LAMP Configuration Anti-theft Chain Access Control Directory FilesMatch prohibits PHP from parsing PHP-related configuration PHP extension module installation

1. Configuration of anti-theft chain

To prevent people from using the function of file upload, put some static media resources on our website, and then set up the links of these resources on their website to our website. When users of their website visit these resources, they will jump to our server, resulting in an abnormal increase in the bandwidth traffic of our server. In order to prevent this from happening, we use apache server access control to implement anti-theft chain function

Open Virtual Host Profile

vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

Configuration files to be added

<Directory /data/wwwroot/111.com>  //Used to define which directory to act on and configure the anti-theft chain is to define the site.
SetEnvIfNoCase Referer "http://www.111.com" local_ref   //Specify referer whitelist
SetEnvIfNoCase Referer "http://111.com" local_ref   //Specify referer whitelist
SetEnvIfNoCase Referer "^$" local_ref   //Empty referer s can also be accessed
<FilesMatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">   //Using file matching access control, f and m in filesmatch can be capitalized and lowercase.
Order Allow,Deny    //Access control order, first allow and then reject.
Allow from env=local_ref   //Only referer s on the whitelist can access the 111.com directory.
</FilesMatch>
</Directory>

Change the configuration file and comment out the empty Referer page as a white list: Change to # SetEnvIfNoCase Referer "^$" local_ref
Check the configuration file for syntax errors and reload the configuration file

[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl graceful

curl test
Curl-e format: curl-e "http://"

curl -e "http://www.aminglinux.com/123.html "Custom referer

2. Access Control Directory

The company's internal website can be set up access control, specify the source IP to be able to access.

Core profile content

<Directory /data/wwwroot/111.com/admin/>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Directory>

Open Virtual Host Profile

vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

Order, used to define order, deny first or allow
If you deny first, you execute deny first
If allow first, execute allow first

Specific characteristics:

Whether the IP matches or not, it will be executed from beginning to end.

Place the code on the anti-theft chain code to prevent conflicts
 <Directory/data/wwroot/111.com>// Specify the directory of the website that needs access control
 Order deny,allow // access control order, all are rejected first, and then the specified ip is allowed. Unlike iptables, all rules can be enforced.
Deny from all // Deny all source IPS
 Allow from 127.0.0.1// specify the source ip allowed to access (the specified network segment can also be 192.168.0.0/24)
</Directory>

Create an admin directory and create a new index.php file, 121212

[root@aminglinux 111.com]# mkdir admin
[root@aminglinux 111.com]# cd admin/
[root@aminglinux admin]# touch index.php
[root@aminglinux admin]# echo "121212">index.php
[root@aminglinux admin]# cat index.php
121212

Check the configuration file for syntax errors and reload the configuration file

[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl graceful

Restricted original IP: curl-x127.0.0.1:80 111.com/admin/index.php -I

127.0.0.1 is the target IP, and the IP to be accessed also needs to use 127.0.0.1 to access, and ultimately the target IP and the original IP are the same IP, communicate with themselves, and restrict IP to be the original IP.
-x specifies the destination IP

[root@aminglinux admin]# curl -x127.0.0.1:80 111.com/admin/index.php -I
HTTP/1.1 200 OK
Date: Sat, 30 Jun 2018 03:30:13 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Cache-Control: max-age=0
Expires: Sat, 30 Jun 2018 03:30:13 GMT
Content-Type: text/html; charset=UTF-8

curl test status code 403 is restricted access;

Change IP test:

[root@aminglinux admin]# curl -x192.168.222.110:80 111.com/admin/index.php -I
HTTP/1.1 403 Forbidden
Date: Sat, 30 Jun 2018 03:34:11 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1

Access control is done in the form of directories, which first specifies where a directory accesses (directories must use absolute paths), and then Oerder, which controls the source IP.

3. Access Control FilesMatch

Access control, in addition to directory form, or file name to match (or link)

Core profile content

<Directory /data/wwwroot/www.123.com>
    <FilesMatch "admin.php(.*)">
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
    </FilesMatch>
</Directory>

Open Virtual Host Profile

vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

First define a Directory, then define a FilesMatch below

<FilesMatch "admin.php(.*)">   //Specify pages that need access control
Order deny,allow     //The order of access control, first all are rejected, and then the specified ip is allowed
Deny from all          // Reject all source IPS
Allow from 127.0.0.1  //Specify the source ip that allows access (the specified segment can also be 192.168.0.0/24)
</FilesMatch>

Check the configuration file for syntax errors and reload the configuration file

[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl graceful

test

There's nothing right here. admin The directory does any restrictions. FilesMatch This does not match, no control statement is encountered, so access is404
[root@aminglinux admin]# curl -x192.168.222.110:80 111.com/admin/fasdfasdf -I
HTTP/1.1 404 Not Found
Date: Sat, 30 Jun 2018 04:08:20 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1

//Special symbols need to be enclosed in single quotation marks
[root@aminglinux admin]# curl -x192.168.222.110:80 'http://111.com/admin.php?fasdfasdf' -I
HTTP/1.1 403 Forbidden
Date: Sat, 30 Jun 2018 04:09:13 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1

[root@aminglinux admin]# curl -x127.0.0.1:80 'http://111.com/admin.php?fasdfasdf' -I
HTTP/1.1 404 Not Found
Date: Sat, 30 Jun 2018 04:09:28 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1

Summary: Directory and FilesMatch function is the same, but sometimes just want to control an access link, then to control the directory is not appropriate, FilesMatch can meet some more personalized needs.

4. Prohibit php parsing

It can be used to optimize the static file directory or writable directory. It can avoid malicious attacks and improve security by restricting parsing/access rights.

Edit the virtual host configuration file:

vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

 <Directory /data/wwwroot/111.com/upload>
         ##Forbid parsing all PHPs in upload directory
        php_admin_flag engine off        //Prohibit parsing php
        <FilesMatch (.*)\.php(.*)>        //Now all access to php here will be 403
        ##Here, use
        Order allow,deny                //If you don't do this deny, you will have direct access to the source code, which is not very good.
        Deny from all
        </FilesMatch>

Check the configuration file for syntax errors and reload the configuration file

[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl graceful

Create upload directory, create new php files

[root@aminglinux 111.com]# mkdir upload
[root@aminglinux 111.com]# cp 123.php upload/
[root@aminglinux 111.com]# ls upload/
123.php

test

[root@aminglinux 111.com]# curl -x127.0.0.1:80 '111.com/upload/123.php' -I
HTTP/1.1 403 Forbidden
Date: Sat, 30 Jun 2018 11:39:46 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1

Prohibiting php parsing is actually for the sake of server security, especially for writable directories
Writable directories, generally do not need to parse php, this need to bear in mind, general static file storage directories are not allowed to parse PHP

5. Restrict user_agent

user_agent can be understood as a browser identifier that limits its ability to prevent CC attacks (using software or broiler)

configuration file

<IfModule mod_rewrite.c>  
  ReWriteEngin on    
  ReWriteCond  %{HTTP_USER_AGENT} .*curl+[NC,OR]  
  ReWriteCond  %{HTTP_USER_AGENT} .*baidu.com.* [NC]   
  ReWriteRule .* -[F]   
</IfModule>

Edit the virtual host configuration file:

vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<IfModule mod_rewrite.c>  //Using rewrite Module
  ReWriteEngin on    //Open module
  ReWriteCond  %{HTTP_USER_AGENT} .*curl+[NC,OR]  //Definition condition [NC] ignores case, [OR] two conditions or matches
  ReWriteCond  %{HTTP_USER_AGENT} .*baidu.com.* [NC]   //Definition condition
  ReWriteRule .* -[F]   //Defining rules, [F] is prohibited.
</IfModule>

Check the configuration file for syntax errors and reload the configuration file

[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl graceful

Verification: [root@aminglinux] 111.com]# curl -A "abcde" -x127.0.0.1:80 '111.com/123.php'

curl command

curl command is a file transfer tool that uses URL rules to work on the command line

- A, specify user-agent, set up user agent to send to server
- e, specify referer, which is the source address
- I, just look at its status code
- x, using HTTP proxy on specified ports

6. PHP-related configuration

View the location of the php configuration file

/usr/local/php/bin/php -i|grep -i "loaded configuration file"
date.timezone
disable_functions eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close
error_log, log_errors, display_errors, error_reporting
open_basedir
php_admin_value open_basedir "/data/wwwroot/111.com:/tmp/"

View the location of the php configuration file

Visit phpinfo to find the path of the configuration file through the browser
You can also use / usr/local/php/bin/php -i |grep -i "loaded configuration file" to find his path; but in some cases, "php -i" is not correct, because Apache is a module that calls php, and "php -i" is only a program of php, which may or may not be related to libphp5.so
Sometimes the php.ini is changed and the service is restarted, but the configuration is still not valid; because the configuration file found by using "php-i" is not the same as that found by php.ini on the web. If you want to find the php.ini configuration file accurately, create a PHP file of phpinfo under the corresponding site directory, open it on the web, and find it on phpinfo, that is. The most accurate

[root@aminglinux 111.com]# cd /usr/local/src/php-7.1.6/
[root@aminglinux php-7.1.6]# cp php.ini-development /usr/local/php7/etc/php.ini
[root@aminglinux php-7.1.6]# /usr/local/apache2.4/bin/apachectl graceful

Setting up PHP files

Open the PHP file and disable some dangerous functions

[root@aminglinux php-7.1.6]# vim /usr/local/php7/etc/php.ini

//Search /disable
//staydisable_functions =Then disable some dangerous functions

disable_functions = eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close,phpinfo

Reload configuration file

root@aminglinux php-7.1.6]# /usr/local/apache2.4/bin/apachectl graceful

Open the php configuration file

Define date.timezone time zone. If not, sometimes there will be some alarm information display_errors = On (On display, Off does not display), which means that the wrong information will be displayed directly on the browser, which will expose the directory, so change to display_errors = Off here.

[root@aminglinux php-7.1.6]# vim /usr/local/php7/etc/php.ini
 Search / timezone
 Define the time zone in date.timezone
 Need to be deleted; semicolon
date.timezone = Asia/Shanghai

Search/display
 Need to be deleted; semicolon
 Change display_errors = On to display_errors = Off

Check the configuration file for syntax errors and reload the configuration file

[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl graceful

When you visit 111.com/index.php with a browser, you will see a white page, because display_errors=Off

Configuration error log

Open the configuration file vim/usr/local/php7/etc/php.ini
Define error log_errors = On - > on to indicate open
Define the error log file path error_log=/tmp/php_errors.log
Error_report = E_ALL defines the level of the log, which by default is ALL, indicating that all errors are recorded, which is the least rigorous.
In production environment, use; E_ALL &~E_NOTICE (Show all errors, except for notices)

Search / log_errors to open the error log file
log_errors = On

Search / error_log to define the error log file in the tmp directory
 Need to be deleted; semicolon
error_log = /tmp/php_errors.log

Check the configuration file for syntax errors and reload the configuration file

[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl graceful

Once again, you will see that php_errors.log is generated in the tmp directory.

[root@aminglinux php-7.1.6]# curl -A "a" -x127.0.0.1:80 http://111.com/index.php
[root@aminglinux php-7.1.6]# ls /tmp/
mysql.sock      systemd-private-84395be6ac6e40bfad6b9456aa2e32d3-chronyd.service-kz6jjS
pear            systemd-private-84395be6ac6e40bfad6b9456aa2e32d3-vgauthd.service-pM2iTz
php_errors.log  systemd-private-84395be6ac6e40bfad6b9456aa2e32d3-vmtoolsd.service-cXzXg9
[root@aminglinux php-7.1.6]#

Looking at the php_errors.log file, you can see that the main subgroup of the genus is daemon [root@aminglinux php-7.1.6] # ll/tmp/php_errors.log-rw-r--r -- 1 daemon daemon 282 July 1:16/tmp/php_errors.
daemon is actually the owner of httpd, and the php_errors.log file is generated as httpd.

[root@aminglinux php-7.1.6]# ps aux |grep httpd
root      1422  0.0  1.4 257488 14356 ?        Ss   6month30   0:05 /usr/local/apache2.4/bin/httpd -k start
daemon    3629  0.0  1.7 611964 17484 ?        Sl   01:16   0:00 /usr/local/apache2.4/bin/httpd -k start
daemon    3630  0.0  1.3 544316 13176 ?        Sl   01:16   0:00 /usr/local/apache2.4/bin/httpd -k start
daemon    3631  0.0  1.5 611964 15488 ?        Sl   01:16   0:00 /usr/local/apache2.4/bin/httpd -k start
root      3725  0.0  0.0 112720   984 pts/0    S+   01:20   0:00 grep --color=auto httpd
[root@aminglinux php-7.1.6]#

Sometimes, an error log is defined, but the error log is never generated, so you need to check the directory where the error log is defined to see if httpd has write permission.
The safest way is to create an error log file in your directory and then grant it 777 permissions so that you don't have to worry about whether the file httpd has write permissions.

[root@aminglinux php-7.1.6]# grep error_log /usr/local/php7/etc/php.ini 
; server-specific log, STDERR, or a location specified by the error_log
; Set maximum length of log_errors. In error_log information about the source is
error_log = /tmp/php_errors.log
;error_log = syslog
; OPcache error_log file name. Empty string assumes "stderr".
;opcache.error_log=

[root@aminglinux php-7.1.6]# touch /tmp/php_errors.log ; chmod 777 /tmp/php_errors.log 

- You can create it first./tmp/php_errors.logDocuments are then given chmod 777Jurisdiction

View File Log

[root@aminglinux php-7.1.6]# cat /tmp/php_errors.log //It will tell you that this function has been disabled for security reasons.
[30-Jun-2018 17:16:27 UTC] PHP Warning:  phpinfo() has been disabled for security reasons in /usr/local/apache2.4/htdocs/index.php on line 2
[30-Jun-2018 17:16:32 UTC] PHP Warning:  phpinfo() has been disabled for security reasons in /usr/local/apache2.4/htdocs/index.php on line 2

Safety-related parameters

On a server, there are many websites running. If there is a server with a problem in the code, the site is attacked by hackers, and the hackers get the right. Hackers will certainly continue to infiltrate the right. If they continue to infiltrate the right, they will probably infiltrate other websites, and at the same time lead to other sites being blackened.
open_basedir, which is a security option, restricts not to be on duty
The content of php.ini file is the configuration for all virtual hosts!!!
Open the configuration file vim/usr/local/php7/etc/php.ini

[root@aminglinux php-7.1.6]# vim /usr/local/php7/etc/php.ini
 Search / open_basedir and delete it;
open_basedir = /data/wwwroot/111.com:/tmp

Check the configuration file for syntax errors and reload the configuration file

[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl graceful

Visit again and it will show normal

If there are more than N sites running on the server, what should be done to limit it?
These sites should be open_basedir for sites, but php.ini is not, because php.ini is for all sites.
But we can set it in the virtual host configuration file and / usr / local / apache 2.4 / conf / extra / httpd-vhosts.conf in the apache virtual host configuration file.
Here you can restrict different open_basedi for different virtual hosts

[root@aminglinux php-7.1.6]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
php_admin_value open_basedir "/data/wwwroot/111.com:/tmp/" Add to open_basedir

Check the configuration file for syntax errors and reload the configuration file

[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@aminglinux ~]# /usr/local/apache2.4/bin/apachectl graceful

7. PHP Extension Module Installation

/usr/local/php/bin/php-m//view module
Install a redis module below
cd /usr/local/src/
wget https://codeload.github.com/phpredis/phpredis/zip/develop
mv develop phpredis-develop.zip
unzip phpredis-develop.zip
cd phpredis-develop
/usr/local/php/bin/phpize//Generate configure file
./configure --with-php-config=/usr/local/php/bin/php-config
make && make install
/ usr/local/php/bin/php -i |grep extension_dir // / View the directory of the extension module. We can customize this path in php.ini
vim /usr/local/php/etc/php.ini // / Add a line configuration (you can put it on the last line of the file)
extension = redis.so

When php is installed and compiled, it is found that there is a missing module, but it can not recompile php module, so use extended module to compile

View module
Download redis packages: redis modules, commonly used as caches in lamp

[root@aminglinux php-7.1.6]# cd /usr/local/src
[root@aminglinux src]# wget https://codeload.github.com/phpredis/phpredis/zip/develop
--2018-07-01 01:57:20--  https://codeload.github.com/phpredis/phpredis/zip/develop
 Host codeload.github.com (codeload.github.com)... 13.229.189.0, 13.250.162.133, 54.251.140.56
 Connecting codeload.github.com (codeload.github.com)|13.229.189.0|:443... is connected.
HTTP request has been issued, waiting for response... 200 OK
 Length: Not specified [application/zip]
Save to "develop"

    [<=>] 239,183 16.8KB/s takes 13s    

2018-07-01:57:37 (17.9 KB/s) - "develop" has been saved [239183]

[root@aminglinux src]#

Change the package name

[root@aminglinux src]# mv develop phpredis-develop.zip
[root@aminglinux src]# ls
apr-1.6.3               httpd-2.4.29.tar.gz                           php-7.1.6
apr-1.6.3.tar.gz        mariadb-10.2.6-linux-glibc_214-x86_64.tar.gz  php-7.1.6.tar.bz2
apr-util-1.6.1          mysql-5.6.35-linux-glibc2.5-x86_64.tar.gz     phpredis-develop.zip
apr-util-1.6.1.tar.bz2  php-5.6.30
httpd-2.4.29            php-5.6.30.tar.gz

Unzip and view the unzipped package

[root@aminglinux src]# unzip phpredis-develop.zip
root@aminglinux src]# ls
apr-1.6.3               httpd-2.4.29.tar.gz                           php-7.1.6
apr-1.6.3.tar.gz        mariadb-10.2.6-linux-glibc_214-x86_64.tar.gz  php-7.1.6.tar.bz2
apr-util-1.6.1          mysql-5.6.35-linux-glibc2.5-x86_64.tar.gz     phpredis-develop
apr-util-1.6.1.tar.bz2  php-5.6.30                                    phpredis-develop.zip
httpd-2.4.29            php-5.6.30.tar.gz

Switch to the phpredis-develop ment package

[root@aminglinux src]# cd phpredis-develop/
[root@aminglinux phpredis-develop]#

There are some special compilation methods, which need to do phpize operation first. The purpose is to generate the configure file - > because to compile a source package, you must have configure first, otherwise you can not configure it.

[root@aminglinux phpredis-develop]# /usr/local/php7/bin/phpize//Generate configure file
Configuring for:
PHP Api Version:         20160303
Zend Module Api No:      20160303
Zend Extension Api No:   320160303
Cannot find autoconf. Please check your autoconf installation and the
$PHP_AUTOCONF environment variable. Then, rerun this script.

Error reporting: lack of autoconf package
Solution: Yum install-y Autoconf

[root@aminglinux phpredis-develop]# yum install -y autoconf

Then go ahead and generate the configure file

[root@aminglinux phpredis-develop]# /usr/local/php7/bin/phpize
Configuring for:
PHP Api Version:         20160303
Zend Module Api No:      20160303
Zend Extension Api No:   320160303

Then go ahead and configure. / configure --with-php-config=/usr/local/php7/bin/php-config

[root@aminglinux phpredis-develop]#./configure --with-php-config=/usr/local/php7/bin/php-config

Make and then make install

[root@aminglinux phpredis-develop]#make
[root@aminglinux phpredis-develop]#make install
Installing shared extensions:     /usr/local/php7/lib/php/extensions/no-debug-zts-20160303/

Look at ls, and you'll see that it's generated. redis.so Document is the extension module we need.

[root@aminglinux phpredis-develop]# ls /usr/local/php7/lib/php/extensions/no-debug-zts-20160303/opcache.so  redis.so

Now php still does not support redis module, you can look at grep, you can see that there is no redis module
So you need to configure it, load the redis module, and edit the configuration file.
Before configuring files, go to the Extension Module Storage Directory
/ usr / local / php7 / bin / php-i | grep extension_dir // / View the directory of the extension module, we can customize the path in php.ini
All extension modules will default to / usr/local/php7/lib/php/extensions/no-debug-zts-20160303

[root@aminglinux phpredis-develop]# /usr/local/php7/bin/php -m |grep redis
[root@aminglinux phpredis-develop]# /usr/local/php7/bin/php -i |grep extension_dir
extension_dir => /usr/local/php7/lib/php/extensions/no-debug-zts-20160303 => /usr/local/php7/lib/php/extensions/no-debug-zts-20160303
sqlite3.extension_dir => no value => no value

Edit php.ini file to add a line configuration

[root@aminglinux phpredis-develop]# vim /usr/local/php7/etc/php.ini
 You can put the configuration line at the end of the file, or search / extend it to the relevant bottom.
extension = redis.so

Check to see if there is a redis module, and you'll see that it's loaded

[root@aminglinux phpredis-develop]# /usr/local/php7/bin/php -m |grep redis
redis

Another way to quickly install redis.so module/usr/local/php7/bin/pecl install redis

[root@aminglinux phpredis-develop]# /usr/local/php7/bin/pecl install redis

If you want to compile a module, and it comes with the source package directory / usr/local/src/php-7.1.6/ext, you can complete the expansion module by following steps

Execute / usr/local/php7/bin/phpize in the directory of the extension module you need to add to generate a configuration file
Execute. / configure - with-php-config=/usr/local/php7/bin/php-config configuration php-config file
Start compiling make
Move to directory make install after compilation
Modify the configuration file vim/usr/local/php7/etc/php.ini, New extension=xxxxxxx.so Expansion module

ON EXTENSION PLATE

There is no third-party module package in the PHP source package, but there are many extension modules in the / ext / directory of the PHP source package. If the required extension modules are in the directory, they can be installed directly.
Install modules in source packages. In php source packages, there is an ext directory with many modules in it.

[root@aminglinux phpredis-develop]# cd /usr/local/src/php-7.1.6/ext/
[root@aminglinux ext]# ls
bcmath      ext_skel            interbase  opcache       pdo_sqlite  skeleton  tokenizer
bz2         ext_skel_win32.php  intl       openssl       pgsql       snmp      wddx
calendar    fileinfo            json       pcntl         phar        soap      xml
com_dotnet  filter              ldap       pcre          posix       sockets   xmlreader
ctype       ftp                 libxml     pdo           pspell      spl       xmlrpc
curl        gd                  mbstring   pdo_dblib     readline    sqlite3   xmlwriter
date        gettext             mcrypt     pdo_firebird  recode      standard  xsl
dba         gmp                 mysqli     pdo_mysql     reflection  sysvmsg   zip
dom         hash                mysqlnd    pdo_oci       session     sysvsem   zlib
enchant     iconv               oci8       pdo_odbc      shmop       sysvshm
exif        imap

Adding zip extension module

Compile the zip module into the zip directory and view it

[root@aminglinux ext]# /usr/local/php7/bin/php -m |grep zip
[root@aminglinux ext]# cd zip/
[root@aminglinux zip]# ls
config.m4   CREDITS   lib             php_zip.c  tests  zip_stream.c
config.w32  examples  LICENSE_libzip  php_zip.h  TODO

Then execute the / usr/local/php7/bin/phpize command to generate the configuration file

[root@aminglinux zip]# /usr/local/php7/bin/phpize
Configuring for:
PHP Api Version:         20160303
Zend Module Api No:      20160303
Zend Extension Api No:   320160303

Configuration. / configure --with-php-config=/usr/local/php7/bin/php-config
Then make
make install again

[root@aminglinux zip]#./configure --with-php-config=/usr/local/php7/bin/php-config
[root@aminglinux zip]#make
[root@aminglinux zip]# make install
Installing shared extensions:     /usr/local/php7/lib/php/extensions/no-debug-zts-20160303/
[root@aminglinux zip]#

Go back and see the appearance of the zip module

[root@aminglinux zip]# ls /usr/local/php7/lib/php/extensions/no-debug-zts-20160303/
opcache.so  redis.so  zip.so

Posted by Dark[NSF] on Sat, 12 Jan 2019 18:27:11 -0800

Programmer Group

LAMP Configuration Anti-theft Chain Access Control Directory FilesMatch prohibits PHP from parsing PHP-related configuration PHP extension module installation

Hot Keywords