PhpCms入门指引,linux环境搭建.doc

PhpCms入门指引:linux环境搭建_PHPCms教程一、系统约定 软件源代码包存放位置：/usr/local/src源码包编译安装位置(prefix)：/usr/local/software_name脚本以及维护程序存放位置：/usr/local/sbinMySQL 数据库位置：/var/lib/mysql（可按情况设置）Apache 网站根目录：/home/www/wwwroot（可按情况设置）Apache 虚拟主机日志根目录：/home/www/logs（可按情况设置）Apache 运行账户：www:www二、系统环境部署及调整 1. 检查系统是否正常# more /var/log/messages（检查有无系统级错误信息）# dmesg（检查硬件设备是否有错误信息）# ifconfig（检查网卡设置是否正确）# ping （检查网络是否正常） 2. 关闭不需要的服务# ntsysv以下仅列出需要启动的服务，未列出的服务一律推荐关闭：atdcrondirqbalancemicrocode_ctlnetworksendmailsshdsyslog3. 重新启动系统# init 64. 配置 vim# vi /root/.bashrc在 alias mv=mv -i 下面添加一行：alias vi=vim 保存退出。# echo syntax on /root/.vimrc5. 使用 yum 程序安装所需开发包（以下为标准的 RPM 包名称）# yum install ntp vim-enhanced gcc gcc-c gcc-g77 flex bison autoconf automake bzip2-devel ncurses-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel pam-devel kernel6. 定时校正服务器时钟，定时与中国国家授时中心授时服务器同步# crontab -e 加入一行： */30 * * * * ntpdate 47. 源码编译安装所需包 (Source) (1) GD2# cd /usr/local/src# tar xzvf gd-2.0.34.tar.gz# cd gd-2.0.34# ./configure -prefix=/usr/local/gd2# make# make install(2) LibXML2# cd /usr/local/src# tar xjvf libxml2-2.6.30.tar.bz2# cd libxml2-2.6.30# ./configure -prefix=/usr/local/libxml2# make# make install(3) LibMcrypt# cd /usr/local/src# tar xjvf libmcrypt-2.5.8.tar.bz2# cd libmcrypt-2.5.8# ./configure prefix=/usr/local/libmcrypt# make# make install(4) Apache日志截断程序# cd /usr/local/src# tar xzvf cronolog-1.7.0-beta.tar.gz# cd cronolog-1.7.0-beta# ./configure prefix=/usr/local/cronolog# make# make install8. 升级OpenSSL和OpenSSH# cd /usr/local/src# tar xzvf openssl-0.9.8e.tar.gz# cd openssl-0.9.8e# ./config -prefix=/usr/local/openssl# make# make test# make install# cd . # tar xzvf openssh-4.7p1.tar.gz# cd openssh-4.7p1# ./configure -prefix=/usr -with-pam -with-zlib -sysconfdir=/etc/ssh -with-ssl-dir=/usr/local/openssl -with-md5-passwords# make# make install（1）禁用 SSH V1 协议找到：#Protocol 2,1改为：Protocol 2（2）禁止root直接登录此处先建立一个普通系统用户：# useradd username# passwd username找到：#PermitRootLogin yes改为：PermitRootLogin no（3）禁用服务器端GSSAPI找到以下两行，并将它们注释：GSSAPIAuthentication yesGSSAPICleanupCredentials yes（4）禁用 DNS 名称解析找到：#UseDNS yes改为：UseDNS no（5）禁用客户端 GSSAPI# vi /etc/ssh/ssh_config找到：GSSAPIAuthentication yes将这行注释掉。最后，确认修改正确后重新启动 SSH 服务# service sshd restart# ssh -v确认 OpenSSH 以及 OpenSSL 版本正确。三、编译安装L.A.M.P环境 1. 下载软件# cd /usr/local/srchttpd-2.2.6.tar.bz2mysql-5.0.45-linux-i686-glibc23.tar.gzphp-5.2.4.tar.bz2ZendOptimizer-3.3.0-linux-glibc21-i386.tar.gz2. 安装MySQL# tar xzvf mysql-5.0.45-linux-i686-glibc23.tar.gz# mv mysql-5.0.45-linux-i686-glibc23 /usr/local/# ln -s /usr/local/ mysql-5.0.45-linux-i686-glibc23 /usr/local/mysql# useradd mysql# chown -R mysql:root /usr/local/mysql/# cd /usr/local/mysql# ./scripts/mysql_install_db -user=mysql# cp ./support-files/mysql.server /etc/rc.d/init.d/mysqld# chown root:root /etc/rc.d/init.d/mysqld# chmod 755 /etc/rc.d/init.d/mysqld# chkconfig -add mysqld# chkconfig -level 3 5 mysqld on# cp ./support-files/f /etc/f# mv /usr/local/mysql/data /var/lib/mysql# chown -R mysql:mysql /var/lib/mysql/# vi /etc/f 修改以下内容：(1) 在 mysql 段增加一行：default-character-set = gbk | latin1 | utf8 | big5(2) 在 mysqld 段增加或修改：datadir = /var/lib/mysql-skip-innodbdefault-character-set = gbk | latin1 | utf8 | big5-wait-timeout = 3 | 5 | 10max_connections = 256 | 384 | 512max_connect_errors = 10000000thread_concurrency = CPU个数2将 log-bin 注释# bin/mysqladmin -u root password password_for_root3. 编译安装Apache# cd /usr/local/src# tar xjvf httpd-2.2.6.tar.bz2# cd httpd-2.2.6# ./configure -prefix=/usr/local/apache2 -with-included-apr -enable-so -enable-deflate=shared -enable-expires=shared -enable-rewrite=shared -enable-static-support -disable-userdir# make# make install# echo /usr/local/apache2/bin/apachectl start /etc/rc.local4. 编译安装PHP# cd /usr/local/src# tar xjvf php-5.2.4.tar.bz2# cd php-5.2.4# ./configure -prefix=/usr/local/php -with-apxs2=/usr/local/apache2/bin/apxs -with-config-file-path=/usr/local/php/etc -with-mysql=/usr/local/mysql -with-libxml-dir=/usr/local/libxml2 -with-gd=/usr/local/gd2 -with-jpeg-dir -with-png-dir -with-bz2 -with-freetype-dir -with-iconv-dir -with-zlib-dir -with-openssl=/usr/local/openssl -with-mcrypt=/usr/local/libmcrypt -enable-soap -enable-gd-native-ttf -enable-ftp -enable-mbstring -enable-exif -disable-ipv6 -disable-cgi -disable-cli# make# make install# mkdir /usr/local/php/etc# cp php.ini-dist /usr/local/php/etc/php.ini5. 整合Apache与PHP# vi /usr/local/apache2/conf/httpd.conf找到：AddType application/x-gzip .gz .tgz在该行下面添加AddType application/x-httpd-php .php找到：DirectoryIndex index.html将该行改为DirectoryIndex index.html index.htm index.php找到：#Include conf/extra/httpd-mpm.conf#Include conf/extra/httpd-info.conf#Include conf/extra/httpd-vhosts.conf#Include conf/extra/httpd-default.conf去掉前面的“#”号，取消注释。注意：以上 4 个扩展配置文件中的设置请按照相关原则进行合理配置！ 修改完成后保存退出。# /usr/local/apache2/bin/apachectl restart6. 查看确认L.A.M.P环境信息、提升 PHP 安全性在网站根目录放置 phpinfo.php 脚本，检查phpinfo中的各项信息是否正确。确认 PHP 能够正常工作后，在 php.ini 中进行设置提升 PHP 安全性。# vi /etc/php.ini找到：disable_functions =设置为：phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server四、服务器安全性设置 1. 设置系统防火墙# vi /usr/local/sbin/fw.sh将以下脚本命令粘贴到 fw.sh 文件中。#!/bin/bash# Stop iptables service firstservice iptables stop# Load FTP Kernel modules/sbin/modprobe ip_conntrack_ftp/sbin/modprobe ip_nat_ftp# Inital chains default policy/sbin/iptables -F -t filter/sbin/iptables -P INPUT DROP/sbin/iptables -P OUTPUT ACCEPT# Enable Native Ne