CentOS5.2配置LAMP全过程(第二版)
作者:eddiechen
最近发现我以前写centos5.2的配置过程,里面有不少错误的地方。很多编译安装的软件,事实上,好像没有最后用到。这也是我重新写一次。
这次学会了几个sed的用法,所以很多的改动我尽量用sed来完成,这样就简单很多。还有就是系统的初始设置。我已经重新整理过来。基本可以做到一个脚本完成全过程。
下面的配置,很多关于安全的设置,都没有做,现在还没有搞的太明白,如果web是给内网使用或者测试,那么应该问题不大,如果是拿到外面使用,估计还是需要做不少的优化。如cache,防盗链这些。
参考文档
参考了网上不少文档,下面的3篇是重点,不少代码都是从下面复制过来的。
RHEL4上安装基于postfix的全功能邮件服务器(全部使用目前最新源码包构建) (
http://bbs.chinaunix.net/thread-987344-1-1.html)
Nginx 0.7.x + PHP 5.2.6(FastCGI)搭建胜过Apache十倍的Web服务器(第4版)(
http://blog.s135.com/read.php/366.htm)
基于CentOS构建高性能的LAMP平台.(
http://bbs.linuxtone.org/thread-122-1-1.html)
文章内容分为7部分
一:系统约定
二:系统基本设置
三:下载软件
四:安装必须的软件
五:编译安装软件
六:配置apache PHP
七:测试 (通过phpinfo,phpmyadmin,sugarcrm的安装来测试)
一:系统约定
采用Centos5.2光盘,
软件源代码包存放位置 /usr/local/src
源码包编译安装位置(prefix) /usr/local/software_name
MySQL 数据库位置 /data/mysql/data
Apache 网站根目录 /data/www/wwwroot(虚拟主机在这个目录下)
Apache 虚拟主机日志根目录 /data/www/logs
Apache 运行账户 www:www
创建两个虚拟主机 test.com linux.com
所有的配置的文件修改,都做备份,备份的名字为 文件名.save
下面的实验是用vmware station 6 创建一个 redhat AS5的vm,安装centos5.2,安装的时候,选择安装语言是英文,采用文本方式来安装,选择最小化的安装。
yum的更新,采用本地光盘的方式,这样比较快捷。
我的机器基本设置
IP:192.168.1.200/255.255.255.0
网关:192.16.1.1
DNS:192.168.1.1
hostname:ns1
二:系统基本设置
我已经把所有需要配置的内容,做一个一个脚本,只需要运行一次就可以。
复制内容到剪贴板
代码:
cd /usr/local/src
vi /usr/local/src/init.sh复制内容到剪贴板
代码:
#####################
#Diabe IPV6
cp /etc/modprobe.conf /etc/modprobe.conf.save
echo "alias net-pf-10 off" >> /etc/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.conf
#SSH
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.save
sed -i '/#PermitRootLogin/s/#PermitRootLogin/PermitRootLogin/' /etc/ssh/sshd_config
sed -i -e '74 s/^/#/' -i -e '76 s/^/#/' /etc/ssh/sshd_config
sed -i "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config
sed -i -e '44 s/^/#/' -i -e '48 s/^/#/' /etc/ssh/sshd_config
/etc/init.d/sshd restart
#停止 the “beep"
cp /etc/inputrc /etc/inputrc.save
sed -i '/#set bell-style none/s/#set bell-style none/set bell-style none/' /etc/inputrc
#关闭SElinux
cp /etc/sysconfig/selinux /etc/sysconfig/selinux.save
sed -i '/SELINUX=enforcing/s/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux
#加载光驱
mkdir /mnt/cdrom
mount /dev/cdrom /mnt/cdrom
echo "mount /dev/cdrom /mnt/cdrom" >> /etc/rc.local
#设置yum使用本地光盘
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.save
mv /etc/yum.repos.d/CentOS-Media.repo /etc/yum.repos.d/CentOS-Media.repo.save
echo "[DVDISO]" >> /etc/yum.repos.d/dvdiso.repo
echo "name=DVD ISO" >> /etc/yum.repos.d/dvdiso.repo
echo "baseurl=file:///mnt/cdrom/" >> /etc/yum.repos.d/dvdiso.repo
echo "enabled=1" >> /etc/yum.repos.d/dvdiso.repo
echo "gpgcheck=0" >> /etc/yum.repos.d/dvdiso.repo
#vim设置
yum -y install vim-enhanced
mv /bin/vi /bin/vi.save
ln -s /usr/bin/vim /bin/vi
cp /etc/vimrc /etc/vimrc.save
sed -i "39 s/^/ set number \n filetype on\n set history=1000\n syntax on\n set tabstop=4\n set showmatch\n set vb t_vb=\n set mouse=a\n set ignorecase\n set autowrite\n /" /etc/vimrc
#时间的设置
yum -y install ntp
ntpdate 210.72.145.44 && clock -w
#安装常用软件
yum -y install wget unzip
#停止没有必要的服务
chkconfig --list |grep 3:on |awk '{print $1}' |egrep -v 'sshd|network|syslog' |xargs -i{} chkconfig --level 3 {} off
chkconfig --list | grep 3:on | cut -f1
#重新启动
init 6
####################复制内容到剪贴板
代码:
sh init.sh三:下载软件复制内容到剪贴板
代码:
cd /usr/local/src
vi list复制内容到剪贴板
代码:
http://download.filehat.com/apache/httpd/httpd-2.2.8.tar.gz
http://opensource.nchc.org.tw/COSA/CNS4/cronolog-1.6.2.tar.gz
http://www.libgd.org/releases/gd-2.0.35.tar.bz2
http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.12.tar.gz
http://mirror.optus.net/sourceforge/m/mc/mcrypt/libmcrypt-2.5.8.tar.gz
http://jaist.dl.sourceforge.net/sourceforge/mcrypt/mcrypt-2.6.7.tar.gz
http://www.openssl.org/source/openssl-0.9.8h.tar.gz
http://openbsd.md5.com.ar/pub/OpenBSD/OpenSSH/portable/openssh-5.0p1.tar.gz
http://mysql.byungsoo.net/Downloads/MySQL-5.0/mysql-5.0.51b.tar.gz
http://cn2.php.net/get/php-5.2.6.tar.bz2/from/this/mirror
http://downloads.phpchina.com/zend/optimizer/3.3.3/ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
ftp://ftp.cac.washington.edu/mail/imap.tar.Z
http://puzzle.dl.sourceforge.net/sourceforge/phpmyadmin/phpMyAdmin-2.11.8.1-all-languages-utf-8-only.tar.gz
http://dl.sugarforge.org/sugarcrm/Latest-SugarCE5.1/SugarCE5.1.0/SugarCE-5.1.0.zip
http://mirror.optus.net/sourceforge/m/mh/mhash/mhash-0.9.9.tar.gz复制内容到剪贴板
代码:
wget -i list 四:安装必须的软件
采用yum的方式安装
复制内容到剪贴板
代码:
yum -y install gcc make patch gcc-c++ gcc-g77 flex bison autoconf automake \
libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel libtiff-devel fontconfig-devel libXpm-devel gettext-devel pam-devel pcre-devel libtool libtool-ltdl五:编译安装软件
下面的内容,其实你可以复制到一个文本,比如 install.sh 运行这个脚本,我已经测试过了,整整运行了快1个小时,估计是我在vm上跑道原因。前提是你下载的软件和我是一样的,也就是软件都是通过上面的下载的。
复制内容到剪贴板
代码:
###############################################
#安装openssl
cd /usr/local/src
tar zxvf openssl-0.9.8h.tar.gz
cd openssl-0.9.8h
./config shared zlib
make
make test
make install
mv /usr/bin/openssl /usr/bin/openssl.save
mv /usr/include/openssl /usr/include/openssl.save
mv /usr/lib/libssl.so /usr/lib/libssl.so.save
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
ln -sv /usr/local/ssl/lib/libssl.so.0.9.8 /usr/lib/libssl.so
cd ..
#配置库文件搜索路径
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
ldconfig -v
#检测安装结果
openssl version
#安装openssh
tar xvf openssh-5.0p1.tar.gz
cd openssh-5.0p1
./configure \
"--prefix=/usr" \
"--with-pam" \
"--with-zlib" \
"--sysconfdir=/etc/ssh" \
"--with-ssl-dir=/usr/local/ssl" \
"--with-md5-passwords"
make
make install
cd ..
service sshd restart
ssh -v
#安装GD
tar jxvf gd-2.0.35.tar.bz2
cd gd-2.0.35
aclocal
./configure --prefix=/usr/local/gd2
make && make install
cd ..
#安装 libmcrypt
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install
make
make install
cd ../../
cp /usr/local/lib/libmcrypt.* /usr/lib
#安装libiconv
tar zxvf libiconv-1.12.tar.gz
cd libiconv-1.12/
./configure --prefix=/usr/local
make
make install
cd ../
ln -s /usr/local/lib/libiconv.so.2 /usr/lib/
#安装mhash
tar zxvf mhash-0.9.9.tar.gz
cd mhash-0.9.9/
./configure
make
make install
cd ../
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
#安装mcrypt
tar zxvf mcrypt-2.6.7.tar.gz
cd mcrypt-2.6.7/
./configure
make
make install
cd ../
#安装cronolog
tar xvf cronolog-1.6.2.tar.gz
cd cronolog-1.6.2
./configure --prefix=/usr/local/cronolog
make && make install
cd ..
#安装imap
tar zxf imap.tar.Z
cd imap-2007b
make lr5 PASSWDTYPE=std SSLTYPE=unix.nopwd IP6=4
echo "set disable-plaintext nil" > /etc/c-client.cf
mkdir /usr/local/imap-2007b
mkdir /usr/local/imap-2007b/include/
mkdir /usr/local/imap-2007b/lib/
chmod -R 077 /usr/local/imap-2007b
rm -rf /usr/local/imap-2007b/include/*
rm -rf /usr/local/imap-2007b/lib/*
rm -rf /usr/sbin/imapd
cp imapd/imapd /usr/sbin/
cp c-client/*.h /usr/local/imap-2007b/include/
cp c-client/*.c /usr/local/imap-2007b/lib/
cp c-client/c-client.a /usr/local/imap-2007b/lib/libc-client.a
cd ..
#安装MYSQL
tar zxvf mysql-5.0.51b.tar.gz
cd mysql-5.0.51b
./configure \
"--prefix=/usr/local/mysql" \
"--localstatedir=/data/mysql/data" \
"--with-comment=Source" \
"--with-server-suffix=-test.com" \
"--with-mysqld-user=mysql" \
"--without-debug" \
"--with-big-tables" \
"--with-charset=gbk" \
"--with-collation=gbk_chinese_ci" \
"--with-extra-charsets=all" \
"--with-pthread" \
"--enable-static" \
"--enable-thread-safe-client" \
"--with-client-ldflags=-all-static" \
"--with-mysqld-ldflags=-all-static" \
"--enable-assembler" \
"--without-isam" \
"--without-innodb" \
"--without-ndb-debug"
make && make install
useradd mysql -d /data/mysql -s /sbin/nologin
/usr/local/mysql/bin/mysql_install_db --user=mysql
cd /usr/local/mysql
chown -R root:mysql .
chown -R mysql /data/mysql/data
cp share/mysql/my-huge.cnf /etc/my.cnf
cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld
chmod 755 /etc/rc.d/init.d/mysqld
chkconfig --add mysqld
/etc/rc.d/init.d/mysqld start
cd /usr/local/mysql/bin
for i in *; do ln -s /usr/local/mysql/bin/$i /usr/bin/$i; done
cd /usr/local/src
mysqladmin -u root password chenshake
#安装Apache
tar zxvf httpd-2.2.8.tar.gz
cd httpd-2.2.8
./configure \
"--prefix=/usr/local/apache2" \
"--with-included-apr" \
"--enable-so" \
"--enable-deflate=shared" \
"--enable-expires=shared" \
"--enable-rewrite=shared" \
"--enable-static-support" \
"--disable-userdir"
make
make install
cd ..
#安装PHP
tar jxvf php-5.2.6.tar.bz2
cd php-5.2.6
./configure \
"--prefix=/usr/local/php" \
"--with-apxs2=/usr/local/apache2/bin/apxs" \
"--with-config-file-path=/usr/local/php/etc" \
"--with-mysql=/usr/local/mysql" \
"--with-gd=/usr/local/gd2" \
"--with-libxml-dir=/usr" \
"--with-jpeg-dir" \
"--with-png-dir" \
"--with-freetype-dir" \
"--with-zlib " \
--with-iconv-dir=/usr/local \
"--with-openssl=/usr/local/ssl" \
"--with-curl " \
"--with-curlwrappers " \
"--with-mcrypt" \
"--with-imap=/usr/local/imap-2007b" \
"--with-kerberos" \
"--with-bz2" \
"--enable-soap" \
"--enable-gd-native-ttf" \
"--enable-ftp" \
"--enable-mbstring" \
"--enable-exif" \
"--disable-ipv6" \
"--disable-cgi" \
"--disable-cli"
make
make install
mkdir /usr/local/php/etc
cp php.ini-dist /usr/local/php/etc/php.ini
cd ..
#安装Zend Optimizer (安装Zend Optimizer过程的最后不要选择重启Apache。)
tar xzvf ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
cd ZendOptimizer-3.3.3-linux-glibc23-i386
./install.sh
########################################################################## 脚本到这里为止,因为zend的设置,我没法自动完成,只能你手动设置,如果谁知道怎么做,麻烦指导指导,注意php.ini 的位置 /usr/local/php/etc/
#设置session的存放位置和修改php上次文件的大小,最大文件25m
复制内容到剪贴板
代码:
cp /usr/local/Zend/etc/php.ini /usr/local/Zend/etc/php.ini.save
sed -i -e '991 s/;//' /usr/local/Zend/etc/php.ini
sed -i 's/post_max_size = 8M/ post_max_size = 30M/g' /usr/local/Zend/etc/php.ini
sed -i 's/upload_max_filesize = 2M/ upload_max_filesize = 25M/g' /usr/local/Zend/etc/php.ini
cd /usr/local/src六:配置apache PHP
创建apache的启动脚本,apache编译包里带的那个启动脚本,有一个缺点,启动和停止没有任何提示,所以就用下面这个,比较方便。
复制内容到剪贴板
代码:
vi /etc/init.d/httpd复制内容到剪贴板
代码:
###################################
#!/bin/bash
#
# Startup script for the Apache Web Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web server. It is used to serve \
# HTML files and CGI.
# processname: httpd
# pidfile: /usr/local/apache2/logs/httpd.pid
# config: /usr/local/apache2/conf/httpd.conf
# Source function library.
. /etc/rc.d/init.d/functions
if [ -f /etc/sysconfig/httpd ]; then
. /etc/sysconfig/httpd
fi
# This will prevent initlog from swallowing up a pass-phrase prompt if
# mod_ssl needs a pass-phrase from the user.
INITLOG_ARGS=""
# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/usr/local/apache2/bin/apachectl
httpd=/usr/local/apache2/bin/httpd
pid=/usr/local/apache2/logs/httpd.pid
prog=httpd
RETVAL=0
# The semantics of these two functions differ from the way apachectl does
# things -- attempting to start while running is a failure, and shutdown
# when not running is also a failure. So we just do it the way init scripts
# are expected to behave here.
start() {
echo -n $"Starting $prog: "
daemon $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/httpd
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc $httpd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/httpd $pid
}
reload() {
echo -n $"Reloading $prog: "
killproc $httpd -HUP
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $httpd
RETVAL=$?
;;
restart)
stop
start
;;
condrestart)
if [ -f $pid ] ; then
stop
start
fi
;;
reload)
reload
;;
graceful|help|configtest|fullstatus)
$apachectl $@
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|condrestart|reload|status"
echo $"|fullstatus|graceful|help|configtest}"
exit 1
esac
exit $RETVAL
###########################设置可运行和开机启动
复制内容到剪贴板
代码:
chmod +x /etc/rc.d/init.d/httpd
chkconfig --add httpd
chkconfig --level 3 httpd on配置apache
复制内容到剪贴板
代码:
groupadd www -g 48
useradd -u 48 -g www www
mkdir -p /data/www/wwwroot/linux.com
mkdir -p /data/www/wwwroot/test.com
mkdir -p /data/logs
chmod +w /data/www/wwwroot
chown -R www:www /data/www/wwwroot
cp /usr/local/apache2/conf/httpd.conf /usr/local/apache2/conf/httpd.conf.save编辑httpd.conf
复制内容到剪贴板
代码:
sed -i -e '121 s/^/#/' -i -e '122 s/^/#/' /usr/local/apache2/conf/httpd.conf
sed -i -e "s/User daemon/User www/" -i -e "s/Group daemon/Group www/" /usr/local/apache2/conf/httpd.conf
sed -i 's/DirectoryIndex index.html/ DirectoryIndex index.php index.html index.htm/g' /usr/local/apache2/conf/httpd.conf
sed -i -e '101 s/^#//g' -i -e '374 s/^#//g' -i -e '389 s/^#//g' -i -e '392 s/^#//g' -i -e '401 s/^#//g' /usr/local/apache2/conf/httpd.conf
sed -i "58 s/^/AddType application\/x-httpd-php .php/" /usr/local/apache2/conf/httpd.conf编辑php.ini
复制内容到剪贴板
代码:
cp /usr/local/php/etc/php.ini /usr/local/php/etc/php.ini.save
sed -i '205 s#;open_basedir =#open_basedir = /data/www/wwwroot:/tmp#g' /usr/local/php/etc/php.ini
sed -i '/expose_php/s/On/Off/' /usr/local/php/etc/php.ini
sed -i '/display_errors/s/On/Off/' /usr/local/php/etc/php.ini配置虚拟主机
备份相关配置文件
复制内容到剪贴板
代码:
mv /usr/local/apache2/conf/extra/httpd-vhosts.conf /usr/local/apache2/conf/extra/httpd-vhosts.conf.save
mv /usr/local/apache2/conf/extra/httpd-default.conf /usr/local/apache2/conf/extra/httpd-default.conf.save
mv /usr/local/apache2/conf/extra/httpd-mpm.conf /usr/local/apache2/conf/extra/httpd-mpm.conf.save创建3个apache相关的文件
复制内容到剪贴板
代码:
vi /usr/local/apache2/conf/extra/httpd-vhosts.conf复制内容到剪贴板
代码:
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin shake.chen@gmail.com
DocumentRoot "/data/www/wwwroot/test.com"
ServerName test.com
ServerAlias bbs.test.com
ErrorLog "logs/test.com-error_log"
CustomLog "|/usr/local/cronolog/sbin/cronolog /data/logs/access_www.test.com.%Y%m%d" combined
</VirtualHost>
<VirtualHost *:80>
ServerAdmin shake.chen@gmail.com
DocumentRoot "/data/www/wwwroot/linux.com"
ServerName linux.com
ServerAlias bbs.linux.com
ErrorLog "logs/linux.com-error_log"
CustomLog "|/usr/local/cronolog/sbin/cronolog /data/logs/access_www.linux.com.%Y%m%d" combined
</VirtualHost>复制内容到剪贴板
代码:
vi /usr/local/apache2/conf/extra/httpd-default.conf复制内容到剪贴板
代码:
Timeout 15
KeepAlive Off
MaxKeepAliveRequests 50
KeepAliveTimeout 5
UseCanonicalName Off
AccessFileName .htaccess
ServerTokens Prod
ServerSignature Off
HostnameLookups Off复制内容到剪贴板
代码:
vi /usr/local/apache2/conf/extra/httpd-mpm.conf复制内容到剪贴板
代码:
<IfModule mpm_prefork_module>
ServerLimit 2000
StartServers 10
MinSpareServers 10
MaxSpareServers 15
MaxClients 2000
MaxRequestsPerChild 10000
</IfModule>七:测试
修改本地hosts文件
192.168.1.200
www.test.com
启动Apache
复制内容到剪贴板
代码:
service httpd start测试php
复制内容到剪贴板
代码:
cd /data/www/wwwroot/test.com
vi info.php复制内容到剪贴板
代码:
<?
phpinfo()
?>这个时候
http://192.168.1.200/info.php 或者
http://www.test.com/info.php 就可以看到php的信息。
安装phpadmin
复制内容到剪贴板
代码:
cd /usr/local/src
tar zxvf phpMyAdmin-2.11.8.1-all-languages-utf-8-only.tar.gz
cp -rf phpMyAdmin-2.11.8.1-all-languages-utf-8-only /data/www/wwwroot/test.com/phpmyadmin
cd /data/www/wwwroot/test.com/phpmyadmin
cp config.sample.inc.php config.inc.php
sed -i -e "/^\$cfg\['blowfish_secret'\]/{ s@'';@'88888888888888888';@; }" config.inc.php这个时候,你就可以通过
http://192.168.1.200/phpmyadmin 或者
http://www.test.com/phpmyadmin 来进行数据库管理, 我上面已经给mysql设置的密码。
user:root
password:chenshake
安装sugarcrm
sugarcrm的邮件模块需要用到imap,ssl,所以我编译的时候,需要吧imap,curl模块编译进去.
复制内容到剪贴板
代码:
cd /usr/local/src
unzip SugarCE-5.1.0.zip
mv SugarCE-Full-5.1.0/ /data/www/wwwroot/test.com/sugarcrm
chmod -R 777 /data/www/wwwroot/test.com/sugarcrm/这个时候,你通过连接访问一步一步安装就基本没有问题了。
