L.A.M.P 環境配置文檔 一、系統約定軟體源代碼包存放位置 /usr/local/src 源碼包編譯安裝位置(prefix) /usr/local/software_name 腳本以及維護程序存放位置 /usr/local/sbin MySQL 資料庫位置 /var/lib/mysql Apache 網站根目錄 /data/wwwroot Apache 虛擬主機日誌根目錄 /data/logs/www Apache 運行賬戶 www:www yum RPM包信息文件 /etc/yum.list 二、系統環境部署及調整 1. 檢查系統是否正常 # more /var/log/messages (檢查有無系統內核級錯誤信息) # dmesg (檢查硬體設備是否有錯誤信息) # ifconfig(檢查網卡設置是否正確) # ping www.163.com (檢查網路是否正常) 2. 關閉不需要的服務 # ntsysv 以下僅列出需要啟動的服務,未列出的服務一律關閉: crond irqbalance (僅當伺服器CPU為S.M.P架構或支持雙核心、HT技術時,才需開啟,否則關閉。) microcode_ctl network random sendmail sshd syslog 3. 對TCP/IP網路參數進行調整,加強抗SYN Flood能力 # echo 'net.ipv4.tcp_syncookies = 1' >> /etc/sysctl.conf # sysctl -p 4. 配置yum # rpm --import /usr/share/doc/centos-release-3/RPM-GPG-KEY-CentOS-3 # yum list | tee /etc/yum.list 5. 修改命令history記錄 # vi /etc/profile 找到 HISTSIZE=1000 改為 HISTSIZE=50 6. 定時校正伺服器時間 # yum install ntp # crontab -e 加入一行: */15 * * * * ntpdate 210.72.145.44 ## 210.72.145.44 為中國國家授時中心伺服器地址。 7. 重新啟動系統 # init 6 8. 使用 yum 程序安裝所需開發包(以下為標準的 RPM 包名稱) gcc gcc-c++ gcc-g77 flex bison autoconf automake bzip2-devel zlib-devel ncurses-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel pam-devel 9. 源碼編譯安裝所需包(Source) (1) GD2 # cd /usr/local/src # wget http://download.discuz.net/env/gd-2.0.33.tar.gz # tar xzvf gd-2.0.33.tar.gz # cd gd-2.0.33 # ./configure --prefix=/usr/local/gd2 # make # make install (2) LibXML2 # cd /usr/local/src # wget http://download.discuz.net/env/libxml2-2.6.26.tar.bz2 # tar xjvf libxml2-2.6.26.tar.bz2 # cd libxml2-2.6.26 # ./configure --prefix=/usr/local/libxml2 # make # make install (3) Apache日誌截斷程序 # cd /usr/local/src # wget http://download.discuz.net/env/cronolog-1.6.2.tar.gz # tar xzvf cronolog-1.6.2.tar.gz # cd cronolog-1.6.2 # ./configure ?prefix=/usr/local/cronolog # make # make install 10. 升級OpenSSL和OpenSSH # cd /usr/local/src # wget http://download.discuz.net/env/openssl-0.9.7j.tar.gz # wget http://download.discuz.net/env/openssh-4.2p1.tar.gz # tar xzvf openssl-0.9.7j.tar.gz # cd openssl-0.9.7j # ./config --prefix=/usr/local/openssl # make # make test # make install # cd .. # tar xzvf openssh-4.2p1.tar.gz # cd openssh-4.2p1 # ./configure \ "--prefix=/usr" \ "--with-pam" \ "--with-zlib" \ "--with-ssl-dir=/usr/local/openssl" \ "--with-md5-passwords" # make # make install 禁止root直接登錄,此處先建立一個普通系統用戶: # useradd username # passwd username # echo 'Protocol 2' >> /etc/ssh/sshd_config # echo 'Protocol 2' >> /usr/etc/sshd_config # echo 'PermitRootLogin no' >> /etc/ssh/sshd_config # echo 'PermitRootLogin no' >> /usr/etc/sshd_config # /etc/rc.d/init.d/sshd restart 三、編譯安裝L.A.M.P環境 1. 下載軟體 # cd /usr/local/src # wget http://download.discuz.net/env/httpd-2.2.3.tar.bz2 # wget http://download.discuz.net/env/mysql-5.0.27.tar.gz # wget http://download.discuz.net/env/php-5.2.0.tar.bz2 # wget http://download.discuz.net/env/Z ... glibc21-i386.tar.gz 2. 編譯安裝MySQL # tar xzvf mysql-5.0.27.tar.gz # cd mysql-5.0.27 # ./configure \ "--prefix=/usr/local/mysql" \ "--localstatedir=/var/lib/mysql" \ "--with-comment=Source" \ "--with-server-suffix=-Comsenz" \ "--with-mysqld-user=mysql" \ "--without-debug" \ "--with-big-tables" \ "--with-charset=" \ #這個後邊需要指定你所需要的字符集參數(gbk,utf8......) "--with-collation= " \ #字符集校正碼(gbk_chinese_ci,......) "--with-extra-charsets=all" \ "--with-pthread" \ "--enable-static" \ "--enable-thread-safe-client" \ "--with-client-ldflags=-all-static" \ "--with-mysqld-ldflags=-all-static" \ "--enable-assembler" \ "--without-isam" \ "--without-innodb" \ "--without-ndb-debug" # make # make install # useradd mysql # cd /usr/local/mysql # bin/mysql_install_db --user=mysql # chown -R root:mysql . # chown -R mysql /var/lib/mysql # cp share/mysql/my-huge.cnf /etc/my.cnf # cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld # chmod 755 /etc/rc.d/init.d/mysqld # chkconfig --add mysqld # /etc/rc.d/init.d/mysqld start # bin/mysql -u root password "password_for_root" 3. 編譯安裝Apache # cd /usr/local/src # tar xjvf httpd-2.2.3.tar.bz2 # cd httpd-2.2.3 # ./configure \ "--prefix=/usr/local/apache2" \ "--enable-module=so" \ "--enable-deflate=shared" \ "--enable-expires=shared" \ "--enable-rewrite=shared" \ "--enable-static-support" \ "--enable-static-htpasswd" \ "--enable-static-htdigest" \ "--enable-static-rotatelogs" \ "--enable-static-logresolve" \ "--enable-static-htdbm" \ "--enable-static-ab" \ "--enable-static-checkgid" \ "--disable-userdir" # make # make install # echo '/usr/local/apache2/bin/apachectl start ' >> /etc/rc.local 4. 編譯安裝PHP # cd /usr/local/src # tar xjvf php-5.2.0.tar.bz2 # cd php-5.2.0 # ./configure \ "--prefix=/usr/local/php" \ "--with-apxs2=/usr/local/apache2/bin/apxs" \ "--with-config-file-path=/etc" \ "--with-mysql=/usr/local/mysql" \ "--with-libxml-dir=/usr/local/libxml2" \ "--with-gd=/usr/local/gd2" \ "--enable-gd-native-ttf" \ "--with-jpeg-dir" \ "--with-png-dir" \ "--with-bz2" \ "--with-freetype-dir" \ "--with-iconv-dir" \ "--with-zlib-dir" \ "--enable-mbstring" \ "--disable-ipv6" \ # IPv6 離我們還好遠,暫時不用它 "--disable-cgi" \ # 出於安全考慮,禁用 CGI 支持 "--disable-cli" # 出於安全考慮,禁止編譯出 php Command Line Shell 命令 # make # make install # cp php.ini-dist /etc/php.ini 5. 安裝Zend Optimizer # cd /usr/local/src # tar xzvf ZendOptimizer-3.2.0-linux-glibc21-i386.tar.gz # ./ZendOptimizer-3.2.0-linux-glibc21-i386/install.sh 安裝Zend Optimizer過程的最後不要選擇重啟Apache。 6. 整合Apache與PHP # vi /usr/local/apache2/conf/httpd.conf 找到: AddType application/x-gzip .gz .tgz 在該行下面添加 AddType application/x-httpd-php .php AddOutputFilterByType DEFLATE text/html text/plain text/xml 找到: DirectoryIndex index.html index.html.var 將該行改為 DirectoryIndex index.html index.htm index.php 找到: #Include conf/extra/httpd-mpm.conf #Include conf/extra/httpd-info.conf #Include conf/extra/httpd-vhosts.conf #Include conf/extra/httpd-default.conf 去掉前面的「#」號,取消註釋,設置相關的模塊配置文件。 修改完成後保存退出。 # /usr/local/apache2/bin/apachectl restart 7. 查看確認L.A.M.P環境信息,提升 PHP 安全性 # echo '#!/usr/local/php/bin/php \ phpinfo(); \ ?>' > /usr/local/php/phpinfo.php # chmod 755 /usr/local/php/phpinfo.php # /usr/local/php/phpinfo.php > /usr/local/php/phpinfo # more /usr/local/php/phpinfo 檢查phpinfo中的各項信息是否正確。 確認 PHP 能夠正常工作后,在 php.ini 中進行設置提升 PHP 安全性。 # vi /etc/php.ini 找到: disable_functions = 設置為: disable_functions = phpinfo,passthru,exec,system,popen,chroot,escapeshellcmd,escapeshellarg,shell_exec,proc_open,proc_get_status,ini_restore 最後,重新啟動 Apache 服務即可。
[火星人
]
L.A.M.P 環境配置文檔 已經有604 次圍觀
本文地址: http://coctec.com/docs/linux/show-post-203252.html