安裝Mariadb
- 添加rpm
sudo vi /etc/yum.repos.d/MariaDB.repo
MariaDb.repo內容
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey = https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck = 1
- 更新yum
sudo yum update - 安裝
sudo yum install MariaDB-server MariaDB-client - 設置開機啟動
sudo systemctl enable mariadb - 啟動
sudo systemctl start mariadb - 初始化設定
sudo mysql_secure_installation
輸入root用戶密碼(默認為空)
Enter current password for root (enter for none):
是否設置root用戶密碼(默認為yes)
Set root password? [Y/n]
移除默認匿名賬戶(默認為yes),該賬戶可以不用密碼登錄數據庫
Remove anonymous users? [Y/n]
禁止root用戶遠程登錄(默認為yes)
Disallow root login remotely? [Y/n]
移除test數據庫及相關權限(默認為yes)
Remove test database and access to it? [Y/n]
重新加載權限表(默認為yes)
Reload privilege tables now? [Y/n]
安裝nginx
- 添加rpm
sudo vi /etc/yum.repos.d/nginx.repo
nginx.repo內容
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
- 更新yum
sudo yum update - 安裝
sudo yum install nginx - 設置開機啟動
sudo systemctl enable nginx - 啟動
sudo systemctl start nginx
安裝PHP
- rpm方式添加EPEL源和remi源
sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-7.rpm
- 更新yum
sudo yum update - 更改PHP默認使用的repo為remi的(需要7.0版本把php71改為php70)
sudo yum-config-manager --enable remi-php71 - 安裝
sudo yum install php-fpm - 安裝mysql擴展
sudo yum install php-mysql - 設置開機啟動
sudo systemctl enable php-fpm - 啟動
sudo systemctl start php-fpm
配置
-
配置PHP
打開配置文件
sudo vi /etc/php.ini-
修改時區
date.timezone = "Asia/Shanghai"可以使用tzselect命令查看時區值
-
找到cgi.fix_pathinfo項,將值改為0
cgi.fix_pathinfo=0如果這個數字保持為1,php解釋器將盡力處理盡可能接近所請求的文件的文件。 這是一個可能的安全風險。 如果此數字設置為0,相反,解釋器將只處理確切的文件路徑,一個更安全的選擇。
同時還因為與nginx配合使用有漏洞,解釋可參考http://xiumu.blog.51cto.com/311602/1722974 -
打開php-fpm配置文件
sudo vi /etc/php-fpm.d/www.conf
修改運行用戶和組為nginx
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx修改監聽地址為socket套接字 ```listen = /var/run/php-fpm/php7-fpm.sock``` 修改監聽的套接字權限listen.owner = nginx
listen.group = nginx
listen.mode = 0660 -
配置nginx
- 打開配置文件
sudo vi /etc/nginx/conf.d/default.conf- 在index添加index.php
- 修改server_name
- 修改網站根目錄root
- 取消"location ~ .php$ {"開頭部分的注釋
- 更改fastcgi_param行以幫助PHP解釋器找到我們存儲在文檔根目錄中的PHP腳本
- 更改fastcgi_pass行為PHP監聽地址
修改完后的配置文件如下所示:
- 打開配置文件
server {
listen 80;
server_name example.com;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
root /var/www;
index index.php index.html index.htm;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php7-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
- 重啟php-fpm和nginx
sudo systemctl restart php-fpm
sudo systemctl restart nginx
可能遇到的問題
- 日志文件時間不對
修改時區
sudo cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime - 403 Forbidden
- 網站目錄權限
- 網站目錄所屬用戶是否和nginx運行用戶一致
- 關閉SELinux
修改/etc/selinux/config 文件 將SELINUX=enforcing改為SELINUX=disabled 重啟機器
