Centos 7 yum install LAMP
Author: Yan Tao
E-mail: coderyantao@qq.com
Note: the experimental environment is virtual machine, selinux and firewalld have been shut down
Official Apache 2.4 documentation https://httpd.apache.org/docs/2.4/
#View port [root@localhost ~]# firewall-cmd --query-port=80/tcp no #Open port [root@localhost ~]# firewall-cmd --permanent --add-port=80/tcp success #Reload rule [root@localhost ~]# firewall-cmd --reload success #View again [root@localhost ~]# firewall-cmd --query-port=80/tcp yes
1. Apache
1.1 delete the original yum source and replace the Alibaba source
[root@localhost ~]# rm -rf /etc/yum.repos.d/* [root@localhost ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo [root@localhost ~]# yum clean all [root@localhost ~]# yum makecache
1.2 installing httpd
[root@localhost ~]# yum install httpd
1.3 start httpd
[root@localhost ~]# systemctl start httpd.service
1.4 setting httpd startup
[root@localhost ~]# systemctl enable httpd.service
1.5 backup and edit httpd configuration file
[root@localhost ~]# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak [root@localhost ~]# vim /etc/httpd/conf/httpd.conf
#You can change the server name without changing it, but always give an AH00558 prompt #ServerName www.example.com:80 //Change to ServerName www.example.com:80 //perhaps ServerName localhost:80
#Preferentially parsing php files <IfModule dir_module> DirectoryIndex index.html </IfModule> #Change to <IfModule dir_module> DirectoryIndex index.php index.html </IfModule>
1.6 check configuration file syntax
[root@localhost ~]# httpd -t Syntax OK
1.7 restart httpd
[root@localhost ~]# systemctl restart httpd.service
2. PHP
2.1 install epel source and ius source
ius source depends on epel source
[root@localhost ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo [root@localhost ~]# wget https://centos7.iuscommunity.org/ius-release.rpm [root@localhost ~]# ls anaconda-ks.cfg ius-release.rpm [root@localhost ~]# yum install ius-release.rpm [root@localhost ~]# yum clean all [root@localhost ~]# yum makecache #Check whether all yum sources are installed [root@localhost ~]# ls /etc/yum.repos.d/ CentOS-Base.repo epel.repo ius-archive.repo ius.repo ius-testing.repo
2.2 installing php7.2
[root@localhost ~]# yum install php72u*
2.3 creating php files
[root@localhost ~]# cd /var/www/html/ [root@localhost html]# vim index.php
Enter the following
<?php phpinfo();
Restart apache, the browser input ip can see the php information.
3. MySQL
Reference https://dev.mysql.com/doc/mysql-yum-repo-quick-guide/en/
3.1 download and install the yum source of mysql
[root@localhost ~]# wget https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm [root@localhost ~]# yum install mysql80-community-release-el7-3.noarch.rpm #/etc/ yum.repos MySQL will be generated in the. D / directory- community.repo
3.2 yum file of MySQL
mysql8 is enabled by default for this yum source. Here is how to open other versions
[root@localhost ~]# yum list |grep mysql-community-server mysql-community-server.x86_64 8.0.19-1.el7 mysql80-community [root@localhost ~]# vim /etc/yum.repos.d/mysql-community.repo
To download that version, just enable = 1
# Enable to use MySQL 5.5 [mysql55-community] name=MySQL 5.5 Community Server baseurl=http://repo.mysql.com/yum/mysql-5.5-community/el/7/$basearch/ enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql # Enable to use MySQL 5.6 [mysql56-community] name=MySQL 5.6 Community Server baseurl=http://repo.mysql.com/yum/mysql-5.6-community/el/7/$basearch/ enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql # Enable to use MySQL 5.7 [mysql57-community] name=MySQL 5.7 Community Server baseurl=http://repo.mysql.com/yum/mysql-5.7-community/el/7/$basearch/ enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql [mysql80-community] name=MySQL 8.0 Community Server baseurl=http://repo.mysql.com/yum/mysql-8.0-community/el/7/$basearch/ enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
I installed version 5.6
[root@localhost ~]# yum list |grep mysql-community-server mysql-community-server.x86_64 5.6.47-2.el7 mysql56-community
3.3 install mysql
[root@localhost ~]# yum install mysql-community-server.x86_64
3.4 starting mysql
[root@localhost ~]# systemctl start mysqld.service
3.5 startup
[root@localhost ~]# systemctl enable mysqld.service
3.6 initialization
Use this under version 5.7
[root@localhost ~]# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MySQL to secure it, we'll need the current password for the root user. If you've just installed MySQL, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MySQL root user without the proper authorisation. Set root password? [Y/n] y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist ... Failed! Not critical, keep moving... - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! All done! If you've completed all of the above steps, your MySQL installation should now be secure. Thanks for using MySQL! Cleaning up...
3.7 creating a telnet user
mysql> create user 'yantao'@'%' identified by '123456'; Query OK, 0 rows affected (0.00 sec) mysql> grant all on *.* to 'yantao'@'%'; Query OK, 0 rows affected (0.00 sec)
4. Apache experiment
1. Virtual host
Reference https://httpd.apache.org/docs/2.4/zh-cn/vhosts/name-based.html
Apache does not support multiple https virtual hosts
1.1 prepare two domain names
www.web1.com
www.web2.com
1.2 generate Host Directory
Create l and t directories and index.html
[root@localhost ~]# mkdir /var/www/html/web1 [root@localhost ~]# vim /var/www/html/web1/index.html #E.g. down entry www.web1.com [root@localhost ~]# mkdir /var/www/html/web2 [root@localhost ~]# vim /var/www/html/web2/index.html #E.g. down entry www.web2.com
1.3 modify configuration file
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf #The bottom line is to open and load the sub configuration file under conf.d/ IncludeOptional conf.d/*.conf [root@localhost ~]# cd /etc/httpd/conf.d/ [root@localhost conf.d]# vim web1.conf #Write the following <VirtualHost *:80> ServerName www.web1.com DocumentRoot "/var/www/html/web1" </VirtualHost> [root@localhost conf.d]# vim web2.conf <VirtualHost *:80> ServerName www.web2.com DocumentRoot "/var/www/html/web2" </VirtualHost>
1.4 check syntax
[root@localhost ~]# httpd -t Syntax OK
1.5 restart apache
[root@localhost ~]# systemctl restart httpd.service
1.6 modify the hosts file of the computer
#Add the following
192.168.1.49 www.l.com
192.168.1.49 www.t.com
This is to use a browser to access these two domain names
2. Hide version number
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf #Add the following at the bottom to hide the Apache version ServerTokens Prod ServerSignature Off #Hide php version [root@localhost ~]# vim /etc/php.ini expose_php = On #Amend to read expose_php = Off
3. User authentication
reference resources https://docs.huihoo.com/apache/httpd/2.0-cn/howto/auth.html
Create a new web3.com first
3.1 generate account file
Create a new directory to store account files [root@localhost ~]# mkdir /etc/httpd/passwd #Create account file [root@localhost ~]# htpasswd -c /etc/httpd/passwd/web3 yantao New password: Re-type new password: Adding password for user yantao
3.2 modify virtual host file
[root@localhost ~]# vim /etc/httpd/conf.d/web3.conf <Directory /var/www/html/web3> AuthType Basic AuthName "Restricted Files" AuthUserFile /etc/httpd/passwd/web3 Require user yantao </Directory> <VirtualHost *:80> ServerName www.web3.com DocumentRoot "/var/www/html/web3" </VirtualHost>
Check syntax, restart
4. Domain name jump
Let web2 jump to web1
4.1 modify web2 virtual host file
[root@localhost ~]# vim /etc/httpd/conf.d/web2.conf #as follows <Directory /var/www/html/web2> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> <VirtualHost *:80> ServerName www.web2.com DocumentRoot "/var/www/html/web2" </VirtualHost>
4.2 create. htaccess in the web2 directory
[root@localhost ~]# vim /var/www/html/web2/.htaccess #as follows #Turn on rewrite function RewriteEngine on #hold www.web2.com The beginning content is assigned to HTTP_HOST variable RewriteCond %{HTTP_HOST} ^www.web2.com RewriteRule ^(.*) http://www.web1.com/$1 [R=permanent,L] # ^(. *) $refers to the resource to be accessed by the client # $1 assigns the * reference to the $1 variable # Rpermanent permanent redirection = 301 # L specifies that this rule is the last one to take effect, and the following one will no longer take effect
Check syntax, restart
5.https
a: Https ensures that all packets transmitted through the server are encrypted.
b: An official digital certificate certificate has been established, which makes the fake server unable to impersonate the real server.
Certificate source
1. Self signed certificates are recommended for testing purposes and personal projects. Self signed certificates can also be used by service providers, but they are generally used when users trust each other. In addition, self signed certificates do not cost money to purchase.
2. Certificates can be provided by community-based authentication providers such as StartSSL and CACERT methods. These certificates also do not cost money, but are recommended for personal projects.
3. For global business websites, it is recommended to purchase certificates from reputable certification authorities. These certificates cost money, but they add to the credibility of network service providers.
We use self signed certificate, openssl to generate Certificate (installed), mod_ssl implementation HTTPS (not installed)
Install mod_ssl
[root@localhost ~]# yum install mod_ssl #After installation, mod will be generated in / etc/httpd/modules_ ssl.so
5.1 generate private key
#Generate 2048 bit encrypted private key [root@localhost ~]# openssl genrsa -out server.key 2048 Generating RSA private key, 2048 bit long modulus ............................................+++ .......................................+++ e is 65537 (0x10001)
5.2 generate certificate signing request
[root@localhost ~]# openssl req -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- #country Country Name (2 letter code) [XX]:CN #province State or Province Name (full name) []:LN #city Locality Name (eg, city) [Default City]:YS #company Organization Name (eg, company) [Default Company Ltd]:CompanyName #department Organizational Unit Name (eg, section) []:PHP #domain name Common Name (eg, your name or your server's hostname) []:www.web1.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
5.3 generate self signed certificate
#Generate a self signed certificate of type X509. The validity period is set to 3650 days, i.e. 10 years [root@localhost ~]# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt Signature ok subject=/C=CN/ST=LN/L=YS/O=CompanyName/OU=PHP/CN=www.web1.com Getting Private key
5.4 put three files in corresponding directory
[root@localhost ~]# cp server.crt /etc/pki/tls/certs/ [root@localhost ~]# cp server.key /etc/pki/tls/private/ [root@localhost ~]# cp server.csr /etc/pki/tls/private/
5.5 modification ssl.conf
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt #SSLCertificateKeyFile /etc/pki/tls/private/localhost.key //Amend to read SSLCertificateFile /etc/pki/tls/certs/server.crt SSLCertificateKeyFile /etc/pki/tls/private/server.key
5.6 virtual host profile
[root@localhost ~]# vim /etc/httpd/conf.d/web1.conf <VirtualHost *:443> SSLEngine on SSLCertificateFile "/etc/pki/tls/certs/server.crt" SSLCertificateKeyFile "/etc/pki/tls/private/server.key" DocumentRoot /var/www/html/web1 ServerName www.web1.com </VirtualHost>
Check the syntax after configuration and restart apache
5.7 open port 443
Method as above
visit https://www.web1.com/ Select the trust certificate to browse the website
5.8 force https jump
[root@localhost ~]# vim /etc/httpd/conf.d/web1.conf <VirtualHost *:80> ServerName www.web1.com Redirect permanent / https://www.web1.com/ </VirtualHost> <VirtualHost *:443> SSLEngine on SSLCertificateFile "/etc/pki/tls/certs/server.crt" SSLCertificateKeyFile "/etc/pki/tls/private/server.key" DocumentRoot /var/www/html/web1 ServerName www.web1.com </VirtualHost>
6. Static cache
[root@localhost ~]# vim /etc/httpd/conf.d/web1.conf <VirtualHost *:80> ServerName www.web1.com Redirect permanent / https://www.web1.com/ </VirtualHost> <VirtualHost *:443> SSLEngine on SSLCertificateFile "/etc/pki/tls/certs/server.crt" SSLCertificateKeyFile "/etc/pki/tls/private/server.key" DocumentRoot /var/www/html/web1 ServerName www.web1.com </VirtualHost> <IfModule mod_expires.c> ExpiresActive on ExpiresByType image/jpeg "access plus 24 hours" ExpiresByType image/png "access plus 24 hours" ExpiresByType text/css "now plus 2 hours" ExpiresByType application/javascript "now plus 2 hours" </IfModule>