折腾

阿里云centos7.4基础

centos, mysql, nginx, php, php-fpm

文章更新

  1. 20181010-初次成文

为什么会有这篇文章

最近的阿里云活动还是非常给力的,1核cpu 1g内存 1mb带宽的阿里云微型主机,3年价格907元,真是一个给力的价格,虽然1m的带宽可能在下载的速度上差了一些,但是玩转个小应用,或者养活个博客还是绰绰有余的。

准备工作

  1. 阿里云使用的CentOS 7.4 64位
  2. 阿里云的1核1g1m带宽
  3. IP地址120.27.50.234

开始安装

登录阿里云服务器

1
ssh root@120.27.50.234

修改ssh登陆默认端口

修改/etc/ssh/sshd_config

1
vim /etc/ssh/sshd_config

查找到 #Port 22字段,将其前面的注释去掉,然后在下面添加一行 Port 你希望是用的端口号,就像下面这样:

1
2
Port 22
Port 230

这样做的目的是为了保证你添加的端口无法连接的时候,还能使用默认的22端口来连接你的服务器。

修改firewall配置

使用 firewall-cmd 命令来添加想要使用的ssh端口:

1
firewall-cmd --zone=public --add-port=230/tcp --permanent #permanent是保存配置,不然下次重启以后这次修改无效)

加入防火墙没有启动,请先执行

1
systemctl start firewalld

来启动防火墙,然后再次执行上面的 firewall-cmd 命令添加端口,随后重新加载防火墙的规则

1
firewall-cmd --reload

查看添加端口是否成功,如果添加成功则会显示yes,否则no

1
firewall-cmd --zone=public --query-port=230/tcp

下面的部分是对那些启动了SELinux的系统来说的,如果你的系统没有启动SELinux,下面这一小节可以忽略或者跳过。

修改SELinux相关设置

使用以下命令查看当前SElinux 允许的SSH端口:

1
semanage port -l | grep ssh

假如遇到错误 semanage command not found ,执行

1
yum provides /usr/sbin/semanage

或者

1
yum whatprovides /usr/sbin/semanage

上面两条语句二选一,然后

1
yum -y install policycoreutils-python

再重新尝试运行 semanage命令。

如果SELinux未开启则先开启
查看SELinux状态:

1
2
/usr/sbin/sestatus -v      
#如果结果显示为enabled,说明selinux正发挥作用

如果显示 disable则需要修改/etc/selinux/config 文件,将selinux=disabled修改为selinux=enforcing
或者 selinux=permissive 被动模式,关于这两种模式的区别,大家可以自行google

添加230端口到 SELinux

1
semanage port -a -t ssh_port_t -p tcp 230

然后确认一下是否添加进去

1
semanage port -l | grep ssh

如果成功会输出

1
ssh_port_t                    tcp    230, 22

重启ssh

1
systemctl restart sshd.service

如果可以成功连接,则修改完毕,则可以将/etc/sshd/config中的 port 22 注释掉了,只保留230一个端口即可。

再次ssh连接的时候,就要多添加一个参数p,来指定ssh的连接端口。

1
ssh -p 230 root@120.27.50.234

并且因为key改变了,还要到文件 ~/.ssh/known_hosts中,把之前记住的RSA key信息删掉

安装OH-MY-ZSH

1
yum install -y zsh curl git

Then use the following script to install ‘OH-MY-ZSH’ terminal.

1
sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"

替换yum源,安装各种repo库

1
2
3
4
5
6
7
8
9
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup #Use aliyun's CentOS base repo to replace the CentOS' default repos.
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache #Make cache for yum to speed up the installation of yum's repos
yum -y update #Update CentOS's packages to the newest versions.
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# Install the fedora repo.
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm #Install Remi repo.
install yum-utils #Install yum utilities. Specify the version of yum.
yum -y install yum-utils #Install the yum utilities.

安装 PHP7.2、nginx、php-fpm 等等

安装nginx1.12.2

1
yum -y install nginx

安装完成后,启动nginx

1
systemctl start nginx

让nginx随linux系统启动

1
systemctl enable nginx

install mysql 8.0

The following steps are to install mysql
MySQL must be installed from the MySQL community repository, so following commanded are essential:

1
2
3
wget https://dev.mysql.com/get/mysql80-community-release-el7-1.noarch.rpm
rpm -ivh mysql80-community-release-el7-1.noarch.rpm #Tell yum where to looking for the mysql community ver 8.0, which should be only location in the Remi repos.
yum install mysql-server ##on some websites, this is mysql-community-server, got no idea why...

Then start the mysql with system start.

1
2
3
systemctl start mysqld
systemctl enable mysqld 
systemctl status mysqld # check status of mysqld

Enhancement the secure of MySQL

First, need to find out what’s the temporary password of MySQL, which is
generated by the installation program itself for the default installation.

1
grep 'temporary password' /var/log/mysqld.log

then run the command 

1
mysql_secure_installation

Remember the temporary password above, which is needed for the installation progress of securing MySQL, then you could input the new password you want to set.

Install php7.2

1
yum install -y php72

check the php version 

1
php72 -i

Create a symbolic link to /usr/bin/php, other way the default command for php is php72, which is not what you like.

1
ln -s /usr/bin/php72 /usr/bin/php

install php-fpm and other plugins.

Use following comands to search the php related packages.

1
yum list installed | grep php

And output message should look like below:

1
2
3
4
5
php72.x86_64                         1.0-1.el7.remi                 @remi-safe
php72-php-cli.x86_64                 7.2.10-1.el7.remi              @remi-safe
php72-php-common.x86_64              7.2.10-1.el7.remi              @remi-safe
php72-php-json.x86_64                7.2.10-1.el7.remi              @remi-safe
php72-runtime.x86_64                 1.0-1.el7.remi                 @remi-safe

So we’re sure that the system got no php-fpm package installed on the server.

Run the follow commands to install the php-fpm, which is need to mentioned first: the version of php-fpm also need to be specified to be same like the php you installed already.

so the command is alike below:

1
yum -y install php72-php-fpm

Then eveyting is set!!!

Use the following commands to make sure the php-fpm is enabled and started with the system. Which you could be more sure when you double check the status of php-fpm with ‘systemctl status php72-fpm.service’.

1
2
3
systemctl enable php72-php-fpm.service
systemctl start php72-php-fpm.service
systemctl status php72-php-fpm.service

Customize the PHP 7.2

Configure Nginx for using with PHP 7.2

Make sure latest version of Nginx server installed on CentOS 7 or RHEL 7. Find out nginx server user and group names using egrep command

1
egrep '^(user|group)' /etc/nginx/nginx.conf

Sample outputs:

1
user  nginx;

Then you need to edit the configuration file on the path /etc/opt/remi/php72/php-fpm.d/, the file name is www.conf.

1
vim /etc/opt/remi/php72/php-fpm.d/www.conf

Set user and group to nginx, looking for the following specific paragraphs:

1
2
user = nginx
group = nginx

Save and close the file. Restart php-fpm service:

1
systemctl restart php72-php-fpm.service

Update your nginx config

1
vim /etc/nginx/nginx.conf

Edit/add as follows in server section:

1
2
3
4
5
6
7
8
## enable php support ##
    location ~ \.php$ {
        root /usr/share/nginx/html;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        include        fastcgi_params;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    }

Save and close the file. Restart the nginx server:

1
systemctl restart nginx

Create a test script called foo.php at /usr/share/nginx/html/

1
vim /usr/share/nginx/html/foo.php

Append the following code:

1
2
3
4
<?php
  // test script for CentOS/RHEL 7+PHP 7.2+Nginx 
  phpinfo();
?>

Save and close the file. Fire a browser and type url:

http://your-domain-name/foo.php

If you see what you should see, then everything is set!

Game over!

参考文章

  1. 1
  2. 2
分享到