如何在CentOS7上安装LEMP(Linux+Nginx+MySQL+PHP)环境?
本文适用于CentOS7全新搭建LEMP(Linux+Nginx+MySQL+PHP)环境,需要注意地是,Nginx并不能像Apache mod_rewrite那样支持.htaccess文件做URL Rewrite,项目需要Rewrite的同学请注意:如果你没有或不能将Apache的Rewrite Rule转换成Nginx的,慎用!
需要配置虚拟主机的朋友请移步:Nginx如何配置虚拟主机?
老步骤,没有没有安装EPEL的,先安装EPEL:
yum -y install epel-release
开始安装Nginx
yum -y install nginx
设置开机自启动
systemctl enable nginx
启动Nginx
systemctl start nginx
设置防火墙规则
firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --reload
这时候访问http://yourIpAddress:
安装MariaDB数据库
yum -y install mariadb-server mariadb
设置开机自启动
systemctl enable mariadb
启动MariaDB
systemctl start mariadb
初始化及设置root密码
mysql_secure_installation
[root@localhost ~]# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank,so you should just press enter here. Enter current password for root (enter for none): ##回车 OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] ##回车 New password: #root的密码 Re-enter new password: #重复密码 Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] ##回车 ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] ##回车 ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] ##回车 - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] ##回车 ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
安装PHP-FPM
2020-12-16更新
如果在执行此安装过程中出现错误
No match for argument: php-mysql No match for argument: php-mcrypt
可能是EPEL源引起的问题,获得正确的名成的方法是:
1.获取php7.0的yum源
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
2.运行yum search php-mysql查找包
yum search php-mysql Repository epel is listed more than once in the configuration Last metadata expiration check: 0:06:20 ago on Wed 16 Dec 2020 09:13:31 AM CST. ================================================================================= Name Matched: php-mysql ================================================================================== php-mysqlnd.x86_64 : A module for PHP applications that use MySQL databases
这时候我们发现mysql的包已经变成php-mysqlnd了,以此类推。
8X-----------------------------------20201216更新备注结束---------------------------------------------------------
yum -y install php-fpm php-mysql php-pear php-pdo php-mysql php-gd php-mbstring php-mcrypt php-xml php-dom php-devel php-pear pcre-devel
很重要的PHP安全配置:cgi.fix_pathinfo
这个问题据说只存在于Nginx中,PHP cgi.fix_pathinfo参数默认是1,我们需要将它设置成0,
转来的:如果设置成1的危害就是假设你的网站有http://xx.com/a.jpg这样的一张图片,我通过http://xx.com/a.jpg/foo.php就可以查看到这个文件的二进制内容,意思就是可以通过php来执行它.问题就来了,如果你的网站允许用户上传图片,那么用户就可以构造一些恶意的代码,并伪装成图片上传.然后通过上面说的那种方式就可以在你网站的服务器上面通过php跑恶意代码了.
据说这个Nginx文件类型错误解析漏洞还可以通过其他方式来修复,本文暂不过多阐述。
修改方法:
vi /etc/php.ini
搜索cgi.fix_pathinfo,找到
;cgi.fix_pathinfo=1
将这一行改成
cgi.fix_pathinfo=0
保存并退出。
配置PHP-FPM
修改php-fpm的conf配置文件
vi /etc/php-fpm.d/www.conf
找到
user = apache group = apche
修改为:
user = nginx group = nginx
保存并退出
设置php-fpm开机自启动
systemctl enable php-fpm
开启php-fpm
systemctl start php-fpm
建立第一个站点并测试
新建站点配置文件
和Apache的虚拟主机配置文件conf一样,Nginx会为每个主机提供一个独立配置文件
vi /etc/nginx/conf.d/default.conf
配置以下内容:
server {
listen 80;
root /var/www/html/; ##站点目录
index index.php index.html index.htm; #索引文件
server_name 127.0.0.1; ##设置域名
location / {
try_files $uri $uri/ /index.html;
}
error_page 404 /404.html; ##错误页
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/html/;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache’s document root
# concurs with nginx’s one
#
location ~ /\.ht {
deny all;
}
}
保存后使用命令 /usr/sbin/nginx -t 测试conf文件是否有误
[root@localhost public_html]# /usr/sbin/nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
重启nginx(服务重启)
systemctl restart nginx
或使用命令nginx重新加载配置(建议,服务不停止):
/usr/sbin/nginx -s reload
然后访问http://yourIpAddressOrDomain/
恭喜,你已经完成了LEMP环境的搭建。