2014年8月27日

在CentOS 7 / 6 / 5 安裝Nginx, PHP5.5.x, MariaDB

基本上是翻譯這篇:

http://www.if-not-true-then-false.com/2011/install-nginx-php-fpm-on-fedora-centos-red-hat-rhel/

加上一些我個人實裝記錄

此篇以CentOS 7 為主要OS


安裝


首先先安裝第三方Repo

## Remi Dependency on CentOS 7 and Red Hat (RHEL) 7 ##
rpm -Uvh http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm
 
## CentOS 7 and Red Hat (RHEL) 7 ##
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

並編輯(產生) /etc/yum.repo.d/nginx.repo

內容如下:

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
之後就下指令安裝nginx, php-fpm, php


yum --enablerepo=remi,remi-php55 install nginx php-fpm php-common

然後再安裝PHP會用到的module

yum --enablerepo=remi,remi-php55 install php-opcache php-pecl-apcu php-cli php-pear php-pdo php-mysqlnd php-pgsql php-pecl-mongo php-sqlite php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml
我有再另外增加 php-intl



在CentOS 7

啟動service的方式已經不同

之前都是 /etc/init.d/xxx start

來啟動

現在變成要透過 systemctl 的指令

#systemctl start nginx.service

#systemctl start php-fpm.service

手動啟動nginx與php-fpm之後

應該就可以在瀏覽器看到nginx歡迎頁面了




ps. 本機IP為 127.0.0.1 或使用 ifconfig 查看當前 ip
       若無法瀏覽可使用 #systemctl status nginx.service 查看啟動狀態
       或是 #netstat -nulpt 指令查看是否有開啟80 port
       若都正常可嘗試暫時清除iptable的規則 #iptables -F
       或是暫時關閉 SELinux ,#setenforce 0



成功後就可以加入開機自動啟動了

systemctl enable nginx.service
systemctl enable php-fpm.service

Nginx設定


接下來就沒有完全依照網站上的步驟

但都大致相同

首先要先設定Nginx的Virtual Host

建立多網站資料夾

#mkdir /srv/www
#mkdir /srv/www/sites
#mkdir /srv/www/sites/test
#mkdir /srv/www/logs
#mkdir /srv/www/logs/test

修改權限

#chown -R apache:apache /srv/www
#chown -R nginx:nginx /srv/www/logs

這邊要注意的是,我把www整個資料夾擁有者指定給apache

是因為php-fpm預設使用apache的user & group解析(執行)php

如果要指定成別的user:group 就要記得修改 /etc/php-fpm.d/www.conf

最後也另外指定logs資料夾給nginx


之後在/etc/nginx新增兩個資料夾

#mkdir /etc/nginx/sites-available
#mkdir /etc/nginx/sites-enabled

修改 /etc/nginx/nginx.conf


include /etc/nginx/conf.d/*.conf;
下面增加


## Load virtual host conf files. ##
include /etc/nginx/sites-enabled/*;
並且在sites-available新增一個Virtual Host config

#vim /etc/nginx/sites-available/test_site

內容為

server {
    server_name YOUR_SERVER_NAME;
    access_log /srv/www/logs/test/access.log;
    error_log /srv/www/logs/test/error.log;
    root /srv/www/sites/test;
 
    location / {
        index index.html index.htm index.php;
    }
 
    location ~ \.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /srv/www/sites/test$fastcgi_script_name;
    }
}
之後在 sites-enabled 資料夾產生 soft link

cd /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/test_site

並且重新啟動 nginx

#systemctl restart nginx.service

最後在根目錄下產生一個測試的php檔案

vim /srv/www/sites/test/index.php

內容為

<?php

phpinfo();

這時再重新整理

應該就可以看見phpinfo的內容

如果出現Error 403

那要設定一下SELinux

chcon -R -t httpd_sys_content_t /srv/www/sites/test
 
## Or some apps might need httpd_sys_rw_content_t ##
chcon -R -t httpd_sys_rw_content_t /srv/www/sites/test

設定 iptables 

在 CentOS 7 已經無法像之前一樣

直接修改 /etc/sysconfig/iptables

真是不太方便

而且要用一個沒用過的指令

firewall-cmd

firewall-cmd --permanent --zone=public --add-service=http
 
## OR ##
 
firewall-cmd --permanent --zone=public --add --port=80/tcp
我是用

#firewall-cmd --permanent --zone=public --add-port=80/tcp

之後再重新啟動 iptable

#systemctl restart firewalld.service

這樣就大功告成摟!


安裝 MariaDB


安裝
#yum install mariadb mariadb-server

啟動
#systemctl start mariadb.service

開機啟動
#systemctl enable mariadb.service

執行MySQL安全設定script
#/usr/bin/mysql_secure_installation

過程如下所示


NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
 
In order to log into MariaDB to secure it, we\'ll need the current
password for the root user.  If you\'ve just installed MariaDB, and
you haven\'t set the root password yet, the password will be blank,
so you should just press enter here.
 
Enter current password for root (enter for none): 
OK, successfully used password, moving on...
 
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
 
Set root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!
 
 
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.
 
Remove anonymous users? [Y/n] y
 ... Success!
 
Normally, root should only be allowed to connect from \'localhost\'.  This
ensures that someone cannot guess at the root password from the network.
 
Disallow root login remotely? [Y/n] y
 ... Success!
 
By default, MariaDB comes with a database named \'test\' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.
 
Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!
 
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
 
Reload privilege tables now? [Y/n] y
 ... Success!
 
Cleaning up...
 
All done!  If you\'ve completed all of the above steps, your MariaDB
installation should now be secure.
 
Thanks for using MariaDB!

另一個重點是

程式用的帳號都要另外創建

而且權限只能使用某個DB

除非有用cluster或要跟其他DB sync

才要設定 Listen port 3306 on Internet

不然就都 Listen localhost