- centos7安裝
- 用戶權(quán)限設(shè)置
- Lamp安裝配置
- 防火墻的設(shè)置
- 其他設(shè)置
-
$代表在本地執(zhí)行` -
#代表以 root 身份登錄 -
user@代表以普通用戶(user)身份進行登錄
用戶權(quán)限設(shè)置
設(shè)置developer組,根據(jù)需要追加用戶
設(shè)置SSH,取消密碼登陸
需要sudo的用戶加入wheel組(`usermod -a -G wheel user_name`)
- 以 root 權(quán)限登錄服務(wù)器
$ ssh root@hogehoge.com
- 添加開發(fā)專用developer 組
# groupadd developer
- 設(shè)置 wheel sudo 權(quán)限
# visudo
找到下面一行, 并取消注釋(刪除行首的#)
# %wheel ALL=(ALL) ALL
- 添加用戶
# useradd gaoyh
# passwd gaoyh //設(shè)置初始密碼為 hogehoge
# chage -d 0 gaoyh //使初始密碼過期, 強制用戶下次登錄修改密碼
# usermod -a -G developer gaoyh && usermod -a -G wheel gaoyh //加入用戶組
- 設(shè)置 ssh-key, 并取消密碼登錄
# vi /etc/ssh/sshd_config
修改 ssh 配置, 確認以下內(nèi)容
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
# service sshd restart
# su gaoyh
gaoyh@ mkdir ~/.ssh && chmod 700 ~/.ssh/ && cd ~/.ssh
gaoyh@ vi authorized_keys
//保存用戶的公鑰,注意authorized_keys文件權(quán)限,700或者600
重新以 gaoyh 身份登錄, 測試配置是否正確
$ ssh gaoyh@hogehoge.com
Lamp安裝配置
1. Apache
- 安裝
# yum install httpd
# systemctl enable httpd.service
# systemctl start httpd.service
- 將Apache加入開發(fā)專用組(developer)
# usermod -a -G developer apache
- 配置文件
/etc/httpd/conf/httpd.conf
確認以下內(nèi)容
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
2. Mysql(Mariadb)
- 安裝
# yum -y install mariadb-server mariadb
# systemctl enable mariadb.service
# systemctl start mariadb.service
- 初始化(設(shè)置root密碼)
# mysql_secure_installation
3. PHP(5.6)
- 配置安裝源
# yum install epel-release
//或者
# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
//導入Remi源
# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
方法一
# rpm --import https://rpms.remirepo.net/RPM-GPG-KEY-remi
# yum install yum-utils http://remi.kazukioishi.net/enterprise/remi-release-7.rpm
# yum-config-manager --enable remi-php56
# yum install php php-mbstring php-intl php-gmp php-mysqlnd composer
方法二
- 確定現(xiàn)在的版本
# rpm -qa | grep php
- 刪除現(xiàn)在版本
# yum remove php*
- 安裝5.6
# yum install --enablerepo=remi,remi-php56 php php-devel php-mbstring php-pdo php-gd
Apache虛擬主機配置
- 創(chuàng)建虛擬主機目錄
/home/services (user: root, group: developer, mod: 775)
/home/services/網(wǎng)站目錄 (user: apache, group: developer, mod: 775)
- Apache虛擬主機配置文件
# /etc/httpd/conf.d/vhosts.conf
# NameVirtualHost *:80 //可能不需要
# home directory for vhosts #
<Directory /home/services/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
#
<VirtualHost *:80>
DocumentRoot /home/services/網(wǎng)站目錄
ServerName www.hogehoge.com
AppEnv local //SetEnv APP_ENV local
CustomLog /var/log/httpd/hogehoge.com.access.log combined
ErrorLog /var/log/httpd/hogehoge.com.error.log
</VirtualHost>
- 訪問測試提示權(quán)限不足處理
- 網(wǎng)站目錄權(quán)限
mod: 777 或者
user: apache 或者
group: developer
- 虛擬主機配置
<Directory /home/services/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
- SELinux的策略設(shè)置
SElinux默認處于開啟狀態(tài)
SELinux默認的策略中,apache的進程默認只能訪問/var/www目錄
解決方法
# chcon -R -h -t httpd_sys_content_t /home/services
//-R 遞歸應(yīng)用;-h 不要跟隨符號鏈接; -t 屬性值
//如果報錯用以下命令
# chcon -h system_u:object_r:httpd_sys_content_t /home/services
或者關(guān)閉SELINUX
/etc/sysconfig/selinux
SELINUX=disabled //重啟
- 重啟Apche
# systemctl restart httpd.service
防火墻設(shè)置
# systemctl start firewalld
# firewall-cmd --permanent --zone=public --add-service=ssh
# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --permanent --zone=public --add-service=https
# firewall-cmd --reload
查看防火墻開啟的服務(wù)
# firewall-cmd --list-services //dhcpv6-client http https ssh
注意:阿里云ECS在后臺也要添加相應(yīng)安全組規(guī)則
其他配置
- 設(shè)置Hostname
# hostnamectl set-hostname hogehoge.com
- setlocale錯誤處理
warning: setlocale: LC_CTYPE: cannot change locale (UTF-8):
No such file or directory
解決方法
# vi /etc/environment
插入一下內(nèi)容
LANG=en_US.utf-8
LC_ALL=en_US.utf-8
- sendmail安裝配置
# yum -y install sendmail
# yum -y install sendmail-cf
# firewall-cmd --add-service=smtp --zone=public --permanent
# firewall-cmd --reload
# systemctl restart sendmail.service
