Ubuntu 16.04 LTS 安装 Nginx/PHP 7/
从/etc/apt/source.list文件中定义的源中去同步包的索引文件
apt-get update
安装 MySQL 5.7
apt-get -y install mysql-server mysql-client
你会被要求提供MySQL的root用户密码 :
New password for the MySQL “root” user:<– yourrootsqlpassword
Repeat password for the MySQL “root” user:<– yourrootsqlpassword
为了确保数据库服务器,并删除匿名用户和测试数据库,运行mysql_secure_installation命令。
你会问这些问题:
root@server1:~# mysql_secure_installation
保护MySQL服务器部署。
Enter password for user root:<– Enter the MySQL root password
VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?Press y|Y for Yes, any other key for No:<– Press y if you want this function or press Enter otherwise.
Using existing password for root.
Change the password for root ? ((Press y|Y for Yes, any other key for No) :<– Press enter… skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.Remove anonymous users? (Press y|Y for Yes, any other key for No) :<– y
Success.Normally, root should only be allowed to connect from
‘localhost’. This ensures that someone cannot guess at
the root password from the network.Disallow root login remotely? (Press y|Y for Yes, any other key for No) :<– y
Success.By default, MySQL comes with a database named ‘test’ that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.Remove test database and access to it? (Press y|Y for Yes, any other key for No) :<– y
– Dropping test database…
Success.– Removing privileges on test database…
Success.Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.Reload privilege tables now? (Press y|Y for Yes, any other key for No) :<– y
Success.All done!
MySQL is secured now.
安装 Nginx
在你已经安装了Apache2的话,那么使用这些命令先删除再安装nginx:
service apache2 stop update-rc.d -f apache2 remove apt-get remove apache2
Ubuntu16.04有Nginx安装包,我们可以安装。
apt-get -y install nginx
Start nginx afterwards:
service nginx start
安装 PHP 7 {#-installing-php-}
如果之前安装过其他版本的PHP,最好先卸载
卸载
apt-get remove php-fpm
安装
apt-get -y install php7.0-fpm
配置 nginx {#-configuring-nginx}
vim /etc/nginx/nginx.conf首先(这是可选)调整keepalive_timeout到一个合理的值:
[...] keepalive_timeout 2; [...]
vim /etc/nginx/sites-available/default[...] location ~ .php$ { include snippets/fastcgi-php.conf; With php7.0-cgi alone: fastcgi\_pass 127.0.0.1:9000; With php7.0-fpm: fastcgi\_pass unix:/run/php/php7.0-fpm.sock; } [...]
PHP的重要组成部分位置 ~ .php$ {}stanza. 取消注释它来启用它。
现在保存文件并重新加载nginx:
service nginx reload
下一步打开 /etc/php/7.0/fpm/php.ini…
vim /etc/php/7.0/fpm/php.ini设置cgi.fix_pathinfo=0: //defant 1
由于PHP查找文件的时候,当文件不存在的时候,会把上级目录文件当做执行文件来执行,存在这么一个漏洞
[...] ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok ; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting ; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting ; of zero causes PHP to behave as before. Default is 1. You should fix your scripts ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. ; http://php.net/cgi.fix-pathinfo cgi.fix_pathinfo=0 [...]重新加载 PHP-FPM:
service php7.0-fpm reload
建立探针文件/var/www/html:
vim /var/www/html/info.php
<
?php
phpinfo();
?
>
让 MySQL 获得 PHP 7支持
先搜索一下PHP支持的模块:
apt-cache search php7.0使用下面的命令安装:
apt-get -y install php7.0-mysql php7.0-curl php7.0-gd php7.0-intl php-pear php-imagick php7.0-imap php7.0-mcrypt php-memcache php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl php7.0-mbstring php-gettextAPCu是随PHP7 PHP Opcache模块的扩展,它增加了一些兼容性功能的支持APC缓存(例如WordPress的插件缓存)软件。
APCu可以安装如下:
apt-get -y install php-apcu重新加载 PHP-FPM:
service php7.0-fpm reload
让 PHP-FPM 使用 TCP 连接
默认情况下PHP-FPM监听 /var/run/php/php7.0-fpm.sock. 另外,也可以使 PHP-FPM 试用 TCP 连接,打开文件 /etc/php/7.0/fpm/pool.d/www.conf…
vim /etc/php/7.0/fpm/pool.d/www.conf修改如下:
[...] ;listen = /var/run/php5-fpm.sock listen = 127.0.0.1:9000 [...]这将使PHP-FPM端口9000侦听的IP127.0.0.1(本地主机)。请确保您使用的端口,是不是在你的系统上使用。
然后重新加载 PHP-FPM:
php7.0-fpm reload接下来通过你的nginx的配置和所有的虚拟主机,并更改fastcgi_pass UNIX行:/var/run/php/php7.0-fpm.sock; tofastcgi_pass127.0.0.1:9000;,如下:
vim /etc/nginx/sites-available/default[...] location ~ \.php$ { include snippets/fastcgi-php.conf; # With php7.0-cgi alone: fastcgi_pass 127.0.0.1:9000; # With php7.0-fpm: # fastcgi_pass unix:/run/php/php7.0-fpm.sock; } [...]最后,重新加载nginx:
service nginx reloadOK,Nginx的LEMP服务器安装完毕。
