1、centos7 安装PHP7.2版本 #查询是否安装过php yum list installed | grep php yum provides php #移除php yum remove php-common #下载源 rpm -Uvh https://mirror.webtatic.com/yum/el7/epel-release.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm yum install php72w php72w-opcache php72w-xml php72w-gd php72w-devel php72w-mysql php72w-intl php72w-mbstring php72w-fpm php72w-cli php72w-mbstring php72w-pdo php-redis php -v #PHP 7.2.14 #设置时区 vim /etc/php.ini date.timezone = "Asia/Shanghai" #设置php-fpm运行用户组 vim /etc/php-fpm.d/www.conf user = nginx group = nginx listen.owner = nobody 前面;去掉 listen.group = nobody 前面;去掉 listen.mode = 0660 前面;去掉 #启动php-fpm systemctl start php-fpm.service systemctl status php-fpm.service systemctl stop php-fpm.service systemctl restart php-fpm.service #设置开机自启动 systemctl enable php-fpm.service
#移除开机启动
systemctl disable php-fpm.service
#安装mcrypt扩展 #mcrypt扩展从php7.1.0开始废弃,自php7.2.0起会移到pecl #http://pecl.php.net/package/mcrypt yum install libmcrypt libmcrypt-devel mcrypt mhash wget http://pecl.php.net/get/mcrypt-1.0.1.tgz tar -zxvf mcrypt-1.0.1.tgz cd mcrypt-1.0.1 #whereis phpize /usr/bin/phpize #whereis php-config ./configure --with-php-config=/usr/bin/php-config && make && make install #vim php.ini extension=mcrypt.so #重启php-fpm systemctl restart php-fpm.service 2、nginx安装nginx-1.15.9 ps aux | grep nginx #kill 45124(ps aux | grep nginx执行之后第一条是pid) #踢出nginx所有进程 pkill -9 nginx systemctl stop nginx.service #移除nginx yum remove nginx yum list installed | grep nginx yum remove **** #再次检查nginx文件夹 find / -name nginx* #找出nginx目录(删除目录) rm -rf ***** #以上处理之后证明nginx已经清理干净了 #安装库 yum install zlib-devel yum install openssl openssl-devel yum install gcc gcc-c++ wget yum install automake autoconf libtool libxml2-devel libxslt-devel perl-devel perl-ExtUtils-Embed pcre-devel #cd /home/tools wget -c https://nginx.org/download/nginx-1.15.9.tar.gz tar -zxvf nginx-1.15.9.tar.gz cd nginx-1.15.9 ./configure make && make install #nginx默认安装在/usr/local/nginx #查看nginx当前版本 nginx/1.15.9 /usr/local/nginx/sbin/nginx -v pkill -9 nginx /usr/local/nginx/sbin/nginx #添加nginx项目配置文件夹 mkdir -p /usr/local/nginx/conf/conf.d #添加nginx运行错误日志文件夹 mkdir -p /var/log/nginx #完善nginx配置 vim /usr/local/nginx/conf/nginx.conf #修改nginx用户组 user nginx; #设置工作进程数 方便的话可以直接设置成auto worker_processes auto; #lscpu 可以查看下cpu的数量 #worker_processes一般设置和CPU数量一样且配合worker_cpu_affinity一起配置 worker_processes 2; worker_cpu_affinity 01 10; #配置nginx错误日志 error_log /var/log/nginx/error.log; #设置nginx.pid nginx.pid存放的是nginx的master进程的进程号 pid /run/nginx.pid; #http 对象中修改 #log_format 前的#去掉 #添加 client_max_body_size 200m; #添加 include /usr/local/nginx/conf/conf.d/*.conf; #项目的http配置文件可以放到conf.d文件夹中了 #nginx的启动与重启 /usr/local/nginx/sbin/nginx -s quit #nginx停止 /usr/local/nginx/sbin/nginx -s reload #nginx reload /usr/local/nginx/sbin/nginx #nginx启动 #nginx设置开机自启动 #即在rc.local增加启动代码就可以了 vi /etc/rc.local #增加一行 /usr/local/nginx/sbin/nginx #设置执行权限 chmod 755 /etc/rc.local
Nginx配置SSL报错 nginx: [emerg] unknown directive "ssl"
1、去nginx解压目录下执行
./configure --with-http_ssl_module
2、执行 make(切记不能 make install 会覆盖安装目录)
3、将新的 nginx 覆盖旧安装目录
cp objs/nginx /usr/local/nginx/sbin/nginx
3、redis安装
yum install redis
#启动redis
systemctl start redis.service
systemctl status redis.service
systemctl stop redis.service
systemctl restart redis.service
#设置开机自启动
systemctl enable redis.service
4、mysql5.7.20安装
wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm
#安装mysql源
yum localinstall mysql57-community-release-el7-8.noarch.rpm
#安装mysql server
yum install mysql-community-server
#启动mysqld
systemctl start mysqld.service
systemctl status mysqld.service
systemctl enable mysqld.service
#查看临时密码 grep 'A temporary password' /var/log/mysqld.log
#登录设置root新密码 alter user 'root'@'localhost' identified by 'Abc123!@#';
5、php_screw-1.5 扩展编译
#进入http://sourceforge.net/projects/php-screw/下载最新版本php_screw-1.5.tar.gz
#cd /home/tools
tar -zxvf php_screw-1.5.tar.gz
cd php_screw-1.5
#更改加密策略
vim php_screw.h
#修改 define PM9SCREW “ PHPSCREW ”
vim my_screw.h
#数组中数据随便修改,但最多保持在5位数
vim php_screw.c
#CG(extended_info) = 1; 修改为 CG(compiler_options) |= ZEND_COMPILE_EXTENDED_INFO;
/usr/bin/phpize
./configure --with-php-config=/usr/bin/php-config
make && make install
#编译会在/home/tools/php_screw-1.5/modules文件夹
#/usr/lib64/php/modules/文件夹生成php_screw.so文件
#php.ini添加extension=php_screw.so
vim /etc/php.ini
systemctl restart php-fpm.service
#生成加密二进制文件screw
cd /home/tools/php_screw-1.5/tools
make
#make生成二进制文件screw
cp screw /usr/bin/screw
#接下来就玩起来吧
6、openssh升级到7.9
#先安装telnet服务,以防卸载openssh后连接不到服务器
yum list telnet-server
yum install telnet-server
yum list xinetd
yum install xinetd
#启动telnet服务
systemctl enable xinetd
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd
#默认情况下系统是不允许root用户telnet远程登录的
#如果要使用root用户直接登录需设置/etc/securetty
vim /etc/securetty
#添加 pts/0
#添加 pts/1
systemctl restart xinetd
#root登录时总是提示 login incorrect
vim /etc/pam.d/login
#auth ****** pam_securetty.so 注释这行
#设置好后,最好重启下服务器
reboot
systemctl start telnet.socket
systemctl start xinetd
#wget 下载资源包
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.9p1.tar.gz
#安装依赖包
yum install openssl openssl-devel pam-devel gcc gcc-c++ zlib zlib-devel zlib-static
#解压openssh-7.9p1.tar.gz
tar -zxvf openssh-7.9p1.tar.gz
cd openssh-7.9p1
#备份/etc/ssh
mv /etc/ssh /opt/ssh.bak
#安装openssh7.9
./configure --sysconfdir=/etc/ssh
#没有错误继续
make && make install
#查看版本
/usr/local/sbin/sshd -v
#编译安装完毕后,默认不允许root远程登录
vim /etc/ssh/sshd_config
#PermitRootLogin prohibit-password 改成 PermitRootLogin yes
#重启sshd
systemctl restart sshd
systemctl stop sshd
systemctl start sshd
systemctl enable sshd
#可以关闭下sshd来体验下telnet,登录telnet后台启动下sshd
#记得systemctl start telnet.socket systemctl start xinetd
7、一些问题总结
#测试nginx是否配置有误,如果有误请去查看nginx的error_log日志
/usr/local/nginx/sbin/nginx -t
#/var/lib/php 需要设置777权限,PHP写入session
chmod -R 777 /var/lib/php
#检查是否开启selinux
#查看是否开启了selinux [disabled或permissive是关闭|enforcing是开启]
getenforce
#setenforce 0关闭/1开启
setenforce 0
setenforce 1
#PHP7.2开始mcrypt_encrypt已被移除需使用openssl_encrypt
openssl_encrypt('加密串串','AES-128-ECB','加密种子',OPENSSL_RAW_DATA);
openssl_decrypt('加密串串','AES-128-ECB','加密种子',OPENSSL_RAW_DATA);
--防火墙 systemctl status firewalld systemctl disable firewalld systemctl enable firewalld 查看版本: firewall-cmd --version 查看所有打开的端口: firewall-cmd --zone=public --list-ports 更新防火墙规则: firewall-cmd --reload 添加端口: firewall-cmd --zone=public --add-port=45168/tcp --permanent (--permanent永久生效,没有此参数重启后失效) 查看端口: firewall-cmd --zone=public --query-port=45168/tcp 删除端口: firewall-cmd --zone=public --remove-port=45168/tcp --permanent (--permanent永久生效,没有此参数重启后失效) -- selinux 查看状态: getenforce 永久关闭: vi /etc/selinux/config (将SELINUX=enforcing改为SELINUX=disabled 重启才能生效