码迷,mamicode.com
首页 > 其他好文 > 详细

第十九课预习任务

时间:2018-09-13 14:28:40      阅读:263      评论:0      收藏:0      [点我收藏+]

标签:tools   syn   event   .com   grep   logs   style   默认网关   pes   

第十九课预习任务

11.25 配置防盗链
11.26 访问控制Directory
11.27 访问控制FilesMatch
11.28 限定某个目录禁止解析php
11.29 限制user_agent
11.30/11.31 php相关配置
11.32 php扩展模块装安
扩展
几种限制ip的方法 http://ask.apelearn.com/question/6519
apache 自定义header http://ask.apelearn.com/question/830
apache的keepalive和keepalivetimeout http://ask.apelearn.com/question/556
apache开启压缩 http://ask.apelearn.com/question/5528
apache2.2到2.4配置文件变更 http://ask.apelearn.com/question/7292
apache options参数 http://www.365mini.com/page/apache-options-directive.htm

一、配置防盗链

盗链,全称是盗取链接,假如我们的网站有很多好看的图片,别人可以查看我们网站图片的链接,然后应用在他的网站上,这样的话,去访问他的网站,实际上消耗的是我们的流量(因为实际链接在我们这里),这样我们就不得不去配置防盗链,使得别人不能复制我们图片的链接。

1.在Apache子配置文件/usr/local/apache2.4/conf/extra/httpd-vhosts.conf中添加配置

<Directory /usr/local/apache2.4/htdocs/b.com>

    SetEnvIfNoCase Referer "b.com" local_ref

    SetEnvIfNoCase Referer "^$" local_ref

    <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)">

    Order Allow,Deny

    Allow from env=local_ref

    </filesmatch></Directory>

2.测试配置文件及重载

[root@Linux01 ~]# /usr/local/apache2.4/bin/apachectl -t

Syntax OK

[root@Linux01 ~]# /usr/local/apache2.4/bin/apachectl graceful

3.测试

//curl -e参数模拟referhttp://www.baidu.com,refer必须以http开头

//因为不是允许的refer,所以访问被禁止

[root@Linux01 ~]# curl -e "http://www.baidu.com" -x127.0.0.1:80 b.com/img/b.com.jpg -I

二、访问控制Directory

有时候为了安全需要,要对网站的某些目录限制访问的来源IP。可以通过对目录的控制来实现。

1.修改apache子配置文件/usr/local/apache2.4/conf/extra/httpd-vhosts.conf

[root@Linux01 img]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>

    ServerAdmin  kennminn@139.com

    DocumentRoot "/usr/local/apache2.4/htdocs/b.com"

    ServerName b.com

    //增加如下内容

    <Directory /usr/local/apache2.4/htdocs/b.com/img/>

    //Order确定执行顺序,整个语句都会执行一遍,iptables的执行过程不同

    //如果先deny,allow,则会先执行deny的操作,再执行允许的动作。后面的动作会覆盖前面的操作

    //如果先allow,deny all,则最后的结果会是deny

    Order deny,allow

    Deny from all

    Allow from 127.0.0.1 192.168.1.9

    </Directory>

    ErrorLog "logs/b.com-error_log"

    CustomLog "logs/b.com-access_log" combined

</VirtualHost>

2.测试配置及重载

[root@Linux01 img]# /usr/local/apache2.4/bin/apachectl -t

Syntax OK

[root@Linux01 img]# /usr/local/apache2.4/bin/apachectl graceful

3.验证

本地测试

//从本地访问[root@Linux01 img]# curl -x127.0.0.1:80 b.com/img/admin.php -I

HTTP/1.1 200 OK

Date: Sat, 30 Jun 2018 01:44:33 GMT

Server: Apache/2.4.33 (Unix) PHP/5.6.30

X-Powered-By: PHP/5.6.30

Content-Type: text/html; charset=UTF-8

 

//更换目标IP,源ip变更,不在允许范围内。403错误

[root@Linux01 img]# curl -x192.168.1.212:80 b.com/img/admin.php -I

远程浏览器测试

1.从192.168.1.9测试

C:\Users\kennminn>ipconfig

...

以太网适配器 external:

 

   连接特定的 DNS 后缀 . . . . . . . :

   IPv4 地址 . . . . . . . . . . . . : 192.168.1.9

   子网掩码  . . . . . . . . . . . . : 255.255.255.0

   默认网关. . . . . . . . . . . . . : 192.168.1.1

...

 

日志

192.168.1.9 - - [29/Jun/2018:21:52:21 -0400] "GET /img/admin.php HTTP/1.1" 200 6 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"

2.从192.168.1.169访问

//192.168.1.169上需在hosts文件增加b.com的解析

C:\Users\DBTrial>ipconfig

Windows IP 配置

 

 

以太网适配器 本地连接:

   连接特定的 DNS 后缀 . . . . . . . :

   本地链接 IPv6 地址. . . . . . . . : fe80::bd14:9580:f094:4fc1%11

   IPv4 地址 . . . . . . . . . . . . : 192.168.1.169

   子网掩码  . . . . . . . . . . . . : 255.255.255.0

   默认网关. . . . . . . . . . . . . : 192.168.1.1

   

C:\Users\DBTrial>ping b.com

正在 Ping a.com [192.168.1.212] 具有 32 字节的数据:

来自 192.168.1.212 的回复: 字节=32 时间<1ms TTL=64

来自 192.168.1.212 的回复字节=32 时间<1ms TTL=64

来自 192.168.1.212 的回复字节=32 时间<1ms TTL=64

192.168.1.212  Ping 统计信息:

    数据包已发送 = 3,已接收 = 3,丢失 = 0 (0% 丢失)

往返行程的估计时间(以毫秒为单位):

    最短 = 0ms,最长 = 0ms,平均 = 0msControl-C

 

日志

//403错误,说明配置成功192.168.1.169 - - [29/Jun/2018:22:06:30 -0400] "GET /img/admin.php HTTP/1.1" 403 222 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.90 Safari/537.36 2345Explorer/9.2.1.17116"

 

三、访问控制FilesMatch

访问控制除了可以对整个目录进行控制,还可以针对具体的页面进行控制

如限制b.com下的admin.php后带任意字符的页面。

1.修改apache子配置文件/usr/local/apache2.4/conf/extra/httpd-vhosts.conf

[root@Linux01 img]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //添加filesmatch段的内容

<VirtualHost *:80>

    ServerAdmin  kennminn@139.com

    DocumentRoot "/usr/local/apache2.4/htdocs/b.com"

    ServerName b.com

    <Directory /usr/local/apache2.4/htdocs/b.com>

    //filesmath不区分大小写,(.*)是正则,表示任意字符

    <FilesMatch "admin.php(.*)">

    Order deny,allow

    Deny from all

    Allow from 127.0.0.1 192.168.1.9

    </FilesMatch>

    </Directory>

    ErrorLog "logs/b.com-error_log"

    CustomLog "logs/b.com-access_log" combined

</VirtualHost>

2.测试配置文件及重载

[root@Linux01 img]# /usr/local/apache2.4/bin/apachectl -t

Syntax OK

[root@Linux01 img]# /usr/local/apache2.4/bin/apachectl graceful

3.验证

本地验证

//本地访问admin.php,该页面存在

[root@Linux01 img]# curl -x127.0.0.1:80 b.com/img/admin.php -I

HTTP/1.1 200 OKDate: Sat, 30 Jun 2018 02:28:35 GMTServer: Apache/2.4.33 (Unix) PHP/5.6.30X-Powered-By: PHP/5.6.30Content-Type: text/html; charset=UTF-8

//本地访问/admin.phpaffafa,该页面不存在

//404,找不到页面,但是表明还是可以访问的

[root@Linux01 img]# curl -x127.0.0.1:80 b.com/img/admin.phpaffafa -I

HTTP/1.1 404 Not FoundDate:

//变更目录ip,源ip也变更,访问admin.php403错,说明配置成功

[root@Linux01 img]# curl -x192.168.1.212:80 b.com/img/admin.php -I

HTTP/1.1 403 ForbiddenDate:

//变更目录ip,源ip也变更,访问admin.phpaffafa403错,说明配置成功

[root@Linux01 img]# curl -x192.168.1.212:80 b.com/img/admin.phpaffafa -I

HTTP/1.1 403 ForbiddenDate:

 

//变更ip,ip也变更,访问其他页面不受影响

[root@Linux01 img]# curl -x192.168.1.212:80 b.com/img/qqq.jpg -I

HTTP/1.1 200 OKDate:

远程浏览器测试

192.168.1.169访问

规则限制的面页无法访问

四、限定某个目录禁止解析php

有些目录是存放静态文件的目录,如图片目录,本身不需要允许php的解析。如果没有注意,允许了php解析,而且又开放了该目录的文件上传权限。很可能被别有用心的人利用上传木马,导致服务器被攻破。除了开发人员在程序开发过程中要注意安全的设计,也可以通过apache限制某些目录的php解析。

1.修改apache子配置文件/usr/local/apache2.4/conf/extra/httpd-vhosts.conf

[root@Linux01 img]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>

    ServerAdmin  kennminn@139.com

    DocumentRoot "/usr/local/apache2.4/htdocs/b.com"

    ServerName b.com

    //添加此段内容限制img目录的php解析权限

    <Directory /usr/local/apache2.4/htdocs/b.com/img>

    php_admin_flag engine off

    </Directory>

    <Directory /usr/local/apache2.4/htdocs/b.com>

    <FilesMatch "admin.php(.*)">

    Order deny,allow

    Deny from all

    Allow from 127.0.0.1 192.168.1.9

    </FilesMatch>

    </Directory>

    ErrorLog "logs/b.com-error_log"

    CustomLog "logs/b.com-access_log" combined

</VirtualHost>

2.检测配置及重载

[root@Linux01 img]# /usr/local/apache2.4/bin/apachectl -t

Syntax OK

[root@Linux01 img]# /usr/local/apache2.4/bin/apachectl graceful

3.验证

本地验证

//无法解析

[root@Linux01 img]# curl -x127.0.0.1:80 b.com/img/admin.php <?phpecho "b.com"?>

从远程浏览器访问

直接下载,无法解析

五、限制user_agent

有时候网站可能会遭受CC攻击,这可以通过限制user—agent来减小攻击压力。

CC攻击(Distributed HTTP flood,分布式HTTP洪水攻击)
CC攻击是DDoS攻击的一种类型,使用代理服务器向受害服务器发送大量貌似合法的请求(通常使用HTTP GET)。CC(Challenge Collapsar,挑战黑洞)根据其工具命名,攻击者创造性地使用代理机制,利用众多广泛可用的免费代理服务器发动DDoS攻击。许多免费代理服务器支持匿名模式,这使追踪变得非常困难。

b.com为例

1.修改apache子配置文件/usr/local/apache2.4/conf/extra/httpd-vhosts.conf

[root@Linux01 img]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>

    ServerAdmin  kennminn@139.com

    DocumentRoot "/usr/local/apache2.4/htdocs/b.com"

    ServerName b.com

    //增加以下配置,限制curlbaidu.com代理的访问

    <IfModule mod_rewrite.c>

        RewriteEngine on

        RewriteCond %{HTTP_USER_AGENT}  .*curl.* [NC,OR]

        RewriteCond %{HTTP_USER_AGENT}  .*baidu.com.* [NC]

        RewriteRule  .*  -  [F]

    </IfModule>

 

    <Directory /usr/local/apache2.4/htdocs/b.com/img>

    php_admin_flag engine off

    </Directory>

    <Directory /usr/local/apache2.4/htdocs/b.com>

    <FilesMatch "admin.php(.*)">

    Order deny,allow

    Deny from all

    Allow from 127.0.0.1 192.168.1.9

    </FilesMatch>

    </Directory>

    ErrorLog "logs/b.com-error_log"

    CustomLog "logs/b.com-access_log" combined

</VirtualHost>

2.测试配置文件及重载

[root@Linux01 img]# /usr/local/apache2.4/bin/apachectl -t

Syntax OK

[root@Linux01 img]# /usr/local/apache2.4/bin/apachectl graceful

3.验证

//curl代理访问,403错误被禁止,说明限制成功

[root@Linux01 img]# curl -x127.0.0.1:80 b.com/img/admin.php -I

//baidu.com的代理也被限制,403禁止访问

[root@Linux01 img]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

[root@Linux01 img]# curl -A "www.baidu.com" -x127.0.0.1:80 b.com/img/admin.php -I

 

//以不受限代理访问,可以正常访问

[root@Linux01 img]# curl -A "kennminn" -x127.0.0.1:80 b.com/img/admin.php -I

 

六、php相关配置

1.查看php配置文件:

[root@Linux01 img]# /usr/local/php/bin/php -i | grep -i "loaded configuration file"

PHP Warning:  Unknown: It is not safe to rely on the system‘s timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone ‘UTC‘ for now, but please set date.timezone to select your timezone. in Unknown on line 0

Loaded Configuration File => /usr/local/php/etc/php.ini

通过-i选项查出来的配置文件有时候可能不准。最准确的是在网站目录下建立一个phpinfo()函数的页面来查看。

b.com为例

//新建该页面

[root@Linux01 b.com]# cat /usr/local/apache2.4/htdocs/b.com/index.php

<?phpphpinfo();

?>

从浏览器访问

 

可以看到正确的php配置文件所在路径。

2.设置时区参数(date.timezone)

[root@Linux01 b.com]# vim /usr/local/php/etc/php.ini

[Date]

; Defines the default timezone used by the date functions

; http://php.net/date.timezone//修改时区为亚洲/上海

date.timezone = Asia/Shanghai

 

; http://php.net/date.default-latitude

3.禁用特殊函数

[root@Linux01 b.com]# vim /usr/local/php/etc/php.ini

; It receives a comma-delimited list of function names.

; http://php.net/disable-functions

//将不常用特殊函数添加到此处进行限制,可以被一些木马利用。生产场景phpinfo()函数也会被禁用,避免泄露信息。

disable_functions = eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_closephpinfo,

 

; This directive allows you to disable certain classes for security reasons.

phpinfo禁用后效果如下

[root@Linux01 ~]# curl -A "kennminn" -x127.0.0.1:80 b.com/index.php

 

4.显示错误信息

[root@Linux01 b.com]# vim /usr/local/php/etc/php.ini

; Production Value: Off

; http://php.net/display-errors//修改为on可方便调试

display_errors = on

 

5.生产环境中不应显示错误信息在页面上。但是如果仅显示白页,就无法追踪错误。所以可以配置错误日志来记录相应的错误。

//开启错误日志记录功能

log_errors = On//设置错误日志保存的位置

error_log = /tmp/php_errors.log

Log errors to syslog (Event Log on Windows).

;error_log = syslog//定义日志级别,可以定义日志信息的内容。级别高,只会记录级别高的事件,如果级别低,记录的事件就会比较多。//默认会记录所有的错误,但是不会记录通知和一般性的警告。

; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT

; http://php.net/error-reporting

error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT

再访问b.com/index.php

/tmp下已经生成php_errors.log

[root@Linux01 ~]# ls /tmp/

mysql.sock      systemd-private-05b1537c095c42ca87b1e5f8efea340a-chronyd.service-qFphPx

pear            systemd-private-05b1537c095c42ca87b1e5f8efea340a-vgauthd.service-5t7uqL

php_errors.log  systemd-private-05b1537c095c42ca87b1e5f8efea340a-vmtoolsd.service-dsi0fk

 

[root@Linux01 ~]# cat /tmp/php_errors.log

[30-Jun-2018 06:43:27 UTC] PHP Warning:  phpinfo() has been disabled for security reasons in /usr/local/apache2.4/htdocs/b.com/index.php on line 2

[30-Jun-2018 06:43:28 UTC] PHP Warning:  phpinfo() has been disabled for security reasons in /usr/local/apache2.4/htdocs/b.com/index.php on line 2

[30-Jun-2018 06:43:29 UTC] PHP Warning:  phpinfo() has been disabled for security reasons in /usr/local/apache2.4/htdocs/b.com/index.php on line 2

6.open_basedir隔离虚拟主机目录

可以php.ini进行全局配置。但是无法细化。所以不推荐。

; and below.  This directive makes most sense if used in a per-directory

; or per-virtualhost web server configuration file.

; http://php.net/open-basedir//将目录限制在bbb.com,无此目录。

open_basedir = /usr/local/apache2.4/htdocs/bbb.com:/tmp/

 

; This directive allows you to disable certain functions for security reasons.//测试配置及重载

[root@Linux01 ~]# /usr/local/apache2.4/bin/apachectl -t

Syntax OK

[root@Linux01 ~]# /usr/local/apache2.4/bin/apachectl graceful

//验证,500错误,无法正常访问

[root@Linux01 ~]# curl -x127.0.0.1:80 b.com/index.php -I

//修改为正确有目录

; and below.  This directive makes most sense if used in a per-directory

; or per-virtualhost web server configuration file.

; http://php.net/open-basedir//将目录限制在b.com,此目录存在。

open_basedir = /usr/local/apache2.4/htdocs/b.com:/tmp/

 

; This directive allows you to disable certain functions for security reasons.//测试配置及重载

[root@Linux01 ~]# /usr/local/apache2.4/bin/apachectl -t

Syntax OK

[root@Linux01 ~]# /usr/local/apache2.4/bin/apachectl graceful//测试,可以正常访问了。

[root@Linux01 ~]#curl -x127.0.0.1:80 b.com/index.php -I

也可以在apace子配置文件/usr/local/apache2.4/conf/extra/httpd-vhosts.conf针对每个虚拟主机来设置隔离。推荐此种方式。

[root@Linux01 b.com]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>

    ServerAdmin kennminn@139.com

    DocumentRoot "/usr/local/apache2.4/htdocs/a.com"

    ServerName a.com

    ServerAlias aaa.com

    //添加下述语句限制a.com的目录

    php_admin_value open_basedir "/usr/local/apache2.4/htdocs/a.com:/tmp/"

    ErrorLog "logs/a.com-error_log"

    CustomLog "logs/a.com-access_log" combined

</VirtualHost>

 

<VirtualHost *:80>

    ServerAdmin  kennminn@139.com

    DocumentRoot "/usr/local/apache2.4/htdocs/b.com"

    ServerName b.com

    //添加下述语句限制b.com的目录

    php_admin_value open_basedir "/usr/local/apache2.4/htdocs/b.com:/tmp/"#    <IfModule mod_rewrite.c>#        RewriteEngine on#        RewriteCond %{HTTP_USER_AGENT}  .*curl.* [NC,OR]#        RewriteCond %{HTTP_USER_AGENT}  .*baidu.com.* [NC]#        RewriteRule  .*  -  [F]#    </IfModule>

#   <Directory /usr/local/apache2.4/htdocs/b.com/img>#   php_admin_flag engine off#   </Directory>#    <Directory /usr/local/apache2.4/htdocs/b.com>#    <FilesMatch "admin.php(.*)">#    Order deny,allow#    Deny from all#    Allow from 127.0.0.1#    </FilesMatch>#    </Directory>

    ErrorLog "logs/b.com-error_log"

    CustomLog "logs/b.com-access_log" combined

</VirtualHost>

//测试配置文件及重载

[root@Linux01 b.com]# /usr/local/apache2.4/bin/apachectl -t

Syntax OK

[root@Linux01 b.com]# /usr/local/apache2.4/bin/apachectl graceful

//访问测试

[root@Linux01 b.com]# curl -x127.0.0.1:80 b.com/index.php -I

 

七、php扩展模块安装

有时候php安装编译完成后,这时候发现缺少了一个模块,但又不想重新编译php模块,可以使用扩展模块编译。

查看模块

[root@Linux01 b.com]# /usr/local/php/bin/php -m

[PHP Modules]

bz2

Core

ctype

date

dom

ereg

exif

fileinfo

filter

gd

hash

iconv

json

libxml

mbstring

mcrypt

mysql

mysqli

openssl

pcre

PDO

pdo_mysql

pdo_sqlite

Phar

posix

Reflection

session

SimpleXML

soap

sockets

SPL

sqlite3

standard

tokenizer

xml

xmlreader

xmlwriter

zlib

 

[Zend Modules]

redis包为例

1.下载redis软件包

[root@Linux01 b.com]# wget https://codeload.github.com/phpredis/phpredis/zip/develop -C /usr/local/src/phpredis-develop.zip

[root@Linux01 b.com]# ls /usr/local/src/

apr-1.6.3         apr-util-1.6.1         httpd-2.4.33         mysql-5.6.36         php-5.5.38.tar.bz2  php-5.6.30.tar.gz

apr-1.6.3.tar.gz  apr-util-1.6.1.tar.gz  httpd-2.4.33.tar.gz  mysql-5.6.36.tar.gz  php-5.6.30          phpredis-develop.zip

2.解压软件包

[root@Linux01 src]# unzip phpredis-develop.zip

3.切换到phpredis-develop目录

[root@Linux01 src]# cd phpredis-develop/

4.编译

//生成配置文件,比较特殊,默认的包没有.configure文件,需要用phpize生成

[root@Linux01 phpredis-develop]# /usr/local/php/bin/phpize

Configuring for:

PHP Api Version:         20131106

Zend Module Api No:      20131226

Zend Extension Api No:   220131226//configure

[root@Linux01 phpredis-develop]#  ./configure --with-php-config=/usr/local/php/bin/php-config

checking for grep that handles long lines and -e... /usr/bin/grep

checking for egrep... /usr/bin/grep -E

...中间略...

checking whether stripping libraries is possible... yes

checking if libtool supports shared libraries... yes

checking whether to build shared libraries... yes

checking whether to build static libraries... no

 

creating libtool

appending configuration tag "CXX" to libtool

configure: creating ./config.statusconfig.status: creating config.h//编译安装

[root@Linux01 phpredis-develop]# make && make install

/bin/sh /usr/local/src/phpredis-develop/libtool --mode=compile cc  -I. -I/usr/local/src/phpredis-develop -DPHP_ATOM_INC -I/usr/local/src/phpredis-develop/include -I/usr/local/src/phpredis-develop/main -I/usr/local/src/phpredis-develop -I/usr/local/php/include/php -I/usr/local/php/include/php/main -I/usr/local/php/include/php/TSRM -I/usr/local/php/include/php/Zend -I/usr/local/php/include/php/ext -I/usr/local/php/include/php/ext/date/lib  -DHAVE_CONFIG_H  -g -O2   -c /usr/local/src/phpredis-develop/redis.c -o redis.lo 

mkdir .libs

...中间略...

See any operating system documentation about shared libraries for

more information, such as the ld(1) and ld.so(8) manual pages.

----------------------------------------------------------------------

 

Build complete.

Don‘t forget to run ‘make test‘.

 

Installing shared extensions:     /usr/local/php/lib/php/extensions/no-debug-zts-20131226/

//根据提示,可以看到共享的扩展已经安装到了 /usr/local/php/lib/php/extensions/no-debug-zts-20131226/目录

[root@Linux01 phpredis-develop]# ls -l /usr/local/php/lib/php/extensions/no-debug-zts-20131226/

5.配置加载扩展模块

//查看扩展模块存放目录

[root@Linux01 phpredis-develop]# /usr/local/php/bin/php -i |grep extension_dir

extension_dir => /usr/local/php/lib/php/extensions/no-debug-zts-20131226 => /usr/local/php/lib/php/extensions/no-debug-zts-20131226

sqlite3.extension_dir => no value => no value//编译php.ini

[root@Linux01 phpredis-develop]# vim /usr/local/php/etc/php.ini//在文件最后加添

extension = redis.so

//测试配置及重载

[root@Linux01 phpredis-develop]# /usr/local/apache2.4/bin/apachectl -t

Syntax OK

[root@Linux01 phpredis-develop]# /usr/local/apache2.4/bin/apachectl graceful//验证

[root@Linux01 phpredis-develop]# /usr/local/php/bin/php -m | grep redis

redis

另外一种方法快速安装redis.so模块 /usr/local/php7/bin/pecl install redis

技巧(以php-7为例):

如果想要编译一个模块,而且他自带的源码包目录/usr/local/src/php-7.1.6/ext 下有,那么只需要进行以下一些步骤,就可以完成扩展模块的安装

在你需要增加的拓展模块的目录下执行 /usr/local/php7/bin/phpize ,生成一个configure 文件

执行 ./configure –with-php-config=/usr/local/php7/bin/php-config 配置php-config文件

开始编译 make

编译后移动到目录 make install

修改配置文件vim /usr/local/php7/etc/php.ini ,新增所需extension=xxxxxxx.so 拓展模块

PHP的源码包中没有第三方模块的包,但是在PHP源码包的/ext/目录下有好多扩展模块,如果所需要的扩展模块在该目录下,可以直接进行安装

在源码包中安装模块,在php的源码包中,有一个ext目录,这个目录下有很多的模块

[root@Linux01 php-7.1.6]# ls ext/

bcmath      dom                 gd         json      odbc          pdo_mysql   pspell      snmp      sysvshm    xsl

bz2         enchant             gettext    ldap      opcache       pdo_oci     readline    soap      tidy       zip

calendar    exif                gmp        libxml    openssl       pdo_odbc    recode      sockets   tokenizer  zlib

com_dotnet  ext_skel            hash       mbstring  pcntl         pdo_pgsql   reflection  spl       wddx

ctype       ext_skel_win32.php  iconv      mcrypt    pcre          pdo_sqlite  session     sqlite3   xml

curl        fileinfo            imap       mysqli    pdo           pgsql       shmop       standard  xmlreader

date        filter              interbase  mysqlnd   pdo_dblib     phar        simplexml   sysvmsg   xmlrpc

dba         ftp                 intl       oci8      pdo_firebird  posix       skeleton    sysvsem   xmlwriter

以添加zip模块为例

[root@Linux01 php-7.1.6]# /usr/local/php7/bin/php -m |grep zip//当前没有zip模块

[root@Linux01 php-7.1.6]#

配置编译zip模块

[root@Linux01 php-7.1.6]# cd ext/zip///生成配置文件

[root@Linux01 zip]# /usr/local/php7/bin/phpize

Configuring for:

PHP Api Version:         20160303

Zend Module Api No:      20160303

Zend Extension Api No:   320160303

[root@Linux01 zip]# //配置

[root@Linux01 zip]# ./configure --with-php-config=/usr/local/php7/bin/php-config

[root@Linux01 zip]# ./configure --with-php-config=/usr/local/php7/bin/php-config

checking for grep that handles long lines and -e... /usr/bin/grep

checking for egrep... /usr/bin/grep -E

checking for a sed that does not truncate output... /usr/bin/sed

checking for cc... cc

...中间略...

creating libtool

appending configuration tag "CXX" to libtool

configure: creating ./config.statusconfig.status: creating config.h//编译安装

[root@Linux01 zip]# make && make install

[root@Linux01 php-7.1.6]# make && make install

/bin/sh /usr/local/src/php-7.1.6/libtool --silent --preserve-dup-deps --mode=compile /usr/local/src/php-7.1.6/meta_ccld -Iext/date/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1 -Iext/date/ -I/usr/local/src/php-7.1.6/ext/date/ -DPHP_ATOM_INC -I/usr/local/src/php-7.1.6/include -I/usr/local/src/php-7.1.6/main -I/usr/local/src/php-7.1.6 -I/usr/local/src/php-7.1.6/ext/date/lib -I/usr/include/libxml2 -I/usr/include/freetype2 -I/usr/local/src/php-7.1.6/ext/mbstring/oniguruma -I/usr/local/src/php-7.1.6/ext/mbstring/libmbfl -I/usr/local/src/php-7.1.6/ext/mbstring/libmbfl/mbfl -I/usr/local/mysql/include -I/usr/local/src/php-7.1.6/ext/sqlite3/libsqlite -I/usr/local/src/php-7.1.6/TSRM -I/usr/local/src/php-7.1.6/Zend  -D_REENTRANT  -I/usr/include -g -O2 -fvisibility=hidden -pthread -DZTS -DZEND_SIGNALS   -c /usr/local/src/php-7.1.6/ext/date/php_date.c -o ext/date/php_date.lo 

...中间略...

 

Build complete.

Don‘t forget to run ‘make test‘.

 

Installing shared extensions:     /usr/local/php7/lib/php/extensions/no-debug-zts-20160303///查看模块

[root@Linux01 zip]# ls  /usr/local/php7/lib/php/extensions/no-debug-zts-20160303/

opcache.so  zip.so//再在/usr/local/php7/etc/php.ini文件最后添加

extension = zip.so//检查配置及重载

[root@Linux01 zip]# /usr/local/apache2.4/bin/apachectl -t

Syntax OK

[root@Linux01 zip]# /usr/local/apache2.4/bin/apachectl graceful//模块已经添加

[root@Linux01 zip]# /usr/local/php7/bin/php -m |grep zip

zip

 

八、扩展

几种限制ip的方法 http://ask.apelearn.com/question/6519
apache 自定义header http://ask.apelearn.com/question/830
apache的keepalive和keepalivetimeout http://ask.apelearn.com/question/556
apache开启压缩 http://ask.apelearn.com/question/5528
apache2.2到2.4配置文件变更 http://ask.apelearn.com/question/7292
apache options参数 http://ask.apelearn.com/question/1051
apache禁止trace或track防止xss http://ask.apelearn.com/question/1045
apache 配置https 支持ssl http://ask.apelearn.com/question/1029
apache rewrite教程 http://coffeelet.blog.163.com/blog/static/13515745320115842755199/ http://www.cnblogs.com/top5/archive/2009/08/12/1544098.html
apache rewrite 出现死循环 http://ask.apelearn.com/question/1043
php错误日志级别参考 http://ask.apelearn.com/question/6973
php开启短标签 http://ask.apelearn.com/question/120
php.ini详解 http://legolas.blog.51cto.com/2682485/493917

 

第十九课预习任务

标签:tools   syn   event   .com   grep   logs   style   默认网关   pes   

原文地址:https://www.cnblogs.com/linuxzhang/p/9639779.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!