任务一 安装MySQL,基础配置解析PHP
1.安装MySQL
下载安装包 mysql-5.6.45-linux-glibc2.12-x86_64.tar
[root@localhost ~]# cd /usr/local/src
[root@localhost src]# tar -zxvf mysql-5.6.45-linux-glibc2.12-x86_64.tar.gz //解压
[ root@localhost src]# mv mysql-5.6.45-linux-glibc2.12-x86_64 /usr/local/mysql //挪动位置
[root@localhost src]# useradd -s /sbin/nologin mysql //建立MySQL用户
[root@localhost src]# mkdir -p /data/mysql //创建datadir,数据库文件会放到这里面
[root@localhost src]# chown -R mysql:mysql /data/mysql //更改权限
[root@localhost src]# ls -al /data/mysql/ //查看所属组
总用量 0
drwxr-xr-x. 2 mysql mysql 6 10月 4 09:43 .
drwxr-xr-x. 3 root root 19 10月 4 09:43 ..
[root@localhost src]# yum install -y autoconf //不安装,下一命令可能会报错//截图中有所体现
[root@localhost src]# cd /usr/local/mysql
[root@localhost mysql]# ./scripts/mysql_install_db --user=mysql --datadir=/data/mysql //定义数据库的运行用户和安装目录
[root@localhost mysql]# cp support-files/my-default.cnf /etc/my.cnf //复制配置文件
[root@localhost mysql]# yum install -y vim-enhanced //安装vim
[root@localhost mysql]# vim /etc/my.cnf //修改配置文件
basedir = /usr/local/mysql //basedir表示MySQL包所在路径
datadir = /data/mysql //定义存放数据的位置
port = 3306 //定义MySQL服务监听的端口号
server_id = 222 //该MySQL服务的ID号
socket =/tmp/mysql.sock //定义MySQL服务监听的套接字地址
[root@localhost mysql]# cp support-files/mysql.server /etc/init.d/mysqld //复制启动脚本文件
[root@localhost mysql]# vim /etc/init.d/mysqld //修改启动脚本内容如下
basedir=/usr/local/mysql
datadir=/data/mysql
[root@localhost mysql]# chkconfig --add mysqld //把mysql服务加到系统服务列表中
[root@localhost mysql]# chkconfig mysqld on //设置开机自启
[root@localhost mysql]# service mysqld start //启动服务
Starting MySQL.Logging to '/data/mysql/localhost.localdomain.err'.
..... SUCCESS!
安装成功!
2. 安装Apache
下载 httpd-2.4.49.tar、apr-1.6.5.tar和apr-util-1.6.1.tar。
解压
[root@localhost src]# tar -zxvf httpd-2.4.49.tar.gz
[root@localhost src]# tar -zxvf apr-util-1.6.1.tar.gz
[root@localhost src]# tar -zxvf apr-1.6.5.tar.gz
安装配置
[root@localhost src]# cd /usr/local/src/apr-1.6.5
[root@localhost apr-1.6.5]# yum install -y expat-devel
[root@localhost apr-1.6.5]# yum install -y libtool*
[root@localhost apr-1.6.5]# ./configure --prefix=/usr/local/apr //配置--prefix
[root@localhost apr-1.6.5]# make &&make install //编译安装
[root@localhost apr-1.6.5]# cd /usr/local/src/apr-util-1.6.1
[root@localhost apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[root@localhost apr-util-1.6.1]# make &&make install
[root@localhost apr-util-1.6.1]# cd /usr/local/src/httpd-2.4.49
[root@localhost httpd-2.4.49]#yum install -y pcre pcre-devel //为防止下一条命令的报错
[root@localhost httpd-2.4.49]# ./configure --prefix=/usr/local/apache2.4 --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-so --enable-mods-shared=most
// ./configure --prefix=/usr/1ocal/apache2.4
//--perefix指定安装目录
--with-apr=/usr/local/apr
--with-apr-util=/usr/local/apr-util
--enable-so
//--enable-so表示启用DSO
--enable-mods-shared=most
//--enable -mods- shared表示以共享形式安装模块
[root@localhost httpd-2.4.49]# make &&make install //此处等待时间过长,耐心等待
[root@localhost httpd-2.4.49]# cd ..
[root@localhost src]# cp -r apr-1.6.5 httpd-2.4.49/srclib/apr
[root@localhost src]# cp -r apr-util-1.6.1 httpd-2.4.49/srclib/apr-util
[root@localhost src]#cd httpd-2.4.49
[root@localhost httpd-2.4.49]#make &&make install
[root@localhost httpd-2.4.49]# /usr/local/apache2.4/bin/apachectl -M // 查看加载的模块
安装成功!
- 安装PHP
下载 php-5.6.30.tar.gz
解压与安装
[root@localhost src]# tar -zxvf php-5.6.30.tar.gz
[root@localhost src# yum install -y libxml2-devel
[root@localhost src]# yum install -y openssl-devel
[root@localhost src]# yum install -y bzip2 bzip2-devel
[root@localhost src]# yum install -y libpng libpng-devel
[root@localhost src]# yum install -y freetype freetype-devel
[root@localhost src]# yum install -y epel-release
[root@localhost src]# yum install -y libmcrypt-devel //提前安装库文件防止配置时出错
配置
[root@localhost src]# cd php-5.6.30
[root@localhost php-5.6.30]# ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache2.4/bin/apxs --with-config-file-path=/usr/local/php/etc --with-mysql=/usr/local/mysql --with-libxml-dir--with-gd --with-jpeg-dir --with-png-dir--with-freetype-dir --with-iconv-dir--with-zlib-dir --with-bz2 --with-openssl--with-mcrypt --enable-soap--enable-gd-native-ttf --enable-mbstring--enable-sockets --enable-exif //配置--prefix
[root@localhost php-5.6.30]# make && make install //编译安装
[root@localhost php-5.6.30]# cd /usr/local/src/php-5.6.30
[root@localhost php-5.6.30]# cp php.ini-production /usr/local/php/etc/php.ini
- httpd解析PHP
[root@localhost apache2.4]# vim /usr/local/apache2.4/conf/httpd.conf //编辑http的主配置文件
第一处:搜索ServerName,把ServerName www.example.com:80前#去掉;
第二处:
<Directory />
AllowOverride none
Require all denied
</Directory>
修改成:
<Directory />
AllowOverride none
Require all granted
</Directory> //目的允许所有请求访问
第三处:搜索AddType application/x-gzip .gz .tgz,在下面添加一行 AddType application/x-httpd-php .php
第四处:
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
改成:
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
[root@localhost apache2.4]# /usr/local/apache2.4/bin/apachectl -t //检验配置文件是否正确
Syntax OK
[root@localhost apache2.4]# /usr/local/apache2.4/bin/apachectl start //启动httpd命令
[root@localhost apache2.4]# yum install -y net-tools
[root@localhost apache2.4]# netstat -lnp |grep httpd //查看是否启动
tcp6 0 0 :::80 :::* LISTEN 69230/httpd
[root@localhost apache2.4]# curl localhost //使用curl命令简单测试,显示了就是成功
<html><body><h1>It works!</h1></body></html>
[root@localhost apache2.4]# vim /usr/local/apache2.4/htdocs/1.php //编写一个测试脚本
<?
echo “php解析正确”
?>
~
~
[root@localhost apache2.4]# curl localhost/1.php
//如图所示显示“php解析正确”则解析正确
安装成功
任务二 Apache配置
- 默认虚拟主机
虚拟主机
虚拟主机(共享主机,又称虚拟服务器)是一种在单一主机或主机群上,实现多网域服务的方法,可以运行多个网站或服务的技术。虚拟主机之间完全独立,并可由用户自行管理,虚拟并非指不存在,而是指空间是由实体的服务器延伸而来,其硬件系统可以是基于服务器群,或者单个服务器。
配置
[root@localhost ~]# vim /usr/local/apache2.4/conf/httpd.conf
搜索vhosts,把Include conf/extra/httpd-vhosts.conf前#去掉
[root@localhost ~]# cd /usr/local/apache2.4/conf/extra/
[root@localhost extra]# cp httpd-vhosts.conf httpd-vhosts.conf-bak //备份
[root@localhost extra]# vim httpd-vhosts.conf //修改配置内容
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/usr/local/apache2.4/docs/dummy-host.example.com"
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/dummy-host.example.com-error_log"
CustomLog "logs/dummy-host.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/usr/local/apache2.4/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "logs/dummy-host2.example.com-error_log"
CustomLog "logs/dummy-host2.example.com-access_log" common
</VirtualHost>
举例修改:
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/usr/local/apache2.4/docs/abc.com"
ServerName abc.com
ServerAlias www.abc.com www.shang.com
ErrorLog "logs/abc.com-error_log"
CustomLog "logs/abc.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache2.4/docs/111.com"
ServerName 111.com
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
[root@localhost extra]# cd /usr/local/apache2.4
[root@localhost apache2.4]# mkdir docs
[root@localhost apache2.4]# cd docs/
[root@localhost docs]# mkdir abc.com //根据网站名称,创建网络文件
[root@localhost docs]# mkdir 111.com //根据网站名称,创建网络文件
[root@localhost docs]# vim abc.com/index.html //修改网站内容
abc.com
[root@localhost docs]# vim 111.com/index.html //添加
111.com
[root@localhost docs]# cd /usr/local/apache2.4/conf/extra/
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
配置验证
[root@localhost extra]# cd /usr/local/apache2.4/docs/
[root@localhost docs]# curl -xlocalhost:80 www.abc.com //访问
[root@localhost docs]# curl -xlocalhost:80 www.111.com //访问
[root@localhost docs]# curl -xlocalhost:80 111.com //访问
验证成功
- 用户认证
介绍
用户认证用来对某些目录中的网页进行访问控制,当用户访问这些页面的时候需要输入用户名和密码进行认证。
配置
[root@localhost extra]# vim httpd-vhosts.conf
<Directory /usr/local/apache2.4/docs/abc.com>
AllowOverride AuthConfig
AuthName "abc.com user auth"
AuthType Basic
AuthUserFile /usr/local/apache2.4/docs/.htpasswd
require valid-user
</Directory>
~
[root@localhost extra]# cd /usr/local/apache2.4/docs/abc.com
[root@localhost abc.com]# /usr/local/apache2.4/bin/apachectl -t
[root@localhost abc.com]# /usr/local/apache2.4/bin/apachectl graceful
[root@localhost abc.com]# /usr/local/apache2.4/bin/htpasswd -cm /usr/local/apache2.4/docs/.htpasswd abc
New password:
Re-type new password:
Adding password for user abc
[root@localhost abc.com]# cd /usr/local/apache2.4/conf/extra/
[root@localhost extra]# curl -xlocalhost:80 abc.com -I
[root@localhost extra]# curl -xlocalhost:80 -u abc:000000 abc.com -I
配置验证
进入hosts中(C:\Windows\System32\drivers\etc\hosts)在最后一行添加:
192.168.222.128 abc.com www.abc.com 111.com
添加完成后,在Windows*问地址http://abc.com
验证成功
- 域名跳转
介绍
当我们变更网站域名或者申多个域名指向一个网站的时候,这个时候我们就会用到域名跳转。
配置
(此处为了区分)把123.com域名跳转为www.123.com,配置如下:
[root@localhost extra]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.abc.com"
ServerName www.abc.com
ServerAlias abc.com
ErrorLog "logs/abc.com-error_log"
CustomLog "logs/abc.com-access_log" common
<IfModule mod_rewrite.c> //需要mod_rewrite模块支持
RewriteEngine on //打开rewrite功能
RewriteCond %{HTTP_HOST} !^www.123.com$ //定义rewrite的条件,主机名(域名)不是www.123.com满足条件
RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L] //定义rewrite规则,当满足上面的条件时,这条规则才会执行
</IfModule>
</VirtualHost>
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
[root@localhost apache2.4]# cd /usr/local/apache2.4/docs
[root@localhost docs]# mkdir www.111.com
[root@localhost docs]# cd www.111.com
[root@localhost www.111.com]# vim index.html
www.111.com
~
[root@localhost www.111.com]# vim 123.php
<?php
echo "www.111.com/123.php";
?>
要实现跳转,需要rewrite模块的支持,所以查看是否安装该模块。如果没有则还需要一些配置:
[root@localhost www.111.com]# cd /usr/local/apache2.4/conf/extra
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -M | grep -i rewrite
//无返回值需修改
[root@localhost extra]# vim /usr/local/apache2.4/conf/httpd.conf //查看是否有模块
//搜索rewrite,把LoadModule rewrite_module modules/mod_rewrite.so前面#去掉
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful //重新加载服务
配置验证
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -M | grep -i rewrite
rewrite_module (shared)
//有这行输出,说明正常加载rewrite模块
[root@localhost extra]# curl -x127.0.0.1:80 -I 123.com //可以看见状态码301
验证成功
- 访问日志
介绍
访问日志作用很大,不仅可以记录网站的访问情况,还可以在网站有异常发生时帮助我们定位问题。
配置
[root@localhost extra] vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
CustomLog "logs/abc.com-access_log" common
修改成
CustomLog "logs/abc.com-access_log" combined
保存配置文件后,测试语法并重新加载配置:
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
配置验证
[root@localhost extra]# cd /usr/local/apache2.4/logs/
[root@localhost logs]# cat abc.com-access_log
验证成功
- 访问日记不记录静态文件
配置
[root@localhost extra]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //修改配置文件如下(两处):
增加内容:
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
CustomLog "logs/www.123.com-access_log" combined env=!img
在CustomLog "logs/abc.com-access_log" combined前加#
[root@localhost extra]# cd /usr/local/apache2.4/docs/
[root@localhost docs]# cd www.111.com/
[root@localhost www.111.com]# mkdir images
[root@localhost www.111.com]# cd images
[root@localhost images]# yum install -y lrzsz //安装rz
[root@localhost images]# rz //上传图片(以 .png 形式命名 )
保存配置后,测试配置文件是否正确,没有错误重新加载服务:
[root@localhost images]# /usr/local/apache2.4/bin/apachectl -t
[root@localhost images]# /usr/local/apache2.4/bin/apachectl graceful
配置验证
[root@localhost images]# curl -xlocalhost:80 www.111.com/images/linux.png -I 访问图片
[root@localhost logs]# tailf abc.com-access_log //查看日志
验证成功
- 访问日记切割
介绍
日志一直记录总有一天会把整个磁盘占满,所以有必要让它自动切割,并删除老的日志文件。
配置
[root@localhost extra]# vim httpd-vhosts.conf //修改配置文件
CustomLog "logs/123.com-access_log" combined env=!img
修改为
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/www.111.com-access_%Y%m%d.log 86400" combined env=!im
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
配置验证
[root@localhost extra]# curl -xlocalhost:80 www.111.com -I
[root@localhost extra]# ll /usr/local/apache2.4/logs/
验证成功
- 静态元素过期时间
介绍
那到底能缓存多久呢?如果服务器上的某个图片更改了,那么应该访问新的图片才对。这就涉及一个静态文件缓存时长的问题,也叫作“缓存过期时间”。在httpd的配置文件中,我们是可以控制这个时间的。浏览器访问网站的图片时会把静态的文件缓存在本地电脑里,这样下次再访问时就不用去远程下载了。
配置
[root@localhost extra]# vim httpd-vhosts.conf //修改配置文件(两处)如下:
增加内容:
<IfModule mod_expires.c>
ExpiresActive on //打开该功能的开关
ExpiresByType image/gif "access plus 1 days"
ExpiresByType image/jpeg "access plus 24 hours"
ExpiresByType image/png "access plus 24 hours"
ExpiresByType text/css "now plus 2 hour"
ExpiresByType application/x-javascript "now plus 2 hours"
ExpiresByType application/javascript "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
删除内容:
把CustomLog "logs/abc.com-access_log" combined前#删掉
保存配置后,测试配置文件是否正确,没有错误重新加载服务:
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
配置验证
检查httpd是否加载expires模块:
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -M |grep -i expires //没有输出则说明当前httpd并不支持expires模块,所以需要修改配置文件
[root@localhost extra]# vim /usr/local/apache2.4/conf/httpd.conf //修改配置文件:把LoadModule expires_module modules/mod_expires.so前面#删掉
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -M|grep -i expires
expires_module (shared) //正确加载expires模块
进行测试
[root@localhost images]# curl -xlocalhost:80 www.111.com/images/linux.png -I
- 配置防盗链
介绍
防盗链,通俗讲,就是不让别人盗用你网站上的资源。这个资源,通常指的是图片、视频、歌曲、文档等。
配置
配置防盗链先编辑主机配置文件:
[root@localhost extra]# vim httpd-vhosts.conf //修改配置文件如下:
增加内容:
<Directory /data/wwwroot/www.111.com>
SetEnvIfNoCase Referer "http://www.111.com" local_ref
SetEnvIfNoCase Referer "http://111.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
保存配置后,测试配置文件是否正确,没有错误重新加载服务:
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
配置验证
[root@localhost conf]# curl -e "http://www.douxue.com/123.php" -xlocalhost:80 www.111.com/images/linux.png -I
- 访问控制-Diretory\FileMatch
介绍
访问控制限制白名单IP,针对文件和目录。
配置 ------ 分别对目录和文件进行配置
目录配置
限制IP访问,编辑配置文件:
#vim /usr/local/apache2 .4/conf/extra/httpd-vhosts.conf //增加配置
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/testdomain.com"
ServerName www.testdomain.com
ServerAlias testdomain.com
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.1og 86400"combined
<Directory /data/wwwroot/www.111.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
</VirtualHost>
保存配置后,测试配置文件是否正确,没有错误重新加载服务:
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
配置验证
[root@localhost www.111.com]# curl -x192.168.222.129:80 www.111.com/admin/123.php -I
[root@localhost www.111.com]# curl -x127.0.0.1:80 www.111.com/admin/123.php -I
文件配置
编辑配置文件: //增加配置
#vim /usr/local/apache2 .4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/testdomain.com"
ServerName www.testdomain.com
ServerAlias testdomain.com
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.1og 86400"combined
<Directory /data/wwwroot/testdomain.com/admin/>
<Filesmatch "admin.php(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Filesmatch>
</Directory>
</VirtualHost>
保存配置后,测试配置文件是否正确,没有错误重新加载服务:
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
配置验证
[root@localhost www.111.com]# curl -x127.0.0.1:80 www.111.com/admin.php -I
[root@localhost www.111.com]# curl -x192.168.222.129:80 www.111.com/admin.php -I
- 访问控制—禁止解析PHP
简述
对于使用PHP语言编写的网站,有一些目录是有需求上传文件的。如果网站代码有漏洞,让黑客上传了一个用PHP写的木马,由于网站可以执行PHP程序,最终会让黑客拿到服务器权限。
为了避免这种情况发生,我们需要把能上传文件的目录直接禁止解析PHP代码。
配置
#vim /usr/local/apache2 .4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/testdomain.com"
ServerName www.testdomain.com
ServerAlias testdomain.com
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.1og 86400"combined
<Directory /data/wwwroot/testdomain.com/upload>
php_admin_flag engine off
</Directory>
</VirtualHost>
检验配置
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
[root@localhost extra] cp /usr/local/apache2 .4/htdocs/1. php /at/wwwroot/www.111.com/upload/
11.访问控制-user_agent
介绍
user_agent是指用户浏览器端的信息。比如你是用IE的还是Firefox浏览器的。有些网站会根据这个来调整打开网站的类型,如是手机的就打开wap,显示非手机的就打开PC常规页面。
配置
#vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/testdomain.com"
ServerName www..com
ServerAlias testdomain.com
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.1og 86400"combined
<IfModule mod_ rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} .*baidu.com.*[NC]
RewriteRule .* - [F]
</IfModule>
</VirtualHost>
//%{HTTP_USER_AGENT}为user_agent的内置变量,NC代表“不区分大小写”,F代表Forbidden,OR表示“或者”
验证过程:
# /usr/local/apache2.4/bin/apachectl -t
# /usr/local/apache2.4/bin/apachectl graceful
配置验证
#curl -I -x127.0.0.1:80 www.111.com/upload/1.php
状态码403
#curl -A “123123” -I -x127.0.0.1:80 www.111.com/upload/1.php
状态码200
任务三 PHP配置
- PHP基础配置
查看PHP配置文件位置
[root@localhost www.111.com]# /usr/local/php/bin/php -i |grep -i "loaded configuration file"
[root@localhost www.111.com]# vim /usr/local/php/etc/php.ini
搜索disable_functions,编辑如下:
disable_functions=eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,1eak,popepassthru,stream_socket_server,popen,proc_open,proc_close
定义date.timezone,减少警告:
[root@localhost www.111.com]# vim /usr/local/php/etc/php.ini
找到date.timezone设置如下:
date.timezone =Asia/Shanghai
- 日志相关配置
配置error_log
[root@localhost www.111.com]# vim /usr/local/php/etc/php.ini
搜索log_errors, 改成log_errors=On //记录错误日志//默认开启
搜索error. log,改为error_log = /var/log/php/php_errors.log //记录错误日志目录位置
搜索error_reporting 改为error_reporting = E ALL & ~E_ NOTICE //记录错误日志级别
搜索display_errors,改为display_errors = Off
配置完php.ini,可以额外配置
[root@localhost www.111.com]# mkdir /var/log/php //创建错误日志目录
[root@localhost www.111.com]# chmod 777 /var/log/php //增加权限
[root@localhost www.111.com]# /usr/local/apache2.4/bin/apachectl graceful //重新加载服务
下面做一个演示:
# vim /data/wwwroot、.111.com/test.php
<?php
echo 111
# curl -A "123" -I -x127.0.0.1:80 .111. com/test .php
状态码500
# cat /var/1og/php/php_errors.log //显示错误日志
3.配置open_basedir
先在php.ini中设置open_basedir:
# vim /usr/local/php/etc/php.ini
搜索open_basedir,改成如下
open_ basedir = /tmp:/data/wwwroot/testdomain.com
因为限制了PHP只能在/tmp和/data/wwwroot/testdomain.com两个目录下面活动,演示如下:
# /usr/1ocal/apache2.4/bin/ apachectl graceful
# cp /usr/local/apache2.4/htdocs/1.php /data/wwwroot/testdomain.com/
# curl -x127.0.0.1:80 -I testdomain.com/1.php
状态码500
4.虚拟主机配置open_basedir
[root@localhost extra]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/testdomain.com"
ServerName www.testdomain.com
ServerAlias testdomain.com
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.1og 86400"combined
php_admin_value open_basedir "/data/wwwroot/testdomain.com/:/tmp/"
</VirtualHost>
//起作用的是php_admin_value,它定义了php.ini的参数
保存配置后,测试配置文件是否正确,没有错误重新加载服务:
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t
[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful
任务四 PHP扩展模块安装
[root@localhost apache2.4]# /usr/local/php/bin/php -m //查看PHP加载了哪些模块
[root@localhost apache2.4]# cd /usr/local/src
[root@localhost src]# wget http://pecl.php.net/get/redis-2.2.5.tgz
[root@localhost src]# ls -al
[root@localhost src]# tar -zxvf redis-2.2.5.tgz
[root@localhost src]# mv redis-2.2.5 phpredis-develop
[root@localhost src]# cd phpredis-develop
[root@localhost phpredis-develop]# yum install -y autoconf
[root@localhost phpredis-develop]# /usr/local/php/bin/phpize
Configuring for:
PHP Api Version: 20131106
Zend Module Api No: 20131226
Zend Extension Api No: 220131226
[root@localhost phpredis-develop]#./configure --with-php-config=/usr/local/php/bin
/php-config
[root@localhost phpredis-develop]# make -j4 && make install
// make install时候编译好的就会放在这个目录里
[root@localhost phpredis-develop]# vim /usr/local/php/etc/php.ini //增加配置
extension = redis.so //增加一行配置(可以放在文件最后一行)
[root@localhost phpredis-develop]# /usr/local/php/bin/php -m |grep redis //查看是否加载了redis模块