文章更新
- 20181010-初次成文
为什么会有这篇文章
最近的阿里云活动还是非常给力的,1核cpu 1g内存 1mb带宽的阿里云微型主机,3年价格907元,真是一个给力的价格,虽然1m的带宽可能在下载的速度上差了一些,但是玩转个小应用,或者养活个博客还是绰绰有余的。
准备工作
- 阿里云使用的CentOS 7.4 64位
- 阿里云的1核1g1m带宽
- IP地址120.27.50.234
开始安装
登录阿里云服务器
1 | ssh root@120.27.50.234 |
修改ssh登陆默认端口
修改/etc/ssh/sshd_config
1 | vim /etc/ssh/sshd_config |
查找到 #Port 22字段,将其前面的注释去掉,然后在下面添加一行 Port 你希望是用的端口号,就像下面这样:
1 | Port 22 |
这样做的目的是为了保证你添加的端口无法连接的时候,还能使用默认的22端口来连接你的服务器。
修改firewall配置
使用 firewall-cmd 命令来添加想要使用的ssh端口:
1 | firewall-cmd --zone=public --add-port=230/tcp --permanent #permanent是保存配置,不然下次重启以后这次修改无效) |
加入防火墙没有启动,请先执行
1 | systemctl start firewalld |
来启动防火墙,然后再次执行上面的 firewall-cmd 命令添加端口,随后重新加载防火墙的规则
1 | firewall-cmd --reload |
查看添加端口是否成功,如果添加成功则会显示yes,否则no
1 | firewall-cmd --zone=public --query-port=230/tcp |
下面的部分是对那些启动了SELinux的系统来说的,如果你的系统没有启动SELinux,下面这一小节可以忽略或者跳过。
修改SELinux相关设置
使用以下命令查看当前SElinux 允许的SSH端口:
1 | semanage port -l | grep ssh |
假如遇到错误 semanage command not found ,执行
1 | yum provides /usr/sbin/semanage |
或者
1 | yum whatprovides /usr/sbin/semanage |
上面两条语句二选一,然后
1 | yum -y install policycoreutils-python |
再重新尝试运行 semanage命令。
如果SELinux未开启则先开启
查看SELinux状态:
1 | /usr/sbin/sestatus -v |
如果显示
disable则需要修改/etc/selinux/config文件,将selinux=disabled修改为selinux=enforcing
或者selinux=permissive被动模式,关于这两种模式的区别,大家可以自行google
添加230端口到 SELinux
1 | semanage port -a -t ssh_port_t -p tcp 230 |
然后确认一下是否添加进去
1 | semanage port -l | grep ssh |
如果成功会输出
1 | ssh_port_t tcp 230, 22 |
重启ssh
1 | systemctl restart sshd.service |
如果可以成功连接,则修改完毕,则可以将/etc/sshd/config中的 port 22 注释掉了,只保留230一个端口即可。
再次ssh连接的时候,就要多添加一个参数p,来指定ssh的连接端口。
1 | ssh -p 230 root@120.27.50.234 |
并且因为key改变了,还要到文件 ~/.ssh/known_hosts中,把之前记住的RSA key信息删掉
安装OH-MY-ZSH
1 | yum install -y zsh curl git |
Then use the following script to install ‘OH-MY-ZSH’ terminal.
1 | sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)" |
替换yum源,安装各种repo库
1 | mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup #Use aliyun's CentOS base repo to replace the CentOS' default repos. |
安装 PHP7.2、nginx、php-fpm 等等
安装nginx1.12.2
1 | yum -y install nginx |
安装完成后,启动nginx
1 | systemctl start nginx |
让nginx随linux系统启动
1 | systemctl enable nginx |
install mysql 8.0
The following steps are to install mysql
MySQL must be installed from the MySQL community repository, so following commanded are essential:
1 | wget https://dev.mysql.com/get/mysql80-community-release-el7-1.noarch.rpm |
Then start the mysql with system start.
1 | systemctl start mysqld |
Enhancement the secure of MySQL
First, need to find out what’s the temporary password of MySQL, which is
generated by the installation program itself for the default installation.
1 | grep 'temporary password' /var/log/mysqld.log |
then run the command
1 | mysql_secure_installation |
Remember the temporary password above, which is needed for the installation progress of securing MySQL, then you could input the new password you want to set.
Install php7.2
1 | yum install -y php72 |
check the php version
1 | php72 -i |
Create a symbolic link to /usr/bin/php, other way the default command for php is php72, which is not what you like.
1 | ln -s /usr/bin/php72 /usr/bin/php |
install php-fpm and other plugins.
Use following comands to search the php related packages.
1 | yum list installed | grep php |
And output message should look like below:
1 | php72.x86_64 1.0-1.el7.remi @remi-safe |
So we’re sure that the system got no php-fpm package installed on the server.
Run the follow commands to install the php-fpm, which is need to mentioned first: the version of php-fpm also need to be specified to be same like the php you installed already.
so the command is alike below:
1 | yum -y install php72-php-fpm |
Then eveyting is set!!!
Use the following commands to make sure the php-fpm is enabled and started with the system. Which you could be more sure when you double check the status of php-fpm with ‘systemctl status php72-fpm.service’.
1 | systemctl enable php72-php-fpm.service |
Customize the PHP 7.2
Configure Nginx for using with PHP 7.2
Make sure latest version of Nginx server installed on CentOS 7 or RHEL 7. Find out nginx server user and group names using egrep command
1 | egrep '^(user|group)' /etc/nginx/nginx.conf |
Sample outputs:
1 | user nginx; |
Then you need to edit the configuration file on the path /etc/opt/remi/php72/php-fpm.d/, the file name is www.conf.
1 | vim /etc/opt/remi/php72/php-fpm.d/www.conf |
Set user and group to nginx, looking for the following specific paragraphs:
1 | user = nginx |
Save and close the file. Restart php-fpm service:
1 | systemctl restart php72-php-fpm.service |
Update your nginx config
1 | vim /etc/nginx/nginx.conf |
Edit/add as follows in server section:
1 | ## enable php support ## |
Save and close the file. Restart the nginx server:
1 | systemctl restart nginx |
Create a test script called foo.php at /usr/share/nginx/html/
1 | vim /usr/share/nginx/html/foo.php |
Append the following code:
1 |
|
Save and close the file. Fire a browser and type url:
http://your-domain-name/foo.php
If you see what you should see, then everything is set!
Game over!