系统安全

纪录下搭建LNMP的过程

Posted on 2020-01-02,7 min read

搭建准备
Centos6.5
nginx 1.8.1

开始搭建
首先安装配置下本地镜像,配置为本地源
vim /etc/yum.repos.d/local.repo

[local]
name=local
baseurl=file:///media/CentOS_6.5_Final
enabled=1
gpgcheck=0

安装下所需的命令
yum install wget
#用来远程下载软件包
yum install gcc gcc-c++
#用来编译软件包

1.安装Nginx
安装nginx的依赖包

yum install pcre pcre-devel -y              #nginx的Rewrite模块和HTTP核心模块会使用到PCRE正则表达式语法  
yum install zlib zlib-devel -y              #nginx的各种模块中需要使用gzip压缩
yum install openssl openssl-devel -y        #nginx的安全套接字密码库

装完依赖包,就开始装nginx了

wget http://nginx.org/download/nginx-1.8.1.tar.gz -O /usr/local/src

下载nginx安装包,到/usr/local/src目录

cd /usr/local/src &&tar -zxvf nginx-1.8.1.tar.gz
cd nginx-1.8.1
./configure --prefix=/usr/local/nginx

configure是配置软件的,比如安装目录等,可以--help查看配置选项
--prefix安装目录

make&&make install
make编译软件,&&表示命令连接符,make install 安装

OK,软件安装完了。就开始创建nginx运行的用户,更安全

groupadd nginx          #增加nginx组
useradd -M -g nginx -s /sbin/nologin nginx      #-M不创建家目录 -g加入nginx组 -s自定义用户bash

cd /usr/local/nginx/conf
#切换到nginx配置文件目录
vim nginx.conf      
#配置nginx服务启动用户
user nginx nginx
#保存退出

/usr/local/nginx/sbin/nginx -t
#检测配置文件是否有错误
/usr/local/nginx/sbin/nginx
#启动nginx


具体-h查看帮助信息

如果不能访问,可能是防火墙或者selinux的原因,关闭即可

setenforce 0
service iptables stop

2.安装Mysql数据库
这里直接使用本地源安装了

yum install mysql-server mysql -y

#myqsl-server 是mysql的服务进程
#mysql 是mysql连接的客户端

chown mysql:mysql -R /var/lib/mysql

#将mysql的目录所属用户和组都给mysql

/etc/init.d/mysqld start

#启动mysql服务

3.安装php
首先安装php的依赖包

yum install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel -y
wget http://mirrors.sohu.com/php/php-5.5.6.tar.gz

#下载php安装包

tar -zxvf php-5.5.6.tar.gz

#解压

cd php-5.5.6&&./configure --prefix=/usr/local/php --disable-fileinfo --enable-fpm --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-openssl --with-zlib --with-curl --enable-ftp --with-gd --with-xmlrpc --with-jpeg-dir --with-png-dir --with-freetype-dir --enable-gd-native-ttf --enable-mbstring --with-mcrypt=/usr/local/libmcrypt --enable-zip --enable-mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-mysql-sock=/var/lib/mysql/mysql.sock --without-pear --enable-bcmath

#开始配置php

我这边报错了:configure: error: mcrypt.h not found. Please reinstall libmcrypt.


百度一手,解决办法如下:

wget https://sourceforge.net/projects/mcrypt/files/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz --no-check-certificate
#下载libmcrypt扩展
tar -zxvf libmcrypt-2.5.8.tar.gz&&cd libmcrypt-2.5.8
#解压
./configure --prefix=/usr/local
#配置
make&&make install
#安装扩展

#重新开始编译安装php

cd /usr/local/src/php-5.5.18
make &&make install
#这里会有点慢


OK了
接下来将PHP configure中的--with-config-file-path位置目录中的配置文件放到/etc/

cp /usr/local/src/php-5.5.6/php.ini-development /etc/php.ini

#创建php-fpm运行组
groupadd www-data
#创建php-fpm运行用户
useradd -M -g www-data -s /sbin/nologin www-data
#切换到php目录
cd /usr/local/php/etc
#复制粘贴文件
cp php-fpm.conf.default php-fpm.conf
#编辑配置文件,将user,group修改
vim php-fpm.conf
编辑配置文件
user www-data
group www-data


4.nginx支持php
vim /usr/local/nginx/conf/nginx.conf,配置如下

        location / {
            root   html;
            index  index.php index.html index.htm;
        }
        location ~ \.php$ {
            root           html;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }

#重启nginx服务

/usr/local/nginx/sbin/nginx -s reload

#启动php-fpm

/usr/local/php/sbin/php-fpm

5.将nginx和php注册为系统服务
vim /usr/local/nginx/etc/php-fpm.conf
将里面pid=run/php-fpm.pid前面的;去掉
然后启动服务
vim /etc/init.d/php-fpm
#编辑文件,内容如下

#! /bin/sh
# Comments to support chkconfig on CentOS
# chkconfig: 2345 65 37
#
set -e
  
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="php-fpm daemon"
NAME=php-fpm
DAEMON=/usr/local/php/sbin/$NAME
  
CONFIGFILE=/usr/local/php/etc/php-fpm.conf
PIDFILE=/usr/local/php/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
  
# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0
  
d_start() {
  $DAEMON -y $CONFIGFILE || echo -n " already running"
}
  
d_stop() {
  kill -QUIT `cat $PIDFILE` || echo -n " not running"
}
  
d_reload() {
  kill -HUP `cat $PIDFILE` || echo -n " can't reload"
}
  
case "$1" in
  start)
        echo -n "Starting $DESC is success"
        d_start
        echo "."
        ;;
  stop)
        echo -n "Stopping $DESC is success"
        d_stop
        echo "."
        ;;
  reload)
        echo -n "Reloading $DESC configuration..."
        d_reload
        echo "reloaded."
  ;;
  restart)
        echo -n "Restarting $DESC is success"
        d_stop
        sleep 1
        d_start
        echo "."
        ;;
  *)
         echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
         exit 3
        ;;
esac

chmod 755 /etc/init.d/php-fpm
#给读和执行权限
chkconfig php-fpm
#开机启动

vim /etc/init.d/nginxd

#!/bin/bash  
#  
#chkconfig: - 85 15  
#description: Nginx is a World Wide Web server.  
#processname: nginx  

nginx=/usr/local/nginx/sbin/nginx
conf=/usr/local/nginx/conf/nginx.conf

case $1 in  
       start)  
              echo -n "Starting Nginx"  
              $nginx -c $conf  
              echo " done"  
       ;;  

       stop)  
              echo -n "Stopping Nginx"  
              killall -9 nginx  
              echo " done"  
       ;;  

       test)  
              $nginx -t -c $conf  
       ;;  

        reload)  
              echo -n "Reloading Nginx"  
              ps auxww | grep nginx | grep master | awk '{print $2}' | xargs kill -HUP  
              echo " done"  
       ;;  

        restart)  
              $0 stop  
              $0 start  
       ;;  

       show)  
              ps -aux|grep nginx  
       ;;  

       *)  
              echo -n "Usage: $0 {start|restart|reload|stop|test|show}"  
       ;;  

esac

chmod +x /etc/init.d/nginxd
chkconfig nginxd


成功运行php

下一篇: CTF PHP代码审计中的一题任意URL跳转→