "admin.php(.*)">Order deny,allowDeny from allAllow from 127.0.0.1</FilesMatch></Directory><Directory /data/wwwroot/www.123.com/upload>
php_admin_flag engine off // 禁止解析php</Directory><IfModule mod_rewrite.c>RewriteEngine onRewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR] //OR表示跟下一个条件选择关系(或者) NC表不区分大小写RewriteCond %{HTTP_USER_AGENT} .*baidu.com.* [NC]RewriteRule .* - [F]</IfModule>PHP配置
/usr/local/php/bin/php -i|grep -i "loaded configuration file" 运行结果,可以查到php的配置文件,命令结果:Loaded Configuration File => /usr/local/php/etc/php.inivim /usr/local/php/etc/php.ini找到disable_functions = 在后面加上eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close,表示这些函数被禁用display_errors 表示错误会显示出来log_errors 错误日志是否开启error_log 错误日志文件及位置error_reporting 记录错误日志等级open_basedir 防止被黑,隔离目录用,后跟被隔离目录也可以在虚拟主机的配置文件里加上php_admin_value open_basedir "[目录名]"转载于:https://blog.51cto.com/13582610/2089862