Centos 7 yum 安装LAMP

作者：闫涛

E-mail：coderyantao@qq.com

备注：实验环境为虚拟机，selinux、firewalld都已经关闭

Apache 2.4 官方文档https://httpd.apache.org/docs/2.4/

#查看端口
[root@localhost ~]# firewall-cmd --query-port=80/tcp
no#开启端口
[root@localhost ~]# firewall-cmd --permanent --add-port=80/tcp
success#重新加载规则
[root@localhost ~]# firewall-cmd --reload
success#再次查看
[root@localhost ~]# firewall-cmd --query-port=80/tcp
yes

1. Apache

1.1 删除原有yum源，更换阿里源

[root@localhost ~]# rm -rf /etc/yum.repos.d/*
[root@localhost ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@localhost ~]# yum clean all
[root@localhost ~]# yum makecache

1.2 安装httpd

[root@localhost ~]# yum install httpd

1.3 启动httpd

[root@localhost ~]# systemctl start httpd.service

1.4 设置httpd开机启动

[root@localhost ~]# systemctl enable httpd.service

1.5 备份、编辑httpd配置文件

[root@localhost ~]# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf

#修改服务器名,不改也可以，但是总是报一个 AH00558 提示
#ServerName www.example.com:80
修改为
ServerName www.example.com:80
或者
ServerName localhost:80

#优先解析php文件
<IfModule dir_module>DirectoryIndex index.html
</IfModule>
#修改为
<IfModule dir_module>DirectoryIndex index.php  index.html
</IfModule>

1.6 检查配置文件语法

[root@localhost ~]# httpd -t
Syntax OK

1.7 重启httpd

[root@localhost ~]# systemctl restart httpd.service

2. PHP

2.1 安装epel源和ius源

ius源依赖epel源

[root@localhost ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@localhost ~]# wget https://centos7.iuscommunity.org/ius-release.rpm
[root@localhost ~]# ls
anaconda-ks.cfg  ius-release.rpm
[root@localhost ~]# yum install ius-release.rpm
[root@localhost ~]# yum clean all
[root@localhost ~]# yum makecache
#查看yum源是否都已安装
[root@localhost ~]# ls /etc/yum.repos.d/
CentOS-Base.repo  epel.repo  ius-archive.repo  ius.repo  ius-testing.repo

2.2 安装php7.2

[root@localhost ~]# yum install php72u*

2.3 创建php文件

[root@localhost ~]# cd /var/www/html/
[root@localhost html]# vim index.php

输入下面内容

<?phpphpinfo();

重启apache,浏览器输入ip即可看见php信息。

3. MySQL

可参考 https://dev.mysql.com/doc/mysql-yum-repo-quick-guide/en/

3.1 下载、安装mysql的yum源

[root@localhost ~]# wget https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm
[root@localhost ~]# yum install mysql80-community-release-el7-3.noarch.rpm
#/etc/yum.repos.d/ 目录下就会生成 mysql-community.repo

3.2 mysql的yum文件

这个yum源默认是开启了mysql8，下面介绍开启其他版本的方法

[root@localhost ~]# yum list |grep mysql-community-server
mysql-community-server.x86_64             8.0.19-1.el7                 mysql80-community
[root@localhost ~]# vim /etc/yum.repos.d/mysql-community.repo

想要下载那个版本，将 enabled=1 即可

# Enable to use MySQL 5.5
[mysql55-community]
name=MySQL 5.5 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.5-community/el/7/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql# Enable to use MySQL 5.6
[mysql56-community]
name=MySQL 5.6 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.6-community/el/7/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql# Enable to use MySQL 5.7
[mysql57-community]
name=MySQL 5.7 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.7-community/el/7/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql[mysql80-community]
name=MySQL 8.0 Community Server
baseurl=http://repo.mysql.com/yum/mysql-8.0-community/el/7/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

我安装的是5.6版本

[root@localhost ~]# yum list |grep mysql-community-server
mysql-community-server.x86_64             5.6.47-2.el7                 mysql56-community

3.3 安装mysql

[root@localhost ~]# yum install mysql-community-server.x86_64

3.4 启动mysql

[root@localhost ~]# systemctl start mysqld.service

3.5 开机自启

[root@localhost ~]# systemctl enable mysqld.service

3.6 初始化

5.7版本以下使用这个

[root@localhost ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQLSERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.Enter current password for root (enter for none):
OK, successfully used password, moving on...Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..... Success!By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.Remove anonymous users? [Y/n] y... Success!Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.Disallow root login remotely? [Y/n] y... Success!By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.Remove test database and access to it? [Y/n] y- Dropping test database...
ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist... Failed!  Not critical, keep moving...- Removing privileges on test database...... Success!Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.Reload privilege tables now? [Y/n] y... Success!All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.Thanks for using MySQL!Cleaning up...

3.7 创建远程登录用户

mysql>  create user 'yantao'@'%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
mysql>  grant all on *.* to 'yantao'@'%';
Query OK, 0 rows affected (0.00 sec)

4. Apache实验

1. 虚拟主机

可参考 https://httpd.apache.org/docs/2.4/zh-cn/vhosts/name-based.html

Apache 不支持多个https的虚拟主机

1.1 准备两个域名

www.web1.com

www.web2.com

1.2 生成主机目录

在网站根目录下创建l和t两个目录和index.html

[root@localhost ~]# mkdir /var/www/html/web1
[root@localhost ~]# vim /var/www/html/web1/index.html
#例如下入 www.web1.com[root@localhost ~]# mkdir /var/www/html/web2
[root@localhost ~]# vim /var/www/html/web2/index.html
#例如下入 www.web2.com

1.3 修改配置文件

[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
#最下面这行代码为开启加载conf.d/下的子配置文件
IncludeOptional conf.d/*.conf
[root@localhost ~]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# vim web1.conf
#写入下面内容
<VirtualHost *:80>ServerName www.web1.comDocumentRoot "/var/www/html/web1"
</VirtualHost>[root@localhost conf.d]# vim web2.conf
<VirtualHost *:80>ServerName www.web2.comDocumentRoot "/var/www/html/web2"
</VirtualHost>

1.4 检查语法

[root@localhost ~]# httpd -t
Syntax OK

1.5 重启apache

[root@localhost ~]# systemctl restart httpd.service

1.6 修改电脑的hosts文件

#添加如下内容
192.168.1.49    www.l.com
192.168.1.49    www.t.com

这是用可以用浏览器访问这两个域名了

2.隐藏版本号

[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
#在最下面添加如下内容，隐藏Apache版本
ServerTokens Prod
ServerSignature Off#隐藏php版本
[root@localhost ~]# vim /etc/php.ini
expose_php = On
#修改如下
expose_php = Off

3.用户认证

参考 https://docs.huihoo.com/apache/httpd/2.0-cn/howto/auth.html

先新建好一个web3.com

3.1生成账号文件

新建目录存放账号文件
[root@localhost ~]# mkdir /etc/httpd/passwd
#创建账号文件
[root@localhost ~]# htpasswd -c /etc/httpd/passwd/web3 yantao
New password:
Re-type new password:
Adding password for user yantao

3.2修改虚拟主机文件

[root@localhost ~]# vim /etc/httpd/conf.d/web3.conf
<Directory /var/www/html/web3>AuthType BasicAuthName "Restricted Files"AuthUserFile /etc/httpd/passwd/web3Require user yantao
</Directory>
<VirtualHost *:80>ServerName www.web3.comDocumentRoot "/var/www/html/web3"
</VirtualHost>

检查语法、重启

4.域名跳转

让web2跳转到web1

4.1修改web2虚拟主机文件

[root@localhost ~]# vim /etc/httpd/conf.d/web2.conf
#如下
<Directory /var/www/html/web2>Options Indexes FollowSymLinksAllowOverride AllRequire all granted
</Directory><VirtualHost *:80>ServerName www.web2.comDocumentRoot "/var/www/html/web2"
</VirtualHost>

4.2在web2目录下创建.htaccess

[root@localhost ~]# vim /var/www/html/web2/.htaccess
#如下
#开启rewrite功能
RewriteEngine on#把www.web2.com 开头的内容赋值给HTTP_HOST变量
RewriteCond %{HTTP_HOST} ^www.web2.comRewriteRule ^(.*) http://www.web1.com/$1 [R=permanent,L]
# ^(.*)$ 代指客户端要访问的资源
# $1 把 .* 所指代的内容赋值给 $1 变量中
# Rpermanent 永久重定向 = 301
# L 指定该规则为最后一条生效的规则，下面的不再生效

检查语法、重启

5.https

a：Https确保所有经过服务器传输的数据包都是经过加密的。

b：建立了一个官方数字证书证书，使得假冒服务器无法冒充真正的服务器。

证书来源

1.自签名证书被推荐用于测试目的和个人项目。自签名证书，也可以用于服务提供商，不过一般适用于用户互相信任的情形。另外，自签名证书不用花钱购买。

2.证书可以由社区为基础的认证供应商如StartSSL和CACERT办法。这些证书也不需要花钱，但建议为个人项目。

3.对于全球性商业网站，建议从值得信赖的知名证书颁发机构购买证书。这些证书需要花钱，但他们增加了网络服务提供商的信誉。

我们采用自签名证书,openssl用来生成证书(已安装)，mod_ssl实现https(未安装)

安装mod_ssl

[root@localhost ~]# yum install mod_ssl
#安装之后就会在/etc/httpd/modules生成mod_ssl.so

5.1生成私钥

#生成2048位的加密私钥
[root@localhost ~]# openssl genrsa -out server.key 2048
Generating RSA private key, 2048 bit long modulus
............................................+++
.......................................+++
e is 65537 (0x10001)

5.2生成证书签名请求

[root@localhost ~]# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
#国家
Country Name (2 letter code) [XX]:CN
#省份
State or Province Name (full name) []:LN
#城市
Locality Name (eg, city) [Default City]:YS
#公司
Organization Name (eg, company) [Default Company Ltd]:CompanyName
#部门
Organizational Unit Name (eg, section) []:PHP
#域名
Common Name (eg, your name or your server's hostname) []:www.web1.com
Email Address []:Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

5.3生成自签名证书

#生成类型为X509的自签名证书。有效期设置3650天，即有效期为10年
[root@localhost ~]# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=LN/L=YS/O=CompanyName/OU=PHP/CN=www.web1.com
Getting Private key

5.4将三个文件放到对应目录

[root@localhost ~]# cp server.crt /etc/pki/tls/certs/
[root@localhost ~]# cp server.key /etc/pki/tls/private/
[root@localhost ~]# cp server.csr /etc/pki/tls/private/

5.5修改ssl.conf

#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
修改如下
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key

5.6虚拟主机配置文件

[root@localhost ~]# vim /etc/httpd/conf.d/web1.conf
<VirtualHost *:443>SSLEngine onSSLCertificateFile "/etc/pki/tls/certs/server.crt"SSLCertificateKeyFile "/etc/pki/tls/private/server.key"DocumentRoot /var/www/html/web1ServerName www.web1.com
</VirtualHost>

配好之后检查语法，重启apache

5.7开启443端口

方法同上

访问 https://www.web1.com/ 选择信任证书即可浏览网站

5.8强制跳转https

[root@localhost ~]# vim /etc/httpd/conf.d/web1.conf
<VirtualHost *:80>ServerName www.web1.comRedirect permanent / https://www.web1.com/
</VirtualHost><VirtualHost *:443>SSLEngine onSSLCertificateFile "/etc/pki/tls/certs/server.crt"SSLCertificateKeyFile "/etc/pki/tls/private/server.key"DocumentRoot /var/www/html/web1ServerName www.web1.com
</VirtualHost>

6.静态缓存

[root@localhost ~]# vim /etc/httpd/conf.d/web1.conf
<VirtualHost *:80>ServerName www.web1.comRedirect permanent / https://www.web1.com/
</VirtualHost><VirtualHost *:443>SSLEngine onSSLCertificateFile "/etc/pki/tls/certs/server.crt"SSLCertificateKeyFile "/etc/pki/tls/private/server.key"DocumentRoot /var/www/html/web1ServerName www.web1.com
</VirtualHost><IfModule mod_expires.c>ExpiresActive onExpiresByType image/jpeg "access plus 24 hours"ExpiresByType image/png "access plus 24 hours"ExpiresByType text/css  "now plus 2 hours"ExpiresByType application/javascript "now plus 2 hours"
</IfModule>