本文环境基于 CentOS 7
1)安装Nginx
# yum install nginx # systemctl enable nginx.service # systemctl start nginx.service
2)安装mariadb
# yum install mariadb-server # systemctl enable mariadb # systemctl start mariadb
安装完成后,首次启动应先运行脚本:
# mysql_secure_installation
这是为数据库服务器进行一些安全强化措施,包括设置(非空)的 root 密码、删除匿名用户、锁定远程访问。
以下是命令和回显:
# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we‘ll need the current password for the root user. If you‘ve just installed MariaDB, and you haven‘t set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] ... Success! Normally, root should only be allowed to connect from ‘localhost‘. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] ... Success! By default, MariaDB comes with a database named ‘test‘ that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] ... Success! Cleaning up... All done! If you‘ve completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
3)安装PHP
LEMP的安装,至少需要 PHP-FPM 和 PHP-MySQL 两个模块。
PHP-FPM(FastCGI 进程管理器)实现的是 nginx 服务器和生成动态内容的 PHP 应用程序的访问接口。
PHP-MySQL 模块使 PHP 程序能访问 MariaDB/MySQL 数据库。
其它模块根据实际情况选用
# yum install php php-fpm php-mysql php-gd php-mbstring php-mcrypt
4) 配置和启动 PHP-FPM
# vim /etc/php-fpm.d/www.conf
将其中的 user 和 group 部分改为nginx
user = nginx
group = nginx
然后启动 PHP-FPM
# sudo systemctl start php-fpm # sudo systemctl enable php-fpm Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.
继续,调整 PHP 的安全配置选项,在 /etc/php.ini 文件中增加以下两行:
cgi.fix_pathinfo=0 date.timezone ="Asia/Shanghai"
第二行定义的是 PHP 中日期/时间相关函数使用相关的默认时区。使用本文最末段《6)PHP的时区配置》中的方法,找出或者设置您所在的时区,并设置相应 date.timezone 的值。
调整完成后:
# systemctl restart nginx
# systemctl restart php-fpm
5) 永久关闭 HTTPD 服务
因为安装php的时候,系统默认把HTTPD 也给安装上了,为确保安全永久关闭该服务。
# systemctl disable httpd
6)PHP 的时区配置(timezone)
PHP的缺省时区在php.ini 文件中配置,首先定位配置文件的所在:
# php --ini Configuration File (php.ini) Path: /etc Loaded Configuration File: /etc/php.ini Scan for additional .ini files in: /etc/php.d Additional .ini files parsed: /etc/php.d/curl.ini, /etc/php.d/fileinfo.ini, /etc/php.d/gd.ini, /etc/php.d/json.ini, /etc/php.d/mbstring.ini, /etc/php.d/mcrypt.ini, /etc/php.d/mysql.ini, /etc/php.d/mysqli.ini, /etc/php.d/pdo.ini, /etc/php.d/pdo_mysql.ini, /etc/php.d/pdo_sqlite.ini, /etc/php.d/phar.ini, /etc/php.d/sqlite3.ini, /etc/php.d/zip.ini #
命令回显的第二行显示配置文件位于:/etc/php.ini ,接下来确定我们的时区标记(timezone,TZ),使用 tzselect 命令:
# tzselect Please identify a location so that time zone rules can be set correctly. Please select a continent or ocean. 1) Africa 2) Americas 3) Antarctica 4) Arctic Ocean 5) Asia 6) Atlantic Ocean 7) Australia 8) Europe 9) Indian Ocean 10) Pacific Ocean 11) none - I want to specify the time zone using the Posix TZ format. #? 5 Please select a country. 1) Afghanistan 18) Israel 35) Palestine 2) Armenia 19) Japan 36) Philippines 3) Azerbaijan 20) Jordan 37) Qatar 4) Bahrain 21) Kazakhstan 38) Russia 5) Bangladesh 22) Korea (North) 39) Saudi Arabia 6) Bhutan 23) Korea (South) 40) Singapore 7) Brunei 24) Kuwait 41) Sri Lanka 8) Cambodia 25) Kyrgyzstan 42) Syria 9) China 26) Laos 43) Taiwan 10) Cyprus 27) Lebanon 44) Tajikistan 11) East Timor 28) Macau 45) Thailand 12) Georgia 29) Malaysia 46) Turkmenistan 13) Hong Kong 30) Mongolia 47) United Arab Emirates 14) India 31) Myanmar (Burma) 48) Uzbekistan 15) Indonesia 32) Nepal 49) Vietnam 16) Iran 33) Oman 50) Yemen 17) Iraq 34) Pakistan #? 9 Please select one of the following time zone regions. 1) Beijing Time 2) Xinjiang Time #? 1 The following information has been given: China Beijing Time Therefore TZ=‘Asia/Shanghai‘ will be used. Local time is now: Thu Mar 29 10:25:09 CST 2018. Universal Time is now: Thu Mar 29 02:25:09 UTC 2018. Is the above information OK? 1) Yes 2) No #? 1 You can make this change permanent for yourself by appending the line TZ=‘Asia/Shanghai‘; export TZ to the file ‘.profile‘ in your home directory; then log out and log in again. Here is that TZ value again, this time on standard output so that you can use the /usr/bin/tzselect command in shell scripts: Asia/Shanghai #
我们的时区即为: Asia/Shanghai
现在打开PHP的配置初始化文件 php.ini 找到并修改如下内容:
date.timezone = "Asia/Shanghai"
确定后保存。
7)最后重启相关服务,更新配置
# systemctl restart nginx
# systemctl restart php-fpm
8) 配置 nginx 的网站
配置文件如下:
server { listen 80; server_name www.example.com; root /var/www/html/example; index index.php index.html index.htm; location / { if (-f $request_filename/index.html) { rewrite (.*) $1/index.html break; } if (-f $request_filename/index.php) { rewrite (.*) $1/index.php; } if (!-f $request_filename) { rewrite (.*) /index.php; } try_files $uri $uri/ = 404; } # redirect server error pages to the static page /50x.html error_page 500 502 503 504 /50x.html; location = /50x.html { } # nginx passes PHP scripts to FastCGI server via a TCP/9000 socket # this setting much be consistent with /etc/php-fpm.d/www.conf # try_files prevents nginx from passing bad scripts to FastCGI server location ~ \.php$ { try_files $uri = 404; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } server { server_name example.com; return 301 $scheme://www.example.com$request_uri; }
9) 测试服务器配置
在 /var/www/html/ 目录下,添加文件index.php ,内容如下:
<?php phpinfo();?>
保存后,在浏览器中输入 http://www.example.com/ 查看显示。