Nginx安装
新建文件
vi /etc/yum.repos.d/Nginx.repo
保存文件
[Nginx] name=Nginx repo baseurl=http://Nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=0 enabled=1
安装
yum install Nginx
运行
systemctl start Nginx
开机自运行
systemctl enable Nginx
防火墙设置
//开放80端口 firewall-cmd --zone=public --add-port=80/tcp --permanent //重启防火墙 systemctl restart firewalld
新建网站示例
//新建网站目录 mkdir -p /www/domain
由于SELinux的安全保护,会导致新建网站目录403 Forbidden无权访问。
//解决方式:可以参考Nginx默认网站目录的安全设置,设置同样环境。 ls -Z /usr/share/Nginx drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html //设置指定用户的目标安全环境 chcon -R -u system_u /www //设置指定类型的目标安全环境 chcon -R -t httpd_sys_content_t /www
配置文件介绍
默认配置 /etc/Nginx/Nginx.conf 自定义配置,会自动加载 /etc/Nginx/conf.d/default.conf /etc/Nginx/conf.d/*.conf
新增配置
vi /etc/Nginx/conf.d/domain.conf
保存配置
server { listen 80; server_name localhost; root /www/domain; index index.html index.htm index.PHP; location / { try_files $uri $uri/ /index.PHP; } location ~ \.PHP$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.PHP; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
注意:/etc/Nginx/conf.d/default.conf里面用了localhost主机名,所以新建站点不能用localhost名称。
重载生效
/usr/sbin/Nginx -s reload
PHP安装
安装PHP-fpm
//添加源 rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm //错误,要先安装epel-release yum -y install epel-release //安装PHP yum install PHP71w-fpm //安装数据库模块 yum install PHP71w-pdo PHP71w-MysqL //安装常用模块 yum install PHP71w-mbstring //开机启动 systemctl enable PHP-fpm //启动 systemctl start PHP-fpm //重启 systemctl restart PHP-fpm
MysqL安装
源
wget https://dev.MysqL.com/get/MysqL57-community-release-el7-11.noarch.rpm yum localinstall MysqL57-community-release-el7-11.noarch.rpm
安装
yum install MysqL-community-server //启动 systemctl start MysqLd //开机启动 systemctl enable MysqLd
配置
//配置字符集和关闭密码策略 vi /etc/my.cnf [MysqLd] character_set_server=utf8 init_connect='SET NAMES utf8' validate_password = off //重启 systemctl restart MysqLd //查看预置密码 grep 'temporary password' /var/log/MysqLd.log MysqL -uroot -p //修改root本地登录密码 ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password'; //新建一个远程用户 GRANT ALL PRIVILEGES ON *.* TO 'new_user'@'%' IDENTIFIED BY 'new_password' WITH GRANT OPTION;
防火墙设置
//开放3306端口 firewall-cmd --zone=public --add-port=3306/tcp --permanent //重启防火墙 systemctl restart firewalld
SELinux的影响
getsebool -a | grep httpd //可以看到是关闭的 httpd_can_network_connect_db --> off //设置打开,-P参数是永久,否则重启后又复原 setsebool -P httpd_can_network_connect_db on
SELinux号称是最后的防线,嫌麻烦的可以关闭SELinux保护,执行以下操作:
vi /etc/selinux/config SELINUX=enforcing 改为 SELINUX=disabled