LAMP yum installation - Centos 7

Keywords: MySQL yum vim RPM

;

Centos 7 yum install LAMP

Author: Yan Tao

E-mail: coderyantao@qq.com

Note: the experimental environment is virtual machine, selinux and firewalld have been shut down

Official Apache 2.4 documentation https://httpd.apache.org/docs/2.4/

#View port
[root@localhost ~]# firewall-cmd --query-port=80/tcp
no

#Open port
[root@localhost ~]# firewall-cmd --permanent --add-port=80/tcp
success

#Reload rule
[root@localhost ~]# firewall-cmd --reload 
success

#View again
[root@localhost ~]# firewall-cmd --query-port=80/tcp
yes

1. Apache

1.1 delete the original yum source and replace the Alibaba source

[root@localhost ~]# rm -rf /etc/yum.repos.d/*
[root@localhost ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@localhost ~]# yum clean all 
[root@localhost ~]# yum makecache

1.2 installing httpd

[root@localhost ~]# yum install httpd

1.3 start httpd

[root@localhost ~]# systemctl start httpd.service 

1.4 setting httpd startup

[root@localhost ~]# systemctl enable httpd.service 

1.5 backup and edit httpd configuration file

[root@localhost ~]# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak 
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
#You can change the server name without changing it, but always give an AH00558 prompt
#ServerName www.example.com:80
//Change to
ServerName www.example.com:80
//perhaps
ServerName localhost:80
#Preferentially parsing php files
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>
#Change to
<IfModule dir_module>
    DirectoryIndex index.php  index.html
</IfModule>

1.6 check configuration file syntax

[root@localhost ~]# httpd -t
Syntax OK

1.7 restart httpd

[root@localhost ~]# systemctl restart httpd.service

2. PHP

2.1 install epel source and ius source

ius source depends on epel source

[root@localhost ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@localhost ~]# wget https://centos7.iuscommunity.org/ius-release.rpm
[root@localhost ~]# ls
anaconda-ks.cfg  ius-release.rpm
[root@localhost ~]# yum install ius-release.rpm 
[root@localhost ~]# yum clean all 
[root@localhost ~]# yum makecache
#Check whether all yum sources are installed
[root@localhost ~]# ls /etc/yum.repos.d/
CentOS-Base.repo  epel.repo  ius-archive.repo  ius.repo  ius-testing.repo

2.2 installing php7.2

[root@localhost ~]# yum install php72u*

2.3 creating php files

[root@localhost ~]# cd /var/www/html/
[root@localhost html]# vim index.php

Enter the following

<?php
        phpinfo();

Restart apache, the browser input ip can see the php information.

3. MySQL

Reference https://dev.mysql.com/doc/mysql-yum-repo-quick-guide/en/

3.1 download and install the yum source of mysql

[root@localhost ~]# wget https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm
[root@localhost ~]# yum install mysql80-community-release-el7-3.noarch.rpm 
#/etc/ yum.repos MySQL will be generated in the. D / directory- community.repo

3.2 yum file of MySQL

mysql8 is enabled by default for this yum source. Here is how to open other versions

[root@localhost ~]# yum list |grep mysql-community-server
mysql-community-server.x86_64             8.0.19-1.el7                 mysql80-community
[root@localhost ~]# vim /etc/yum.repos.d/mysql-community.repo 

To download that version, just enable = 1

# Enable to use MySQL 5.5
[mysql55-community]
name=MySQL 5.5 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.5-community/el/7/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

# Enable to use MySQL 5.6
[mysql56-community]
name=MySQL 5.6 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.6-community/el/7/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

# Enable to use MySQL 5.7
[mysql57-community]
name=MySQL 5.7 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.7-community/el/7/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

[mysql80-community]
name=MySQL 8.0 Community Server
baseurl=http://repo.mysql.com/yum/mysql-8.0-community/el/7/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

I installed version 5.6

[root@localhost ~]# yum list |grep mysql-community-server
mysql-community-server.x86_64             5.6.47-2.el7                 mysql56-community

3.3 install mysql

[root@localhost ~]# yum install mysql-community-server.x86_64 

3.4 starting mysql

[root@localhost ~]# systemctl start mysqld.service 

3.5 startup

[root@localhost ~]# systemctl enable mysqld.service

3.6 initialization

Use this under version 5.7

[root@localhost ~]# mysql_secure_installation 
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist
 ... Failed!  Not critical, keep moving...
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!




All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!


Cleaning up...

3.7 creating a telnet user

mysql>  create user 'yantao'@'%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
mysql>  grant all on *.* to 'yantao'@'%';
Query OK, 0 rows affected (0.00 sec)

4. Apache experiment

1. Virtual host

Reference https://httpd.apache.org/docs/2.4/zh-cn/vhosts/name-based.html

Apache does not support multiple https virtual hosts

1.1 prepare two domain names

www.web1.com

www.web2.com

1.2 generate Host Directory

Create l and t directories and index.html

[root@localhost ~]# mkdir /var/www/html/web1
[root@localhost ~]# vim /var/www/html/web1/index.html 
#E.g. down entry www.web1.com

[root@localhost ~]# mkdir /var/www/html/web2
[root@localhost ~]# vim /var/www/html/web2/index.html 
#E.g. down entry www.web2.com

1.3 modify configuration file

[root@localhost ~]# vim /etc/httpd/conf/httpd.conf 
#The bottom line is to open and load the sub configuration file under conf.d/
IncludeOptional conf.d/*.conf
[root@localhost ~]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# vim web1.conf
#Write the following
<VirtualHost *:80>
    ServerName www.web1.com
    DocumentRoot "/var/www/html/web1"
</VirtualHost>

[root@localhost conf.d]# vim web2.conf 
<VirtualHost *:80>
    ServerName www.web2.com
    DocumentRoot "/var/www/html/web2"
</VirtualHost>

1.4 check syntax

[root@localhost ~]# httpd -t
Syntax OK

1.5 restart apache

[root@localhost ~]# systemctl restart httpd.service 

1.6 modify the hosts file of the computer

#Add the following
192.168.1.49    www.l.com
192.168.1.49    www.t.com

This is to use a browser to access these two domain names

2. Hide version number

[root@localhost ~]# vim /etc/httpd/conf/httpd.conf 
#Add the following at the bottom to hide the Apache version
ServerTokens Prod
ServerSignature Off

#Hide php version
[root@localhost ~]# vim /etc/php.ini 
expose_php = On
#Amend to read
expose_php = Off

3. User authentication

reference resources https://docs.huihoo.com/apache/httpd/2.0-cn/howto/auth.html

Create a new web3.com first

3.1 generate account file

Create a new directory to store account files
[root@localhost ~]# mkdir /etc/httpd/passwd
#Create account file
[root@localhost ~]# htpasswd -c /etc/httpd/passwd/web3 yantao
New password: 
Re-type new password: 
Adding password for user yantao

3.2 modify virtual host file

[root@localhost ~]# vim /etc/httpd/conf.d/web3.conf 
<Directory /var/www/html/web3>
    AuthType Basic
    AuthName "Restricted Files"
    AuthUserFile /etc/httpd/passwd/web3
    Require user yantao
</Directory>
<VirtualHost *:80>
    ServerName www.web3.com
    DocumentRoot "/var/www/html/web3"
</VirtualHost>

Check syntax, restart

4. Domain name jump

Let web2 jump to web1

4.1 modify web2 virtual host file

[root@localhost ~]# vim /etc/httpd/conf.d/web2.conf
#as follows
<Directory /var/www/html/web2>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

<VirtualHost *:80>
    ServerName www.web2.com
    DocumentRoot "/var/www/html/web2"
</VirtualHost>

4.2 create. htaccess in the web2 directory

[root@localhost ~]# vim /var/www/html/web2/.htaccess
#as follows
#Turn on rewrite function
RewriteEngine on

#hold www.web2.com  The beginning content is assigned to HTTP_HOST variable
RewriteCond %{HTTP_HOST} ^www.web2.com

RewriteRule ^(.*) http://www.web1.com/$1 [R=permanent,L]
# ^(. *) $refers to the resource to be accessed by the client
# $1 assigns the * reference to the $1 variable
# Rpermanent permanent redirection = 301
# L specifies that this rule is the last one to take effect, and the following one will no longer take effect

Check syntax, restart

5.https

a: Https ensures that all packets transmitted through the server are encrypted.

b: An official digital certificate certificate has been established, which makes the fake server unable to impersonate the real server.

Certificate source

1. Self signed certificates are recommended for testing purposes and personal projects. Self signed certificates can also be used by service providers, but they are generally used when users trust each other. In addition, self signed certificates do not cost money to purchase.

2. Certificates can be provided by community-based authentication providers such as StartSSL and CACERT methods. These certificates also do not cost money, but are recommended for personal projects.

3. For global business websites, it is recommended to purchase certificates from reputable certification authorities. These certificates cost money, but they add to the credibility of network service providers.

We use self signed certificate, openssl to generate Certificate (installed), mod_ssl implementation HTTPS (not installed)

Install mod_ssl

[root@localhost ~]# yum install mod_ssl
#After installation, mod will be generated in / etc/httpd/modules_ ssl.so

5.1 generate private key

#Generate 2048 bit encrypted private key
[root@localhost ~]# openssl genrsa -out server.key 2048
Generating RSA private key, 2048 bit long modulus
............................................+++
.......................................+++
e is 65537 (0x10001)

5.2 generate certificate signing request

[root@localhost ~]# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
#country
Country Name (2 letter code) [XX]:CN
#province
State or Province Name (full name) []:LN
#city
Locality Name (eg, city) [Default City]:YS
#company
Organization Name (eg, company) [Default Company Ltd]:CompanyName
#department
Organizational Unit Name (eg, section) []:PHP
#domain name
Common Name (eg, your name or your server's hostname) []:www.web1.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

5.3 generate self signed certificate

#Generate a self signed certificate of type X509. The validity period is set to 3650 days, i.e. 10 years
[root@localhost ~]# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=LN/L=YS/O=CompanyName/OU=PHP/CN=www.web1.com
Getting Private key

5.4 put three files in corresponding directory

[root@localhost ~]# cp server.crt /etc/pki/tls/certs/
[root@localhost ~]# cp server.key /etc/pki/tls/private/
[root@localhost ~]# cp server.csr /etc/pki/tls/private/

5.5 modification ssl.conf

#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
//Amend to read
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key

5.6 virtual host profile

[root@localhost ~]# vim /etc/httpd/conf.d/web1.conf 
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile "/etc/pki/tls/certs/server.crt"
    SSLCertificateKeyFile "/etc/pki/tls/private/server.key"

    DocumentRoot /var/www/html/web1
    ServerName www.web1.com
</VirtualHost>

Check the syntax after configuration and restart apache

5.7 open port 443

Method as above

visit https://www.web1.com/ Select the trust certificate to browse the website

5.8 force https jump

[root@localhost ~]# vim /etc/httpd/conf.d/web1.conf 
<VirtualHost *:80>
    ServerName www.web1.com
    Redirect permanent / https://www.web1.com/
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile "/etc/pki/tls/certs/server.crt"
    SSLCertificateKeyFile "/etc/pki/tls/private/server.key"

    DocumentRoot /var/www/html/web1
    ServerName www.web1.com
</VirtualHost>

6. Static cache

[root@localhost ~]# vim /etc/httpd/conf.d/web1.conf 
<VirtualHost *:80>
    ServerName www.web1.com
    Redirect permanent / https://www.web1.com/
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile "/etc/pki/tls/certs/server.crt"
    SSLCertificateKeyFile "/etc/pki/tls/private/server.key"

    DocumentRoot /var/www/html/web1
    ServerName www.web1.com
</VirtualHost>

<IfModule mod_expires.c>
        ExpiresActive on
        ExpiresByType image/jpeg "access plus 24 hours"
        ExpiresByType image/png "access plus 24 hours"
        ExpiresByType text/css  "now plus 2 hours"
        ExpiresByType application/javascript "now plus 2 hours"
</IfModule>

Posted by Linjon on Sun, 21 Jun 2020 03:01:40 -0700