LAMP环境搭建与配置

任务一 安装MySQL,基础配置解析PHP

1.安装MySQL

  下载安装包   mysql-5.6.45-linux-glibc2.12-x86_64.tar

[root@localhost ~]# cd /usr/local/src

[root@localhost src]# tar -zxvf mysql-5.6.45-linux-glibc2.12-x86_64.tar.gz      //解压

[ root@localhost src]# mv mysql-5.6.45-linux-glibc2.12-x86_64 /usr/local/mysql  //挪动位置

[root@localhost src]# useradd -s /sbin/nologin mysql   //建立MySQL用户

[root@localhost src]# mkdir -p /data/mysql         //创建datadir,数据库文件会放到这里面

[root@localhost src]# chown -R mysql:mysql /data/mysql    //更改权限

[root@localhost src]# ls -al /data/mysql/        //查看所属组

总用量 0

drwxr-xr-x. 2 mysql mysql  6 10月  4 09:43 .

drwxr-xr-x. 3 root  root  19 10月  4 09:43 ..

[root@localhost src]# yum install -y autoconf     //不安装,下一命令可能会报错//截图中有所体现

[root@localhost src]# cd /usr/local/mysql

[root@localhost mysql]# ./scripts/mysql_install_db --user=mysql --datadir=/data/mysql    //定义数据库的运行用户和安装目录

[root@localhost mysql]# cp support-files/my-default.cnf /etc/my.cnf   //复制配置文件

[root@localhost mysql]# yum install -y vim-enhanced    //安装vim

[root@localhost mysql]# vim /etc/my.cnf       //修改配置文件

basedir = /usr/local/mysql     //basedir表示MySQL包所在路径

datadir = /data/mysql       //定义存放数据的位置

port = 3306              //定义MySQL服务监听的端口号

server_id = 222            //该MySQL服务的ID号   

socket =/tmp/mysql.sock     //定义MySQL服务监听的套接字地址

 [root@localhost mysql]# cp  support-files/mysql.server  /etc/init.d/mysqld     //复制启动脚本文件

 [root@localhost mysql]# vim /etc/init.d/mysqld         //修改启动脚本内容如下

basedir=/usr/local/mysql         

datadir=/data/mysql

[root@localhost mysql]# chkconfig --add mysqld    //把mysql服务加到系统服务列表中

[root@localhost mysql]# chkconfig mysqld on      //设置开机自启

[root@localhost mysql]#  service mysqld start      //启动服务

Starting MySQL.Logging to '/data/mysql/localhost.localdomain.err'.

..... SUCCESS!

安装成功!

2. 安装Apache

下载  httpd-2.4.49.tar、apr-1.6.5.tar和apr-util-1.6.1.tar。

解压

     [root@localhost src]# tar -zxvf httpd-2.4.49.tar.gz

     [root@localhost src]# tar -zxvf apr-util-1.6.1.tar.gz

     [root@localhost src]# tar -zxvf apr-1.6.5.tar.gz

安装配置

        [root@localhost src]# cd /usr/local/src/apr-1.6.5

        [root@localhost apr-1.6.5]# yum install -y expat-devel

        [root@localhost apr-1.6.5]# yum install -y libtool*

        [root@localhost apr-1.6.5]# ./configure --prefix=/usr/local/apr   //配置--prefix

        [root@localhost apr-1.6.5]# make &&make install        //编译安装    

[root@localhost apr-1.6.5]#  cd /usr/local/src/apr-util-1.6.1

[root@localhost apr-util-1.6.1]#  ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr

[root@localhost apr-util-1.6.1]# make &&make install

[root@localhost apr-util-1.6.1]# cd /usr/local/src/httpd-2.4.49

[root@localhost httpd-2.4.49]#yum install -y pcre pcre-devel     //为防止下一条命令的报错

[root@localhost httpd-2.4.49]# ./configure --prefix=/usr/local/apache2.4 --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-so --enable-mods-shared=most             

//  ./configure  --prefix=/usr/1ocal/apache2.4

//--perefix指定安装目录

--with-apr=/usr/local/apr

--with-apr-util=/usr/local/apr-util

--enable-so

//--enable-so表示启用DSO

--enable-mods-shared=most

//--enable -mods- shared表示以共享形式安装模块

 [root@localhost httpd-2.4.49]# make &&make install      //此处等待时间过长,耐心等待

[root@localhost httpd-2.4.49]# cd ..

[root@localhost src]# cp -r apr-1.6.5 httpd-2.4.49/srclib/apr

[root@localhost src]# cp -r apr-util-1.6.1 httpd-2.4.49/srclib/apr-util

[root@localhost src]#cd httpd-2.4.49

[root@localhost httpd-2.4.49]#make &&make install

[root@localhost httpd-2.4.49]# /usr/local/apache2.4/bin/apachectl -M  // 查看加载的模块

安装成功!

  1. 安装PHP

下载  php-5.6.30.tar.gz

解压与安装

       [root@localhost src]# tar -zxvf php-5.6.30.tar.gz

 [root@localhost src# yum install -y libxml2-devel

       [root@localhost src]# yum install -y openssl-devel

       [root@localhost src]# yum install -y bzip2 bzip2-devel

       [root@localhost src]# yum install -y libpng libpng-devel

       [root@localhost src]# yum install -y freetype freetype-devel

       [root@localhost src]# yum install -y epel-release

       [root@localhost src]# yum install -y libmcrypt-devel //提前安装库文件防止配置时出错

配置 

[root@localhost src]# cd php-5.6.30

[root@localhost php-5.6.30]# ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache2.4/bin/apxs --with-config-file-path=/usr/local/php/etc --with-mysql=/usr/local/mysql --with-libxml-dir--with-gd --with-jpeg-dir --with-png-dir--with-freetype-dir --with-iconv-dir--with-zlib-dir --with-bz2 --with-openssl--with-mcrypt --enable-soap--enable-gd-native-ttf  --enable-mbstring--enable-sockets --enable-exif           //配置--prefix

[root@localhost php-5.6.30]# make && make install      //编译安装

[root@localhost php-5.6.30]# cd /usr/local/src/php-5.6.30

[root@localhost php-5.6.30]#  cp php.ini-production  /usr/local/php/etc/php.ini    

  1. httpd解析PHP

[root@localhost apache2.4]# vim /usr/local/apache2.4/conf/httpd.conf    //编辑http的主配置文件

     第一处:搜索ServerName,把ServerName www.example.com:80前#去掉;

     第二处:

<Directory />

    AllowOverride none

    Require all denied

</Directory>

修改成:

<Directory />

    AllowOverride none  

    Require all granted

</Directory>                     //目的允许所有请求访问

      第三处:搜索AddType application/x-gzip .gz .tgz,在下面添加一行 AddType application/x-httpd-php .php

      第四处:

<IfModule dir_module>

    DirectoryIndex index.html

</IfModule>

改成:

<IfModule dir_module>

    DirectoryIndex index.html index.php

</IfModule>

[root@localhost apache2.4]# /usr/local/apache2.4/bin/apachectl -t  //检验配置文件是否正确

Syntax OK

[root@localhost apache2.4]# /usr/local/apache2.4/bin/apachectl start  //启动httpd命令

[root@localhost apache2.4]# yum install -y net-tools      

[root@localhost apache2.4]# netstat -lnp |grep httpd     //查看是否启动

tcp6       0      0 :::80                   :::*                    LISTEN      69230/httpd  

[root@localhost apache2.4]# curl localhost     //使用curl命令简单测试,显示了就是成功

<html><body><h1>It works!</h1></body></html>

[root@localhost apache2.4]# vim /usr/local/apache2.4/htdocs/1.php   //编写一个测试脚本

<?

echo  “php解析正确”

?>     

~

~

[root@localhost apache2.4]# curl localhost/1.php

 //如图所示显示“php解析正确”则解析正确

安装成功

任务二 Apache配置

  1. 默认虚拟主机

虚拟主机

虚拟主机(共享主机,又称虚拟服务器)是一种在单一主机或主机群上,实现多网域服务的方法,可以运行多个网站或服务的技术。虚拟主机之间完全独立,并可由用户自行管理,虚拟并非指不存在,而是指空间是由实体的服务器延伸而来,其硬件系统可以是基于服务器群,或者单个服务器。

配置

[root@localhost ~]# vim /usr/local/apache2.4/conf/httpd.conf

搜索vhosts,把Include conf/extra/httpd-vhosts.conf前#去掉

[root@localhost ~]# cd /usr/local/apache2.4/conf/extra/

[root@localhost extra]#  cp httpd-vhosts.conf httpd-vhosts.conf-bak   //备份

[root@localhost extra]#  vim httpd-vhosts.conf     //修改配置内容

<VirtualHost *:80>

    ServerAdmin webmaster@dummy-host.example.com

    DocumentRoot "/usr/local/apache2.4/docs/dummy-host.example.com"

    ServerName dummy-host.example.com

    ServerAlias www.dummy-host.example.com

    ErrorLog "logs/dummy-host.example.com-error_log"

    CustomLog "logs/dummy-host.example.com-access_log" common

</VirtualHost>

<VirtualHost *:80>

    ServerAdmin webmaster@dummy-host2.example.com

    DocumentRoot "/usr/local/apache2.4/docs/dummy-host2.example.com"

    ServerName dummy-host2.example.com

    ErrorLog "logs/dummy-host2.example.com-error_log"

    CustomLog "logs/dummy-host2.example.com-access_log" common

</VirtualHost>

举例修改:

<VirtualHost *:80>

    ServerAdmin webmaster@dummy-host.example.com

    DocumentRoot "/usr/local/apache2.4/docs/abc.com"

    ServerName abc.com

    ServerAlias www.abc.com www.shang.com

    ErrorLog "logs/abc.com-error_log"

    CustomLog "logs/abc.com-access_log" common

</VirtualHost>

<VirtualHost *:80>

    

    DocumentRoot "/usr/local/apache2.4/docs/111.com"

    ServerName 111.com

    ErrorLog "logs/111.com-error_log"

    CustomLog "logs/111.com-access_log" common

</VirtualHost>

                        

[root@localhost extra]# cd /usr/local/apache2.4

[root@localhost apache2.4]# mkdir docs

[root@localhost apache2.4]# cd docs/

[root@localhost docs]# mkdir abc.com        //根据网站名称,创建网络文件

[root@localhost docs]# mkdir 111.com       //根据网站名称,创建网络文件

[root@localhost docs]# vim abc.com/index.html          //修改网站内容

abc.com

[root@localhost docs]# vim 111.com/index.html         //添加   

111.com                 

[root@localhost docs]# cd /usr/local/apache2.4/conf/extra/

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful

配置验证

[root@localhost extra]# cd /usr/local/apache2.4/docs/

[root@localhost docs]# curl -xlocalhost:80 www.abc.com    //访问

[root@localhost docs]# curl -xlocalhost:80 www.111.com    //访问

[root@localhost docs]# curl -xlocalhost:80 111.com       //访问

验证成功

  1. 用户认证

介绍

用户认证用来对某些目录中的网页进行访问控制,当用户访问这些页面的时候需要输入用户名和密码进行认证。

配置

[root@localhost extra]# vim httpd-vhosts.conf

 <Directory /usr/local/apache2.4/docs/abc.com>

        AllowOverride AuthConfig

        AuthName "abc.com user auth"

        AuthType Basic

        AuthUserFile /usr/local/apache2.4/docs/.htpasswd

        require valid-user

</Directory>

~

[root@localhost extra]# cd  /usr/local/apache2.4/docs/abc.com

[root@localhost abc.com]# /usr/local/apache2.4/bin/apachectl -t

[root@localhost abc.com]# /usr/local/apache2.4/bin/apachectl graceful

[root@localhost abc.com]# /usr/local/apache2.4/bin/htpasswd -cm /usr/local/apache2.4/docs/.htpasswd abc

New password:

Re-type new password:

Adding password for user abc

[root@localhost abc.com]# cd /usr/local/apache2.4/conf/extra/

[root@localhost extra]#  curl -xlocalhost:80 abc.com -I

[root@localhost extra]# curl -xlocalhost:80 -u abc:000000 abc.com -I

配置验证

进入hosts中(C:\Windows\System32\drivers\etc\hosts)在最后一行添加:

192.168.222.128 abc.com www.abc.com 111.com

添加完成后,在Windows*问地址http://abc.com

验证成功

  1. 域名跳转

介绍

当我们变更网站域名或者申多个域名指向一个网站的时候,这个时候我们就会用到域名跳转。

配置

(此处为了区分)把123.com域名跳转为www.123.com,配置如下:

[root@localhost extra]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>

    DocumentRoot "/data/wwwroot/www.abc.com"

    ServerName www.abc.com

ServerAlias abc.com

ErrorLog "logs/abc.com-error_log"

 CustomLog "logs/abc.com-access_log" common

    <IfModule mod_rewrite.c>          //需要mod_rewrite模块支持

        RewriteEngine on              //打开rewrite功能

        RewriteCond %{HTTP_HOST} !^www.123.com$                     //定义rewrite的条件,主机名(域名)不是www.123.com满足条件

        RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L]            //定义rewrite规则,当满足上面的条件时,这条规则才会执行

</IfModule>

</VirtualHost>

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful

[root@localhost apache2.4]# cd /usr/local/apache2.4/docs

[root@localhost docs]# mkdir www.111.com

[root@localhost docs]# cd www.111.com

[root@localhost www.111.com]# vim index.html     

www.111.com

~

[root@localhost www.111.com]# vim 123.php

 <?php

echo "www.111.com/123.php";

?>

要实现跳转,需要rewrite模块的支持,所以查看是否安装该模块。如果没有则还需要一些配置:

[root@localhost www.111.com]# cd /usr/local/apache2.4/conf/extra

 [root@localhost extra]# /usr/local/apache2.4/bin/apachectl -M | grep -i rewrite

             //无返回值需修改

[root@localhost extra]# vim /usr/local/apache2.4/conf/httpd.conf  //查看是否有模块

 //搜索rewrite,把LoadModule rewrite_module modules/mod_rewrite.so前面#去掉

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful   //重新加载服务

配置验证

[root@localhost extra]#  /usr/local/apache2.4/bin/apachectl -M | grep -i rewrite

 rewrite_module (shared)

  //有这行输出,说明正常加载rewrite模块

[root@localhost extra]# curl -x127.0.0.1:80 -I 123.com  //可以看见状态码301

验证成功

  1. 访问日志

介绍

访问日志作用很大,不仅可以记录网站的访问情况,还可以在网站有异常发生时帮助我们定位问题。

配置

 [root@localhost extra] vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

CustomLog "logs/abc.com-access_log" common

    修改成  

 CustomLog "logs/abc.com-access_log" combined

保存配置文件后,测试语法并重新加载配置:

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful

配置验证

[root@localhost extra]#  cd /usr/local/apache2.4/logs/

[root@localhost logs]# cat abc.com-access_log

验证成功

  1. 访问日记不记录静态文件

配置

[root@localhost extra]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf    //修改配置文件如下(两处):

 增加内容:

  SetEnvIf Request_URI ".*\.gif$" img

    SetEnvIf Request_URI ".*\.jpg$" img

    SetEnvIf Request_URI ".*\.png$" img

    SetEnvIf Request_URI ".*\.bmp$" img

    SetEnvIf Request_URI ".*\.swf$" img

    SetEnvIf Request_URI ".*\.js$" img

    SetEnvIf Request_URI ".*\.css$" img

    CustomLog "logs/www.123.com-access_log" combined env=!img

在CustomLog "logs/abc.com-access_log" combined前加#

[root@localhost extra]# cd /usr/local/apache2.4/docs/

[root@localhost docs]# cd www.111.com/

[root@localhost www.111.com]# mkdir images

[root@localhost www.111.com]# cd images

[root@localhost images]# yum install -y lrzsz      //安装rz

[root@localhost images]# rz               //上传图片(以 .png 形式命名 )

保存配置后,测试配置文件是否正确,没有错误重新加载服务:

[root@localhost images]# /usr/local/apache2.4/bin/apachectl -t

[root@localhost images]# /usr/local/apache2.4/bin/apachectl graceful

配置验证

[root@localhost images]# curl -xlocalhost:80 www.111.com/images/linux.png -I   访问图片

[root@localhost logs]# tailf abc.com-access_log      //查看日志

验证成功

  1. 访问日记切割

介绍

日志一直记录总有一天会把整个磁盘占满,所以有必要让它自动切割,并删除老的日志文件。

配置

[root@localhost extra]# vim httpd-vhosts.conf        //修改配置文件

CustomLog "logs/123.com-access_log" combined env=!img

修改为

CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/www.111.com-access_%Y%m%d.log 86400" combined env=!im

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful

配置验证

[root@localhost extra]# curl -xlocalhost:80 www.111.com -I

[root@localhost extra]# ll /usr/local/apache2.4/logs/

验证成功

  1. 静态元素过期时间

介绍

那到底能缓存多久呢?如果服务器上的某个图片更改了,那么应该访问新的图片才对。这就涉及一个静态文件缓存时长的问题,也叫作“缓存过期时间”。在httpd的配置文件中,我们是可以控制这个时间的。浏览器访问网站的图片时会把静态的文件缓存在本地电脑里,这样下次再访问时就不用去远程下载了。

配置

 [root@localhost extra]# vim httpd-vhosts.conf  //修改配置文件(两处)如下:

      增加内容:

     <IfModule mod_expires.c>

     ExpiresActive on   //打开该功能的开关

     ExpiresByType image/gif  "access plus 1 days"

     ExpiresByType image/jpeg "access plus 24 hours"

     ExpiresByType image/png "access plus 24 hours"

     ExpiresByType text/css "now plus 2 hour"

     ExpiresByType application/x-javascript "now plus 2 hours"

     ExpiresByType application/javascript "now plus 2 hours"

     ExpiresByType application/x-shockwave-flash "now plus 2 hours"

     ExpiresDefault "now plus 0 min"

</IfModule>

删除内容:

把CustomLog "logs/abc.com-access_log" combined前#删掉

保存配置后,测试配置文件是否正确,没有错误重新加载服务:

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful

配置验证

检查httpd是否加载expires模块:

 [root@localhost extra]# /usr/local/apache2.4/bin/apachectl -M |grep -i expires    //没有输出则说明当前httpd并不支持expires模块,所以需要修改配置文件

[root@localhost extra]# vim /usr/local/apache2.4/conf/httpd.conf              //修改配置文件:把LoadModule expires_module modules/mod_expires.so前面#删掉

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -M|grep -i expires

 expires_module (shared)             //正确加载expires模块

进行测试

[root@localhost images]# curl -xlocalhost:80 www.111.com/images/linux.png -I

  1. 配置防盗链

介绍

防盗链,通俗讲,就是不让别人盗用你网站上的资源。这个资源,通常指的是图片、视频、歌曲、文档等。

配置

配置防盗链先编辑主机配置文件:

   [root@localhost extra]# vim httpd-vhosts.conf      //修改配置文件如下:

    增加内容:

     <Directory /data/wwwroot/www.111.com>

        SetEnvIfNoCase Referer "http://www.111.com" local_ref

        SetEnvIfNoCase Referer "http://111.com" local_ref

        SetEnvIfNoCase Referer "^$" local_ref

        <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">

            Order Allow,Deny

            Allow from env=local_ref

        </filesmatch>

</Directory>

保存配置后,测试配置文件是否正确,没有错误重新加载服务:

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful

配置验证

  [root@localhost conf]# curl -e "http://www.douxue.com/123.php" -xlocalhost:80 www.111.com/images/linux.png -I

  1. 访问控制-Diretory\FileMatch

介绍

访问控制限制白名单IP,针对文件和目录。

配置       ------ 分别对目录和文件进行配置

目录配置

限制IP访问,编辑配置文件:

#vim /usr/local/apache2 .4/conf/extra/httpd-vhosts.conf   //增加配置

<VirtualHost *:80>

    DocumentRoot "/data/wwwroot/testdomain.com"

    ServerName www.testdomain.com

    ServerAlias testdomain.com

    CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.1og 86400"combined

       <Directory /data/wwwroot/www.111.com/admin/>

        Order deny,allow

        Deny from all

        Allow from 127.0.0.1

</Directory>

</VirtualHost>

保存配置后,测试配置文件是否正确,没有错误重新加载服务:

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful

配置验证

[root@localhost www.111.com]# curl -x192.168.222.129:80 www.111.com/admin/123.php -I

[root@localhost www.111.com]# curl -x127.0.0.1:80 www.111.com/admin/123.php -I

文件配置

编辑配置文件:    //增加配置

#vim /usr/local/apache2 .4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>

    DocumentRoot "/data/wwwroot/testdomain.com"

    ServerName www.testdomain.com  

    ServerAlias testdomain.com

CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.1og 86400"combined

    <Directory /data/wwwroot/testdomain.com/admin/>

      <Filesmatch "admin.php(.*)">

        Order deny,allow

        Deny from all

        Allow from 127.0.0.1

      </Filesmatch>

</Directory>

</VirtualHost>

保存配置后,测试配置文件是否正确,没有错误重新加载服务:

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful

配置验证

 [root@localhost www.111.com]# curl -x127.0.0.1:80 www.111.com/admin.php -I

[root@localhost www.111.com]# curl -x192.168.222.129:80 www.111.com/admin.php -I

  1. 访问控制—禁止解析PHP

简述

对于使用PHP语言编写的网站,有一些目录是有需求上传文件的。如果网站代码有漏洞,让黑客上传了一个用PHP写的木马,由于网站可以执行PHP程序,最终会让黑客拿到服务器权限。

为了避免这种情况发生,我们需要把能上传文件的目录直接禁止解析PHP代码。

配置

#vim /usr/local/apache2 .4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>

    DocumentRoot "/data/wwwroot/testdomain.com"

    ServerName www.testdomain.com

    ServerAlias testdomain.com

    CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.1og 86400"combined

    <Directory /data/wwwroot/testdomain.com/upload>

        php_admin_flag engine off

    </Directory>

</VirtualHost>

检验配置

 [root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful

[root@localhost extra] cp /usr/local/apache2 .4/htdocs/1. php /at/wwwroot/www.111.com/upload/

  

11.访问控制-user_agent

介绍

user_agent是指用户浏览器端的信息。比如你是用IE的还是Firefox浏览器的。有些网站会根据这个来调整打开网站的类型,如是手机的就打开wap,显示非手机的就打开PC常规页面。

配置

#vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>

    DocumentRoot "/data/wwwroot/testdomain.com"

    ServerName www..com

    ServerAlias testdomain.com

CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.1og 86400"combined

    <IfModule mod_ rewrite.c>

        RewriteEngine on

        RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR]

        RewriteCond %{HTTP_USER_AGENT} .*baidu.com.*[NC]

        RewriteRule  .*  -  [F]

</IfModule>

</VirtualHost>

   //%{HTTP_USER_AGENT}为user_agent的内置变量,NC代表“不区分大小写”,F代表Forbidden,OR表示“或者”

验证过程:

# /usr/local/apache2.4/bin/apachectl -t

# /usr/local/apache2.4/bin/apachectl graceful

配置验证

#curl -I -x127.0.0.1:80 www.111.com/upload/1.php

状态码403

#curl -A “123123” -I -x127.0.0.1:80 www.111.com/upload/1.php

状态码200

任务三 PHP配置

  1. PHP基础配置

查看PHP配置文件位置

[root@localhost www.111.com]# /usr/local/php/bin/php -i |grep -i "loaded configuration file"

[root@localhost www.111.com]# vim  /usr/local/php/etc/php.ini

搜索disable_functions,编辑如下:

disable_functions=eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,1eak,popepassthru,stream_socket_server,popen,proc_open,proc_close

定义date.timezone,减少警告

[root@localhost www.111.com]# vim  /usr/local/php/etc/php.ini

找到date.timezone设置如下:

date.timezone =Asia/Shanghai

  1. 日志相关配置

配置error_log

[root@localhost www.111.com]# vim /usr/local/php/etc/php.ini

搜索log_errors, 改成log_errors=On      //记录错误日志//默认开启

搜索error. log,改为error_log = /var/log/php/php_errors.log  //记录错误日志目录位置

搜索error_reporting 改为error_reporting = E ALL & ~E_ NOTICE  //记录错误日志级别

搜索display_errors,改为display_errors = Off

配置完php.ini,可以额外配置

 [root@localhost www.111.com]# mkdir /var/log/php     //创建错误日志目录

 [root@localhost www.111.com]# chmod 777 /var/log/php     //增加权限

[root@localhost www.111.com]# /usr/local/apache2.4/bin/apachectl graceful     //重新加载服务

下面做一个演示:

# vim /data/wwwroot、.111.com/test.php

<?php

echo 111

# curl -A "123" -I -x127.0.0.1:80 .111. com/test .php

状态码500

# cat /var/1og/php/php_errors.log           //显示错误日志

3.配置open_basedir

先在php.ini中设置open_basedir:

# vim /usr/local/php/etc/php.ini

搜索open_basedir,改成如下

open_ basedir = /tmp:/data/wwwroot/testdomain.com

因为限制了PHP只能在/tmp和/data/wwwroot/testdomain.com两个目录下面活动,演示如下:

# /usr/1ocal/apache2.4/bin/ apachectl graceful

# cp /usr/local/apache2.4/htdocs/1.php /data/wwwroot/testdomain.com/

# curl -x127.0.0.1:80 -I testdomain.com/1.php

状态码500

4.虚拟主机配置open_basedir

[root@localhost extra]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>

    DocumentRoot "/data/wwwroot/testdomain.com"

    ServerName www.testdomain.com

    ServerAlias testdomain.com

    CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.1og 86400"combined

    php_admin_value open_basedir "/data/wwwroot/testdomain.com/:/tmp/"

</VirtualHost>

   //起作用的是php_admin_value,它定义了php.ini的参数

        保存配置后,测试配置文件是否正确,没有错误重新加载服务:

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl -t

[root@localhost extra]# /usr/local/apache2.4/bin/apachectl graceful

任务四 PHP扩展模块安装

[root@localhost apache2.4]#  /usr/local/php/bin/php -m   //查看PHP加载了哪些模块

[root@localhost apache2.4]# cd  /usr/local/src

[root@localhost src]# wget http://pecl.php.net/get/redis-2.2.5.tgz

[root@localhost src]# ls -al

[root@localhost src]# tar -zxvf redis-2.2.5.tgz

[root@localhost src]# mv redis-2.2.5 phpredis-develop

[root@localhost src]# cd phpredis-develop

[root@localhost phpredis-develop]# yum install -y autoconf

[root@localhost phpredis-develop]# /usr/local/php/bin/phpize

Configuring for:

PHP Api Version:         20131106

Zend Module Api No:      20131226

Zend Extension Api No:   220131226

[root@localhost phpredis-develop]#./configure  --with-php-config=/usr/local/php/bin

/php-config

[root@localhost phpredis-develop]# make -j4 && make install     

// make install时候编译好的就会放在这个目录里

[root@localhost phpredis-develop]#  vim /usr/local/php/etc/php.ini      //增加配置

extension = redis.so    //增加一行配置(可以放在文件最后一行)

[root@localhost phpredis-develop]# /usr/local/php/bin/php -m |grep redis   //查看是否加载了redis模块

上一篇:通过占位符来动态获得字符串资源


下一篇:LAMP+Apache+mysql+php+DISCUZ