一、添加账号

1、新建账号

[root@localhost ~]# useradd lhj
[root@localhost ~]# password lhj
Changing password for user lhj.
New UNIX password:          # set password
Retype new UNIX password:   # confirm
passwd: all authentication tokens updated successfully.

2、由 lhj 切换到 root

localhost login: lhj      # 输入账号 lhj
password:                 # 密码
[lhj@localhost ~]# su     # 切换到 root
password:                 # root密码
[root@localhost ~]# 

3、使该账号只用于作为管理账号切换到root账号的账号（本示例是lhj)

[root@localhost ~]# usermod -G wheel lhj
[root@localhost ~]# vi /etc/pam.d/su
#%PAM-1.0
auth            sufficient      pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth           sufficient      pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth            required        pam_wheel.so use_uid   # 取消该行注释
auth            substack        system-auth
auth            include         postlogin
account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
account         include         system-auth
password        include         system-auth
session         include         system-auth
session         include         postlogin
session         optional        pam_xauth.so

保存退出
按”Esc”  输:wq! # q -> 退出； w -> 保存； ! -> 强制

3、要将root账号的电子邮件转发给其他用户，设置如下 （本例是 lhj）

[root@localhost ~]# vi /etc/aliases
# trap decode to catch security attacks
decode:         root

# Person who should get root's mail
#root:          marc             # 取消本行（也是最后一行）注释，并把 marc 改为 lhj。如下：
root:           lhj
[root@localhost ~]# newaliases   # reload

二、防火墙

firewall

1、查看防火墙状态（默认启动）

[root@localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-08-21 15:34:32 CST; 54min ago
     Docs: man:firewalld(1)
 Main PID: 691 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─691 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Aug 21 15:34:31 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Aug 21 15:34:32 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.

2、firewall 设置

查询默认区域

[root@localhost ~]# firewall-cmd --get-default-zone
public   # 系统默认

设置默认区域

[root@localhost ~]# firewall-cmd --set-default-zone=public

显示当前设置

[root@localhost ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens33
  sources:
  services: ssh dhcpv6-client
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

显示默认定义的所有区域

[root@localhost ~]# [root@web ~]# firewall-cmd --list-all-zone
block
  target: %%REJECT%%
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

dmz
  target: default
  icmp-block-inversion: no
  .........

drop
  target: DROP
  icmp-block-inversion: no
  .........

external
  target: default
  icmp-block-inversion: no
  .........

home
  target: default
  icmp-block-inversion: no
  .........

internal
  target: default
  icmp-block-inversion: no
  .........

public (active)
  target: default
  icmp-block-inversion: no
  ..........

trusted
  target: ACCEPT
  icmp-block-inversion: no
  .........

work
  target: default
  icmp-block-inversion: no
  ........

显示特定区域的允许服务

[root@localhost ~]# firewall-cmd --list-service --zone=external
ssh

更改默认区域 为 external

[root@localhost ~]# firewall-cmd --set-default-zone=external 
success

更改接口区域（* note） （本例网络设备名称为eth1）

[root@localhost ~]# firewall-cmd --change-interface=eth1 --zone=external 
success
[root@localhost ~]# firewall-cmd --list-all --zone=external
external (active)
  interfaces: eth1
  sources:
  services: ssh
  ports:
  masquerade: yes
  forward-ports:
  icmp-blocks:
  rich rules:

# *注意：即使添加了“--permanent”(表示永久)选项，它也不会通过“change-interface”永久更改
# 如果要永久改变，请使用如下的nmcli
[root@localhost ~]# nmcli c mod eth1 connection.zone external 
[root@localhost ~]# firewall-cmd --get-active-zone 
external
  interfaces: eth1
public
  interfaces: eth0

[root@localhost ~]# 

[root@localhost ~]# 

[root@localhost ~]# 

SELinux

1、查看selinux当前状态

显示当前的 SELinux的信息

[root@localhost ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

查看当前的SELINUX值。

[root@localhost ~]# getenforce
Enforcing

临时改变 selinux 当前值,后面可以跟 enforcing,permissive 或者 1,0 。重启后失效

[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# getenforce 0 # 临时改变防火墙状态，使其临时通过
[root@localhost ~]# getenforce # 查看状态
Permissive # 表示不需要防火墙的验证
[root@localhost ~]# getenforce 1 # 临时改变防火墙状态，使其需要通过防火墙验证
[root@localhost ~]# getenforce
Enforcing # 表示需要通过防火墙验证

2、永久改变selinux状态，方法如下

[root@localhost ~]# vi /etc/selinux/config

# This file controls the state of SELinux on the system.          # 此文件控制系统上SELinux的状态。
# SELINUX= can take one of these three values:                    # SELINUX =可以采用以下三个值中的一个：
#     enforcing - SELinux security policy is enforced.            # enforcing  - 强制执行SELinux安全策略。
#     permissive - SELinux prints warnings instead of enforcing.  # permissive  -  SELinux打印警告而不是强制执行。
#     disabled - No SELinux policy is loaded.                     # disabled  - 未加载SELinux策略。
SELINUX=enforcing # 更改此值，改变防火墙状态                              # 强制执行SELinux安全策略。 此项决定当前 selinux 状态
# SELINUXTYPE= can take one of three two values:                  # SELINUXTYPE =可以采用以下两个值之一：
#     targeted - Targeted processes are protected,                # targeted  - 目标进程受到保护，
#     minimum - Modification of targeted policy. Only selected processes are protected.     # minimum  - 修改目标政策。只有选定的进程受到保护。
#     mls - Multi Level Security protection.                      # mls  - 多级安全保护。
SELINUXTYPE=targeted

更改了此设置后，需要重启系统才生效。

补充：SELINUXTYPE 目前主要有2大类，【targeted】和【strict】。
• targeted：它是红帽子开发的targeted，它只是对于主要的网络服务进行保护，比如apache, sendmail, bind, postgresql等，不属于那些domain的就都让他们在unconfined_t里，可导入性高，可用性好但是不能对整个系统进行保护。
• strict：是由NAS开发的，能对整个系统进行保护，但是设定复杂，但是只要掌握一些基本的知识，还是可以玩得动的。
我们除了在/etc/sysconfig/selinux设它有效无效外，在启动的时候，也可以通过传递参数selinux给内核来控制它。（Fedora 5默认是有效）

三、网络设置

1、设置主机名（hostname）

[root@localhost ~]# hostnamectl set-hostname web.ktxsz.local # 设置主机名
[root@localhost ~]# hostnamectl # 查看主机
   Static hostname: web.ktxsz.local
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 423237bbb80d4060a2592f1ed1e88053
           Boot ID: 8c068ff682b74cff89e0d1117e42a8a0
    Virtualization: vmware
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-862.11.6.el7.x86_64
      Architecture: x86-64

2、设置IP地址 （本例 ipv4）

显示设备

[root@localhost ~]# nmcli d
DEVICE  TYPE      STATE      CONNECTION
ens33   ethernet  connected  ens33
lo      loopback  unmanaged  --

设置IPv4地址 （本例 10.2.0.26/24)

[root@localhost ~]# nmcli c modify ens33 ipv4.addresses 10.2.0.26/24

设置网关

[root@localhost ~]# nmcli c modify ens33 ipv4.gateway 10.2.0.1

设置 DNS

[root@localhost ~]# nmcli c modify ens33 ipv4.dns 10.2.0.1
[root@localhost ~]# nmcli c modify ens33 +ipv4.dns 8.8.8.8
[root@localhost ~]# nmcli c modify ens33 +ipv4.dns 10.2.0.5
# 或者 
[root@localhost ~]# nmcli c modify ens33 ipv4.dns '10.2.0.1 8.8.8.8 10.2.0.5'

设置为静态IP （manual 为静态， auto 为 DHCP 分配）

[root@localhost ~]# nmcli c modify ens33 ipv4.method manual

重启设备并加载新设置

[root@localhost ~]# nmcli c down ens33; nmcli c up ens33

显示设置结果

[root@web ~]# nmcli d show ens33
GENERAL.DEVICE:                         ens33
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         00:0C:29:03:78:14
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     ens33
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/2
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         10.2.0.26/24
IP4.GATEWAY:                            10.2.0.1
IP4.ROUTE[1]:                           dst = 10.2.0.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]:                           dst = 0.0.0.0/0, nh = 10.2.0.1, mt = 100
IP4.DNS[1]:                             10.2.0.1
IP4.DNS[2]:                             8.8.8.8
IP4.DNS[3]:                             10.2.0.5
IP6.ADDRESS[1]:                         fe80::2674:bf5c:c370:76b7/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = ff00::/8, nh = ::, mt = 256, table=255
IP6.ROUTE[2]:                           dst = fe80::/64, nh = ::, mt = 256
IP6.ROUTE[3]:                           dst = fe80::/64, nh = ::, mt = 100

显示状态

[root@web ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:03:78:14 brd ff:ff:ff:ff:ff:ff
    inet 10.2.0.26/24 brd 10.2.0.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::2674:bf5c:c370:76b7/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

3、禁用 IPv6

[root@web ~]# vi /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="ipv6.disable=1 crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet"
GRUB_DISABLE_RECOVERY="true"

重新生成GRUB配置文件到核心，并覆盖现有文件

[root@web ~]# grub2-mkconfig -o /boot/grub2/grub.cfg    # grub2-mkconfig 是生成命令
[root@web ~]# reboot

4、更改网络设备接口名称。(禁用一致的网络设备命名)

网络设备名称命名方式有两种：Biosdevname 与 net.ifnames

[root@web ~]# vi /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet net.ifnames=0 biosdevname=0"  # net.ifnames 、biosdevname 值为 1 和 0 ；1 是启用，0 是禁用。biosdevname 程序使用从系统的BIOS信息，如果系统的BIOS没有SMBIOS 2.6或更高版本以及此数据，则不会使用新的命名约定。没用安装 biosdevname 可省略
GRUB_DISABLE_RECOVERY="true"

重新生成GRUB配置文件到核心，并覆盖现有文件

[root@web ~]# grub2-mkconfig -o /boot/grub2/grub.cfg    # grub2-mkconfig 是生成命令
[root@web ~]# reboot  # 重启生效

四、查看系统服务

1、服务

显示正在运行的服务列表

[root@web ~]# systemctl -t service
UNIT                               LOAD   ACTIVE SUB     DESCRIPTION
auditd.service                     loaded active running Security Auditing Service
crond.service                      loaded active running Command Scheduler
dbus.service                       loaded active running D-Bus System Message Bus
firewalld.service                  loaded active running firewalld - dynamic firewall daemon
getty@tty1.service                 loaded active running Getty on tty1
kdump.service                      loaded active exited  Crash recovery kernel arming
kmod-static-nodes.service          loaded active exited  Create list of required static device no
lvm2-lvmetad.service               loaded active running LVM2 metadata daemon
..........
tuned.service                      loaded active running Dynamic System Tuning Daemon
vgauthd.service                    loaded active running VGAuth Service for open-vm-tools
vmtoolsd.service                   loaded active running Service for virtual machines hosted on V

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

38 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

所有服务的列表

[root@web ~]# systemctl list-unit-files -t service
UNIT FILE                                     STATE
auditd.service                                enabled
autovt@.service                               enabled
blk-availability.service                      disabled
brandbot.service                              static
..........
teamd@.service                                static
tuned.service                                 enabled
vgauthd.service                               enabled
vmtoolsd.service                              enabled
wpa_supplicant.service                        disabled

140 unit files listed.

2、关闭（启动）某项服务

[root@web ~]# systemctl stop postfix   # 关闭服务
[root@web ~]# systemctl disable postfix     # 关闭随机启动

[root@web ~]# systemctl start postfix       # 启动服务
[root@web ~]# systemctl enable postfix      # 开启随机启动 

3、还有一些SysV服务。这些由chkconfig控制，如下所示。

[root@web ~]# chkconfig --list

Note: This output shows SysV services only and does not include native
      systemd services. SysV configuration data might be overridden by native
      systemd configuration.  # 注意：此输出仅显示SysV服务，不包括本机系统服务。 SysV配置数据可能被本机覆盖systemd配置。

      If you want to list systemd services use 'systemctl list-unit-files'.
      To see services enabled on particular target use
      'systemctl list-dependencies [target]'.  # 如果要列出systemd服务，请使用'systemctl list-unit-files'。 查看针对特定目标使用启用的服务 'systemctl list-dependencies [target]'。

netconsole      0:off   1:off   2:off   3:off   4:off   5:off   6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off

# 例如，关闭netconsole的自动启动设置
[root@web ~]# chkconfig netconsole off

五、更新系统

[root@web ~]# yum -y update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: ftp.sjtu.edu.cn
 * extras: mirrors.cn99.com
 * updates: mirrors.shu.edu.cn
base                                                                      | 3.6 kB  00:00:00
...............

六、为 yum 添加存储库

1、添加库 （本例为 Centos 官方库

[root@web ~]# yum -y install yum-plugin-priorities
# 设置使用库的优先级别 priority=1 ； 数值越往后，优先级别越靠后；1 最先。
[root@web ~]# sed -i -e "s/\]$/\]\npriority=1/g" /etc/yum.repos.d/CentOS-Base.repo

设置优先级的前后变化

# CentOS-Base.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the 
# remarked out baseurl= line instead.
#
#

[base]
priority=1 # priority=1 新增
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#released updates 
[updates]
priority=1 # priority=1 新增
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
priority=1 # priority=1 新增
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that extend functionality of existing packages
[centosplus]
priority=1 # priority=1 新增
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

2、添加 Fedora 项目提供的EPEL存储库。

[root@web ~]# yum -y install epel-release # 或者 [root@web ~]# yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

[root@web ~]# sed -i -e "s/\]$/\]\npriority=5/g" /etc/yum.repos.d/epel.repo

设置优先级的前后变化

[epel]
priority=5 # priority=5 新增
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[epel-debuginfo]
priority=5 # priority=5 新增
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch/debug
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[epel-source]
priority=5 # priority=5 新增
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[root@web ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/epel.repo

[root@web ~]# yum --enablerepo=epel install [Package] # [Package] 为安装包名

设置按需使用源库前后变化

[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=0 # 由 enabled=1 改为 enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch/debug
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

3、添加CentOS SCLo软件集合存储库

[root@web ~]# yum -y install centos-release-scl-rh centos-release-scl
# 设置优先级别 priority=10
[root@web ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo
[root@web ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo

4、添加Remi的RPM Repository，它提供了许多有用的包

[root@web ~]# yum -y install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
# 设置优先级别 priority=10
[root@web ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/remi-safe.repo

5、删除yum中的源（本例以 remi 为示例）

# 1. 查看配置文件，并删除目标库配置文件
[root@web ~]# ll /etc/yum.repos.d/
total 68
-rw-r--r--. 1 root root 1720 Dec  6 10:07 CentOS-Base.repo
-rw-r--r--. 1 root root 1664 Oct 19 15:19 CentOS-Base.repo.back
-rw-r--r--. 1 root root  964 Dec  6 10:22 CentOS-SCLo-scl.repo
-rw-r--r--. 1 root root  940 Dec  6 10:23 CentOS-SCLo-scl-rh.repo
-rw-r--r--. 1 root root  984 Dec  6 10:14 epel.repo
-rw-r--r--. 1 root root 1050 Oct  3  2017 epel-testing.repo
-rw-r--r--. 1 root root  261 Dec  4 10:07 MariaDB.repo
-rw-r--r--. 1 root root  446 Jun 19 16:28 remi-glpi91.repo
-rw-r--r--. 1 root root  446 Jun 19 16:28 remi-glpi92.repo
-rw-r--r--. 1 root root  446 Jun 19 16:28 remi-glpi93.repo
-rw-r--r--. 1 root root  456 Jun 19 16:28 remi-php54.repo
-rw-r--r--. 1 root root 1314 Jun 19 16:28 remi-php70.repo
-rw-r--r--. 1 root root 1314 Jun 19 16:28 remi-php71.repo
-rw-r--r--. 1 root root 1314 Jun 19 16:28 remi-php72.repo
-rw-r--r--. 1 root root 1314 Jun 19 16:28 remi-php73.repo
-rw-r--r--. 1 root root 2605 Jun 19 16:28 remi.repo
-rw-r--r--. 1 root root  750 Jun 19 16:28 remi-safe.repo
[root@web ~]# rm -rf /etc/yum.repos.d/remi*

# 2. 查看源库具体名称，并删除目标库的具体名称
[root@web ~]# ll /etc/pki/rpm-gpg
total 32
-rw-r--r--. 1 root root 1690 Nov 23 21:16 RPM-GPG-KEY-CentOS-7
-rw-r--r--. 1 root root 1004 Nov 23 21:16 RPM-GPG-KEY-CentOS-Debug-7
-rw-r--r--. 1 root root 1057 May 23  2016 RPM-GPG-KEY-CentOS-SIG-SCLo
-rw-r--r--. 1 root root 1690 Nov 23 21:16 RPM-GPG-KEY-CentOS-Testing-7
-rw-r--r--. 1 root root 1662 Oct  3  2017 RPM-GPG-KEY-EPEL-7
-rw-r--r--. 1 root root 1340 Mar 23  2017 RPM-GPG-KEY-remi
-rw-r--r--. 1 root root 3100 Mar 23  2017 RPM-GPG-KEY-remi2017
-rw-r--r--. 1 root root 3143 Jan 16  2018 RPM-GPG-KEY-remi2018
[root@web ~]# rm /etc/pki/rpm-gpg/RPM-GPG-KEY-remi*
rm: remove regular file ‘/etc/pki/rpm-gpg/RPM-GPG-KEY-remi2017’? y
rm: remove regular file ‘/etc/pki/rpm-gpg/RPM-GPG-KEY-remi2018’? y
.....

# 3. 查找目标库的.rpm包，并删除
[root@web ~]# rpm -qa|grep remi
remi-release-7.5-2.el7.remi.noarch
[root@web ~]# yum remove remi-release-7.5-2.el7.remi.noarch

# 4. 重建数据源
[root@web ~]# yum clean all
[root@web ~]# yum repolist
[root@web ~]# yum makecache

七、vim安装配置

1、搜索vim安装包

[root@web ~]# yum search vim
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.neusoft.edu.cn
 * extras: mirrors.neusoft.edu.cn
 * updates: mirrors.neusoft.edu.cn
=========================================================================== N/S matched: vim ===========================================================================
protobuf-vim.x86_64 : Vim syntax highlighting for Google Protocol Buffers descriptions # 用于Google协议缓冲区描述的Vim语法高亮显示
vim-X11.x86_64 : The VIM version of the vi editor for the X Window System # X Window系统的vi编辑器的VIM版本
vim-common.x86_64 : The common files needed by any version of the VIM editor # 任何版本的VIM编辑器所需的公共文件
vim-enhanced.x86_64 : A version of the VIM editor which includes recent enhancements # VIM编辑器的一个版本，包括最新增强功能
vim-filesystem.x86_64 : VIM filesystem layout # VIM文件系统布局
vim-minimal.x86_64 : A minimal version of the VIM editor # VIM编辑器的最小版本

  Name and summary matches only, use "search all" for everything.

2、安装 vim

[root@web ~]# yum -y install vim-enhanced

3、设置命令别名。（适用于以下所有用户。如果您申请用户，请在 '~/.bashrc' 中写相同的设置）

[root@web ~]# vi /etc/profile
# 在最一行后添加如下
alias vi='vim'
[root@web ~]# source /etc/profile # reload

4、配置vim。（适用于以下用户。如果您适用于所有用户，请在'/etc/vimrc'中写入相同的设置，但默认情况下会应用某些设置。）

[root@web ~]# vi ~/.vimrc
"不与 Vi 兼容（采用 Vim 自己的操作命令）
set nocompatible
"指定编码
set encoding=utf-8
"指定文件编码设置
set fileencodings=ucs-bom,utf-8,cp936,gb18030,big5,euc-jp,euc-kr,latin1
"指定文件格式
set fileformats=unix,dos
"备份
"设置备份
set backup
"设置备份目录
set backupdir=~/backup
"记录历史的行数
set history=100
"启用搜索突出显示
set hlsearch
"搜索忽略大小写
set ignorecase
"显示部分匹配的增量搜索
set incsearch
"当搜索查询包含大写字母时，自动将搜索切换为区分大小写
set smartcase
"新行继承前一行的缩进(自动缩进)
set autoindent
"将制表符转换为空格
set expandtab
"启用特定于文件类型的缩进规则
filetype indent on
"智能对齐方式
"set smartindent
"当移动线条时，将压痕四舍五入到“shiftwidth”的最接近的倍数
set shiftround
"移位时，使用四个空格缩进
set shiftwidth=4
"按下“tab”键时插入“tabstop”空格数
set smarttab
"使用四个空格缩进
set tabstop=4
"在输入括号时光标会短暂地跳到与之相匹配的括号处，不影响输入
set showmatch
"打开语法高亮。自动识别代码，使用多种颜色显示
syntax on
"语法启用，启用语法突出显示
syntax enable
"启用换行
set wrap
"始终显示状态栏
set laststatus=2
"设置标尺，始终显示光标位置
set ruler
"将命令行的选项卡完成选项显示为菜单
set wildmenu
"显示命令，在底栏
"set showcmd
"限制搜索自动完成的文件
set complete-=i
"在宏和脚本执行期间不要更新屏幕
set lazyredraw
"启用256色
set t_Co=256
"突出显示当前光标下的行
set cursorline
"设置编号，在侧栏上显示行号
set number
"显示当前行的行号和所有其他行的相对数
"set relativenumber
"设置窗口的标题，反映当前正在编辑的文件
set title
"突出匹配[{（）}]
"set showmatch
"使用适合深色背景的颜色
"set background=dark
"开启新行时使用智能自动缩进
set smartindent
"设置法术，启用拼写检查
set spell

八、初始设置：配置sudo

九、初始设置：Cron的设置（定时任务）

十、配置NTP服务器

1、配置NTPd服务器

安装、设置NTPd

root@dlp ~]# yum -y install ntp
[root@dlp ~]# vi /etc/ntp.conf
# line 18: add the network range you allow to receive requ
restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap
＃更改服务器以进行同步
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntp1.jst.mfeed.ad.jp iburst
server ntp2.jst.mfeed.ad.jp iburst
server ntp3.jst.mfeed.ad.jp iburst
[root@dlp ~]# systemctl start ntpd 
[root@dlp ~]# systemctl enable ntpd 

如果Firewalld正在运行，请允许NTP服务。NTP使用123 / UDP。

[root@web ~]# firewall-cmd --permanent --add-service=ntp
success
[root@web ~]# firewall-cmd --reload
success

验证它是否正常工作如下。

[root@web ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+ntp1.jst.mfeed. 172.29.1.100     2 u   29   64    1   18.826   -0.126   0.000
+ntp2.jst.mfeed. 172.29.2.50      2 u   28   64    1   21.592    0.018   0.000
*ntp3.jst.mfeed. 133.243.236.18   2 u   28   64    1   22.666   -1.033   0.000

2、配置Chrony服务器

安装、设置Chrony （Centos7.4 后默认的NTP软件）

Chrony有两个核心组件，分别是：chronyd：是守护进程，主要用于调整内核中运行的系统时间和时间服务器同步。它确定计算机增减时间的比率，并对此进行调整补偿。chronyc：提供一个用户界面，用于监控性能并进行多样化的配置。它可以在chronyd实例控制的计算机上工作，也可以在一台不同的远程计算机上工作。

[root@web ~]# yum -y install chrony
[root@web ~]# vi /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html). # 同步服务器
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network. # 允许接收请求的网络范围
#allow 192.168.0.0/16

# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

[root@web ~]# systemctl restart chronyd
[root@web ~]# systemctl enable chronyd

如果Firewalld正在运行，请允许NTP服务。NTP使用123 / UDP。

[root@web ~]# firewall-cmd --permanent --add-service=ntp
success
[root@web ~]# firewall-cmd --reload
success

验证它是否正常工作如下。

[root@web ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^- cn.ntp.faelix.net             2   6   377    50    +13ms[  +13ms] +/-  123ms
^- ntp8.flashdance.cx            2   6   177    53  +4514us[+4514us] +/-  164ms
^* dns1.synet.edu.cn             2   6    17    61   -290us[-2011us] +/-   26ms
^- b.sin.pobot.net               2   6   377    64  +9751us[  +10ms] +/-  208ms

设置前

[root@web ~]# timedatectl
      Local time: Wed 2018-09-05 11:30:08 CST
  Universal time: Wed 2018-09-05 03:30:08 UTC
        RTC time: Wed 2018-09-05 03:30:08
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: n/a
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a

设置后

[root@web ~]# timedatectl
      Local time: Wed 2018-09-05 10:34:10 CST
  Universal time: Wed 2018-09-05 02:34:10 UTC
        RTC time: Wed 2018-09-05 02:34:10
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: n/a

3、配置NTP客户端：CentOS

1. CentOS上的NTP客户端设置与服务器的设置大致相同，因此请参阅 NTPd设置或Chrony设置。对于服务器的不同设置，客户端不需要从其他计算机接收时间同步请求，因此不需要设置访问权限。

2. 如果您不使用NTP服务守护程序但使用命令同时同步时间，请使用ntpdate，如下所示。

[root@web ~]# yum -y install ntpdate
[root@web ~]# ntpdate ntp1.jst.mfeed.ad.jp # NTP服务器地址
24 Jan 11:35:15 ntpdate[5740]: adjust time server xxx.xxx.xxx.xxx offset 0.004626 sec
[root@web ~]# systemctl enable ntpdate 

十一、SSH服务器

1、创建用于sftp的根目录

[root@web ~]# mkdir /var/www 
[root@web ~]# groupadd sftp # 此组是用于 sftp 上传的群组
[root@web ~]# chown -R root:sftp /var/www
[root@web ~]# chmod -R 0755 /var/www

/var/www 目录(包含目录上级)的所有者(owner)必须为root，且权限不高于755。sftp 根目录群组为用于sftp上传群组的群组名，本例为 sftp

2、创建用于sftp的账号用户及账号根目录

本例：增加一个不能系统登陆且只用于ssh访问的账号 ktxsz，用户组为 sftp ，账号根目录为 ktxsz (/var/www/ktxsz)，账号的根目录所有者(owner)也必须为 root (如果账号的根目录不为root，且权限不是0755时，sftp登陆时会显示“验证失败。”

[root@web ~]# useradd -g sftp -d /var/www/ktxsz -s /sbin/nologin ktxsz # 创建一个没有登陆系统权限的，群组为 sftp，指定或创建(不存在目录时，自动创建)目录为 /var/www/ktxsz 的账号 ktxsz。
# 如果ktxsz账号已存在，用 usermod -g sftp –d /var/www/ktxsz –s /sbin/nologin ktxsz 更改用户设置命令： usermod                                                                                  
[root@web ~]# ll /var/www
total 0
drwx------. 2 ktxsz sftp 59 Sep 20 14:45 ktxsz
[root@web ~]# chown -R root:sftp /var/www/ktxsz
[root@web ~]# chmod -R 0755 /var/www/ktxsz
[root@web ~]# ll /var/www
total 0
drwx------. 2 root sftp 59 Sep 20 14:45 ktxsz

[root@web ~]# passwd ktxsz

注：删除账号

[root@web ~]# userdel -rfRZ ktxsz2

用法：userdel [选项] 登录

更改用户登录名：# usermod -l newname oldname

组的使用：

使用gpasswd将用户添加到组：# gpasswd -a [用户名] [组名]

更改用户所属的组名，不变更GID：# groupmod -n newname oldname

删除用户组：# groupdel [组名]

将用户从组中移除：# gpasswd -d [用户名] [组名]

3、创建用户账号的可读写目录

注：账号根目录下的所有子目录文件，目录文件所有者都应该归账号所有，目录群组也应设置为用于sftp的群组，且权限不高于755；否则，在用sftp软件创建二级子目录文件时，会显示“无权访问。错误码：3 服务器返回的错误消息：Permission denied”（无法在sftp软件下，创建根目录下子目录文件，会提示如上错误。只能通过登陆系统来创建）。

本例账号的可读写目录为 www ， 如需多个目录，类同操作。

账号根目录下子目录文件所有者归账号所有，目录群组为设置用于sftp的群组，且权限不高于755。本例账号为 ktxsz, 组群为 sftp

Match user设定要被chroot的用户，若要设定多个帐号, 帐号间以逗号隔开。例如：Match user userA,userB
如果是群组的则将User改为Group后，再接群组名称。例如：Match Group rootedSFTP
ChrootDirectory设定要chroot的位置，可以加上PATTERNS做区隔。如/home/%u，%u表示用户变量，%h为限制到用户的主目录。更多可见:man sshd_config

设定Chroot目录权限
错误的目录权限设定会导致在log中出现"fatal: bad ownership or modes for chroot directory XXXXXX" 的讯息。
目录的权限设定有两个要点：
1、由ChrootDirectory指定的目录开始一直往上到系统根目录为止的目录拥有者都只能是root
2、由ChrootDirectory指定的目录开始一直往上到系统根目录为止都不可以具有群组写入权限

创建账号的子目录。 权限不能高于0755，目录所有者归账号，目录群组所有者归sftp(本例群组为sftp)

[root@web ~]# mkdir /var/www/ktxsz/www
[root@web ~]# ll /var/www/ktxsz/
total 0
drwxr-xr-x. 2 root root 6 Sep 20 15:37 www
[root@web ~]# chown -R ktxsz:sftp /var/www/ktxsz/www # [root@web ~]# chown -R ktxsz:sftp /var/www/ktxsz/www 与 [root@web ~]# chown -R ktxsz:sftp /var/www/ktxsz/www/ 效果一样，都是指在更改当前此目录（www）及其此目录下所有文件目录的文件归属； [root@web ~]# chown -R ktxsz:sftp /var/www/ktxsz/www/*  是指在更改此目录（www）下所有文件目录的文件归属，不包括此目录（www）
[root@web ~]# chmod -R 0755 /var/www/ktxsz/www
[root@web ~]# ll /var/www/ktxsz/
total 0
drwxr-xr-x. 2 ktxsz sftp 6 Sep 20 15:37 www

4、配置sftp设置

[root@web ~]# vi /etc/ssh/sshd_config
#       $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Ciphers and keying
#RekeyLimit default none

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no # line 38：取消注释和更改为 no（禁止root远程登录）
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile      .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PermitEmptyPasswords no # 取消注释, 是非空密码登陆

PasswordAuthentication yes # 默认设置，允许密码认证


# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox          # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# override default of no subsystems
#Subsystem      sftp    /usr/libexec/openssh/sftp-server  # 注释此行

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no 
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server
# 以下设置为以sftp组访问设置，且组中账号只能访问、读、写本账号目录下文件 
Subsystem sftp internal-sftp 
Match Group sftp # 组为 sftp
        ChrootDirectory /var/www/%u # %u 对应账号的账号目录
        X11Forwarding no   # X11 中11是数字
        AllowTcpForwarding no
        ForceCommand internal-sftp

重新加载 SSH 服务

[root@web ~]# systemctl restart sshd

Web服务器安装配置

(一)、Nginx：安装配置

1、Nginx：安装

[root@web ~]# rpm -Uivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm # 使用官方的安装源，以便获取最新安装包
[root@web ~]# yum install -y nginx
[root@web ~]# systemctl start nginx
[root@web ~]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.

Nginx 全局配置

[root@web ~]# cat /etc/nginx/nginx.conf
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    server_tokens       off; # 隐藏http头文件(header)中 nginx 版本号，phpinfo中版本另外设置
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}

2、firewall设置

[root@web ~]# firewall-cmd --permanent --add-service=http
Warning: ALREADY_ENABLED: http # 提示系统已添加此服务
success
[root@web ~]# firewall-cmd --permanent --add-service=https
Warning: ALREADY_ENABLED: https # 提示系统已添加此服务
success

3、测试 Nginx 安装情况

本例是安装在 10.2.0.166 服务器上，在浏览器地址该地址，看能否正常打开网页

4、Nginx 虚拟主机

/etc/nginx/nginx.conf 是 Nginx 全局配置文件，/etc/nginx/conf.d/ 目录下配置文件为各个虚拟主机的 Nginx 配置文件（即各个web主机的配置文件）

本例是虚拟主机的根目录为 /var/www/ktxsz/www ；Web根目录为 /var/www/ktxsz/www/html ；配置文件名为 ktxsz.conf 。

[1、] 虚拟主机的配置文件

[root@web ~]# vi /etc/nginx/conf.d/ktxsz.conf
server {
    listen  80;
    server_name 10.2.0.166;

    charset utf-8;

    #access_log  logs/host.access.log  main;

    location / {
        root /var/www/ktxsz/www/html;
        index   index.html index.htm;
    }

    #error_page 404     /404.html;

    # redirect server error pages to the static page /50x.html
    # 将服务器错误页面重定向到静态页面/50x.html
    error_page  500 502 503 504 /50x.html;
    location = /50x.html {
        root html;
    }

}

[2、] 测试配置情况

创建一个网页

[root@web ~]# vi /var/www/ktxsz/www/html/index.html
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>首页</title>
<meta name="description" content="">
<meta name="keywords" content="">
<link href="" rel="stylesheet">
</head>
<body>
<div style="width:100%"><p style="width:100%;margin:auto;text-align:center;">创建中。。。。。。</p>
</div>
</body>
</html>

访问 http://10.2.0.166/index.html，能否正常打开。

5、Nginx：SSL设置

[1]、SSL证书

(1)、创建SSL证书(自签名)

[root@web ~]# cd /etc/pki/tls/certs # 证书、密钥存放处
[root@web certs]# make ktxsz.key # 创建私钥
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 < ktxsz.key
Generating RSA private key, 2048 bit long modulus
.........................+++
.+++
e is 65537 (0x10001)
Enter pass phrase: # 输入私钥密码
Verifying - Enter pass phrase:

# 从私钥中删除密码
[root@web certs]# openssl rsa -in ktxsz.key -out ktxsz.key
Enter pass phrase for ktxsz.key: # 输入私钥密码
writing RSA key

[root@web certs]# make ktxsz.csr
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key ktxsz.key -out ktxsz.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN # 国名（2字母代码）
State or Province Name (full name) []:ZheJiang # 州或省名称（全名）
Locality Name (eg, city) [Default City]:杭HangZhou # 地区名称（例如，城市）[默认城市]
Organization Name (eg, company) [Default Company Ltd]:KTXSZ # 组织名称（如公司）
Organizational Unit Name (eg, section) []:ktxsz # 组织单位名称（例如，部分）
Common Name (eg, your name or your server's hostname) []:www.ktxsz.local # 通用名称（例如，您的名字或您的服务器的主机名）
Email Address []:admin@ktxsz.local # 电子邮件地址

Please enter the following 'extra' attributes
to be sent with your certificate request # 请输入以下与您的证书请求一起发送的“额外”属性
A challenge password []:123456 # 挑战密码。可省略，直接回车
An optional company name []:kz # 可选公司名称。可省略，直接回车

# 生成自签名证书
[root@web certs]# openssl x509 -in ktxsz.csr -out ktxsz.crt -req -signkey ktxsz.key -days 3650
Signature ok
subject=/C=CN/ST=ZheJiang/L=HangZhou/O=KTXSZ/OU=ktxsz/CN=www.ktxsz.local/emailAddress=admin@ktxsz.local
Getting Private key

(2)、获取免费SSL证书（Let's Encrypt）

从提供免费SSL证书的Let's Encrypt获取SSL证书。
请参阅下面的Let's Encrypt官方网站的详细信息。
⇒https：//letsencrypt.org/
顺便说一下，证书的到期日期是90天，因此您必须在接下来的90天内更新。

< 1 >、 安装Certbot Client，这是从Let's Encrypt获取证书的工具。

[root@www ~]# yum -y install certbot

< 2 >、获得证书。

(a)、有 Web 服务器获取方法：

它需要像Apache httpd或Nginx这样的Web服务器必须在你工作的服务器上运行。
此外，由于来自Let's Encrypt的验证，它需要可以从因特网访问端口80上的工作服务器。

# 对于选项[--webroot]，使用服务器上webroot下的目录作为工作温度
#-w [document root] -d [你想获得证书的FQDN]
# FQDN（完全限定域名）：Hostname.Domainname
# 如果您想获得超过2个FQDN的证书，请指定以下所有内容
# ex：if get [ktxsz.cn]和[www.ktxsz.cn]
# ⇒指定[-d ktxsz.cn -d www.ktxsz.cn]
[root@www ~]# certbot certonly --webroot -w /var/www/ktxsz/www/html -d ktxsz.cn -d www.ktxsz.cn
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): lhj456@hotmail.com  # 仅用于初次使用，注册您的电子邮件地址并同意使用条款，指定有效的电子邮件地址(用于紧急续订和安全通知)，（输入'c'取消）
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: a

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ktxsz.cn
http-01 challenge for www.ktxsz.cn
Using the webroot path /var/www/ktxsz/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/ktxsz.cn/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/ktxsz.cn/privkey.pem
   Your cert will expire on 2019-01-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

# 显示[Congratulations] 表示证书安装获取成功
# 则会在 [/etc/letsencrypt/live/(FQDN)/] 目录下创建如下文件

# cert.pem       ⇒ SSL Server cert(includes public-key)  SSLServer证书（包括公钥）
# chain.pem      ⇒ intermediate certificate   中间证书
# fullchain.pem  ⇒ combined file cert.pem and chain.pem   组合文件cert.pem和chain.pem
# privkey.pem    ⇒ private-key file     私钥文件


[root@www ~]# ll /etc/letsencrypt/live/ktxsz.cn
total 4
lrwxrwxrwx. 1 root root  32 Oct 25 09:00 cert.pem -> ../../archive/ktxsz.cn/cert1.pem
lrwxrwxrwx. 1 root root  33 Oct 25 09:00 chain.pem -> ../../archive/ktxsz.cn/chain1.pem
lrwxrwxrwx. 1 root root  37 Oct 25 09:00 fullchain.pem -> ../../archive/ktxsz.cn/fullchain1.pem
lrwxrwxrwx. 1 root root  35 Oct 25 09:00 privkey.pem -> ../../archive/ktxsz.cn/privkey1.pem
-rw-r--r--. 1 root root 682 Oct 25 09:00 README

(b)、没有 Web 服务器获取方法：

如果您的工作服务器上没有运行Web服务器，则可以使用Certbot的Web服务器功能获取证书。无论如何，由于来自Let's Encrypt的验证，它需要可以从因特网访问端口80上的工作服务器。

# 对于[--standalone]选项，请使用Certbot的Web服务器功能
# FQDN（完全限定域名）：Hostname.Domainname
# 如果您想获得超过2个FQDN的证书，请指定以下所有内容
# ex：if get [ktxsz.cn]和[www.ktxsz.cn]
# ⇒指定[-d ktxsz.cn -d www.ktxsz.cn]

[root@www ~]# certbot certonly --standalone -d mail.ktxsz.cn 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.ktxsz.cn
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/mail.ktxsz.cn/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/mail.ktxsz.cn/privkey.pem
   Your cert will expire on 2019-01-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

(3)、更新证书

(a)、手动更新

# 更新到期时间少于30天的所有证书
# 如果您要​​更新超过30天的证书，请添加[--force-renew]选项
[root @ www~]＃ certbot renew

(b)、自动定时申请更新证书

无论如何要记得更新证书这个事情还是很麻烦，那么certbot提供了一个自动为所有证书重新申请的命令，而且它是智能的，只申请七天内到期的证书

[root@www ~]# crontab -e
1 0 * * * /usr/sbin/ipUpdate.pl
0 0 * * 1 rm -r /var/log/dnsexit.log
0 2 * * * certbot renew # 每天02点去检查更新

[root@www ~]# systemctl restart crond

[2]、配置Nginx

# 在 server 部分添加如下
[root@www ~]# vi /etc/nginx/conf.d/ktxsz.conf # 可以全局(或者单个)nginx里server下添加
server {
 listen 80 default backlog=2048;
 listen [::]:80 ipv6only=on;
 listen 443 ssl;
 listen [::]:443 ssl ipv6only=on;
 server_name www.ktxsz.cn ktxsz.cn;
 charset utf-8;

# 开启 ssl ; 注释掉 ssl on; 表示http与https共存
# ssl on;
# 自建证书
# ssl_certificate /etc/nginx/ssl/server.crt;
# ssl_certificate_key /etc/nginx/ssl/server.key;

# 证书(公钥)位置
 ssl_certificate /etc/letsencrypt/live/ktxsz.cn/fullchain.pem;
# 私钥位置
 ssl_certificate_key /etc/letsencrypt/live/ktxsz.cn/privkey.pem;

# if ($server_port = 80) {
#  return 301 https://$server_name$request_uri;
#  }
# if ($scheme = http) {
#  return 301 https://$server_name$request_uri;
#  }
# error_page 497 https://$server_name$request_uri;

# 有https协议时自动使用https，否则忽略这个参数。 注： 在nginx 中 php 模块中设置
# fastcgi_param HTTPS $https if_not_empty;

# 依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码
 ssl_prefer_server_ciphers on;
# 指定密码为openssl支持的格式
 ssl_protocols   TLSv1 TLSv1.1 TLSv1.2;
# 密码加密方式
 ssl_ciphers   ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
# 参数是一个请求完成之后还要保持连接多久，不是请求时间多久，目的是保持长连接，减少创建连接过程给系统带来的性能损耗，类似于线程池，数据库连接池。                          
 keepalive_timeout 70m;
# 设置ssl/tls会话缓存的类型和大小。参数一般是shared，buildin可能会参数内存碎片，默认是none，和off差不多，停用缓存。如shared:SSL:10m表示 所有的nginx工作进程共享ssl会话缓存
 ssl_session_cache shared:SSL:10m;
# 客户端可以重用会话缓存中ssl参数的过期时间
 ssl_session_timeout 10m;

# 在使用ssl后访问，在一年内强制使用SSL访问(在不清除(更新)缓存情况下)
 add_header Strict_Transport_security max-age=63072000;
# 使用 X-Frame-Options 有三个可选的值：
#   1.DENY：浏览器拒绝当前页面加载任何Frame页面
#   2.SAMEORIGIN：frame页面的地址只能为同源域名下的页面
#   3.ALLOW-FROM：origin为允许frame加载的页面地址
 add_header X-Frame-Options DENY;
# 这是为了失效某些浏览器的内容类型探嗅
 add_header X-Content-Type-Options nosniff;

root /var/www/ktxsz/www/html;
index index.html index.htm;

location / {
 }

注： root + SCRIPT_FILENAME $document_root$fastcgi_script_name 与 alias + SCRIPT_FILENAM $request_filename 的区别

location /postfixadmin { # 此处末尾无 / 杠
    root /var/www/webmail/postfixadmin/public/;
    index index.php index.html index.htm;

    location ~* \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/run/php-fpm/www.sock;
        fastcgi_index index.php;
        fastcgi_param HTTPS $https if_not_empty;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include /etc/nginx/fastcgi_params;
    }
}

location /postfixadmin { # 此处末尾 / 杠可省略。当 /postfixadmin/ (尾部有 / 杠）时，要访问 mail.ktxsz.cc/postfixadmin/index.php 时，需要输入 mail.ktxsz.cc/postfixadmin/ 才能访问，否则出错。当 /postfixadmin  (尾部无 / 杠）时，要访问 mail.ktxsz.cc/postfixadmin/index.php 时，需要输入 mail.ktxsz.cc/postfixadmin 即可
    alias /var/www/webmail/postfixadmin/public/;
    index index.php index.html index.htm;

    location ~* \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/run/php-fpm/www.sock;
        fastcgi_index index.php;
        fastcgi_param HTTPS $https if_not_empty;
        fastcgi_param SCRIPT_FILENAME $request_filename;
        include /etc/nginx/fastcgi_params;
    }
}

location /postfixadmin/ { # 在使用 root 指向目录时，此处的末尾有 / 杠时，页面访问返回的结果为 //postfixadmin/*
    root /var/www/webmail/postfixadmin/public/;
    index index.php index.html index.htm;

    location ~* \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/run/php-fpm/www.sock;
        fastcgi_index index.php;
        fastcgi_param HTTPS $https if_not_empty;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include /etc/nginx/fastcgi_params;
    }
}

设置防火墙

[root@www ~]# firewall-cmd --add-service=https --permanent 
success
[root@www ~]# firewall-cmd --reload 
success

[4]、nginx 使用HTTP基本身份验证限制访问(用户认证配置（ Basic HTTP authentication）)

启用基本身份验证以限制对特定网页的访问。

数据库

1.MariaDB

设置安装源

源生成器网址： http://downloads.mariadb.org/mariadb/repositories/，本例选择的是 CentOS 7 86_64 的源 MariaDB 10.3 。复制如下代码到 /etc/yum.repos.d/MariaDB.repo

[root@web ~]# vi /etc/yum.repos.d/MariaDB.repo
# MariaDB 10.3 CentOS repository list - created 2018-12-04 01:59 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.3/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

安装MariaDB

[root@web ~]# yum -y install mariadb-server mariadb-client

查看mysql版本及目录

[root@web ~]# mysql -V
mysql  Ver 15.1 Distrib 10.3.11-MariaDB, for Linux (x86_64) using readline 5.1
[root@web ~]# which mysql
/usr/bin/mysql
[root@web ~]# which MariaDB
/usr/bin/which: no MariaDB in (/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/hnkk/.local/bin:/home/hnkk/bin)

初始化 MariaDB 及设置密码

[root@web ~]# systemctl start mariadb
[root@web ~]# systemctl enable mariadb
[root@web ~]# mysql_secure_installation # 初始化命令

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): # 回车
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y # 设置密码
New password:  # 输入新密码
Re-enter new password: # 再输入新密码
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y # 删除匿名用户？
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network. # 通常，只允许root用户从'localhost'连接。这可以确保有人无法猜测来自网络的root密码

Disallow root login remotely? [Y/n] y # 禁止远程登录？
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y # 删除测试数据库及它的访问权限？
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y # 现在重新加载权限表？
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

设置防火墙

[root@www ~]# firewall-cmd --permanent --add-service=mysql
success
[root@www ~]# firewall-cmd --reload
success

登陆数据库、查看用户、数据库及字符集（默认）

[root@web ~]# mysql -u root -p # 以 root 账号登入数据库
Enter password: # root 密码
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 10.3.11-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> SELECT user,host,password FROM mysql.user;
+------+-----------+-------------------------------------------+
| user | host      | password                                  |
+------+-----------+-------------------------------------------+
| root | localhost | *0F************************************** |
| root | 127.0.0.1 | *0F************************************** |
| root | ::1       | *0F************************************** |
+------+-----------+-------------------------------------------+
3 rows in set (0.000 sec)

MariaDB [(none)]> SHOW databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
3 rows in set (0.001 sec)

MariaDB [(none)]> SHOW variables like 'character%';
+--------------------------+----------------------------+
| Variable_name            | Value                      |
+--------------------------+----------------------------+
| character_set_client     | utf8                       |
| character_set_connection | utf8                       |
| character_set_database   | latin1                     |
| character_set_filesystem | binary                     |
| character_set_results    | utf8                       |
| character_set_server     | latin1                     |
| character_set_system     | utf8                       |
| character_sets_dir       | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.001 sec)
MariaDB [(none)]> exit 
Bye

设置数据库默认字符集

# 查看配置文件目录
[root@web ~]# ll /etc/my.cnf.d
total 12
-rw-r--r--. 1 root root  763 Nov 17 02:04 enable_encryption.preset
-rw-r--r--. 1 root root  232 Nov 17 02:04 mysql-clients.cnf
-rw-r--r--. 1 root root 1080 Nov 17 02:04 server.cnf

[root@web ~]# cp /etc/my.cnf.d/server.cnf /etc/my.cnf.d/server.cnf.back

# 设置默认字符串
[root@web ~]# vi /etc/my.cnf.d/server.cnf
#
# These groups are read by MariaDB server.
# Use it for options that only the server (but not clients) should see
#
# See the examples of server my.cnf files in /usr/share/mysql/
#

# this is read by the standalone daemon and embedded servers
[server]

# this is only for the mysqld standalone daemon
[mysqld]
init_connect = 'SET collation_connection = utf8_general_ci'   # 字面意思： 初始连接 = ‘ SET 整理连接 = utf8_general_ci’
init_connect = 'SET NAMES utf8'  # 字面意思： 初始连接 = ‘ SET 名称 ’
character_set_server = utf8  # 字面意思： 字符集服务器 = utf8
collation_server = utf8_general_ci  # 字面意思： 整理服务器
= utf8_general_ci

[mysqld_safe]
init_connect = 'SET collation_connection = utf8_general_ci'
init_connect = 'SET NAMES utf8'
character_set_server = utf8
collation_server = utf8_general_ci

#
# * Galera-related settings
#
[galera]
# Mandatory settings
#wsrep_on=ON
#wsrep_provider=
#wsrep_cluster_address=
#binlog_format=row
#default_storage_engine=InnoDB
#innodb_autoinc_lock_mode=2
#
# Allow server to accept connections on all interfaces.
#
#bind-address=0.0.0.0
#
# Optional setting
#wsrep_slave_threads=1
#innodb_flush_log_at_trx_commit=0

# this is only for embedded server
[embedded]

# This group is only read by MariaDB servers, not by MySQL.
# If you use the same .cnf file for MySQL and MariaDB,
# you can put MariaDB-only options here
[mariadb]

# This group is only read by MariaDB-10.3 servers.
# If you use the same .cnf file for MariaDB of different versions,
# use this group for options that older servers don't understand
[mariadb-10.3]

[root@web ~]# systemctl restart mariadb

# 查看配置结果
[root@web ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 10.3.11-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> SHOW variables like 'character%';
+--------------------------+----------------------------+
| Variable_name            | Value                      |
+--------------------------+----------------------------+
| character_set_client     | utf8                       |
| character_set_connection | utf8                       |
| character_set_database   | utf8                       |
| character_set_filesystem | binary                     |
| character_set_results    | utf8                       |
| character_set_server     | utf8                       |
| character_set_system     | utf8                       |
| character_sets_dir       | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.001 sec)

增加子账号、数据库及权限

创建方法

MariaDB [(none)]> CREATE USER 'dba'@'localhost' IDENTIFIED BY 'YourPasswordHere';  # dba 用户名； localhost 表示可访问地址，其值可为 localhost、127.0.0.1（表示只可本地地址访问）、% (表示任何IP地址可访问)、192.168.91.130（表示这个地址可以访问）、192.168.91.%（表示这个网址地址可访问）； YourPasswordHere 登陆密码（不同访问地址可以用不同密码）
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'dba'@'localhost'; # 设置用户访问权限； *.* ， 点前指的是数据库名，点后指的是表名；“ 'dba'@'localhost' ”，dba 是用户名，localhost 是通过 localhost 方式访问
MariaDB [(none)]> FLUSH PRIVILEGES; # 刷新权限
# 另一种写法：
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'dba'@'%'IDENTIFIED BY '123456' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES; # 刷新权限

实例

MariaDB [(none)]> CREATE USER 'root_user1'@'localhost' IDENTIFIED BY 'root123456';
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id:    9
Current database: *** NONE ***

Query OK, 0 rows affected (0.002 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'root_user1'@'localhost';
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> CREATE USER 'root_user2'@'localhost' IDENTIFIED BY 'root123456';
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON cs.* TO 'root_user2'@'localhost';
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> SELECT user,host,password FROM mysql.user;
+------------+-----------+-------------------------------------------+
| user       | host      | password                                  |
+------------+-----------+-------------------------------------------+
| root       | localhost | *0F************************************** |
| root       | 127.0.0.1 | *0F************************************** |
| root       | ::1       | *0F************************************** |
| root_user2 | localhost | *BF************************************** |
| root_user1 | localhost | *BF************************************** |
+------------+-----------+-------------------------------------------+
5 rows in set (0.000 sec)

MariaDB [(none)]> CREATE DATABASE cs; # 创建数据库
Query OK, 1 row affected (0.001 sec)

MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| cs                 |
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
4 rows in set (0.001 sec)

php安装配置

(方法一) yum 安装 php73-fpm (本例用php73)

安装前需要用到 epel-release 和 remi 源存储库

[root@web ~]# yum -y install epel-release # epel-release 源库
[root@web ~]# yum -y install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
或 [root@web ~]# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm （根据您的操作系统版本执行以下命令之一以安装Remi存储库）  # remi 源库 

安装 php7

您的系统已准备好从yum存储库进行PHP安装。根据您的要求，使用以下命令之一在系统上安装PHP 7.3或PHP 7.2或PHP 7.1。

## Install PHP 7.3 
[root@web ~]# yum --enablerepo=remi-php73 install php

## Install PHP 7.2 
[root@web ~]# yum --enablerepo=remi-php72 install php

## Install PHP 7.1 
[root@web ~]# yum --enablerepo=remi-php71 install php

安装 php 模块

您可能还需要根据应用程序要求安装其他PHP模块。 本例是安装 php-fpm 及其相关模块

### For PHP 7.3
[root@www ~]# yum --enablerepo=remi-php73 install php-mysqlnd php-xml php-soap php-xmlrpc php-mbstring php-json php-gd php-devel php-fpm

### For PHP 7.2
[root@www ~]# yum --enablerepo=remi-php72 install php-mysqlnd php-xml php-soap php-xmlrpc php-mbstring php-json php-gd php-devel php-fpm

### For PHP 7.1
[root@www ~]# yum --enablerepo=remi-php71 install php-mysqlnd php-xml php-soap php-xmlrpc php-mbstring php-json php-gd php-devel php-fpm

您可以运行以下命令来搜索配置的yum存储库下的其他可用PHP模块。下面的示例命令搜索PHP 7.3的所有模块。

[root@www ~]# yum --enablerepo=remi-php73 search php73

启动服务和开机启动服务设置

[root@www ~]# systemctl enable php-fpm
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.
[root@www ~]# systemctl start php-fpm

php 配置

php 配置 如同下例

(方法二) yum安装php72w-fpm (本例用php72w)

需要用到 epel-release和remi源来安装php

[root@web ~]# yum -y install epel-release
[root@web ~]# yum -y install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
[root@www ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

搜索安装包

[root@web ~]# yum search php72w    
Loaded plugins: fastestmirror, priorities   
Loading mirror speeds from cached hostfile    
 * base: mirrors.163.com    
 * epel: mirror1.ku.ac.th   
 * extras: mirrors.163.com    
 * remi-php73: mirror.awanti.com    
 * remi-safe: mirror.awanti.com   
 * updates: ftp.stu.edu.tw    
 * webtatic: uk.repo.webtatic.com   
385 packages excluded due to repository priority protections    
========================================================== N/S matched: php72w ===========================================================  
mod_php72w.x86_64:ApacheHTTPServer的PHP模块
php72w-bcmath.x86_64:用于使用bcmath库的PHP应用程序的模块
php72w-cli.x86_64:PHP的命令行界面
php72w-common.x86_64:PHP的常用文件
php72w-dba.x86_64:PHP应用程序的数据库抽象层模块
php72w-devel.x86_64:构建PHP扩展所需的文件
php72w-embedded.x86_64:用于嵌入应用程序的PHP库
php72w-enchant.x86_64:为PHP应用程序附加拼写扩展
php72w-fpm.x86_64:PHPFastCGI流程管理器
php72w-gd.x86_64:用于使用gd图形库的PHP应用程序的模块
php72w-imap.x86_64:用于使用IMAP的PHP应用程序的模块
php72w-interbase.x86_64:用于使用Interbase/Firebird数据库的PHP应用程序的模块
php72w-intl.x86_64:PHP应用程序的国际化扩展
php72w-ldap.x86_64:用于使用LDAP的PHP应用程序的模块
php72w-mbstring.x86_64:一个需要多字节字符串处理的PHP应用程序模块
php72w-mysql.x86_64:用于使用MySQL数据库的PHP应用程序的模块
php72w-mysqlnd.x86_64:用于使用MySQL数据库的PHP应用程序的模块
php72w-odbc.x86_64:用于使用ODBC数据库的PHP应用程序的模块
php72w-opcache.x86_64:操作码缓存Zend扩展
php72w-pdo.x86_64:用于PHP应用程序的数据库访问抽象模块
php72w-pdo_dblib.x86_64:用于PHP的MSSQL数据库模块
php72w-pear.noarch:PHP扩展和应用程序存储库框架
php72w-pecl-apcu.x86_64:APCu-APC用户缓存
php72w-pecl-apcu-devel.x86_64:APCu开发者文件（标题）
php72w-pecl-geoip.x86_64:将IP地址映射到地理位置的扩展
php72w-pecl-igbinary.x86_64:替换标准PHP序列化程序
php72w-pecl-igbinary-devel.x86_64:Igbinary开发者文件（标题）
php72w-pecl-imagick.x86_64:为ImageMagick库提供包装器
php72w-pecl-imagick-devel.x86_64:Imagick开发者文件（标题）
php72w-pecl-libsodium.x86_64:Sodium加密库的包装器
php72w-pecl-memcached.x86_64:扩展以使用Memcached缓存守护进程
php72w-pecl-mongodb.x86_64:PECL包MongoDB驱动
php72w-pecl-redis.x86_64:与Redis键值存储通信的扩展
php72w-pecl-xdebug.x86_64:用于调试PHP脚本的PECL包
php72w-pgsql.x86_64:用于PHP的PostgreSQL数据库模块
php72w-phpdbg.x86_64:交互式PHP调试器
php72w-process.x86_64:使用系统进程接口的PHP脚本模块
php72w-pspell.x86_64:用于使用pspell接口的PHP应用程序的模块
php72w-recode.x86_64:用于使用重新编码库的PHP应用程序的模块
php72w-snmp.x86_64:用于查询受SNMP管理的设备的PHP应用程序的模块
php72w-soap.x86_64:用于使用SOAP协议的PHP应用程序的模块
php72w-sodium.x86_64:钠加密库的包装器
php72w-tidy.x86_64:标准PHP模块提供整洁的库支持
php72w-xml.x86_64:用于使用XML的PHP​​应用程序的模块
php72w-xmlrpc.x86_64:用于使用XML-RPC协议的PHP应用程序的模块
   
  Name and summary matches only, use "search all" for everything.   

php72w 安装

[root@web ~]# yum -y install php72w-mysqlnd php72w-xml php72w-soap php72w-xmlrpc
[root@web ~]# yum -y install php72w-mbstring php72w-json php72w-gd php72w-devel # php72w-mcrypt 从php71开始废弃
[root@web ~]# yum -y install php72w-fpm

[root@web ~]# systemctl start php-fpm
[root@web ~]# systemctl enable php-fpm
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.

配置www.conf

[root@web ~]# cp /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.conf.back # 备份
[root@web ~]# vi /etc/php-fpm.d/www.conf
; Start a new pool named 'www'.
[www]

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = nginx # 由apache改为nginx,以适用于nginx服务器，nginx服务器的默认Web目录用户名和群组名为nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx # 由apache改为nginx,以适用于nginx服务器，nginx服务器的默认Web目录用户名和群组名为nginx

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
;                            a specific port;
;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all addresses
;                            (IPv6 and IPv4-mapped) on a specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000

; Set listen(2) backlog.
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 511

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
;listen.owner = nobody
;listen.group = nobody
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =

; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
listen.allowed_clients = 127.0.0.1

; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
;       - The pool processes will inherit the master process priority
;         unless it specified otherwise
; Default Value: no set
; process.priority = -19

; Choose how the process manager will control the number of child processes.
; Possible Values:
;   static  - a fixed number (pm.max_children) of child processes;
;   dynamic - the number of child processes are set dynamically based on the
;             following directives. With this process management, there will be
;             always at least 1 children.
;             pm.max_children      - the maximum number of children that can
;                                    be alive at the same time.
;             pm.start_servers     - the number of children created on startup.
;             pm.min_spare_servers - the minimum number of children in 'idle'
;                                    state (waiting to process). If the number
;                                    of 'idle' processes is less than this
;                                    number then some children will be created.
;             pm.max_spare_servers - the maximum number of children in 'idle'
;                                    state (waiting to process). If the number
;                                    of 'idle' processes is greater than this
;                                    number then some children will be killed.
;  ondemand - no children are created at startup. Children will be forked when
;             new requests will connect. The following parameter are used:
;             pm.max_children           - the maximum number of children that
;                                         can be alive at the same time.
;             pm.process_idle_timeout   - The number of seconds after which
;                                         an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic

; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 50

; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 5

; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 5

; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 35

; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;

; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500

; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
;   pool                 - the name of the pool;
;   process manager      - static, dynamic or ondemand;
;   start time           - the date and time FPM has started;
;   start since          - number of seconds since FPM has started;
;   accepted conn        - the number of request accepted by the pool;
;   listen queue         - the number of request in the queue of pending
;                          connections (see backlog in listen(2));
;   max listen queue     - the maximum number of requests in the queue
;                          of pending connections since FPM has started;
;   listen queue len     - the size of the socket queue of pending connections;
;   idle processes       - the number of idle processes;
;   active processes     - the number of active processes;
;   total processes      - the number of idle + active processes;
;   max active processes - the maximum number of active processes since FPM
;                          has started;
;   max children reached - number of times, the process limit has been reached,
;                          when pm tries to start more children (works only for
;                          pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
;   pool:                 www
;   process manager:      static
;   start time:           01/Jul/2011:17:53:49 +0200
;   start since:          62636
;   accepted conn:        190460
;   listen queue:         0
;   max listen queue:     1
;   listen queue len:     42
;   idle processes:       4
;   active processes:     11
;   total processes:      15
;   max active processes: 12
;   max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
;   http://www.foo.bar/status
;   http://www.foo.bar/status?json
;   http://www.foo.bar/status?html
;   http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
;   http://www.foo.bar/status?full
;   http://www.foo.bar/status?json&full
;   http://www.foo.bar/status?html&full
;   http://www.foo.bar/status?xml&full
; The Full status returns for each process:
;   pid                  - the PID of the process;
;   state                - the state of the process (Idle, Running, ...);
;   start time           - the date and time the process has started;
;   start since          - the number of seconds since the process has started;
;   requests             - the number of requests the process has served;
;   request duration     - the duration in µs of the requests;
;   request method       - the request method (GET, POST, ...);
;   request URI          - the request URI with the query string;
;   content length       - the content length of the request (only with POST);
;   user                 - the user (PHP_AUTH_USER) (or '-' if not set);
;   script               - the main script called (or '-' if not set);
;   last request cpu     - the %cpu the last request consumed
;                          it's always 0 if the process is not in Idle state
;                          because CPU calculation is done when the request
;                          processing has terminated;
;   last request memory  - the max amount of memory the last request consumed
;                          it's always 0 if the process is not in Idle state
;                          because memory calculation is done when the request
;                          processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
;   ************************
;   pid:                  31330
;   state:                Running
;   start time:           01/Jul/2011:17:53:49 +0200
;   start since:          63087
;   requests:             12808
;   request duration:     1250261
;   request method:       GET
;   request URI:          /test_mem.php?N=10000
;   content length:       0
;   user:                 -
;   script:               /home/fat/web/docs/php/test_mem.php
;   last request cpu:     0.00
;   last request memory:  0
;
; Note: There is a real-time FPM status monitoring sample web page available
;       It's available in: @EXPANDED_DATADIR@/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
;       anything, but it may not be a good idea to use the .php extension or it
;       may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status

; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
;       anything, but it may not be a good idea to use the .php extension or it
;       may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping

; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong

; The access log file
; Default: not set
;access.log = log/$pool.access.log

; The access log format.
; The following syntax is allowed
;  %%: the '%' character
;  %C: %CPU used by the request
;      it can accept the following format:
;      - %{user}C for user CPU only
;      - %{system}C for system CPU only
;      - %{total}C  for user + system CPU (default)
;  %d: time taken to serve the request
;      it can accept the following format:
;      - %{seconds}d (default)
;      - %{miliseconds}d
;      - %{mili}d
;      - %{microseconds}d
;      - %{micro}d
;  %e: an environment variable (same as $_ENV or $_SERVER)
;      it must be associated with embraces to specify the name of the env
;      variable. Some exemples:
;      - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
;      - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
;  %f: script filename
;  %l: content-length of the request (for POST request only)
;  %m: request method
;  %M: peak of memory allocated by PHP
;      it can accept the following format:
;      - %{bytes}M (default)
;      - %{kilobytes}M
;      - %{kilo}M
;      - %{megabytes}M
;      - %{mega}M
;  %n: pool name
;  %o: output header
;      it must be associated with embraces to specify the name of the header:
;      - %{Content-Type}o
;      - %{X-Powered-By}o
;      - %{Transfert-Encoding}o
;      - ....
;  %p: PID of the child that serviced the request
;  %P: PID of the parent of the child that serviced the request
;  %q: the query string
;  %Q: the '?' character if query string exists
;  %r: the request URI (without the query string, see %q and %Q)
;  %R: remote IP address
;  %s: status (response code)
;  %t: server time the request was received
;      it can accept a strftime(3) format:
;      %d/%b/%Y:%H:%M:%S %z (default)
;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
;  %T: time the log has been written (the request has finished)
;      it can accept a strftime(3) format:
;      %d/%b/%Y:%H:%M:%S %z (default)
;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
;  %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"

; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/php-fpm/www-slow.log

; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0

; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0

; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024

; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0

; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: chrooting is a great security feature and should be used whenever
;       possible. However, all PHP paths will be relative to the chroot
;       (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =

; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www

; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes

; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no

; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7

; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
;   php_value/php_flag             - you can set classic ini defines which can
;                                    be overwritten from PHP call 'ini_set'.
;   php_admin_value/php_admin_flag - these directives won't be overwritten by
;                                     PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.

; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.

; Default Value: nothing is defined by default except the values in php.ini and
;                specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 128M

; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path]    = /var/lib/php/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache

配置 nginx.conf 文件

[root@web ~]# vi /etc/nginx/nginx.conf
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on; # 上传文件
    tcp_nopush          on;
    tcp_nodelay         on;
    server_tokens       off; # 隐藏http头文件(header)中 nginx 版本号，禁用phpinfo中版本另外设置
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }

# php 文件设置
        location ~ \.php$ {
            fastcgi_pass 127.0.0.1:9000;
            #root /var/www/ktxsz/www/html; # 如上面 root 项是在 location 里面，需要此项；如果是全局的可省略。
            #fastcgi_index index.php; # 在 nginx 全局配置可省略此项。 
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info; # 此项可以使用自定义变量
            include fastcgi_params;
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }
}

隐藏 php 版本号

[root@web ~]# find / -name php.ini
/etc/php.ini
[root@web ~]# vi /etc/php.ini
1 [PHP]     
2       
3 ;;;;;;;;;;;;;;;;;;;     
4 ; About php.ini   ;     
5 ;;;;;;;;;;;;;;;;;;;     
6 ; PHP's initialization file, generally called php.ini, is responsible for 
7 ; configuring many of the aspects of PHP's behavior.  #  PHP的初始化文件，通常称为php.ini，负责配置PHP行为的许多方面。  
8       
9 ; PHP attempts to find and load this configuration from a number of locations.  #  ; PHP尝试从多个位置查找和加载此配置。 
10 ; The following is a summary of its search order:  #  ;以下是其搜索顺序的摘要： 
11 ; 1. SAPI module specific location.  #  ; 1. SAPI模块的具体位置。 
12 ; 2. The PHPRC environment variable. (As of PHP 5.2.0) #  ; 2. PHPRC环境变量。 （自PHP 5.2.0起） 
13 ; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) #  ; 3. Windows上的许多预定义注册表项（从PHP 5.2.0开始） 
14 ; 4. Current working directory (except CLI)  #  ; 4.当前工作目录（CLI除外） 
15 ; 5. The web server's directory (for SAPI modules), or directory of PHP  
16 ; (otherwise in Windows) #  ; 5. Web服务器的目录（用于SAPI模块）或PHP目录（否则在Windows中） 
17 ; 6. The directory from the --with-config-file-path compile time option, or the  
18 ; Windows directory (C:\windows or C:\winnt) #  ; 6. --with-config-file-path编译时选项或Windows目录（C:\windows 或 C:\winnt）中的目录  
19 ; See the PHP docs for more specific information.  #  ;有关更多具体信息，请参阅PHP文档。 
20 ; http://php.net/configuration.file  
21      
22 ; The syntax of the file is extremely simple.  Whitespace and lines  
23 ; beginning with a semicolon are silently ignored (as you probably guessed). #  ;该文件的语法非常简单。 以分号开头的空格和行被默默忽略（正如您可能猜到的那样）。 
24 ; Section headers (e.g. [Foo]) are also silently ignored, even though  
25 ; they might mean something in the future. #  ;节标题（例如[Foo]）也会被默默忽略，即使它们将来可能意味着什么。  
26      
27 ; Directives following the section heading [PATH=/www/mysite] only 
28 ; apply to PHP files in the /www/mysite directory.  Directives 
29 ; following the section heading [HOST=www.example.com] only apply to
30 ; PHP files served from www.example.com.  Directives set in these 
31 ; special sections cannot be overridden by user-defined INI files or 
32 ; at runtime. Currently, [PATH=] and [HOST=] sections only work under  
33 ; CGI/FastCGI. #  ;标题[PATH=/www/mysite]部分后面的指令仅适用于/www/mysite目录中的PHP文件。 标题[HOST=www.example.com]之后的指令仅适用于www.example.com提供的PHP文件。 用户定义的INI文件或运行时不能覆盖这些特殊部分中设置的指令。 目前，[PATH=]和[HOST=]部分仅在CGI/FastCGI下工作。
34 ; http://php.net/ini.sections  
35      
36 ; Directives are specified using the following syntax: #  ;使用以下语法指定指令：  
37 ; directive = value  #  ;指令=值 
38 ; Directive names are *case sensitive* - foo=bar is different from FOO=bar.  #  ;指令名称*区分大小写*  -  foo = bar与FOO = bar不同。 
39 ; Directives are variables used to configure PHP or PHP extensions.  #  ;指令是用于配置PHP或PHP扩展的变量。 
40 ; There is no name validation.  If PHP can't find an expected  #  ;没有名称验证。如果PHP找不到预期的 
41 ; directive because it is not set or is mistyped, a default value will be used.  #  ;指令因为未设置或输入错误，将使用默认值。 
42      
43 ; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one  #  ;该值可以是字符串，数字，PHP常量（例如E_ALL或M_PI），1  
44 ; of the INI constants (On, Off, True, False, Yes, No and None) or an expression #  ; INI常量（On，Off，True，False，Yes，No和None）或表达式  
45 ; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a #  ; （例如E_ALL＆~E_NOTICE），带引号的字符串（“bar”）或对a的引用  
46 ; previously set variable or directive (e.g. ${foo}) #  ;以前设置的变量或指令（例如$ {foo}）  
47      
48 ; Expressions in the INI file are limited to bitwise operators and parentheses:  #  ; INI文件中的表达式仅限于按位运算符和括号：  
49 ; |  bitwise OR  #  ; |按位OR 
50 ; ^  bitwise XOR #  ; ^按位异或 
51 ; &  bitwise AND #  ; ＆按位AND  
52 ; ~  bitwise NOT #  ; 〜按位NOT  
53 ; !  boolean NOT #  ; ！布尔NOT  
54      
55 ; Boolean flags can be turned on using the values 1, On, True or Yes.  #  ;可以使用值1，On，True或Yes打开布尔标志。  
56 ; They can be turned off using the values 0, Off, False or No. #  ;可以使用值0，Off，False或No.关闭它们。  
57      
58 ; An empty string can be denoted by simply not writing anything after the equal  #  ;可以通过简单地在等于之后不写任何东西来表示空字符串  
59 ; sign, or by using the None keyword:  #  ;签名，或使用None关键字： 
60      
61 ;  foo =         ; sets foo to an empty string #  ; foo =;将foo设置为空字符串 
62 ;  foo = None    ; sets foo to an empty string #  ; foo =无;将foo设置为空字符串  
63 ;  foo = "None"  ; sets foo to the string 'None' #  ; foo =“无”;将foo设置为字符串'None' 
64      
65 ; If you use constants in your value, and these constants belong to a  #  ;如果在值中使用常量，则这些常量属于a 
66 ; dynamically loaded extension (either a PHP extension or a Zend extension), #  ;动态加载的扩展（PHP扩展或Zend扩展）， 
67 ; you may only use these constants *after* the line that loads the extension.  #  ;你只能在加载扩展名的行之后使用这些常量*。  
68      
69 ;;;;;;;;;;;;;;;;;;;  
70 ; About this file ;  #  ;关于这个文件;  
71 ;;;;;;;;;;;;;;;;;;;  
72 ; PHP comes packaged with two INI files. One that is recommended to be used  
73 ; in production environments and one that is recommended to be used in 
74 ; development environments.  #  PHP附带两个INI文件。 建议在生产环境中使用的一个，建议在开发环境中使用的一个。  
75      
76 ; php.ini-production contains settings which hold security, performance and  #  ; php.ini-production包含保存安全性，性能和设置的设置  
77 ; best practices at its core. But please be aware, these settings may break  #  ;最佳实践的核心。但请注意，这些设置可能会中断 
78 ; compatibility with older or less security conscience applications. We  #  ;与较旧或较低安全性良知应用程序的兼容性。我们 
79 ; recommending using the production ini in production and testing environments.  #  ;建议在生产和测试环境中使用生产ini。  
80      
81 ; php.ini-development is very similar to its production variant, except it is  #  ; php.ini-development与它的生产变体非常相似，除了它  
82 ; much more verbose when it comes to errors. We recommend using the  #  ;当涉及到错误时，更加冗长。我们建议使用  
83 ; development version only in development environments, as errors shown to #  ;开发版本仅在开发环境中显示为错误 
84 ; application users can inadvertently leak otherwise secure information. #  ;应用程序用户可能会无意中泄露其他安全信息。  
85      
86 ; This is php.ini-production INI file. #  ;这是php.ini-production INI文件。  
87      
88 ;;;;;;;;;;;;;;;;;;;  
89 ; Quick Reference ;  #  ;快速参考 ; 
90 ;;;;;;;;;;;;;;;;;;;  
91 ; The following are all the settings which are different in either the production  #  ;以下是生产中不同的所有设置  
92 ; or development versions of the INIs with respect to PHP's default behavior.  #  ;或者关于PHP默认行为的INI的开发版本。  
93 ; Please see the actual settings later in the document for more details as to why  #  ;有关原因的更多详细信息，请参阅文档后面的实际设置 
94 ; we recommend these changes in PHP's behavior.  #  ;我们建议在PHP的行为中进行这些更改。  
95      
96 ; display_errors #    
97 ;   Default Value: On  #  ;默认值：开  
98 ;   Development Value: On  #  ;发展价值：开启  
99 ;   Production Value: Off  #  ;产值：关闭  
100       
101 ; display_startup_errors  #    
102 ;   Default Value: Off  #  ;默认值：关闭 
103 ;   Development Value: On #  ;发展价值：开启  
104 ;   Production Value: Off #  ;产值：关闭  
105       
106 ; error_reporting #    
107 ;   Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED  #  ;默认值：E_ALL＆~E_NOTICE＆~E_STRICT＆~E_DEPRECATED  
108 ;   Development Value: E_ALL  #  ;发展价值：E_ALL 
109 ;   Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT #  ;产值：E_ALL＆~E_DEPRECATED＆~E_STRICT 
110       
111 ; html_errors #   
112 ;   Default Value: On #  ;默认值：开  
113 ;   Development Value: On #  ;发展价值：开启  
114 ;   Production value: On  #  ;产值：开 
115       
116 ; log_errors  #    
117 ;   Default Value: Off  #  ;默认值：关闭 
118 ;   Development Value: On #  ;发展价值：开启  
119 ;   Production Value: On  #  ;产值：开 
120       
121 ; max_input_time  #    
122 ;   Default Value: -1 (Unlimited) #  ;默认值：-1（无限制）  
123 ;   Development Value: 60 (60 seconds)  #  ;开发价值：60（60秒） 
124 ;   Production Value: 60 (60 seconds) #  ;产值：60（60秒） 
125       
126 ; output_buffering  #    
127 ;   Default Value: Off  #  ;默认值：关闭 
128 ;   Development Value: 4096 #  ;发展价值：4096  
129 ;   Production Value: 4096  #  ;产值：4096  
130       
131 ; register_argc_argv  #    
132 ;   Default Value: On #  ;默认值：开  
133 ;   Development Value: Off  #  ;发展价值：关闭  
134 ;   Production Value: Off #  ;产值：关闭  
135       
136 ; request_order #   
137 ;   Default Value: None #  ;默认值：无  
138 ;   Development Value: "GP" #  ;发展价值：“GP”  
139 ;   Production Value: "GP"  #  ;产值：“GP”  
140       
141 ; session.gc_divisor  #    
142 ;   Default Value: 100  #  ;默认值：100  
143 ;   Development Value: 1000 #  ;发展价值：1000  
144 ;   Production Value: 1000  #  ;产值：1000  
145       
146 ; session.hash_bits_per_character #   
147 ;   Default Value: 4  #  ;默认值：4  
148 ;   Development Value: 5  #  ;发展价值：5 
149 ;   Production Value: 5 #  ;产值：5 
150       
151 ; short_open_tag  #   
152 ;   Default Value: On #  ;默认值：开  
153 ;   Development Value: Off  #  ;发展价值：关闭  
154 ;   Production Value: Off #  ;产值：关闭  
155       
156 ; track_errors  #    
157 ;   Default Value: Off  #  ;默认值：关闭 
158 ;   Development Value: On #  ;发展价值：开启  
159 ;   Production Value: Off #  ;产值：关闭  
160       
161 ; url_rewriter.tags #   
162 ;   Default Value: "a=href,area=href,frame=src,form=,fieldset=" #  ;默认值：“a = href，area = href，frame = src，form =，fieldset =” 
163 ;   Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"  #  ;开发价值：“a = href，area = href，frame = src，input = src，form = fakeentry” 
164 ;   Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" #  ;产值：“a = href，area = href，frame = src，input = src，form = fakeentry” 
165       
166 ; variables_order #   
167 ;   Default Value: "EGPCS"  #  ;默认值：“EGPCS”  
168 ;   Development Value: "GPCS" #  ;发展价值：“GPCS”  
169 ;   Production Value: "GPCS"  #  ;产值：“GPCS”  
170       
171 ;;;;;;;;;;;;;;;;;;;;  
172 ; php.ini Options  ;  #  ; php.ini选项;  
173 ;;;;;;;;;;;;;;;;;;;;  
174 ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" #  ;用户定义的php.ini（.htaccess）文件的名称。默认为“.user.ini”  
175 ;user_ini.filename = ".user.ini"  #  ; user_ini.filename =“。user.ini”  
176       
177 ; To disable this feature set this option to empty value  #  ;要禁用此功能，请将此选项设置为空值  
178 ;user_ini.filename =  #  ; user_ini.filename = 
179       
180 ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)  #  ;用户定义的php.ini文件的TTL（生存时间），以秒为单位。默认为300秒（5分钟）  
181 ;user_ini.cache_ttl = 300 #  ; user_ini.cache_ttl = 300  
182       
183 ;;;;;;;;;;;;;;;;;;;;  
184 ; Language Options ;  #  ;语言选择;  
185 ;;;;;;;;;;;;;;;;;;;;  
186       
187 ; Enable the PHP scripting language engine under Apache.  #  ;在Apache下启用PHP脚本语言引擎。 
188 ; http://php.net/engine #  ; http://php.net/engine 
189 engine = On #  engine =开 
190       
191 ; This directive determines whether or not PHP will recognize code between  #  ;该指令确定PHP是否识别之间的代码  
192 ; >? and ?< tags as PHP source which should be processed as such. It is #  ; >？和？<标签作为PHP源，应该这样处理。它是 
193 ; generally recommended that >?php and ?< should be used and that this feature  #  ;一般建议应该使用>？php和？<这个功能 
194 ; should be disabled, as enabling it may result in issues when generating XML #  ;应该被禁用，因为在生成XML时启用它可能会导致问题  
195 ; documents, however this remains supported for backward compatibility reasons. #  ;但是出于向后兼容的原因，这仍然受到支持。 
196 ; Note that this directive does not control the >?= shorthand tag, which can be  #  ;请注意，该指令不控制>？=速记标记，它可以是  
197 ; used regardless of this directive.  #  ;无论此指令如何使用。 
198 ; Default Value: On #  ;默认值：开  
199 ; Development Value: Off  #  ;发展价值：关闭  
200 ; Production Value: Off #  ;产值：关闭  
201 ; http://php.net/short-open-tag #  ; http://php.net/short-open-tag 
202 short_open_tag = Off  #  short_open_tag =关闭  
203       
204 ; The number of significant digits displayed in floating point numbers. #  ;浮点数中显示的有效位数。 
205 ; http://php.net/precision  #  ; http://php.net/precision  
206 precision = 14  #  精度= 14  
207       
208 ; Output buffering is a mechanism for controlling how much output data  #  ;输出缓冲是一种控制输出数据量的机制  
209 ; (excluding headers and cookies) PHP should keep internally before pushing that  #  ; （不包括标题和cookie）在推送之前，PHP应该保留在内部  
210 ; data to the client. If your application's output exceeds this setting, PHP  #  ;数据到客户端。如果您的应用程序的输出超过此设置，则为PHP  
211 ; will send that data in chunks of roughly the size you specify.  #  ;将以大约您指定大小的块发送该数据。  
212 ; Turning on this setting and managing its maximum buffer size can yield some #  ;打开此设置并管理其最大缓冲区大小可以产生一些 
213 ; interesting side-effects depending on your application and web server.  #  ;有趣的副作用取决于您的应用程序和Web服务器。  
214 ; You may be able to send headers and cookies after you've already sent output  #  ;在您已经发送输出后，您可以发送标题和Cookie 
215 ; through print or echo. You also may see performance benefits if your server is  #  ;通过打印或回声。如果您的服务器是，您也可能会看到性能优势 
216 ; emitting less packets due to buffered output versus PHP streaming the output  #  ;由于缓冲输出而不是PHP流输出，所以发出更少的数据包 
217 ; as it gets it. On production servers, 4096 bytes is a good setting for performance  #  ;因为它得到它。在生产服务器上，4096字节是一个很好的性能设置  
218 ; reasons.  #  ;原因。  
219 ; Note: Output buffering can also be controlled via Output Buffering Control  #  ;注意：输出缓冲也可以通过输出缓冲控制来控制  
220 ;   functions.  #  ;功能。  
221 ; Possible Values:  #  ;可能的值：  
222 ;   On = Enabled and buffer is unlimited. (Use with caution)  #  ;开=启用，缓冲区无限制。 （谨慎使用）  
223 ;   Off = Disabled  #  ;关=禁用 
224 ;   Integer = Enables the buffer and sets its maximum size in bytes.  #  ; Integer =启用缓冲区并设置其最大大小（以字节为单位）。 
225 ; Note: This directive is hardcoded to Off for the CLI SAPI #  ;注意：对于CLI SAPI，此指令硬编码为Off 
226 ; Default Value: Off  #  ;默认值：关闭 
227 ; Development Value: 4096 #  ;发展价值：4096  
228 ; Production Value: 4096  #  ;产值：4096  
229 ; http://php.net/output-buffering #   
230 output_buffering = 4096 #   
231       
232 ; You can redirect all of the output of your scripts to a function.  For  #  ;您可以将脚本的所有输出重定向到函数。对于 
233 ; example, if you set output_handler to "mb_output_handler", character  #  ;例如，如果将output_handler设置为“mb_output_handler”，则为字符  
234 ; encoding will be transparently converted to the specified encoding. #  ;编码将透明地转换为指定的编码。  
235 ; Setting any output handler automatically turns on output buffering. #  ;设置任何输出处理程序会自动打开输出缓冲。 
236 ; Note: People who wrote portable scripts should not depend on this ini #  ;注意：编写可移植脚本的人不应该依赖于此ini 
237 ;   directive. Instead, explicitly set the output handler using ob_start(). #  ;指示。相反，使用ob_start（）显式设置输出处理程序。  
238 ;   Using this ini directive may cause problems unless you know what script #  ;除非您知道脚本，否则使用此ini指令可能会导致问题  
239 ;   is doing. #  ;是在做。 
240 ; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler" #  ;注意：您不能同时使用“mb_output_handler”和“ob_iconv_handler” 
241 ;   and you cannot use both "ob_gzhandler" and "zlib.output_compression". #  ;并且您不能同时使用“ob_gzhandler”和“zlib.output_compression”。 
242 ; Note: output_handler must be empty if this is set 'On' !!!! #  ;注意：如果设置为“On”，则output_handler必须为空！  
243 ;   Instead you must use zlib.output_handler. #  ;相反，您必须使用zlib.output_handler。 
244 ; http://php.net/output-handler #  ; http://php.net/output-handler 
245 ;output_handler = #  ; output_handler =  
246       
247 ; Transparent output compression using the zlib library #  ;使用zlib库进行透明输出压缩  
248 ; Valid values for this option are 'off', 'on', or a specific buffer size #  ;此选项的有效值为“off”，“on”或特定缓冲区大小 
249 ; to be used for compression (default is 4KB) #  ;用于压缩（默认为4KB） 
250 ; Note: Resulting chunk size may vary due to nature of compression. PHP #  ;注意：由于压缩的性质，产生的块大小可能会有所不同。 PHP  
251 ;   outputs chunks that are few hundreds bytes each as a result of  #  ;输出由于每个数百字节的块 
252 ;   compression. If you prefer a larger chunk size for better #  ;压缩。如果你更喜欢更大的块大小  
253 ;   performance, enable output_buffering in addition. #  ;性能，另外启用output_buffering。 
254 ; Note: You need to use zlib.output_handler instead of the standard #  ;注意：您需要使用zlib.output_handler而不是标准 
255 ;   output_handler, or otherwise the output will be corrupted.  #  ; output_handler，否则输出将被破坏。  
256 ; http://php.net/zlib.output-compression  
257 zlib.output_compression = Off #  zlib.output_compression =关闭 
258       
259 ; http://php.net/zlib.output-compression-level  
260 ;zlib.output_compression_level = -1 #  ; zlib.output_compression_level = -1  
261       
262 ; You cannot specify additional output handlers if zlib.output_compression  #  ;如果zlib.output_compression，则无法指定其他输出处理程序  
263 ; is activated here. This setting does the same as output_handler but in  #  ;在这里激活。此设置与output_handler相同但在 
264 ; a different order.  #  ;不同的顺序。 
265 ; http://php.net/zlib.output-handler  #  ; http://php.net/zlib.output-handler  
266 ;zlib.output_handler =  #  ; zlib.output_handler = 
267       
268 ; Implicit flush tells PHP to tell the output layer to flush itself #  ;隐式刷新告诉PHP告诉输出层刷新自己 
269 ; automatically after every output block.  This is equivalent to calling the  #  ;每个输出块后自动。这相当于调用  
270 ; PHP function flush() after each and every call to print() or echo() and each  #  ; PHP函数flush（）在每次调用print（）或echo（）之后每次调用 
271 ; and every HTML block.  Turning this option on has serious performance #  ;和每个HTML块。启用此选项具有严重的性能  
272 ; implications and is generally recommended for debugging purposes only.  #  ;含义，通常建议仅用于调试目的。  
273 ; http://php.net/implicit-flush #  ; http://php.net/implicit-flush 
274 ; Note: This directive is hardcoded to On for the CLI SAPI  #  ;注意：对于CLI SAPI，此指令已硬编码为On 
275 implicit_flush = Off  #  implicit_flush =关闭  
276       
277 ; The unserialize callback function will be called (with the undefined class' #  ;将调用unserialize回调函数（使用未定义的类'  
278 ; name as parameter), if the unserializer finds an undefined class  #  ;如果反序列化器找到未定义的类，则命名为参数  
279 ; which should be instantiated. A warning appears if the specified function is  #  ;应该实例化。如果指定的功能是，则会出现警告  
280 ; not defined, or if the function doesn't include/implement the missing class.  #  ;未定义，或者函数不包含/实现缺少的类。  
281 ; So only set this entry, if you really want to implement such a  #  ;所以只有设置这个条目，如果你真的想实现这样一个  
282 ; callback-function.  #  ;回调函数。  
283 unserialize_callback_func = #  unserialize_callback_func = 
284       
285 ; When floats & doubles are serialized store serialize_precision significant  #  ;当浮点数和双精度序列化时，存储serialize_precision显着 
286 ; digits after the floating point. The default value ensures that when floats #  ;浮点后的数字。默认值确保浮动时  
287 ; are decoded with unserialize, the data will remain the same.  #  ;用unserialize解码，数据将保持不变。  
288 serialize_precision = 17  #  serialize_precision = 17  
289       
290 ; open_basedir, if set, limits all file operations to the defined directory #  ; open_basedir（如果已设置）将所有文件操作限制为已定义的目录 
291 ; and below.  This directive makes most sense if used in a per-directory  #  ;以下。如果在每个目录中使用，该指令最有意义  
292 ; or per-virtualhost web server configuration file. #  ;或每个虚拟主机Web服务器配置文件。 
293 ; http://php.net/open-basedir #  ; http://php.net/open-basedir 
294 ;open_basedir = #  ; open_basedir =  
295       
296 ; This directive allows you to disable certain functions for security reasons.  #  ;该指令允许您出于安全原因禁用某些功能。  
297 ; It receives a comma-delimited list of function names. #  ;它接收以逗号分隔的函数名列表。  
298 ; http://php.net/disable-functions  
299 disable_functions = phpinfo #  禁用 phpinfo 指针 
300       
301 ; This directive allows you to disable certain classes for security reasons.  #  ;该指令允许您出于安全原因禁用某些类。 
302 ; It receives a comma-delimited list of class names.  #  ;它接收以逗号分隔的类名列表。 
303 ; http://php.net/disable-classes  #  ; http://php.net/disable-classes  
304 disable_classes = #  disable_classes = 
305       
306 ; Colors for Syntax Highlighting mode.  Anything that's acceptable in #  ;语法高亮模式的颜色。任何可以接受的东西  
307 ; >span style="color: ???????"< would work. #  ; >span style =“color：???????”<会起作用。  
308 ; http://php.net/syntax-highlighting  #  ; http://php.net/syntax-highlighting  
309 ;highlight.string  = #DD0000  #  ; highlight.string =＃DD0000 
310 ;highlight.comment = #FF9900  #  ; highlight.comment =＃FF9900  
311 ;highlight.keyword = #007700  #  ; highlight.keyword =＃007700  
312 ;highlight.default = #0000BB  #  ; highlight.default =＃0000BB  
313 ;highlight.html    = #000000  #  ; highlight.html =＃000000 
314       
315 ; If enabled, the request will be allowed to complete even if the user aborts #  ;如果启用，即使用户中止，也将允许完成请求 
316 ; the request. Consider enabling it if executing long requests, which may end up  #  ;请求。如果执行可能最终的长请求，请考虑启用它 
317 ; being interrupted by the user or a browser timing out. PHP's default behavior #  ;被用户或浏览器超时中断。 PHP的默认行为  
318 ; is to disable this feature. #  ;是禁用此功能。  
319 ; http://php.net/ignore-user-abort  #  ; http://php.net/ignore-user-abort  
320 ;ignore_user_abort = On #  ; ignore_user_abort =开  
321       
322 ; Determines the size of the realpath cache to be used by PHP. This value should  #  ;确定PHP使用的实际路径缓存的大小。这个值应该  
323 ; be increased on systems where PHP opens many files to reflect the quantity of #  ;在PHP打开许多文件以反映数量的系统上增加  
324 ; the file operations performed.  #  ;执行的文件操作。 
325 ; http://php.net/realpath-cache-size  #  ; http://php.net/realpath-cache-size  
326 ;realpath_cache_size = 16k  #  ; realpath_cache_size = 16k 
327       
328 ; Duration of time, in seconds for which to cache realpath information for a given  #  ;缓存给定的实际路径信息的持续时间（以秒为单位）  
329 ; file or directory. For systems with rarely changing files, consider increasing this #  ;文件或目录。对于文件很少更改的系统，请考虑增加此值  
330 ; value.  #  ;值。 
331 ; http://php.net/realpath-cache-ttl #  ; http://php.net/realpath-cache-ttl 
332 ;realpath_cache_ttl = 120 #  ; realpath_cache_ttl = 120  
333       
334 ; Enables or disables the circular reference collector. #  ;启用或禁用循环引用收集器。  
335 ; http://php.net/zend.enable-gc #  ; http://php.net/zend.enable-gc 
336 zend.enable_gc = On #  zend.enable_gc =开 
337       
338 ; If enabled, scripts may be written in encodings that are incompatible with  #  ;如果启用，脚本可能使用与其不兼容的编码编写  
339 ; the scanner.  CP936, Big5, CP949 and Shift_JIS are the examples of such #  ;扫描仪。 CP936，Big5，CP949和Shift_JIS就是这样的例子 
340 ; encodings.  To use this feature, mbstring extension must be enabled.  #  ;编码。要使用此功能，必须启用mbstring扩展名。 
341 ; Default: Off  #  ;默认值：关闭 
342 ;zend.multibyte = Off #  ; zend.multibyte =关闭  
343       
344 ; Allows to set the default encoding for the scripts.  This value will be used  #  ;允许设置脚本的默认编码。将使用此值  
345 ; unless "declare(encoding=...)" directive appears at the top of the script.  #  ;除非“declare（encoding = ...）”指令出现在脚本的顶部。 
346 ; Only affects if zend.multibyte is set.  #  ;仅在设置了zend.multibyte时才会生效。  
347 ; Default: "" #  ;默认值：“” 
348 ;zend.script_encoding = #  ; zend.script_encoding =  
349       
350 ;;;;;;;;;;;;;;;;; 
351 ; Miscellaneous ; #  ;杂项;  
352 ;;;;;;;;;;;;;;;;;
353       
354 ; Decides whether PHP may expose the fact that it is installed on the server  
355 ; (e.g. by adding its signature to the Web server header).  It is no security 
356 ; threat in any way, but it makes it possible to determine whether you use PHP 
357 ; on your server or not.  #  决定PHP是否可以公开它安装在服务器上的事实（例如，通过将其签名添加到Web服务器头）。 它不是任何安全威胁，但它可以确定您是否在服务器上使用PHP。 
358 ; http://php.net/expose-php 
359 expose_php = Off #  由默认 On 改为 Off； 在web服务器头文件中隐藏php
360       
361 ;;;;;;;;;;;;;;;;;;; 
362 ; Resource Limits ; #  ;资源限制;  
363 ;;;;;;;;;;;;;;;;;;; 
364       
365 ; Maximum execution time of each script, in seconds #  ;每个脚本的最长执行时间，以秒为单位  
366 ; http://php.net/max-execution-time #  ; http://php.net/max-execution-time 
367 ; Note: This directive is hardcoded to 0 for the CLI SAPI #  ;注意：对于CLI SAPI，此伪指令硬编码为0  
368 max_execution_time = 30 #  max_execution_time = 30 
369       
370 ; Maximum amount of time each script may spend parsing request data. It's a good  #  ;每个脚本可能花费在解析请求数据上的最长时间。这很好  
371 ; idea to limit this time on productions servers in order to eliminate unexpectedly #  ;想要在制作服务器上限制这段时间以便意外消除  
372 ; long running scripts. #  ;长期运行的脚本。 
373 ; Note: This directive is hardcoded to -1 for the CLI SAPI  #  ;注意：对于CLI SAPI，此伪指令硬编码为-1 
374 ; Default Value: -1 (Unlimited) #  ;默认值：-1（无限制）  
375 ; Development Value: 60 (60 seconds)  #  ;开发价值：60（60秒） 
376 ; Production Value: 60 (60 seconds) #  ;产值：60（60秒） 
377 ; http://php.net/max-input-time #  ; http://php.net/max-input-time 
378 max_input_time = 60 #  max_input_time = 60 
379       
380 ; Maximum input variable nesting level  #  ;最大输入变量嵌套级别 
381 ; http://php.net/max-input-nesting-level  #  ; http://php.net/max-input-nesting-level  
382 ;max_input_nesting_level = 64 #  ; max_input_nesting_level = 64  
383       
384 ; How many GET/POST/COOKIE input variables may be accepted  #  ;可以接受多少GET / POST / COOKIE输入变量  
385 ; max_input_vars = 1000 #  ; max_input_vars = 1000 
386       
387 ; Maximum amount of memory a script may consume (128MB) #  ;脚本可能消耗的最大内存量（128MB）  
388 ; http://php.net/memory-limit #  ; http://php.net/memory-limit 
389 memory_limit = 128M #  memory_limit = 128M 
390       
391 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;  #  ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;  
392 ; Error handling and logging ;  #  ;错误处理和记录; 
393 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;  #  ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;  
394       
395 ; This directive informs PHP of which errors, warnings and notices you would like #  ;该指令通知PHP您需要哪些错误，警告和通知  
396 ; it to take action for. The recommended way of setting values for this #  ;它采取行动。为此设置值的推荐方法 
397 ; directive is through the use of the error level constants and bitwise #  ;指令是通过使用错误级别常量和按位 
398 ; operators. The error level constants are below here for convenience as well as  #  ;运营商。为方便起见，错误级别常量如下所示 
399 ; some common settings and their meanings.  #  ;一些常见的设置及其含义。 
400 ; By default, PHP is set to take action on all errors, notices and warnings EXCEPT  #  ;默认情况下，PHP设置为对所有错误，通知和警告执行操作除外  
401 ; those related to E_NOTICE and E_STRICT, which together cover best practices and #  ;那些与E_NOTICE和E_STRICT相关的内容，它们共同涵盖了最佳实践和 
402 ; recommended coding standards in PHP. For performance reasons, this is the #  ;推荐的PHP编码标准。出于性能原因，这是 
403 ; recommend error reporting setting. Your production server shouldn't be wasting  #  ;建议错误报告设置。您的生产服务器不应该浪费  
404 ; resources complaining about best practices and coding standards. That's what  #  ;资源抱怨最佳做法和编码标准。那是什么 
405 ; development servers and development settings are for. #  ;开发服务器和开发设置适用于。 
406 ; Note: The php.ini-development file has this setting as E_ALL. This  #  ;注意：php.ini-development文件的设置为E_ALL。这个 
407 ; means it pretty much reports everything which is exactly what you want during #  ;意味着它几乎报告了你想要的一切  
408 ; development and early testing.  #  ;开发和早期测试。 
409 ;     
410 ; Error Level Constants:  #  ;错误级别常量：  
411 ; E_ALL             - All errors and warnings (includes E_STRICT as of PHP 5.4.0) #  ; E_ALL  - 所有错误和警告（包括PHP 5.4.0中的E_STRICT） 
412 ; E_ERROR           - fatal run-time errors #  ; E_ERROR  - 致命的运行时错误 
413 ; E_RECOVERABLE_ERROR  - almost fatal run-time errors #  ; E_RECOVERABLE_ERROR  - 几乎致命的运行时错误 
414 ; E_WARNING         - run-time warnings (non-fatal errors)  #  ; E_WARNING  - 运行时警告（非致命错误） 
415 ; E_PARSE           - compile-time parse errors #  ; E_PARSE  - 编译时解析错误  
416 ; E_NOTICE          - run-time notices (these are warnings which often result #  ; E_NOTICE  - 运行时通知（这些通常是警告 
417 ;                     from a bug in your code, but it's possible that it was  #  ;从您的代码中的错误，但它可能是  
418 ;                     intentional (e.g., using an uninitialized variable and  #  ;故意的（例如，使用未初始化的变量和  
419 ;                     relying on the fact it is automatically initialized to an #  ;依赖于它自动初始化为一个事实 
420 ;                     empty string) #  ;空字符串）  
421 ; E_STRICT          - run-time notices, enable to have PHP suggest changes  #  ; E_STRICT  - 运行时通知，允许PHP建议更改 
422 ;                     to your code which will ensure the best interoperability  #  ;您的代码将确保最佳的互操作性 
423 ;                     and forward compatibility of your code  #  ;并转发代码的兼容性  
424 ; E_CORE_ERROR      - fatal errors that occur during PHP's initial startup  #  ; E_CORE_ERROR  -  PHP初始启动期间发生的致命错误 
425 ; E_CORE_WARNING    - warnings (non-fatal errors) that occur during PHP's #  ; E_CORE_WARNING  -  PHP期间发生的警告（非致命错误）  
426 ;                     initial startup #  ;初次启动 
427 ; E_COMPILE_ERROR   - fatal compile-time errors #  ; E_COMPILE_ERROR  - 致命的编译时错误 
428 ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)  #  ; E_COMPILE_WARNING  - 编译时警告（非致命错误） 
429 ; E_USER_ERROR      - user-generated error message  #  ; E_USER_ERROR  - 用户生成的错误消息 
430 ; E_USER_WARNING    - user-generated warning message  #  ; E_USER_WARNING  - 用户生成的警告消息 
431 ; E_USER_NOTICE     - user-generated notice message #  ; E_USER_NOTICE  - 用户生成的通知消息  
432 ; E_DEPRECATED      - warn about code that will not work in future versions #  ; E_DEPRECATED  - 警告将来版本无法使用的代码 
433 ;                     of PHP  #  ; PHP 
434 ; E_USER_DEPRECATED - user-generated deprecation warnings #  ; E_USER_DEPRECATED  - 用户生成的弃用警告  
435 ;     
436 ; Common Values:  #  ;共同价值观： 
437 ;   E_ALL (Show all errors, warnings and notices including coding standards.) #  ; E_ALL（显示所有错误，警告和通知，包括编码标准。） 
438 ;   E_ALL & ~E_NOTICE  (Show all errors, except for notices)  #  ; E_ALL＆~E_NOTICE（显示所有错误，通知除外）  
439 ;   E_ALL & ~E_NOTICE & ~E_STRICT  (Show all errors, except for notices and coding standards warnings.) #  ; E_ALL＆~E_NOTICE＆~E_STRICT（显示所有错误，通知和编码标准警告除外。）  
440 ;   E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR  (Show only errors)  #  ; E_COMPILE_ERROR | E_RECOVERABLE_ERROR | E_ERROR | E_CORE_ERROR（仅显示错误） 
441 ; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED  #  ;默认值：E_ALL＆~E_NOTICE＆~E_STRICT＆~E_DEPRECATED  
442 ; Development Value: E_ALL  #  ;发展价值：E_ALL 
443 ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT #  ;产值：E_ALL＆~E_DEPRECATED＆~E_STRICT 
444 ; http://php.net/error-reporting  #  ; http://php.net/error-reporting  
445 error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT #  error_reporting = E_ALL＆~E_DEPRECATED＆~E_STRICT 
446       
447 ; This directive controls whether or not and where PHP will output errors,  #  ;该指令控制PHP是否以及在何处输出错误， 
448 ; notices and warnings too. Error output is very useful during development, but #  ;通知和警告也是如此。错误输出在开发过程中非常有用，但是  
449 ; it could be very dangerous in production environments. Depending on the code  #  ;在生产环境中它可能非常危险。取决于代码  
450 ; which is triggering the error, sensitive information could potentially leak #  ;这会触发错误，敏感信息可能会泄漏 
451 ; out of your application such as database usernames and passwords or worse.  #  ;超出您的应用程序，如数据库用户名和密码或更糟。  
452 ; For production environments, we recommend logging errors rather than  #  ;对于生产环境，我们建议记录错误而不是 
453 ; sending them to STDOUT. #  ;将它们发送到STDOUT。  
454 ; Possible Values:  #  ;可能的值：  
455 ;   Off = Do not display any errors #  ;关=不显示任何错误  
456 ;   stderr = Display errors to STDERR (affects only CGI/CLI binaries!)  #  ; stderr =向STDERR显示错误（仅影响CGI / CLI二进制文件！） 
457 ;   On or stdout = Display errors to STDOUT #  ; On或stdout =向STDOUT显示错误  
458 ; Default Value: On #  ;默认值：开  
459 ; Development Value: On #  ;发展价值：开启  
460 ; Production Value: Off #  ;产值：关闭  
461 ; http://php.net/display-errors #  ; http://php.net/display-errors 
462 display_errors = Off  #  display_errors =关闭  
463       
464 ; The display of errors which occur during PHP's startup sequence are handled #  ;处理PHP启动序列期间发生的错误显示 
465 ; separately from display_errors. PHP's default behavior is to suppress those #  ;与display_errors分开。 PHP的默认行为是抑制它们 
466 ; errors from clients. Turning the display of startup errors on can be useful in  #  ;来自客户的错误。打开启动错误的显示可能很有用 
467 ; debugging configuration problems. We strongly recommend you #  ;调试配置问题。我们强烈推荐你 
468 ; set this to 'off' for production servers. #  ;为生产服务器将此设置为“关闭”。 
469 ; Default Value: Off  #  ;默认值：关闭 
470 ; Development Value: On #  ;发展价值：开启  
471 ; Production Value: Off #  ;产值：关闭  
472 ; http://php.net/display-startup-errors #  ; http://php.net/display-startup-errors 
473 display_startup_errors = Off  #  display_startup_errors =关闭  
474       
475 ; Besides displaying errors, PHP can also log errors to locations such as a #  ;除了显示错误外，PHP还可以将错误记录到诸如a之类的位置 
476 ; server-specific log, STDERR, or a location specified by the error_log #  ;特定于服务器的日志，STDERR或error_log指定的位置  
477 ; directive found below. While errors should not be displayed on productions  #  ;指令见于下文。虽然错误不应该在制作上显示 
478 ; servers they should still be monitored and logging is a great way to do that. #  ;服务器应该仍然受到监控，日志记录是一种很好的方法。  
479 ; Default Value: Off  #  ;默认值：关闭 
480 ; Development Value: On #  ;发展价值：开启  
481 ; Production Value: On  #  ;产值：开 
482 ; http://php.net/log-errors #  ; http://php.net/log-errors 
483 log_errors = On #  log_errors =开 
484       
485 ; Set maximum length of log_errors. In error_log information about the source is  #  ;设置log_errors的最大长度。在error_log中有关源的信息是 
486 ; added. The default is 1024 and 0 allows to not apply any maximum length at all. #  ;添加。默认值为1024，0允许不应用任何最大长度。  
487 ; http://php.net/log-errors-max-len #  ; http://php.net/log-errors-max-len 
488 log_errors_max_len = 1024 #  log_errors_max_len = 1024 
489       
490 ; Do not log repeated messages. Repeated errors must occur in same file on same #  ;不记录重复的消息。重复错误必须发生在同一个文件中 
491 ; line unless ignore_repeated_source is set true. #  ;除非ignore_repeated_source设置为true，否则为line。 
492 ; http://php.net/ignore-repeated-errors #  ; http://php.net/ignore-repeated-errors 
493 ignore_repeated_errors = Off  #  ignore_repeated_errors =关闭  
494       
495 ; Ignore source of message when ignoring repeated messages. When this setting #  ;忽略重复的消息时忽略消息源。当这个设置  
496 ; is On you will not log errors with repeated messages from different files or  #  ;打开您不会记录来自不同文件或重复消息的错误  
497 ; source lines. #  ;源线。  
498 ; http://php.net/ignore-repeated-source #  ; http://php.net/ignore-repeated-source 
499 ignore_repeated_source = Off  #  ignore_repeated_source =关闭  
500       
501 ; If this parameter is set to Off, then memory leaks will not be shown (on  #  ;如果此参数设置为Off，则不会显示内存泄漏（打开 
502 ; stdout or in the log). This has only effect in a debug compile, and if  #  ; stdout或在日志中）。这仅在调试编译中有效，如果  
503 ; error reporting includes E_WARNING in the allowed list  #  ;错误报告包括允许列表中的E_WARNING  
504 ; http://php.net/report-memleaks  #  ; http://php.net/report-memleaks  
505 report_memleaks = On  #  report_memleaks =开  
506       
507 ; This setting is on by default.  #  ;默认情况下，此设置处于启用状 
508 ;report_zend_debug = 0  #  ; report_zend_debug = 0 
509       
510 ; Store the last error/warning message in $php_errormsg (boolean). Setting this value #  ;将最后一条错误/警告消息存储在$ php_errormsg（boolean）中。设置此值 
511 ; to On can assist in debugging and is appropriate for development servers. It should #  ; to On可以协助调试，适用于开发服务器。这应该  
512 ; however be disabled on production servers.  #  ;但是在生产服务器上禁用。 
513 ; Default Value: Off  #  ;默认值：关闭 
514 ; Development Value: On #  ;发展价值：开启  
515 ; Production Value: Off #  ;产值：关闭  
516 ; http://php.net/track-errors #  ; http://php.net/track-errors 
517 track_errors = Off  #  track_errors =关闭  
518       
519 ; Turn off normal error reporting and emit XML-RPC error XML  #  ;关闭正常错误报告并发出XML-RPC错误XML  
520 ; http://php.net/xmlrpc-errors  #  ; http://php.net/xmlrpc-errors  
521 ;xmlrpc_errors = 0  #  ; xmlrpc_errors = 0 
522       
523 ; An XML-RPC faultCode  #  ; XML-RPC faultCode 
524 ;xmlrpc_error_number = 0  #  ; xmlrpc_error_number = 0 
525       
526 ; When PHP displays or logs an error, it has the capability of formatting the #  ;当PHP显示或记录错误时，它具有格式化的能力 
527 ; error message as HTML for easier reading. This directive controls whether #  ;错误消息为HTML以便于阅读。该指令控制是否 
528 ; the error message is formatted as HTML or not.  #  ;错误消息的格式是否为HTML。  
529 ; Note: This directive is hardcoded to Off for the CLI SAPI #  ;注意：对于CLI SAPI，此指令硬编码为Off 
530 ; Default Value: On #  ;默认值：开  
531 ; Development Value: On #  ;发展价值：开启  
532 ; Production value: On  #  ;产值：开 
533 ; http://php.net/html-errors  #  ; http://php.net/html-errors  
534 html_errors = On  #  html_errors =开  
535       
536 ; If html_errors is set to On *and* docref_root is not empty, then PHP  #  ;如果html_errors设置为On *且* docref_root不为空，则为PHP  
537 ; produces clickable error messages that direct to a page describing the error  #  ;生成可点击的错误消息，指向描述错误的页面 
538 ; or function causing the error in detail.  #  ;或导致错误的功能。  
539 ; You can download a copy of the PHP manual from http://php.net/docs  #  ;您可以从http://php.net/docs下载PHP手册的副本  
540 ; and change docref_root to the base URL of your local copy including the #  ;并将docref_root更改为本地副本的基本URL，包括  
541 ; leading '/'. You must also specify the file extension being used including  #  ;领导 '/'。您还必须指定正在使用的文件扩展名，包括 
542 ; the dot. PHP's default behavior is to leave these settings empty, in which  #  ;点。 PHP的默认行为是将这些设置留空，其中 
543 ; case no links to documentation are generated. #  ; case没有生成文档的链接。  
544 ; Note: Never use this feature for production boxes.  #  ;注意：切勿将此功能用于生产箱。  
545 ; http://php.net/docref-root  #  ; http://php.net/docref-root  
546 ; Examples  #  ;例子 
547 ;docref_root = "/phpmanual/"  #  ; docref_root =“/ phpmanual /”  
548       
549 ; http://php.net/docref-ext #  ; http://php.net/docref-ext 
550 ;docref_ext = .html #  ; docref_ext = .html  
551       
552 ; String to output before an error message. PHP's default behavior is to leave  #  ;在错误消息之前输出的字符串。 PHP的默认行为是离开 
553 ; this setting blank. #  ;此设置为空白。  
554 ; http://php.net/error-prepend-string #  ; http://php.net/error-prepend-string 
555 ; Example:  #  ;例： 
556 ;error_prepend_string = ">span style='color: #ff0000'<" #  ; error_prepend_string =“>span style ='color：#ff0000'<” 
557       
558 ; String to output after an error message. PHP's default behavior is to leave #  ;错误消息后输出的字符串。 PHP的默认行为是离开 
559 ; this setting blank. #  ;此设置为空白。  
560 ; http://php.net/error-append-string  #  ; http://php.net/error-append-string  
561 ; Example:  #  ;例： 
562 ;error_append_string = ">/span<"  #  ; error_append_string =“>/ span<” 
563       
564 ; Log errors to specified file. PHP's default behavior is to leave this value #  ;将错误记录到指定的文件。 PHP的默认行为是保留此值 
565 ; empty.  #  ;空。 
566 ; http://php.net/error-log  #  ; http://php.net/error-log  
567 ; Example:  #  ;例： 
568 ;error_log = php_errors.log #  ; error_log = php_errors.log  
569 ; Log errors to syslog (Event Log on Windows).  #  ;将错误记录到syslog（Windows上的事件日志）。 
570 ;error_log = syslog #  ; error_log = syslog  
571       
572 ;windows.show_crt_warning #  ; windows.show_crt_warning  
573 ; Default value: 0  #  ;默认值：0  
574 ; Development value: 0  #  ;发展价值：0 
575 ; Production value: 0 #  ;产值：0 
576       
577 ;;;;;;;;;;;;;;;;; #  ;;;;;;;;;;;;;;;;; 
578 ; Data Handling ; #  ;数据处理 ; 
579 ;;;;;;;;;;;;;;;;; #  ;;;;;;;;;;;;;;;;; 
580       
581 ; The separator used in PHP generated URLs to separate arguments. #  ; PHP中使用的分隔符生成的URL用于分隔参数。 
582 ; PHP's default setting is "&". #  ; PHP的默认设置为“＆”。 
583 ; http://php.net/arg-separator.output #  ; http://php.net/arg-separator.output 
584 ; Example:  #  ;例： 
585 ;arg_separator.output = "&" #  ; arg_separator.output =“＆amp;” 
586       
587 ; List of separator(s) used by PHP to parse input URLs into variables.  #  ; PHP用于将输入URL解析为变量的分隔符列表。 
588 ; PHP's default setting is "&". #  ; PHP的默认设置为“＆”。 
589 ; NOTE: Every character in this directive is considered as separator! #  ;注意：此指令中的每个字符都被视为分隔符！ 
590 ; http://php.net/arg-separator.input  #  ; http://php.net/arg-separator.input  
591 ; Example:  #  ;例： 
592 ;arg_separator.input = ";&" #  ; arg_separator.input =“;＆” 
593       
594 ; This directive determines which super global arrays are registered when PHP #  ;该指令确定在PHP时注册哪些超级全局数组 
595 ; starts up. G,P,C,E & S are abbreviations for the following respective super #  ;启动。 G，P，C，E＆S是以下各个超级的缩写  
596 ; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty  #  ;全局：GET，POST，COOKIE，ENV和SERVER。存在性能损失 
597 ; paid for the registration of these arrays and because ENV is not as commonly  #  ;为这些阵列的注册付费，因为ENV不常见  
598 ; used as the others, ENV is not recommended on productions servers. You  #  ;作为其他用户，不建议在制作服务器上使用ENV。您 
599 ; can still get access to the environment variables through getenv() should you #  ;如果你还可以通过getenv（）访问环境变量 
600 ; need to.  #  ;需要。  
601 ; Default Value: "EGPCS"  #  ;默认值：“EGPCS”  
602 ; Development Value: "GPCS" #  ;发展价值：“GPCS”  
603 ; Production Value: "GPCS"; #  ;产值：“GPCS”; 
604 ; http://php.net/variables-order  #  ; http://php.net/variables-order  
605 variables_order = "GPCS"  #  variables_order =“GPCS” 
606       
607 ; This directive determines which super global data (G,P & C) should be #  ;该指令确定应该是哪个超级全局数据（G，P＆C）  
608 ; registered into the super global array REQUEST. If so, it also determines #  ;注册到超级全局数组REQUEST。如果是这样，它也决定了 
609 ; the order in which that data is registered. The values for this directive #  ;数据的注册顺序。该指令的值  
610 ; are specified in the same manner as the variables_order directive,  #  ;以与variables_order指令相同的方式指定，  
611 ; EXCEPT one. Leaving this value empty will cause PHP to use the value set  #  ;除了一个。将此值保留为空将导致PHP使用值集 
612 ; in the variables_order directive. It does not mean it will leave the super  #  ;在variables_order指令中。这并不意味着它会离开超级 
613 ; globals array REQUEST empty.  #  ;全局数组REQUEST为空。 
614 ; Default Value: None #  ;默认值：无  
615 ; Development Value: "GP" #  ;发展价值：“GP”  
616 ; Production Value: "GP"  #  ;产值：“GP”  
617 ; http://php.net/request-order  #  ; http://php.net/request-order  
618 request_order = "GP"  #  request_order =“GP” 
619       
620 ; This directive determines whether PHP registers $argv & $argc each time it  #  ;该指令确定PHP每次都注册$ argv和$ argc 
621 ; runs. $argv contains an array of all the arguments passed to PHP when a script  #  ;运行。 $ argv包含一个脚本时传递给PHP的所有参数的数组  
622 ; is invoked. $argc contains an integer representing the number of arguments  #  ;被调用。 $ argc包含一个表示参数数量的整数 
623 ; that were passed when the script was invoked. These arrays are extremely  #  ;调用脚本时传递的内容。这些阵列是非常的  
624 ; useful when running scripts from the command line. When this directive is #  ;从命令行运行脚本时很有用。当这个指令是  
625 ; enabled, registering these variables consumes CPU cycles and memory each time #  ;启用后，注册这些变量每次都会占用CPU周期和内存 
626 ; a script is executed. For performance reasons, this feature should be disabled  #  ;脚本被执行。出于性能原因，应禁用此功能  
627 ; on production servers.  #  ;在生产服务器上。 
628 ; Note: This directive is hardcoded to On for the CLI SAPI  #  ;注意：对于CLI SAPI，此指令已硬编码为On 
629 ; Default Value: On #  ;默认值：开  
630 ; Development Value: Off  #  ;发展价值：关闭  
631 ; Production Value: Off #  ;产值：关闭  
632 ; http://php.net/register-argc-argv #  ; http://php.net/register-argc-argv 
633 register_argc_argv = Off  #  register_argc_argv =关闭  
634       
635 ; When enabled, the ENV, REQUEST and SERVER variables are created when they're  #  ;启用后，将创建ENV，REQUEST和SERVER变量  
636 ; first used (Just In Time) instead of when the script starts. If these #  ;首先使用（Just In Time）而不是脚本启动时。如果这些  
637 ; variables are not used within a script, having this directive on will result  #  ;在脚本中不使用变量，将导致使用此指令 
638 ; in a performance gain. The PHP directive register_argc_argv must be disabled  #  ;在性能提升。必须禁用PHP指令register_argc_argv  
639 ; for this directive to have any affect.  #  ;对此指令有任何影响。 
640 ; http://php.net/auto-globals-jit #  ; http://php.net/auto-globals-jit 
641 auto_globals_jit = On #  auto_globals_jit =开 
642       
643 ; Whether PHP will read the POST data.  #  ; PHP是否会读取POST数据。 
644 ; This option is enabled by default.  #  ;默认情况下启用此选项。  
645 ; Most likely, you won't want to disable this option globally. It causes $_POST #  ;最有可能的是，您不希望全局禁用此选项。它导致$ _POST  
646 ; and $_FILES to always be empty; the only way you will be able to read the #  ;和$ _FILES总是为空;你能阅读的唯一方法  
647 ; POST data will be through the php://input stream wrapper. This can be useful  #  ; POST数据将通过php：//输入流包装器。这可能很有用  
648 ; to proxy requests or to process the POST data in a memory efficient fashion.  #  ;代理请求或以内存有效的方式处理POST数据。 
649 ; http://php.net/enable-post-data-reading #  ; http://php.net/enable-post-data-reading 
650 ;enable_post_data_reading = Off #  ; enable_post_data_reading =关闭  
651       
652 ; Maximum size of POST data that PHP will accept. #  ; PHP将接受的POST数据的最大大小。 
653 ; Its value may be 0 to disable the limit. It is ignored if POST data reading #  ;其值可能为0以禁用限制。如果POST数据读取则忽略它 
654 ; is disabled through enable_post_data_reading. #  ;通过enable_post_data_reading禁用。  
655 ; http://php.net/post-max-size  #  ; http://php.net/post-max-size  
656 post_max_size = 8M  #  post_max_size = 8M  
657       
658 ; Automatically add files before PHP document.  #  ;在PHP文档之前自动添加文件。  
659 ; http://php.net/auto-prepend-file  #  ; http://php.net/auto-prepend-file  
660 auto_prepend_file = #  auto_prepend_file = 
661       
662 ; Automatically add files after PHP document. #  ;在PHP文档之后自动添加文件。  
663 ; http://php.net/auto-append-file #  ; http://php.net/auto-append-file 
664 auto_append_file =  #  auto_append_file =  
665       
666 ; By default, PHP will output a character encoding using  #  ;默认情况下，PHP将使用输出字符编码 
667 ; the Content-type: header.  To disable sending of the charset, simply  #  ; Content-type：标头。要简单地禁用发送字符集 
668 ; set it to be empty. #  ;将它设置为空。  
669 ;     
670 ; PHP's built-in default is text/html #  ; PHP的内置默认值是text / html 
671 ; http://php.net/default-mimetype #  ; http://php.net/default-mimetype 
672 default_mimetype = "text/html"  #  default_mimetype =“text / html” 
673       
674 ; PHP's default character set is set to UTF-8.  #  ; PHP的默认字符集设置为UTF-8。  
675 ; http://php.net/default-charset  #  ; http://php.net/default-charset  
676 default_charset = "UTF-8" #  default_charset =“UTF-8”  
677       
678 ; PHP internal character encoding is set to empty.  #  ; PHP内部字符编码设置为空。  
679 ; If empty, default_charset is used.  #  ;如果为空，则使用default_charset。 
680 ; http://php.net/internal-encoding  #  ; http://php.net/internal-encoding  
681 ;internal_encoding =  #  ; internal_encoding = 
682       
683 ; PHP input character encoding is set to empty. #  ; PHP输入字符编码设置为空。  
684 ; If empty, default_charset is used.  #  ;如果为空，则使用default_charset。 
685 ; http://php.net/input-encoding #  ; http://php.net/input-encoding 
686 ;input_encoding = #  ; input_encoding =  
687       
688 ; PHP output character encoding is set to empty.  #  ; PHP输出字符编码设置为空。  
689 ; If empty, default_charset is used.  #  ;如果为空，则使用default_charset。 
690 ; mbstring or iconv output handler is used. #  ;使用mbstring或iconv输出处理程序。  
691 ; See also output_buffer. #  ;另请参见output_buffer。 
692 ; http://php.net/output-encoding  #  ; http://php.net/output-encoding  
693 ;output_encoding =  #  ; output_encoding = 
694       
695 ;;;;;;;;;;;;;;;;;;;;;;;;; #  ;;;;;;;;;;;;;;;;;;;;;;;;; 
696 ; Paths and Directories ; #  ;路径和目录; 
697 ;;;;;;;;;;;;;;;;;;;;;;;;; #  ;;;;;;;;;;;;;;;;;;;;;;;;; 
698       
699 ; UNIX: "/path1:/path2" #  ; UNIX：“/ path1：/ path2”  
700 ;include_path = ".:/php/includes" #  ; include_path =“。：/ php / includes”  
701 ;     
702 ; Windows: "\path1;\path2"  #  ; Windows：“\ path1; \ path2”  
703 ;include_path = ".;c:\php\includes" #  ; include_path =“.; c：\ php \ includes” 
704 ;     
705 ; PHP's default setting for include_path is ".;/path/to/php/pear" #  ; PHP的include_path的默认设置是“。; / path / to / php / pear” 
706 ; http://php.net/include-path #  ; http://php.net/include-path 
707       
708 ; The root of the PHP pages, used only if nonempty. #  ; PHP页面的根，仅在非空时使用。  
709 ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root  #  ;如果PHP没有用FORCE_REDIRECT编译，你应该设置doc_root 
710 ; if you are running php as a CGI under any web server (other than IIS) #  ;如果您在任何Web服务器（IIS除外）下运行php作为CGI 
711 ; see documentation for security issues.  The alternate is to use the #  ;请参阅安全问题的文档。替代是使用 
712 ; cgi.force_redirect configuration below  #  ; cgi.force_redirect配置如下  
713 ; http://php.net/doc-root #  ; http://php.net/doc-root 
714 doc_root =  #  doc_root =  
715       
716 ; The directory under which PHP opens the script using /~username used only #  ; PHP使用/ ~username打开脚本的目录 
717 ; if nonempty.  #  ;如果不是空的话。 
718 ; http://php.net/user-dir #  ; http://php.net/user-dir 
719 user_dir =  #  user_dir =  
720       
721 ; Directory in which the loadable extensions (modules) reside.  #  ;可加载扩展（模块）所在的目录。  
722 ; http://php.net/extension-dir  #  ; http://php.net/extension-dir  
723 ; extension_dir = "./"  #  ; extension_dir =“./” 
724 ; On windows: #  ;在Windows上： 
725 ; extension_dir = "ext" #  ; extension_dir =“ext”  
726       
727 ; Directory where the temporary files should be placed. #  ;应放置临时文件的目录。  
728 ; Defaults to the system default (see sys_get_temp_dir) #  ;默认为系统默认值（请参阅sys_get_temp_dir）  
729 ; sys_temp_dir = "/tmp" #  ; sys_temp_dir =“/ tmp” 
730       
731 ; Whether or not to enable the dl() function.  The dl() function does NOT work  #  ;是否启用dl（）函数。 dl（）函数不起作用 
732 ; properly in multithreaded servers, such as IIS or Zeus, and is automatically  #  ;适当地在多线程服务器中，例如IIS或Zeus，并且是自动的  
733 ; disabled on them. #  ;禁用他们。  
734 ; http://php.net/enable-dl  #  ; http://php.net/enable-dl  
735 enable_dl = Off #  enable_dl =关闭 
736       
737 ; cgi.force_redirect is necessary to provide security running PHP as a CGI under  #  ; cgi.force_redirect是提供运行PHP作为CGI的安全性所必需的 
738 ; most web servers.  Left undefined, PHP turns this on by default.  You can #  ;大多数Web服务器。左未定义，PHP默认启用此选项。您可以  
739 ; turn it off here AT YOUR OWN RISK #  ;请自行承担风险  
740 ; **You CAN safely turn this off for IIS, in fact, you MUST.**  #  ; **你可以安全地关闭IIS，事实上，你必须。**  
741 ; http://php.net/cgi.force-redirect #  ; http://php.net/cgi.force-redirect 
742 ;cgi.force_redirect = 1 #  ; cgi.force_redirect = 1  
743       
744 ; if cgi.nph is enabled it will force cgi to always sent Status: 200 with #  ;如果启用了cgi.nph，它将强制cgi始终发送Status：200 with  
745 ; every request. PHP's default behavior is to disable this feature. #  ;每一个要求。 PHP的默认行为是禁用此功能。 
746 ;cgi.nph = 1  #  ; cgi.nph = 1 
747       
748 ; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape  #  ;如果cgi.force_redirect已打开，并且您没有在Apache或Netscape下运行 
749 ; (iPlanet) web servers, you MAY need to set an environment variable name that PHP  #  ; （iPlanet）Web服务器，您可能需要设置一个PHP的环境变量名称 
750 ; will look for to know it is OK to continue execution.  Setting this variable MAY  #  ;将寻找知道继续执行是可以的。设置此变量可以  
751 ; cause security issues, KNOW WHAT YOU ARE DOING FIRST. #  ;引起安全问题，知道你首先要做什么。  
752 ; http://php.net/cgi.redirect-status-env  #  ; http://php.net/cgi.redirect-status-env  
753 ;cgi.redirect_status_env =  #  ; cgi.redirect_status_env = 
754       
755 ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's  #  ; cgi.fix_pathinfo为CGI提供* real * PATH_INFO / PATH_TRANSLATED支持。 PHP的  
756 ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok #  ;以前的行为是将PATH_TRANSLATED设置为SCRIPT_FILENAME，而不是grok 
757 ; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting  #  ; PATH_INFO是什么。有关PATH_INFO的更多信息，请参阅cgi规范。设置 
758 ; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting  #  ;这将导致PHP CGI修复其路径以符合规范。一个设置 
759 ; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts #  ;为零会导致PHP像以前一样运行。默认值为1.您应修复脚本 
760 ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. #  ;使用SCRIPT_FILENAME而不是PATH_TRANSLATED。 
761 ; http://php.net/cgi.fix-pathinfo #  ; http://php.net/cgi.fix-pathinfo 
762 ;cgi.fix_pathinfo=1 #  ; cgi.fix_pathinfo = 1  
763       
764 ; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate #  ; IIS下的FastCGI（基于WINNT的操作系统）支持模拟的能力 
765 ; security tokens of the calling client.  This allows IIS to define the #  ;主叫客户端的安全令牌。这允许IIS定义  
766 ; security context that the request runs under.  mod_fastcgi under Apache #  ;请求运行的安全上下文。 Apache下的mod_fastcgi  
767 ; does not currently support this feature (03/17/2002)  #  ;目前不支持此功能（03/17/2002） 
768 ; Set to 1 if running under IIS.  Default is zero.  #  ;如果在IIS下运行，则设置为1。默认值为零。 
769 ; http://php.net/fastcgi.impersonate  #  ; http://php.net/fastcgi.impersonate  
770 ;fastcgi.impersonate = 1  #  ; fastcgi.impersonate = 1 
771       
772 ; Disable logging through FastCGI connection. PHP's default behavior is to enable #  ;禁用通过FastCGI连接的日志记录。 PHP的默认行为是启用  
773 ; this feature. #  ;此功能。 
774 ;fastcgi.logging = 0  #  ; fastcgi.logging = 0 
775       
776 ; cgi.rfc2616_headers configuration option tells PHP what type of headers to  #  ; cgi.rfc2616_headers配置选项告诉PHP要什么类型的标头  
777 ; use when sending HTTP response code. If set to 0, PHP sends Status: header that #  ;发送HTTP响应代码时使用。如果设置为0，则PHP发送Status：标头 
778 ; is supported by Apache. When this option is set to 1, PHP will send #  ; Apache支持。当此选项设置为1时，PHP将发送 
779 ; RFC2616 compliant header. #  ; RFC2616兼容标头。  
780 ; Default is zero.  #  ;默认值为零。 
781 ; http://php.net/cgi.rfc2616-headers  #  ; http://php.net/cgi.rfc2616-headers  
782 ;cgi.rfc2616_headers = 0  #  ; cgi.rfc2616_headers = 0 
783       
784 ;;;;;;;;;;;;;;;;  #  ;;;;;;;;;;;;;;;;  
785 ; File Uploads ;  #  ;文件上传;  
786 ;;;;;;;;;;;;;;;;  #  ;;;;;;;;;;;;;;;;  
787       
788 ; Whether to allow HTTP file uploads. #  ;是否允许HTTP文件上传。  
789 ; http://php.net/file-uploads #  ; http://php.net/file-uploads 
790 file_uploads = On #  file_uploads =开 
791       
792 ; Temporary directory for HTTP uploaded files (will use system default if not #  ; HTTP上传文件的临时目录（如果没有，将使用系统默认值）  
793 ; specified). #  ;指定）。 
794 ; http://php.net/upload-tmp-dir #  ; http://php.net/upload-tmp-dir 
795 ;upload_tmp_dir = #  ; upload_tmp_dir =  
796       
797 ; Maximum allowed size for uploaded files.  #  ;上传文件的最大允许大小。 
798 ; http://php.net/upload-max-filesize  #  ; http://php.net/upload-max-filesize  
799 upload_max_filesize = 2M  #  upload_max_filesize = 2M  
800       
801 ; Maximum number of files that can be uploaded via a single request #  ;可通过单个请求上传的最大文件数  
802 max_file_uploads = 20 #  max_file_uploads = 20 
803       
804 ;;;;;;;;;;;;;;;;;;  #  ;;;;;;;;;;;;;;;;;;  
805 ; Fopen wrappers ;  #  ; Fopen包装;  
806 ;;;;;;;;;;;;;;;;;;  #  ;;;;;;;;;;;;;;;;;;  
807       
808 ; Whether to allow the treatment of URLs (like http:// or ftp://) as files. #  ;是否允许将URL（如http：//或ftp：//）作为文件处理。 
809 ; http://php.net/allow-url-fopen  #  ; http://php.net/allow-url-fopen  
810 allow_url_fopen = On  #  allow_url_fopen =开  
811       
812 ; Whether to allow include/require to open URLs (like http:// or ftp://) as files.  #  ;是否允许include / require打开URL（如http：//或ftp：//）作为文件。 
813 ; http://php.net/allow-url-include  #  ; http://php.net/allow-url-include  
814 allow_url_include = Off #  allow_url_include =关闭 
815       
816 ; Define the anonymous ftp password (your email address). PHP's default setting #  ;定义匿名ftp密码（您的电子邮件地址）。 PHP的默认设置  
817 ; for this is empty.  #  ;因为这是空的。  
818 ; http://php.net/from #  ; http://php.net/from 
819 ;from="john@doe.com"  #  ;从= “john@doe.com”  
820       
821 ; Define the User-Agent string. PHP's default setting for this is empty.  #  ;定义User-Agent字符串。 PHP的默认设置为空。 
822 ; http://php.net/user-agent #  ; http://php.net/user-agent 
823 ;user_agent="PHP" #  ; USER_AGENT = “PHP”  
824       
825 ; Default timeout for socket based streams (seconds)  #  ;基于套接字的流的默认超时（秒）  
826 ; http://php.net/default-socket-timeout #  ; http://php.net/default-socket-timeout 
827 default_socket_timeout = 60 #  default_socket_timeout = 60 
828       
829 ; If your scripts have to deal with files from Macintosh systems, #  ;如果您的脚本必须处理来自Macintosh系统的文件，  
830 ; or you are running on a Mac and need to deal with files from  #  ;或者您正在Mac上运行并需要处理来自的文件  
831 ; unix or win32 systems, setting this flag will cause PHP to  #  ; unix或win32系统，设置此标志将导致PHP  
832 ; automatically detect the EOL character in those files so that #  ;自动检测这些文件中的EOL字符  
833 ; fgets() and file() will work regardless of the source of the file.  #  ;无论文件的来源如何，fgets（）和file（）都能正常工作。  
834 ; http://php.net/auto-detect-line-endings #  ; http://php.net/auto-detect-line-endings 
835 ;auto_detect_line_endings = Off #  ; auto_detect_line_endings =关闭  
836       
837 ;;;;;;;;;;;;;;;;;;;;;;  #  ;;;;;;;;;;;;;;;;;;;;;;  
838 ; Dynamic Extensions ;  #  ;动态扩展;  
839 ;;;;;;;;;;;;;;;;;;;;;;  #  ;;;;;;;;;;;;;;;;;;;;;;  
840       
841 ; If you wish to have an extension loaded automatically, use the following  #  ;如果您希望自动加载扩展程序，请使用以下命令  
842 ; syntax: #  ;句法：  
843 ;     
844 ;   extension=modulename.extension  #  ;延长= modulename.extension 
845 ;     
846 ; For example, on Windows:  #  ;例如，在Windows上：  
847 ;     
848 ;   extension=msql.dll  #  ;延长= msql.dll 
849 ;     
850 ; ... or under UNIX:  #  ; ...或在UNIX下： 
851 ;     
852 ;   extension=msql.so #  ;延长= msql.so  
853 ;     
854 ; ... or with a path: #  ; ......或路径：  
855 ;     
856 ;   extension=/path/to/extension/msql.so  #  ;延长= /路径/到/扩展/ msql.so  
857 ;     
858 ; If you only provide the name of the extension, PHP will look for it in its  #  ;如果您只提供扩展名，PHP将在其中查找  
859 ; default extension directory.  #  ;默认扩展目录。  
860       
861 ;;;;      
862 ; Note: packaged extension modules are now loaded via the .ini files  #  ;注意：现在通过.ini文件加载打包的扩展模块 
863 ; found in the directory /etc/php.d; these are loaded by default. #  ;在/etc/php.d目录中找到;这些都是默认加载的。  
864 ;;;;  #  ;;;;  
865       
866 ;;;;;;;;;;;;;;;;;;; #  ;;;;;;;;;;;;;;;;;;; 
867 ; Module Settings ; #  ;模块设置;  
868 ;;;;;;;;;;;;;;;;;;; #  ;;;;;;;;;;;;;;;;;;; 
869       
870 [CLI Server]  #  [CLI服务器]  
871 ; Whether the CLI web server uses ANSI color coding in its terminal output. #  ; CLI Web服务器是否在其终端输出中使用ANSI颜色编码。  
872 cli_server.color = On #  cli_server.color =开 
873       
874 [Date]  #  [日期]  
875 ; Defines the default timezone used by the date functions #  ;定义日期函数使用的默认时区  
876 ; http://php.net/date.timezone  #  ; http://php.net/date.timezone  
877 ;date.timezone =  #  ; date.timezone = 
878       
879 ; http://php.net/date.default-latitude  #  ; http://php.net/date.default-latitude  
880 ;date.default_latitude = 31.7667  #  ; date.default_latitude = 31.7667 
881       
882 ; http://php.net/date.default-longitude #  ; http://php.net/date.default-longitude 
883 ;date.default_longitude = 35.2333 #  ; date.default_longitude = 35.2333  
884       
885 ; http://php.net/date.sunrise-zenith  #  ; http://php.net/date.sunrise-zenith  
886 ;date.sunrise_zenith = 90.583333  #  ; date.sunrise_zenith = 90.583333 
887       
888 ; http://php.net/date.sunset-zenith #  ; http://php.net/date.sunset-zenith 
889 ;date.sunset_zenith = 90.583333 #  ; date.sunset_zenith = 90.583333  
890       
891 [filter]  #  [过滤]  
892 ; http://php.net/filter.default #  ; http://php.net/filter.default 
893 ;filter.default = unsafe_raw  #  ; filter.default = unsafe_raw 
894       
895 ; http://php.net/filter.default-flags #  ; http://php.net/filter.default-flags 
896 ;filter.default_flags = #  ; filter.default_flags =  
897       
898 [iconv] #  [的iconv]  
899 ; Use of this INI entry is deprecated, use global input_encoding instead. #  ;不推荐使用此INI条目，而是使用全局input_encoding。  
900 ; If empty, default_charset or input_encoding or iconv.input_encoding is used.  #  ;如果为空，则使用default_charset或input_encoding或iconv.input_encoding。 
901 ; The precedence is: default_charset > intput_encoding > iconv.input_encoding #  ;优先级为：default_charset >intput_encoding >iconv.input_encoding  
902 ;iconv.input_encoding = #  ; iconv.input_encoding =  
903       
904 ; Use of this INI entry is deprecated, use global internal_encoding instead.  #  ;不推荐使用此INI条目，而是使用全局internal_encoding。 
905 ; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.  #  ;如果为空，则使用default_charset或internal_encoding或iconv.internal_encoding。 
906 ; The precedence is: default_charset > internal_encoding > iconv.internal_encoding  #  ;优先级为：default_charset >internal_encoding >iconv.internal_encoding 
907 ;iconv.internal_encoding =  #  ; iconv.internal_encoding = 
908       
909 ; Use of this INI entry is deprecated, use global output_encoding instead.  #  ;不推荐使用此INI条目，而是使用全局output_encoding。 
910 ; If empty, default_charset or output_encoding or iconv.output_encoding is used.  #  ;如果为空，则使用default_charset或output_encoding或iconv.output_encoding。 
911 ; The precedence is: default_charset > output_encoding > iconv.output_encoding  #  ;优先级为：default_charset >output_encoding >iconv.output_encoding 
912 ; To use an output encoding conversion, iconv's output handler must be set  #  ;要使用输出编码转换，必须设置iconv的输出处理程序 
913 ; otherwise output encoding conversion cannot be performed. #  ;否则无法执行输出编码转换。  
914 ;iconv.output_encoding =  #  ; iconv.output_encoding = 
915       
916 [intl]  #  [国际]  
917 ;intl.default_locale =  #  ; intl.default_locale = 
918 ; This directive allows you to produce PHP errors when some error #  ;该指令允许您在出现错误时生成PHP错误  
919 ; happens within intl functions. The value is the level of the error produced.  #  ;在intl函数中发生。该值是产生的错误级别。 
920 ; Default is 0, which does not produce any errors.  #  ;默认值为0，不会产生任何错误。  
921 ;intl.error_level = E_WARNING #  ; intl.error_level = E_WARNING  
922       
923 [sqlite]  #  [源码]  
924 ; http://php.net/sqlite.assoc-case  #  ; http://php.net/sqlite.assoc-case  
925 ;sqlite.assoc_case = 0  #  ; sqlite.assoc_case = 0 
926       
927 [sqlite3] #  [sqlite3的]  
928 ;sqlite3.extension_dir =  #  ; sqlite3.extension_dir = 
929       
930 [Pcre]  #  [PCRE]  
931 ;PCRE library backtracking limit. #  ; PCRE库回溯限制。  
932 ; http://php.net/pcre.backtrack-limit #  ; http://php.net/pcre.backtrack-limit 
933 ;pcre.backtrack_limit=100000  #  ; pcre.backtrack_limit = 100000 
934       
935 ;PCRE library recursion limit.  #  ; PCRE库递归限制。  
936 ;Please note that if you set this value to a high number you may consume all  #  ;请注意，如果您将此值设置为较高的数字，则可以全部消耗 
937 ;the available process stack and eventually crash PHP (due to reaching the  #  ;可用的进程堆栈并最终崩溃PHP（由于达到了  
938 ;stack size limit imposed by the Operating System). #  ;操作系统强加的堆栈大小限制）。  
939 ; http://php.net/pcre.recursion-limit #  ; http://php.net/pcre.recursion-limit 
940 ;pcre.recursion_limit=100000  #  ; pcre.recursion_limit = 100000 
941       
942 [Pdo] #  [PDO] 
943 ; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"  #  ;是否池ODBC连接。可以是“严格”，“放松”或“关闭”之一  
944 ; http://php.net/pdo-odbc.connection-pooling  #  ; http://php.net/pdo-odbc.connection-pooling  
945 ;pdo_odbc.connection_pooling=strict #  ; pdo_odbc.connection_pooling =严格 
946       
947 ;pdo_odbc.db2_instance_name #  ; pdo_odbc.db2_instance_name  
948       
949 [Pdo_mysql] #  [PDO_MYSQL] 
950 ; If mysqlnd is used: Number of cache slots for the internal result set cache #  ;如果使用mysqlnd：内部结果集缓存的缓存槽数 
951 ; http://php.net/pdo_mysql.cache_size #  ; http://php.net/pdo_mysql.cache_size 
952 pdo_mysql.cache_size = 2000 #  pdo_mysql.cache_size = 2000 
953       
954 ; Default socket name for local MySQL connects.  If empty, uses the built-in  #  ;本地MySQL连接的默认套接字名称。如果为空，则使用内置 
955 ; MySQL defaults. #  ; MySQL默认。  
956 ; http://php.net/pdo_mysql.default-socket #  ; http://php.net/pdo_mysql.default-socket 
957 pdo_mysql.default_socket= #  pdo_mysql.default_socket =  
958       
959 [Phar]  #  [的Phar] 
960 ; http://php.net/phar.readonly  #  ; http://php.net/phar.readonly  
961 ;phar.readonly = On #  ; phar.readonly =开  
962       
963 ; http://php.net/phar.require-hash  #  ; http://php.net/phar.require-hash  
964 ;phar.require_hash = On #  ; phar.require_hash =开  
965       
966 ;phar.cache_list =  #  ; phar.cache_list = 
967       
968 [mail function] #  [邮件功能]  
969 ; For Unix only.  You may supply arguments as well (default: "sendmail -t -i"). #  ;仅适用于Unix。您也可以提供参数（默认值：“sendmail -t -i”）。 
970 ; http://php.net/sendmail-path  #  ; http://php.net/sendmail-path  
971 sendmail_path = /usr/sbin/sendmail -t -i  #  sendmail_path = / usr / sbin / sendmail -t -i 
972       
973 ; Force the addition of the specified parameters to be passed as extra parameters #  ;强制添加指定参数作为额外参数传递 
974 ; to the sendmail binary. These parameters will always replace the value of #  ;到sendmail二进制文件。这些参数将始终替换值  
975 ; the 5th parameter to mail().  #  ; mail（）的第五个参数。 
976 ;mail.force_extra_parameters =  #  ; mail.force_extra_parameters = 
977       
978 ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename  #  ;添加X-PHP-Originating-Script：包括脚本的uid，后跟文件名  
979 mail.add_x_header = On  #  mail.add_x_header =开  
980       
981 ; The path to a log file that will log all mail() calls. Log entries include  #  ;记录所有mail（）调用的日志文件的路径。日志条目包括  
982 ; the full path of the script, line number, To address and headers. #  ;脚本的完整路径，行号，地址和标题。  
983 ;mail.log = #  ; mail.log =  
984 ; Log mail to syslog (Event Log on Windows).  #  ;将邮件记录到syslog（Windows上的事件日志）。 
985 ;mail.log = syslog  #  ; mail.log = syslog 
986       
987 [SQL] #  [SQL] 
988 ; http://php.net/sql.safe-mode  #  ; http://php.net/sql.safe-mode  
989 sql.safe_mode = Off #  sql.safe_mode =关闭 
990       
991 [ODBC]  #  [ODBC]  
992 ; http://php.net/odbc.default-db  #  ; http://php.net/odbc.default-db  
993 ;odbc.default_db    =  Not yet implemented  #  ; odbc.default_db =尚未实施 
994       
995 ; http://php.net/odbc.default-user  #  ; http://php.net/odbc.default-user  
996 ;odbc.default_user  =  Not yet implemented  #  ; odbc.default_user =尚未实施 
997       
998 ; http://php.net/odbc.default-pw  #  ; http://php.net/odbc.default-pw  
999 ;odbc.default_pw    =  Not yet implemented  #  ; odbc.default_pw =尚未实施 
1000      
1001 ; Controls the ODBC cursor model.  #  ;控制ODBC游标模型。  
1002 ; Default: SQL_CURSOR_STATIC (default).  #  ;默认值：SQL_CURSOR_STATIC（默认值）。  
1003 ;odbc.default_cursortype #  ; odbc.default_cursortype 
1004      
1005 ; Allow or prevent persistent links. #  ;允许或阻止持久链接。 
1006 ; http://php.net/odbc.allow-persistent #  ; http://php.net/odbc.allow-persistent  
1007 odbc.allow_persistent = On #  odbc.allow_persistent =开  
1008      
1009 ; Check that a connection is still valid before reuse. #  ;在重新使用之前检查连接是否仍然有效。 
1010 ; http://php.net/odbc.check-persistent #  ; http://php.net/odbc.check-persistent  
1011 odbc.check_persistent = On #  odbc.check_persistent =开  
1012      
1013 ; Maximum number of persistent links.  -1 means no limit.  #  ;最大持久链接数。 -1表示没有限制。 
1014 ; http://php.net/odbc.max-persistent #  ; http://php.net/odbc.max-persistent  
1015 odbc.max_persistent = -1 #  odbc.max_persistent = -1  
1016      
1017 ; Maximum number of links (persistent + non-persistent).  -1 means no limit. #  ;最大链接数（持久性+非持久性）。 -1表示没有限制。 
1018 ; http://php.net/odbc.max-links  #  ; http://php.net/odbc.max-links 
1019 odbc.max_links = -1  #  odbc.max_links = -1 
1020      
1021 ; Handling of LONG fields.  Returns number of bytes to variables.  0 means #  ;处理LONG字段。返回变量的字节数。 0表示 
1022 ; passthru.  #  ;中继。  
1023 ; http://php.net/odbc.defaultlrl #  ; http://php.net/odbc.defaultlrl  
1024 odbc.defaultlrl = 4096 #  odbc.defaultlrl = 4096  
1025      
1026 ; Handling of binary data.  0 means passthru, 1 return as is, 2 convert to char. #  ;处理二进制数据。 0表示passthru，1表示返回，2表示转换为char。 
1027 ; See the documentation on odbc_binmode and odbc_longreadlen for an explanation  #  ;有关说明，请参阅odbc_binmode和odbc_longreadlen上的文档  
1028 ; of odbc.defaultlrl and odbc.defaultbinmode #  ; of odbc.defaultlrl和odbc.defaultbinmode  
1029 ; http://php.net/odbc.defaultbinmode #  ; http://php.net/odbc.defaultbinmode  
1030 odbc.defaultbinmode = 1  #  odbc.defaultbinmode = 1 
1031      
1032 ;birdstep.max_links = -1 #  ; birdstep.max_links = -1 
1033      
1034 [Interbase]  #  [Interbase的]  
1035 ; Allow or prevent persistent links. #  ;允许或阻止持久链接。 
1036 ibase.allow_persistent = 1 #  ibase.allow_persistent = 1  
1037      
1038 ; Maximum number of persistent links.  -1 means no limit.  #  ;最大持久链接数。 -1表示没有限制。 
1039 ibase.max_persistent = -1  #  ibase.max_persistent = -1 
1040      
1041 ; Maximum number of links (persistent + non-persistent).  -1 means no limit. #  ;最大链接数（持久性+非持久性）。 -1表示没有限制。 
1042 ibase.max_links = -1 #  ibase.max_links = -1  
1043      
1044 ; Default database name for ibase_connect(). #  ; ibase_connect（）的默认数据库名称。  
1045 ;ibase.default_db =  #  ; ibase.default_db =  
1046      
1047 ; Default username for ibase_connect().  #  ; ibase_connect（）的默认用户名。  
1048 ;ibase.default_user =  #  ; ibase.default_user =  
1049      
1050 ; Default password for ibase_connect().  #  ; ibase_connect（）的默认密码。 
1051 ;ibase.default_password =  #  ; ibase.default_password =  
1052      
1053 ; Default charset for ibase_connect(). #  ; ibase_connect（）的默认字符集。  
1054 ;ibase.default_charset = #  ; ibase.default_charset = 
1055      
1056 ; Default timestamp format.  #  ;默认时间戳格式。 
1057 ibase.timestampformat = "%Y-%m-%d %H:%M:%S"  #  ibase.timestampformat =“％Y-％m-％d％H：％M：％S” 
1058      
1059 ; Default date format. #  ;默认日期格式。  
1060 ibase.dateformat = "%Y-%m-%d"  #  ibase.dateformat =“％Y-％m-％d”  
1061      
1062 ; Default time format. #  ;默认时间格式。  
1063 ibase.timeformat = "%H:%M:%S"  #  ibase.timeformat =“％H：％M：％S”  
1064      
1065 [MySQLi] #  [库MySQLi] 
1066      
1067 ; Maximum number of persistent links.  -1 means no limit.  #  ;最大持久链接数。 -1表示没有限制。 
1068 ; http://php.net/mysqli.max-persistent #  ; http://php.net/mysqli.max-persistent  
1069 mysqli.max_persistent = -1 #  mysqli.max_persistent = -1  
1070      
1071 ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements #  ;从PHP的角度来看，允许使用LOAD DATA语句访问本地文件  
1072 ; http://php.net/mysqli.allow_local_infile #  ; http://php.net/mysqli.allow_local_infile  
1073 ;mysqli.allow_local_infile = On  #  ; mysqli.allow_local_infile =开  
1074      
1075 ; Allow or prevent persistent links. #  ;允许或阻止持久链接。 
1076 ; http://php.net/mysqli.allow-persistent #  ; http://php.net/mysqli.allow-persistent  
1077 mysqli.allow_persistent = On #  mysqli.allow_persistent =开  
1078      
1079 ; Maximum number of links.  -1 means no limit. #  ;最大链接数。 -1表示没有限制。 
1080 ; http://php.net/mysqli.max-links  #  ; http://php.net/mysqli.max-links 
1081 mysqli.max_links = -1  #  mysqli.max_links = -1 
1082      
1083 ; If mysqlnd is used: Number of cache slots for the internal result set cache  #  ;如果使用mysqlnd：内部结果集缓存的缓存槽数 
1084 ; http://php.net/mysqli.cache_size #  ; http://php.net/mysqli.cache_size  
1085 mysqli.cache_size = 2000 #  mysqli.cache_size = 2000  
1086      
1087 ; Default port number for mysqli_connect().  If unset, mysqli_connect() will use #  ; mysqli_connect（）的默认端口号。如果未设置，mysqli_connect（）将使用  
1088 ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the #  ; / etc / services中的$ MYSQL_TCP_PORT或mysql-tcp条目  
1089 ; compile-time value defined MYSQL_PORT (in that order).  Win32 will only look #  ;编译时定义的值MYSQL_PORT（按此顺序）。 Win32只会看  
1090 ; at MYSQL_PORT. #  ;在MYSQL_PORT。 
1091 ; http://php.net/mysqli.default-port #  ; http://php.net/mysqli.default-port  
1092 mysqli.default_port = 3306 #  mysqli.default_port = 3306  
1093      
1094 ; Default socket name for local MySQL connects.  If empty, uses the built-in #  ;本地MySQL连接的默认套接字名称。如果为空，则使用内置 
1095 ; MySQL defaults.  #  ; MySQL默认。  
1096 ; http://php.net/mysqli.default-socket #  ; http://php.net/mysqli.default-socket  
1097 mysqli.default_socket =  #  mysqli.default_socket = 
1098      
1099 ; Default host for mysql_connect() (doesn't apply in safe mode). #  ; mysql_connect（）的默认主机（不适用于安全模式）。 
1100 ; http://php.net/mysqli.default-host #  ; http://php.net/mysqli.default-host  
1101 mysqli.default_host =  #  mysqli.default_host = 
1102      
1103 ; Default user for mysql_connect() (doesn't apply in safe mode). #  ; mysql_connect（）的默认用户（不适用于安全模式）。 
1104 ; http://php.net/mysqli.default-user #  ; http://php.net/mysqli.default-user  
1105 mysqli.default_user =  #  mysqli.default_user = 
1106      
1107 ; Default password for mysqli_connect() (doesn't apply in safe mode).  #  ; mysqli_connect（）的默认密码（不适用于安全模式）。  
1108 ; Note that this is generally a *bad* idea to store passwords in this file.  #  ;请注意，将密码存储在此文件中通常是一个错误的想法。  
1109 ; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")  #  ; *任何具有PHP访问权限的*用户都可以运行'echo get_cfg_var（“mysqli.default_pw”） 
1110 ; and reveal this password!  And of course, any users with read access to this #  ;并显示此密码！当然，任何具有读取访问权限的用户  
1111 ; file will be able to reveal the password as well.  #  ;文件也可以显示密码。 
1112 ; http://php.net/mysqli.default-pw #  ; http://php.net/mysqli.default-pw  
1113 mysqli.default_pw =  #  mysqli.default_pw = 
1114      
1115 ; Allow or prevent reconnect #  ;允许或阻止重新连接  
1116 mysqli.reconnect = Off #  mysqli.reconnect =关闭  
1117      
1118 [mysqlnd]  #  [mysqlnd] 
1119 ; Enable / Disable collection of general statistics by mysqlnd which can be  #  ;通过mysqlnd启用/禁用常规统计信息的收集  
1120 ; used to tune and monitor MySQL operations. #  ;用于调整和监视MySQL操作。  
1121 ; http://php.net/mysqlnd.collect_statistics  #  ; http://php.net/mysqlnd.collect_statistics 
1122 mysqlnd.collect_statistics = On  #  mysqlnd.collect_statistics = On 
1123      
1124 ; Enable / Disable collection of memory usage statistics by mysqlnd which can be #  ;通过mysqlnd启用/禁用内存使用情况统计信息的收集  
1125 ; used to tune and monitor MySQL operations. #  ;用于调整和监视MySQL操作。  
1126 ; http://php.net/mysqlnd.collect_memory_statistics #  ; http://php.net/mysqlnd.collect_memory_statistics  
1127 mysqlnd.collect_memory_statistics = Off  #  mysqlnd.collect_memory_statistics =关闭 
1128      
1129 ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. #  ;以字节为单位向MySQL发送命令时使用的预分配缓冲区的大小。 
1130 ; http://php.net/mysqlnd.net_cmd_buffer_size #  ; http://php.net/mysqlnd.net_cmd_buffer_size  
1131 ;mysqlnd.net_cmd_buffer_size = 2048  #  ; mysqlnd.net_cmd_buffer_size = 2048  
1132      
1133 ; Size of a pre-allocated buffer used for reading data sent by the server in #  ;用于读取服务器发送的数据的预分配缓冲区的大小 
1134 ; bytes. #  ;字节。  
1135 ; http://php.net/mysqlnd.net_read_buffer_size  #  ; http://php.net/mysqlnd.net_read_buffer_size 
1136 ;mysqlnd.net_read_buffer_size = 32768  #  ; mysqlnd.net_read_buffer_size = 32768  
1137      
1138 [OCI8] #  [OCI8]  
1139      
1140 ; Connection: Enables privileged connections using external  #  ;连接：使用外部启用特权连接  
1141 ; credentials (OCI_SYSOPER, OCI_SYSDBA)  #  ;凭证（OCI_SYSOPER，OCI_SYSDBA） 
1142 ; http://php.net/oci8.privileged-connect #  ; http://php.net/oci8.privileged-connect  
1143 ;oci8.privileged_connect = Off #  ; oci8.privileged_connect =关闭 
1144      
1145 ; Connection: The maximum number of persistent OCI8 connections per  #  ;连接：每个持久性OCI8连接的最大数量  
1146 ; process. Using -1 means no limit.  #  ;处理。使用-1表示没有限制。 
1147 ; http://php.net/oci8.max-persistent #  ; http://php.net/oci8.max-persistent  
1148 ;oci8.max_persistent = -1  #  ; oci8.max_persistent = -1  
1149      
1150 ; Connection: The maximum number of seconds a process is allowed to  #  ;连接：允许进程的最大秒数 
1151 ; maintain an idle persistent connection. Using -1 means idle  #  ;保持空闲持久连接。使用-1表示空闲  
1152 ; persistent connections will be maintained forever. #  ;持久连接将永远保持。 
1153 ; http://php.net/oci8.persistent-timeout #  ; http://php.net/oci8.persistent-timeout  
1154 ;oci8.persistent_timeout = -1  #  ; oci8.persistent_timeout = -1  
1155      
1156 ; Connection: The number of seconds that must pass before issuing a  #  ;连接：发出之前必须经过的秒数 
1157 ; ping during oci_pconnect() to check the connection validity. When  #  ;在oci_pconnect（）期间ping以检查连接有效性。什么时候 
1158 ; set to 0, each oci_pconnect() will cause a ping. Using -1 disables #  ;设置为0，每个oci_pconnect（）都会导致ping。使用-1禁用 
1159 ; pings completely.  #  ;完全ping。  
1160 ; http://php.net/oci8.ping-interval  #  ; http://php.net/oci8.ping-interval 
1161 ;oci8.ping_interval = 60 #  ; oci8.ping_interval = 60 
1162      
1163 ; Connection: Set this to a user chosen connection class to be used  #  ;连接：将此设置为要使用的用户选择的连接类 
1164 ; for all pooled server requests with Oracle 11g Database Resident #  ;对于使用Oracle 11g数据库驻留的所有池化服务器请求  
1165 ; Connection Pooling (DRCP).  To use DRCP, this value should be set to #  ;连接池（DRCP）。要使用DRCP，应将此值设置为  
1166 ; the same string for all web servers running the same application,  #  ;运行相同应用程序的所有Web服务器的相同字符串， 
1167 ; the database pool must be configured, and the connection string must #  ;必须配置数据库池，连接字符串必须 
1168 ; specify to use a pooled server.  #  ;指定使用池化服务器。 
1169 ;oci8.connection_class = #  ; oci8.connection_class = 
1170      
1171 ; High Availability: Using On lets PHP receive Fast Application  #  ;高可用性：使用On可以让PHP接收快速应用程序  
1172 ; Notification (FAN) events generated when a database node fails. The  #  ;数据库节点发生故障时生成的通知（FAN）事件。该 
1173 ; database must also be configured to post FAN events. #  ;数据库还必须配置为发布FAN事件。  
1174 ;oci8.events = Off #  ; oci8.events = Off 
1175      
1176 ; Tuning: This option enables statement caching, and specifies how #  ;调整：此选项启用语句缓存，并指定方式 
1177 ; many statements to cache. Using 0 disables statement caching.  #  ;许多语句要缓存。使用0禁用语句缓存。 
1178 ; http://php.net/oci8.statement-cache-size #  ; http://php.net/oci8.statement-cache-size  
1179 ;oci8.statement_cache_size = 20  #  ; oci8.statement_cache_size = 20  
1180      
1181 ; Tuning: Enables statement prefetching and sets the default number of #  ;调整：启用语句预取并设置默认数量 
1182 ; rows that will be fetched automatically after statement execution. #  ;在语句执行后将自动获取的行。 
1183 ; http://php.net/oci8.default-prefetch #  ; http://php.net/oci8.default-prefetch  
1184 ;oci8.default_prefetch = 100 #  ; oci8.default_prefetch = 100 
1185      
1186 ; Compatibility. Using On means oci_close() will not close #  ;兼容性。使用On意味着oci_close（）不会关闭 
1187 ; oci_connect() and oci_new_connect() connections. #  ; oci_connect（）和oci_new_connect（）连接。  
1188 ; http://php.net/oci8.old-oci-close-semantics  #  ; http://php.net/oci8.old-oci-close-semantics 
1189 ;oci8.old_oci_close_semantics = Off  #  ; oci8.old_oci_close_semantics = Off  
1190      
1191 [PostgreSQL] #  [PostgreSQL的] 
1192 ; Allow or prevent persistent links. #  ;允许或阻止持久链接。 
1193 ; http://php.net/pgsql.allow-persistent  #  ; http://php.net/pgsql.allow-persistent 
1194 pgsql.allow_persistent = On  #  pgsql.allow_persistent = On 
1195      
1196 ; Detect broken persistent links always with pg_pconnect().  #  ;始终使用pg_pconnect（）检测损坏的持久链接。  
1197 ; Auto reset feature requires a little overheads.  #  ;自动重置功能需要一些开销。  
1198 ; http://php.net/pgsql.auto-reset-persistent #  ; http://php.net/pgsql.auto-reset-persistent  
1199 pgsql.auto_reset_persistent = Off  #  pgsql.auto_reset_persistent =关闭 
1200      
1201 ; Maximum number of persistent links.  -1 means no limit.  #  ;最大持久链接数。 -1表示没有限制。 
1202 ; http://php.net/pgsql.max-persistent  #  ; http://php.net/pgsql.max-persistent 
1203 pgsql.max_persistent = -1  #  pgsql.max_persistent = -1 
1204      
1205 ; Maximum number of links (persistent+non persistent).  -1 means no limit. #  ;最大链接数（持久性+非持久性）。 -1表示没有限制。 
1206 ; http://php.net/pgsql.max-links #  ; http://php.net/pgsql.max-links  
1207 pgsql.max_links = -1 #  pgsql.max_links = -1  
1208      
1209 ; Ignore PostgreSQL backends Notice message or not.  #  ;忽略PostgreSQL后端通知消息与否。  
1210 ; Notice message logging require a little overheads. #  ;注意消息记录需要一些开销。  
1211 ; http://php.net/pgsql.ignore-notice #  ; http://php.net/pgsql.ignore-notice  
1212 pgsql.ignore_notice = 0  #  pgsql.ignore_notice = 0 
1213      
1214 ; Log PostgreSQL backends Notice message or not. #  ; Log PostgreSQL后端是否通知消息。 
1215 ; Unless pgsql.ignore_notice=0, module cannot log notice message.  #  ;除非pgsql.ignore_notice = 0，否则模块无法记录通知消息。  
1216 ; http://php.net/pgsql.log-notice  #  ; http://php.net/pgsql.log-notice 
1217 pgsql.log_notice = 0 #  pgsql.log_notice = 0  
1218      
1219 [bcmath] #  [bcmath时] 
1220 ; Number of decimal digits for all bcmath functions. #  ;所有bcmath函数的小数位数。 
1221 ; http://php.net/bcmath.scale  #  ; http://php.net/bcmath.scale 
1222 bcmath.scale = 0 #  bcmath.scale = 0  
1223      
1224 [browscap] #  [browscap]  
1225 ; http://php.net/browscap  #  ; http://php.net/browscap 
1226 ;browscap = extra/browscap.ini #  ; browscap = extra / browscap.ini 
1227      
1228 [Session]  #  [会话]  
1229 ; Handler used to store/retrieve data. #  ;处理程序用于存储/检索数据。 
1230 ; http://php.net/session.save-handler  #  ; http://php.net/session.save-handler 
1231 session.save_handler = files #  session.save_handler = files  
1232      
1233 ; Argument passed to save_handler.  In the case of files, this is the path #  ;参数传递给save_handler。对于文件，这是路径  
1234 ; where data files are stored. Note: Windows users have to change this #  ;存储数据文件的位置。注意：Windows用户必须更改此设置  
1235 ; variable in order to use PHP's session functions.  #  ;变量以便使用PHP的会话功能。  
1236 ;      
1237 ; The path can be defined as:  #  ;路径可以定义为： 
1238 ;      
1239 ;     session.save_path = "N;/path"  #  ; session.save_path =“N; / path”  
1240 ;      
1241 ; where N is an integer.  Instead of storing all the session files in  #  ;其中N是整数。而不是存储所有会话文件 
1242 ; /path, what this will do is use subdirectories N-levels deep, and  #  ; / path，这将做的是使用N级深度的子​​目录，和  
1243 ; store the session data in those directories.  This is useful if  #  ;将会话数据存储在这些目录中。如果这很有用 
1244 ; your OS has problems with many files in one directory, and is  #  ;您的操作系统在一个目录中存在许多文件的问题，而且是  
1245 ; a more efficient layout for servers that handle many sessions. #  ;为处理多个会话的服务器提供更高效的布局。 
1246 ;      
1247 ; NOTE 1: PHP will not create this directory structure automatically.  #  ;注1：PHP不会自动创建此目录结构。 
1248 ;         You can use the script in the ext/session dir for that purpose.  #  ;您可以使用ext / session目录中的脚本来实现此目的。  
1249 ; NOTE 2: See the section on garbage collection below if you choose to #  ;注2：如果您愿意，请参阅下面有关垃圾收集的部分  
1250 ;         use subdirectories for session storage #  ;使用子目录进行会话存储  
1251 ;      
1252 ; The file storage module creates files using mode 600 by default. #  ;文件存储模块默认使用模式600创建文件。 
1253 ; You can change that by using #  ;你可以通过使用来改变它  
1254 ;      
1255 ;     session.save_path = "N;MODE;/path" #  ; session.save_path =“N; MODE; / path”  
1256 ;      
1257 ; where MODE is the octal representation of the mode. Note that this #  ;其中MODE是模式的八进制表示。请注意这一点 
1258 ; does not overwrite the process's umask.  #  ;不会覆盖进程的umask。  
1259 ; http://php.net/session.save-path #  ; http://php.net/session.save-path  
1260      
1261 ; RPM note : session directory must be owned by process owner  #  ; RPM注意：会话目录必须由进程所有者拥有  
1262 ; for mod_php, see /etc/httpd/conf.d/php.conf  #  ;对于mod_php，请参阅/etc/httpd/conf.d/php.conf  
1263 ; for php-fpm, see /etc/php-fpm.d/*conf  #  ;对于php-fpm，请参阅/etc/php-fpm.d/*conf  
1264 ;session.save_path = "/tmp"  #  ; session.save_path =“/ tmp”  
1265      
1266 ; Whether to use strict session mode.  #  ;是否使用严格的会话模式。 
1267 ; Strict session mode does not accept uninitialized session ID and regenerate  #  ;严格会话模式不接受未初始化的会话ID并重新生成  
1268 ; session ID if browser sends uninitialized session ID. Strict mode protects #  ;如果浏览器发送未初始化的会话ID，则为会话ID。严格模式保护 
1269 ; applications from session fixation via session adoption vulnerability. It is #  ;会话固定通过会话采用漏洞的应用程序。它是 
1270 ; disabled by default for maximum compatibility, but enabling it is encouraged.  #  ;默认情况下禁用以获得最大兼容性，但鼓励启用它。  
1271 ; https://wiki.php.net/rfc/strict_sessions #  ; https://wiki.php.net/rfc/strict_sessions  
1272 session.use_strict_mode = 0  #  session.use_strict_mode = 0 
1273      
1274 ; Whether to use cookies.  #  ;是否使用cookies。 
1275 ; http://php.net/session.use-cookies #  ; http://php.net/session.use-cookies  
1276 session.use_cookies = 1  #  session.use_cookies = 1 
1277      
1278 ; http://php.net/session.cookie-secure #  ; http://php.net/session.cookie-secure  
1279 ;session.cookie_secure = #  ; session.cookie_secure = 
1280      
1281 ; This option forces PHP to fetch and use a cookie for storing and maintaining #  ;此选项强制PHP获取并使用cookie进行存储和维护 
1282 ; the session id. We encourage this operation as it's very helpful in combating  #  ;会话ID。我们鼓励这项操作，因为它在打击方面非常有帮助  
1283 ; session hijacking when not specifying and managing your own session id. It is  #  ;未指定和管理您自己的会话ID时会话劫持。它是 
1284 ; not the be-all and end-all of session hijacking defense, but it's a good start.  #  ;不是会议劫持防守的全部和最终目标，但这是一个良好的开端。 
1285 ; http://php.net/session.use-only-cookies  #  ; http://php.net/session.use-only-cookies 
1286 session.use_only_cookies = 1 #  session.use_only_cookies = 1  
1287      
1288 ; Name of the session (used as cookie name). #  ;会话名称（用作cookie名称）。  
1289 ; http://php.net/session.name  #  ; http://php.net/session.name 
1290 session.name = PHPSESSID #  session.name = PHPSESSID  
1291      
1292 ; Initialize session on request startup. #  ;在请求启动时初始化会话。 
1293 ; http://php.net/session.auto-start  #  ; http://php.net/session.auto-start 
1294 session.auto_start = 0 #  session.auto_start = 0  
1295      
1296 ; Lifetime in seconds of cookie or, if 0, until browser is restarted.  #  ; cookie的生命周期，如果为0，则重新启动浏览器。  
1297 ; http://php.net/session.cookie-lifetime #  ; http://php.net/session.cookie-lifetime  
1298 session.cookie_lifetime = 0  #  session.cookie_lifetime = 0 
1299      
1300 ; The path for which the cookie is valid.  #  ; cookie有效的路径。  
1301 ; http://php.net/session.cookie-path #  ; http://php.net/session.cookie-path  
1302 session.cookie_path = /  #  session.cookie_path = / 
1303      
1304 ; The domain for which the cookie is valid.  #  ; Cookie有效的域。 
1305 ; http://php.net/session.cookie-domain #  ; http://php.net/session.cookie-domain  
1306 session.cookie_domain =  #  session.cookie_domain = 
1307      
1308 ; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.  #  ;是否将httpOnly标志添加到cookie，这使得JavaScript等浏览器脚本语言无法访问。  
1309 ; http://php.net/session.cookie-httponly #  ; http://php.net/session.cookie-httponly  
1310 session.cookie_httponly =  #  session.cookie_httponly = 
1311      
1312 ; Handler used to serialize data.  php is the standard serializer of PHP.  #  ;处理程序用于序列化数据。 php是PHP的标准序列化程序。  
1313 ; http://php.net/session.serialize-handler #  ; http://php.net/session.serialize-handler  
1314 session.serialize_handler = php  #  session.serialize_handler = php 
1315      
1316 ; Defines the probability that the 'garbage collection' process is started #  ;定义“垃圾收集”过程开始的概率  
1317 ; on every session initialization. The probability is calculated by using  #  ;在每个会话初始化。概率通过使用来计算 
1318 ; gc_probability/gc_divisor. Where session.gc_probability is the numerator #  ; gc_probability / gc_divisor。其中session.gc_probability是分子 
1319 ; and gc_divisor is the denominator in the equation. Setting this value to 1 #  ;和gc_divisor是等式中的分母。将此值设置为1 
1320 ; when the session.gc_divisor value is 100 will give you approximately a 1% chance #  ;当session.gc_divisor值为100时，您将获得大约1％的机会  
1321 ; the gc will run on any give request. #  ; gc将在任何请求上运行。  
1322 ; Default Value: 1 #  ;默认值：1  
1323 ; Development Value: 1 #  ;发展价值：1 
1324 ; Production Value: 1  #  ;产值：1 
1325 ; http://php.net/session.gc-probability  #  ; http://php.net/session.gc-probability 
1326 session.gc_probability = 1 #  session.gc_probability = 1  
1327      
1328 ; Defines the probability that the 'garbage collection' process is started on every  #  ;定义每次启动“垃圾收集”过程的概率  
1329 ; session initialization. The probability is calculated by using the following equation: #  ;会话初始化。通过使用以下等式计算概率：  
1330 ; gc_probability/gc_divisor. Where session.gc_probability is the numerator and #  ; gc_probability / gc_divisor。其中session.gc_probability是分子和  
1331 ; session.gc_divisor is the denominator in the equation. Setting this value to 1 #  ; session.gc_divisor是等式中的分母。将此值设置为1 
1332 ; when the session.gc_divisor value is 100 will give you approximately a 1% chance #  ;当session.gc_divisor值为100时，您将获得大约1％的机会  
1333 ; the gc will run on any give request. Increasing this value to 1000 will give you #  ; gc将在任何请求上运行。将此值增加到1000将为您提供 
1334 ; a 0.1% chance the gc will run on any give request. For high volume production servers, #  ; gc将在任何给定请求上运行的概率为0.1％。对于大批量生产服务器， 
1335 ; this is a more efficient approach. #  ;这是一种更有效的方法。  
1336 ; Default Value: 100 #  ;默认值：100  
1337 ; Development Value: 1000  #  ;发展价值：1000  
1338 ; Production Value: 1000 #  ;产值：1000  
1339 ; http://php.net/session.gc-divisor  #  ; http://php.net/session.gc-divisor 
1340 session.gc_divisor = 1000  #  session.gc_divisor = 1000 
1341      
1342 ; After this number of seconds, stored data will be seen as 'garbage' and  #  ;在这个秒数之后，存储的数据将被视为“垃圾”和 
1343 ; cleaned up by the garbage collection process.  #  ;垃圾收集过程清理干净。  
1344 ; http://php.net/session.gc-maxlifetime  #  ; http://php.net/session.gc-maxlifetime 
1345 session.gc_maxlifetime = 1440  #  session.gc_maxlifetime = 1440 
1346      
1347 ; NOTE: If you are using the subdirectory option for storing session files #  ;注意：如果您使用子目录选项存储会话文件  
1348 ;       (see session.save_path above), then garbage collection does *not*  #  ; （参见上面的session.save_path），然后垃圾收集*不*  
1349 ;       happen automatically.  You will need to do your own garbage  #  ;自动发生。你需要自己做垃圾  
1350 ;       collection through a shell script, cron entry, or some other method. #  ;通过shell脚本，cron条目或其他方法收集。 
1351 ;       For example, the following script would is the equivalent of #  ;例如，以下脚本相当于 
1352 ;       setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):  #  ;将session.gc_maxlifetime设置为1440（1440秒= 24分钟）： 
1353 ;          find /path/to/sessions -cmin +24 -type f | xargs rm #  ; find / path / to / sessions -cmin +24 -type f | xargs rm  
1354      
1355 ; Check HTTP Referer to invalidate externally stored URLs containing ids.  #  ;检查HTTP Referer以使包含id的外部存储的URL无效。 
1356 ; HTTP_REFERER has to contain this substring for the session to be #  ; HTTP_REFERER必须包含会话的子字符串 
1357 ; considered as valid. #  ;被认为是有效的。 
1358 ; http://php.net/session.referer-check #  ; http://php.net/session.referer-check  
1359 session.referer_check =  #  session.referer_check = 
1360      
1361 ; How many bytes to read from the file.  #  ;从文件中读取多少字节。  
1362 ; http://php.net/session.entropy-length  #  ; http://php.net/session.entropy-length 
1363 ;session.entropy_length = 32 #  ; session.entropy_length = 32 
1364      
1365 ; Specified here to create the session id. #  ;这里指定创建会话ID。  
1366 ; http://php.net/session.entropy-file  #  ; http://php.net/session.entropy-file 
1367 ; Defaults to /dev/urandom #  ;默认为/ dev / urandom 
1368 ; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom  #  ;在没有/ dev / urandom但具有/ dev / arandom的系统上，这将默认为/ dev / arandom  
1369 ; If neither are found at compile time, the default is no entropy file.  #  ;如果在编译时都未找到，则默认为无熵文件。 
1370 ; On windows, setting the entropy_length setting will activate the #  ;在Windows上，设置entropy_length设置将激活  
1371 ; Windows random source (using the CryptoAPI)  #  ; Windows随机源（使用CryptoAPI） 
1372 ;session.entropy_file = /dev/urandom #  ; session.entropy_file = / dev / urandom  
1373      
1374 ; Set to {nocache,private,public,} to determine HTTP caching aspects #  ;设置为{nocache，private，public，}以确定HTTP缓存方面  
1375 ; or leave this empty to avoid sending anti-caching headers. #  ;或者将其留空以避免发送反缓存标头。  
1376 ; http://php.net/session.cache-limiter #  ; http://php.net/session.cache-limiter  
1377 session.cache_limiter = nocache  #  session.cache_limiter = nocache 
1378      
1379 ; Document expires after n minutes.  #  ;文件在n分钟后过期。 
1380 ; http://php.net/session.cache-expire  #  ; http://php.net/session.cache-expire 
1381 session.cache_expire = 180 #  session.cache_expire = 180  
1382      
1383 ; trans sid support is disabled by default.  #  ;默认情况下禁用trans sid支持。  
1384 ; Use of trans sid may risk your users' security.  #  ;使用trans sid可能会危及用户的安全。 
1385 ; Use this option with caution.  #  ;请谨慎使用此选项。  
1386 ; - User may send URL contains active session ID #  ; - 用户可以发送包含活动会话ID的URL  
1387 ;   to other person via. email/irc/etc.  #  ;通过他人。电子邮件/ IRC /等。 
1388 ; - URL that contains active session ID may be stored  #  ; - 可以存储包含活动会话ID的URL  
1389 ;   in publicly accessible computer. #  ;在可公开访问的计算机 
1390 ; - User may access your site with the same session ID #  ; - 用户可以使用相同的会话ID访问您的站点 
1391 ;   always using URL stored in browser's history or bookmarks. #  ;始终使用存储在浏览器历史记录或书签中的URL。  
1392 ; http://php.net/session.use-trans-sid #  ; http://php.net/session.use-trans-sid  
1393 session.use_trans_sid = 0  #  session.use_trans_sid = 0 
1394      
1395 ; Select a hash function for use in generating session ids.  #  ;选择用于生成会话ID的哈希函数。 
1396 ; Possible Values  #  ;可能的值 
1397 ;   0  (MD5 128 bits)  #  ; 0（MD5 128位） 
1398 ;   1  (SHA-1 160 bits)  #  ; 1（SHA-1 160位） 
1399 ; This option may also be set to the name of any hash function supported by  #  ;此选项也可以设置为支持的任何哈希函数的名称  
1400 ; the hash extension. A list of available hashes is returned by the hash_algos() #  ;哈希扩展。 hash_algos（）返回可用哈希列表 
1401 ; function.  #  ;功能。  
1402 ; http://php.net/session.hash-function #  ; http://php.net/session.hash-function  
1403 session.hash_function = 0  #  session.hash_function = 0 
1404      
1405 ; Define how many bits are stored in each character when converting  #  ;定义转换时每个字符中存储的位数  
1406 ; the binary hash data to something readable.  #  ;二进制哈希数据到可读的东西。 
1407 ; Possible values: #  ;可能的值：  
1408 ;   4  (4 bits: 0-9, a-f)  #  ; 4（4位：0-9，a-f） 
1409 ;   5  (5 bits: 0-9, a-v)  #  ; 5（5位：0-9，a-v） 
1410 ;   6  (6 bits: 0-9, a-z, A-Z, "-", ",") #  ; 6（6位：0-9，a-z，A-Z，“ - ”，“，”） 
1411 ; Default Value: 4 #  ;默认值：4  
1412 ; Development Value: 5 #  ;发展价值：5 
1413 ; Production Value: 5  #  ;产值：5 
1414 ; http://php.net/session.hash-bits-per-character #  ; http://php.net/session.hash-bits-per-character  
1415 session.hash_bits_per_character = 5  #  session.hash_bits_per_character = 5 
1416      
1417 ; The URL rewriter will look for URLs in a defined set of HTML tags. #  ; URL重写器将在已定义的HTML标记集中查找URL。  
1418 ; form/fieldset are special; if you include them here, the rewriter will #  ; form / fieldset很特别;如果你把它们包含在这里，重写者会 
1419 ; add a hidden >input< field with the info which is otherwise appended #  ;添加一个隐藏的>input<字段，其中包含另外附加的信息 
1420 ; to URLs.  If you want XHTML conformity, remove the form entry. #  ;到URL。如果您想要符合XHTML，请删除表单条目。 
1421 ; Note that all valid entries require a "=", even if no value follows. #  ;请注意，即使后面没有值，所有有效条目都需要“=”。  
1422 ; Default Value: "a=href,area=href,frame=src,form=,fieldset="  #  ;默认值：“a = href，area = href，frame = src，form =，fieldset =” 
1423 ; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" #  ;开发价值：“a = href，area = href，frame = src，input = src，form = fakeentry” 
1424 ; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"  #  ;产值：“a = href，area = href，frame = src，input = src，form = fakeentry” 
1425 ; http://php.net/url-rewriter.tags #  ; http://php.net/url-rewriter.tags  
1426 url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"  #  url_rewriter.tags =“a = href，area = href，frame = src，input = src，form = fakeentry”  
1427      
1428 ; Enable upload progress tracking in $_SESSION #  ;在$ _SESSION中启用上传进度跟踪 
1429 ; Default Value: On  #  ;默认值：开  
1430 ; Development Value: On  #  ;发展价值：开启  
1431 ; Production Value: On #  ;产值：开 
1432 ; http://php.net/session.upload-progress.enabled #  ; http://php.net/session.upload-progress.enabled  
1433 ;session.upload_progress.enabled = On  #  ; session.upload_progress.enabled =开  
1434      
1435 ; Cleanup the progress information as soon as all POST data has been read  #  ;读取所有POST数据后立即清除进度信息  
1436 ; (i.e. upload completed). #  ; （即上传完成）。  
1437 ; Default Value: On  #  ;默认值：开  
1438 ; Development Value: On  #  ;发展价值：开启  
1439 ; Production Value: On #  ;产值：开 
1440 ; http://php.net/session.upload-progress.cleanup #  ; http://php.net/session.upload-progress.cleanup  
1441 ;session.upload_progress.cleanup = On  #  ; session.upload_progress.cleanup =开  
1442      
1443 ; A prefix used for the upload progress key in $_SESSION #  ; $ _SESSION中用于上载进度键的前缀 
1444 ; Default Value: "upload_progress_"  #  ;默认值：“upload_progress_” 
1445 ; Development Value: "upload_progress_"  #  ;开发价值：“upload_progress_”  
1446 ; Production Value: "upload_progress_" #  ;产值：“upload_progress_”  
1447 ; http://php.net/session.upload-progress.prefix  #  ; http://php.net/session.upload-progress.prefix 
1448 ;session.upload_progress.prefix = "upload_progress_" #  ; session.upload_progress.prefix =“upload_progress_”  
1449      
1450 ; The index name (concatenated with the prefix) in $_SESSION #  ; $ _SESSION中的索引名称（与前缀连接） 
1451 ; containing the upload progress information #  ;包含上传进度信息 
1452 ; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" #  ;默认值：“PHP_SESSION_UPLOAD_PROGRESS”  
1453 ; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" #  ;开发价值：“PHP_SESSION_UPLOAD_PROGRESS” 
1454 ; Production Value: "PHP_SESSION_UPLOAD_PROGRESS"  #  ;产值：“PHP_SESSION_UPLOAD_PROGRESS” 
1455 ; http://php.net/session.upload-progress.name  #  ; http://php.net/session.upload-progress.name 
1456 ;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"  #  ; session.upload_progress.name =“PHP_SESSION_UPLOAD_PROGRESS” 
1457      
1458 ; How frequently the upload progress should be updated.  #  ;应该更新上传进度的频率。 
1459 ; Given either in percentages (per-file), or in bytes  #  ;给定百分比（每个文件）或字节 
1460 ; Default Value: "1%"  #  ;默认值：“1％” 
1461 ; Development Value: "1%"  #  ;发展价值：“1％”  
1462 ; Production Value: "1%" #  ;产值：“1％”  
1463 ; http://php.net/session.upload-progress.freq  #  ; http://php.net/session.upload-progress.freq 
1464 ;session.upload_progress.freq =  "1%"  #  ; session.upload_progress.freq =“1％”  
1465      
1466 ; The minimum delay between updates, in seconds  #  ;更新之间的最小延迟，以秒为单位  
1467 ; Default Value: 1 #  ;默认值：1  
1468 ; Development Value: 1 #  ;发展价值：1 
1469 ; Production Value: 1  #  ;产值：1 
1470 ; http://php.net/session.upload-progress.min-freq  #  ; http://php.net/session.upload-progress.min-freq 
1471 ;session.upload_progress.min_freq = "1"  #  ; session.upload_progress.min_freq =“1” 
1472      
1473 [Assertion]  #  [断言]  
1474 ; Switch whether to compile assertions at all (to have no overhead at run-time)  #  ;切换是否完全编译断言（在运行时没有开销） 
1475 ; -1: Do not compile at all  #  ; -1：根本不编译  
1476 ;  0: Jump over assertion at run-time  #  ; 0：在运行时跳过断言  
1477 ;  1: Execute assertions #  ; 1：执行断言  
1478 ; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) #  ;只能在php.ini中改变或改为负值！ （要在运行时打开和关闭断言，请参阅assert.active，当zend.assertions = 1时）  
1479 ; Default Value: 1 #  ;默认值：1  
1480 ; Development Value: 1 #  ;发展价值：1 
1481 ; Production Value: -1 #  ;产值：-1  
1482 ; http://php.net/zend.assertions #  ; http://php.net/zend.assertions  
1483 zend.assertions = -1 #  zend.assertions = -1  
1484      
1485 ; Assert(expr); active by default. #  ;断言（表达式）;默认有效。  
1486 ; http://php.net/assert.active #  ; http://php.net/assert.active  
1487 ;assert.active = On  #  ; assert.active = On  
1488      
1489 ; Throw an AssertationException on failed assertions #  ;在失败的断言上抛出AssertationException  
1490 ; http://php.net/assert.exception  #  ; http://php.net/assert.exception 
1491 ;assert.exception = On #  ; assert.exception = On 
1492      
1493 ; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active)  #  ;为每个失败的断言发出PHP警告。 （如果处于活动状态，则由assert.exception覆盖） 
1494 ; http://php.net/assert.warning  #  ; http://php.net/assert.warning 
1495 ;assert.warning = On #  ; assert.warning = On 
1496      
1497 ; Don't bail out by default. #  ;不要默认保释。  
1498 ; http://php.net/assert.bail #  ; http://php.net/assert.bail  
1499 ;assert.bail = Off #  ; assert.bail =关闭 
1500      
1501 ; User-function to be called if an assertion fails.  #  ;断言失败时要调用的用户函数。 
1502 ; http://php.net/assert.callback #  ; http://php.net/assert.callback  
1503 ;assert.callback = 0 #  ; assert.callback = 0 
1504      
1505 ; Eval the expression with current error_reporting().  Set to true if you want #  ;使用当前的error_reporting（）来计算表达式。如果需要，设置为true  
1506 ; error_reporting(0) around the eval().  #  ; eval（）周围的error_reporting（0）。  
1507 ; http://php.net/assert.quiet-eval #  ; http://php.net/assert.quiet-eval  
1508 ;assert.quiet_eval = 0 #  ; assert.quiet_eval = 0 
1509      
1510 [mbstring] #  [MBSTRING]  
1511 ; language for internal character representation.  #  ;内部字符表示的语言。 
1512 ; This affects mb_send_mail() and mbstring.detect_order. #  ;这会影响mb_send_mail（）和mbstring.detect_order。  
1513 ; http://php.net/mbstring.language #  ; http://php.net/mbstring.language  
1514 ;mbstring.language = Japanese  #  ; mbstring.language =日语 
1515      
1516 ; Use of this INI entry is deprecated, use global internal_encoding instead. #  ;不推荐使用此INI条目，而是使用全局internal_encoding。 
1517 ; internal/script encoding.  #  ;内部/脚本编码。 
1518 ; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*)  #  ;某些编码不能用作内部编码。 （例如SJIS，BIG5，ISO-2022- *）  
1519 ; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. #  ;如果为空，则使用default_charset或internal_encoding或iconv.internal_encoding。 
1520 ; The precedence is: default_charset > internal_encoding > iconv.internal_encoding #  ;优先级为：default_charset >internal_encoding >iconv.internal_encoding 
1521 ;mbstring.internal_encoding =  #  ; mbstring.internal_encoding =  
1522      
1523 ; Use of this INI entry is deprecated, use global input_encoding instead.  #  ;不推荐使用此INI条目，而是使用全局input_encoding。  
1524 ; http input encoding. #  ; http输入编码。 
1525 ; mbstring.encoding_traslation = On is needed to use this setting. #  ;需要mbstring.encoding_traslation = On才能使用此设置。  
1526 ; If empty, default_charset or input_encoding or mbstring.input is used. #  ;如果为空，则使用default_charset或input_encoding或mbstring.input。 
1527 ; The precedence is: default_charset > intput_encoding > mbsting.http_input  #  ;优先级为：default_charset >intput_encoding >mbsting.http_input  
1528 ; http://php.net/mbstring.http-input #  ; http://php.net/mbstring.http-input  
1529 ;mbstring.http_input = #  ; mbstring.http_input = 
1530      
1531 ; Use of this INI entry is deprecated, use global output_encoding instead. #  ;不推荐使用此INI条目，而是使用全局output_encoding。 
1532 ; http output encoding.  #  ; http输出编码。 
1533 ; mb_output_handler must be registered as output buffer to function. #  ;必须将mb_output_handler注册为输出缓冲区才能运行。  
1534 ; If empty, default_charset or output_encoding or mbstring.http_output is used.  #  ;如果为空，则使用default_charset或output_encoding或mbstring.http_output。  
1535 ; The precedence is: default_charset > output_encoding > mbstring.http_output  #  ;优先级为：default_charset >output_encoding >mbstring.http_output  
1536 ; To use an output encoding conversion, mbstring's output handler must be set  #  ;要使用输出编码转换，必须设置mbstring的输出处理程序  
1537 ; otherwise output encoding conversion cannot be performed.  #  ;否则无法执行输出编码转换。  
1538 ; http://php.net/mbstring.http-output  #  ; http://php.net/mbstring.http-output 
1539 ;mbstring.http_output =  #  ; mbstring.http_output =  
1540      
1541 ; enable automatic encoding translation according to #  ;启用自动编码翻译 
1542 ; mbstring.internal_encoding setting. Input chars are  #  ; mbstring.internal_encoding设置。输入字符是  
1543 ; converted to internal encoding by setting this to On.  #  ;通过将此设置为On将其转换为内部编码。  
1544 ; Note: Do _not_ use automatic encoding translation for  #  ;注意：请_not_使用自动编码转换  
1545 ;       portable libs/applications.  #  ;便携式库/应用程序。 
1546 ; http://php.net/mbstring.encoding-translation #  ; http://php.net/mbstring.encoding-translation  
1547 ;mbstring.encoding_translation = Off #  ; mbstring.encoding_translation =关闭 
1548      
1549 ; automatic encoding detection order.  #  ;自动编码检测顺序。  
1550 ; "auto" detect order is changed according to mbstring.language  #  ; “auto”检测顺序根据mbstring.language更改 
1551 ; http://php.net/mbstring.detect-order #  ; http://php.net/mbstring.detect-order  
1552 ;mbstring.detect_order = auto  #  ; mbstring.detect_order = auto  
1553      
1554 ; substitute_character used when character cannot be converted #  ;在无法转换字符时使用的substitute_character  
1555 ; one from another #  ;一个接一个  
1556 ; http://php.net/mbstring.substitute-character #  ; http://php.net/mbstring.substitute-character  
1557 ;mbstring.substitute_character = none  #  ; mbstring.substitute_character = none  
1558      
1559 ; overload(replace) single byte functions by mbstring functions. #  ;通过mbstring函数重载（替换）单字节函数。 
1560 ; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), #  ; mail（），ereg（）等被mb_send_mail（），mb_ereg（）重载，  
1561 ; etc. Possible values are 0,1,2,4 or combination of them. #  ;可能的值为0,1,2,4或它们的组合。  
1562 ; For example, 7 for overload everything.  #  ;例如，7表示过载一切。  
1563 ; 0: No overload #  ; 0：没有过载  
1564 ; 1: Overload mail() function  #  ; 1：重载mail（）函数  
1565 ; 2: Overload str*() functions #  ; 2：重载str *（）函数 
1566 ; 4: Overload ereg*() functions  #  ; 4：重载ereg *（）函数  
1567 ; http://php.net/mbstring.func-overload  #  ; http://php.net/mbstring.func-overload 
1568 ;mbstring.func_overload = 0  #  ; mbstring.func_overload = 0  
1569      
1570 ; enable strict encoding detection.  #  ;启用严格的编码检测。 
1571 ; Default: Off #  ;默认值：关闭 
1572 ;mbstring.strict_detection = On  #  ; mbstring.strict_detection = On  
1573      
1574 ; This directive specifies the regex pattern of content types for which mb_output_handler()  #  ;该指令指定mb_output_handler（）的内容类型的正则表达式模式  
1575 ; is activated.  #  ;被激活了。  
1576 ; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml)  #  ;默认值：mbstring.http_output_conv_mimetype = ^（text / | application / xhtml \ + xml） 
1577 ;mbstring.http_output_conv_mimetype= #  ; mbstring.http_output_conv_mimetype =  
1578      
1579 [gd] #  [GD]  
1580 ; Tell the jpeg decode to ignore warnings and try to create  #  ;告诉jpeg解码忽略警告并尝试创建  
1581 ; a gd image. The warning will then be displayed as notices  #  ;一个gd图像。然后警告将显示为通知  
1582 ; disabled by default  #  ;默认情况下禁用  
1583 ; http://php.net/gd.jpeg-ignore-warning  #  ; http://php.net/gd.jpeg-ignore-warning 
1584 ;gd.jpeg_ignore_warning = 0  #  ; gd.jpeg_ignore_warning = 0  
1585      
1586 [exif] #  [EXIF]  
1587 ; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS.  #  ; Exif UNICODE用户注释作为UCS-2BE / UCS-2LE处理，JIS作为JIS处理。 
1588 ; With mbstring support this will automatically be converted into the encoding #  ;有了mbstring支持，这将自动转换为编码 
1589 ; given by corresponding encode setting. When empty mbstring.internal_encoding #  ;由相应的编码设置给出。当空mbstring.internal_encoding  
1590 ; is used. For the decode settings you can distinguish between motorola and  #  ;用来。对于解码设置，您可以区分motorola和 
1591 ; intel byte order. A decode setting cannot be empty.  #  ;英特尔字节顺序。解码设置不能为空。  
1592 ; http://php.net/exif.encode-unicode #  ; http://php.net/exif.encode-unicode  
1593 ;exif.encode_unicode = ISO-8859-15 #  ; exif.encode_unicode = ISO-8859-15 
1594      
1595 ; http://php.net/exif.decode-unicode-motorola  #  ; http://php.net/exif.decode-unicode-motorola 
1596 ;exif.decode_unicode_motorola = UCS-2BE  #  ; exif.decode_unicode_motorola = UCS-2BE  
1597      
1598 ; http://php.net/exif.decode-unicode-intel #  ; http://php.net/exif.decode-unicode-intel  
1599 ;exif.decode_unicode_intel    = UCS-2LE  #  ; exif.decode_unicode_intel = UCS-2LE 
1600      
1601 ; http://php.net/exif.encode-jis #  ; http://php.net/exif.encode-jis  
1602 ;exif.encode_jis = #  ; exif.encode_jis = 
1603      
1604 ; http://php.net/exif.decode-jis-motorola  #  ; http://php.net/exif.decode-jis-motorola 
1605 ;exif.decode_jis_motorola = JIS  #  ; exif.decode_jis_motorola = JIS  
1606      
1607 ; http://php.net/exif.decode-jis-intel #  ; http://php.net/exif.decode-jis-intel  
1608 ;exif.decode_jis_intel    = JIS  #  ; exif.decode_jis_intel = JIS 
1609      
1610 [Tidy] #  [整洁]  
1611 ; The path to a default tidy configuration file to use when using tidy #  ;使用整洁时要使用的默认整洁配置文件的路径 
1612 ; http://php.net/tidy.default-config #  ; http://php.net/tidy.default-config  
1613 ;tidy.default_config = /usr/local/lib/php/default.tcfg #  ; tidy.default_config = /usr/local/lib/php/default.tcfg 
1614      
1615 ; Should tidy clean and repair output automatically? #  ;应该整理干净并自动修复输出吗？  
1616 ; WARNING: Do not use this option if you are generating non-html content #  ;警告：如果要生成非HTML内容，请不要使用此选项 
1617 ; such as dynamic images #  ;比如动态图像 
1618 ; http://php.net/tidy.clean-output #  ; http://php.net/tidy.clean-output  
1619 tidy.clean_output = Off  #  tidy.clean_output =关闭 
1620      
1621 [soap] #  [肥皂]  
1622 ; Enables or disables WSDL caching feature.  #  ;启用或禁用WSDL缓存功能。 
1623 ; http://php.net/soap.wsdl-cache-enabled #  ; http://php.net/soap.wsdl-cache-enabled  
1624 soap.wsdl_cache_enabled=1  #  soap.wsdl_cache_enabled = 1 
1625      
1626 ; Sets the directory name where SOAP extension will put cache files. #  ;设置SOAP扩展将放置缓存文件的目录名称。  
1627 ; http://php.net/soap.wsdl-cache-dir #  ; http://php.net/soap.wsdl-cache-dir  
1628      
1629 ; RPM note : cache directory must be owned by process owner  #  ; RPM注意：缓存目录必须由进程所有者拥有  
1630 ; for mod_php, see /etc/httpd/conf.d/php.conf  #  ;对于mod_php，请参阅/etc/httpd/conf.d/php.conf  
1631 ; for php-fpm, see /etc/php-fpm.d/*conf  #  ;对于php-fpm，请参阅/etc/php-fpm.d/*conf  
1632 soap.wsdl_cache_dir="/tmp" #  soap.wsdl_cache_dir = “/ tmp中”  
1633      
1634 ; (time to live) Sets the number of second while cached file will be used  #  ; （生存时间）设置将使用高速缓存文件的秒数  
1635 ; instead of original one. #  ;而不是原始的。  
1636 ; http://php.net/soap.wsdl-cache-ttl #  ; http://php.net/soap.wsdl-cache-ttl  
1637 soap.wsdl_cache_ttl=86400  #  soap.wsdl_cache_ttl = 86400 
1638      
1639 ; Sets the size of the cache limit. (Max. number of WSDL files to cache) #  ;设置缓存限制的大小。 （要缓存的最大WSDL文件数） 
1640 soap.wsdl_cache_limit = 5  #  soap.wsdl_cache_limit = 5 
1641      
1642 [sysvshm]  #  [SYSVSHM] 
1643 ; A default size of the shared memory segment  #  ;共享内存段的默认大小 
1644 ;sysvshm.init_mem = 10000  #  ; sysvshm.init_mem = 10000  
1645      
1646 [ldap] #  [LDAP]  
1647 ; Sets the maximum number of open links or -1 for unlimited. #  ;设置最大打开链接数或-1表示无限制。 
1648 ldap.max_links = -1  #  ldap.max_links = -1 
1649      
1650 [mcrypt] #  [mcrypt的] 
1651 ; For more information about mcrypt settings see http://php.net/mcrypt-module-open #  ;有关mcrypt设置的更多信息，请参阅http://php.net/mcrypt-module-open 
1652      
1653 ; Directory where to load mcrypt algorithms  #  ;目录在哪里加载mcrypt算法  
1654 ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) #  ;默认值：编译成libmcrypt（通常是/ usr / local / lib / libmcrypt） 
1655 ;mcrypt.algorithms_dir=  #  ; mcrypt.algorithms_dir = 
1656      
1657 ; Directory where to load mcrypt modes #  ;目录加载mcrypt模式的位置  
1658 ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) #  ;默认值：编译成libmcrypt（通常是/ usr / local / lib / libmcrypt） 
1659 ;mcrypt.modes_dir= #  ; mcrypt.modes_dir =  
1660      
1661 [dba]  #  [DBA] 
1662 ;dba.default_handler=  #  ; dba.default_handler = 
1663      
1664 [curl] #  [卷曲]  
1665 ; A default value for the CURLOPT_CAINFO option. This is required to be an #  ; CURLOPT_CAINFO选项的默认值。这必须是一个 
1666 ; absolute path. #  ;绝对路径。  
1667 ;curl.cainfo = #  ; curl.cainfo = 
1668      
1669 [openssl]  #  [OpenSSL的]  
1670 ; The location of a Certificate Authority (CA) file on the local filesystem  #  ;证书颁发机构（CA）文件在本地文件系统上的位置  
1671 ; to use when verifying the identity of SSL/TLS peers. Most users should #  ;在验证SSL / TLS对等体的身份时使用。大多数用户应该  
1672 ; not specify a value for this directive as PHP will attempt to use the  #  ;不指定此指令的值，因为PHP将尝试使用  
1673 ; OS-managed cert stores in its absence. If specified, this value may still  #  ;操作系统管理的证书商店缺席。如果指定，则此值可能仍然存在 
1674 ; be overridden on a per-stream basis via the "cafile" SSL stream context  #  ;通过“cafile”SSL流上下文在每个流的基础上重写  
1675 ; option.  #  ;选项。  
1676 ;openssl.cafile= #  ; openssl.cafile =  
1677      
1678 ; If openssl.cafile is not specified or if the CA file is not found, the #  ; 如果未指定openssl.cafile或未找到CA文件，则 
1679 ; directory pointed to by openssl.capath is searched for a suitable  #  ; 在openssl.capath指向的目录中搜索一个合适的目录  
1680 ; certificate. This value must be a correctly hashed certificate directory.  #  ; 证书。 此值必须是正确的哈希证书目录。 
1681 ; Most users should not specify a value for this directive as PHP will #  ; 大多数用户不应像PHP那样为此指令指定值  
1682 ; attempt to use the OS-managed cert stores in its absence. If specified,  #  ; 尝试在缺席的情况下使用OS管理的证书库。 如果指定，  
1683 ; this value may still be overridden on a per-stream basis via the "capath"  #  ; 这个值仍然可以通过“capath”在每个流的基础上被覆盖  
1684 ; SSL stream context option. #  ; SSL流上下文选项。  
1685 ;openssl.capath= #  ; openssl.capath= 
1686      
1687 ; Local Variables: #  ; 局部变量： 
1688 ; tab-width: 4 #  ; 标签宽度：4  

重启服务

[root@web ~]# systemctl restart nginx   # 如出现“nginx: [emerg] open() "/var/run/nginx.pid" failed (13: Permission denied)”提示，先stop nginx,再start nginx，即可解决。
[root@web ~]# systemctl restart php-fpm

自定义网站的根目录，需要开放selinux权限，如下操作： （注:没开放会出现HTTP404 HTTP403等提示）

[root@web ~]# chcon -R -u system_u /var/www/ktxsz/www/html/
[root@web ~]# chcon -R -t usr_t /var/www/ktxsz/www/html/
[root@web ~]# systemctl restart firewalld

phpMyAdmin 安装

[root@web ~]# yum -y install wget 
phpMyAdmin 官方下载地址：http://www.phpmyadmin.net/downloads/
[root@web ~]# wget https://files.phpmyadmin.net/phpMyAdmin/4.8.4/phpMyAdmin-4.8.4-all-languages.tar.gz
[root@web ~]# tar zxvf phpMyAdmin-4.8.4-all-languages.tar.gz -C /usr/share/
[root@web ~]# mv /usr/share/phpMyAdmin-4.8.4-all-languages /usr/share/phpMyAdmin
[root@web ~]# ln -s /usr/share/phpMyAdmin /var/www/ktxsz/phpmyadmin # 创建一个链接

在nginx配置文件中设置phpMyAdmin的配置文件

[root@web ~]# vi /etc/nginx/conf.d/ktxsz.conf
server {
    listen  80;
    server_name 10.2.0.166;

    charset utf-8;

    #access_log  logs/host.access.log  main;

   # location / {
   #     root /var/www/ktxsz/www/html;
   #     index   index.html index.htm;
   # }

    root /var/www/ktxsz/www/html;
    index index.html index.htm;

    location / {
    }
    #error_page 404     /404.html;

    # redirect server error pages to the static page /50x.html
    # 将服务器错误页面重定向到静态页面/50x.html
    error_page  500 502 503 504 /50x.html;
    location = /50x.html {
        root html;
    }

    location ~ \.php$ {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        #fastcgi_param PATH_INFO $fastcgi_path_info;
        include fastcgi_params;
    }

    location /phpmyadmin {
        root /var/www/ktxsz/www/;
        index index.php index.html index.htm;

        location ~ ^/phpmyadmin/(.+\.php)$ {
            try_files $uri =404;
            root /var/www/ktxsz/www/;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param HTTPS $https if_not_empty; # 在有https时，使用https，没有则可能省略；如 fastcgi_param HTTPS on;时，则必须使用https。
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include /etc/nginx/fastcgi_params;
        }

        location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
            root /var/www/ktxsz/www/;
        }

    }

    location /phpMyAdmin {
        rewrite ^/* /phpmyadmin last;
    }
}

[root@web ~]# systemctl restart nginx
[root@web ~]# systemctl restart php-fpm

输入网址：http://10.2.0.166/phpmyadmin/ ，出现如下问题时

[root@web ~]# find / -name session
[root@web ~]# mkdir /var/lib/php/session
[root@web ~]# chown -R nginx:nginx /var/lib/php/session
[root@web ~]# chmod -R 0755 /var/lib/php/session # #可能需要770以上权限才正常

登陆phpMyAdmin后，出现如下三个问题：

第一个问题解决方案；点击 “查找原因”，看到如下页面，点击 “创建”。

第二个问题解决方案：

[root@web ~]# cp /usr/share/phpMyAdmin/config.sample.inc.php /usr/share/phpMyAdmin/config.inc.php
[root@web ~]# openssl rand -base64 32 # 生成一串随机的密码
gUGKwgF/nnS5RB8wOzs2NMMLvGmKPRIBsBcgiEkqifU=
[root@web ~]# vi /usr/share/phpMyAdmin/config.inc.php
>?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
 * phpMyAdmin sample configuration, you can use it as base for
 * manual configuration. For easier setup you can use setup/
 *
 * All directives are explained in documentation in the doc/ folder
 * or at >https://docs.phpmyadmin.net/<.
 *
 * @package PhpMyAdmin
 */

/**
 * This is needed for cookie based authentication to encrypt password in
 * cookie. Needs to be 32 chars long.
 */
$cfg['blowfish_secret'] = 'gUGKwgF/nnS5RB8wOzs2NMMLvGmKPRIBsBcgiEkqifU='; /* YOU MUST FILL IN THIS F                                                                    OR COOKIE AUTH! */ # 把生成的随机码复制进去

/**
 * Servers configuration
 */

第三个问题解决方案：

变量 $cfg['TempDir'] （./tmp/）无法访问。phpMyAdmin无法缓存模板文件，所以会运行缓慢。

[root@www ~]# find / -name *_config.php
/usr/share/phpMyAdmin/libraries/vendor_config.php
/usr/share/phpMyAdmin/vendor/tecnickcom/tcpdf/config/tcpdf_config.php
[root@www ~]# cp /usr/share/phpMyAdmin/libraries/vendor_config.php /usr/share/phpMyAdmin/libraries/vendor_config.php.back
[root@www ~]# vi /usr/share/phpMyAdmin/libraries/vendor_config.php
define('TEMP_DIR','/var/lib/phpmyadmin/tmp/'); /* 由'TEMP_DIR', './tmp/' 改'TEMP_DIR', '/var/lib/phpmyadmin/tmp/' */

[root@www ~]# mkdir -p /var/lib/phpmyadmin/tmp/ # tmp 只能是这个目录下；在phpMyAdmin 根目录下不生效
[root@www ~]# chown -R nginx:nginx /var/lib/phpmyadmin/tmp/ # 此目录要为WEB服务器的用户群组，且权限为0755 
[root@www ~]# chmod -R 0755 /var/lib/phpmyadmin/tmp/

病毒防治

RKHunter：检测Rootkit

RKHunter，它是Rootkit检测工具。

安装RKHunter

[root@web ~]# yum -y install rkhunter

配置、使用RKHunter

[root@web ~]# cp /etc/sysconfig/rkhunter /etc/sysconfig/rkhunter.back
[root@web ~]# vi /etc/sysconfig/rkhunter
# System configuration file for Rootkit Hunter which
# stores RPM system specifics for cron run, etc.
#
#    MAILTO= <email address to send scan report>
# DIAG_SCAN= no  - perform  normal  report scan
#            yes - perform detailed report scan
#                  (includes application check)

MAILTO=root@localhost      # 报告的收件人地址
DIAG_SCAN=no   # 如果指定 yes ；则仔细扫描

[root@web ~]# rkhunter --update  # 更新数据库

[root@web ~]# rkhunter --propupd # update system文件属性
[ Rootkit Hunter version 1.4.6 ]
File created: searched for 175 files, found 123

# 执行检查
# --sk表示sikpping to push Enter键
# if如果指定--rwo，仅显示警告
[root@web ~]# rkhunter --check --sk
[ Rootkit Hunter version 1.4.6 ]

Checking system commands...

  Performing 'strings' command checks
    Checking 'strings' command                               [ OK ]

  Performing 'shared libraries' checks
    Checking for preloading variables                        [ None found ]
    Checking for preloaded libraries                         [ None found ]
    Checking LD_LIBRARY_PATH variable                        [ Not found ]

  Performing file properties checks
    Checking for prerequisites                               [ OK ]
    /usr/bin/awk                                             [ OK ]
    /usr/bin/basename                                        [ OK ]
    /usr/bin/bash                                            [ OK ]
    /usr/bin/cat                                             [ OK ]
    ........................
    Checking /dev for suspicious file types                  [ None found ]
    Checking for hidden files and directories                [ None found ]


System checks summary
=====================

File properties checks...
    Files checked: 123
    Suspect files: 0

Rootkit checks...
    Rootkits checked : 485
    Possible rootkits: 0

Applications checks...
    All checks skipped

The system checks took: 2 minutes and 1 second

All results have been written to the log file: /var/log/rkhunter/rkhunter.log

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter/rkhunter.log)    

同时如果要想达到每周或者每月自动检测就可以将他加入到计划任务中自动执行

[root@web ~]# crontab -e
10 7 * * * root /usr/bin/rkhunter --check --cronjob

Clam AntiVirus

Clam AntiVirus是免费而且开放源代码的杀毒软件，软件与病毒码的更新皆由社群免费发布。目前ClamAV主要是使用在由Linux、FreeBSD等Unix-like系统架设的邮件服务器上，提供邮箱的病毒扫描服务。

安装Clamav

[root@web ~]# yum search clamav
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
 * base: mirrors.shu.edu.cn
 * epel: kartolo.sby.datautama.net.id
 * extras: mirrors.shu.edu.cn
 * updates: ftp.nsc.ru
181 packages excluded due to repository priority protections
======================================== N/S matched: clamav =========================================
clamav-filesystem.noarch :  clamav的文件系统结构
clamav-milter-systemd.x86_64 :  clamav sendmail-milter的系统初始脚本
clamav-scanner-systemd.x86_64 : clamav扫描程序守护程序的systemd initscripts
clamav-server-systemd.x86_64 :  clamav服务器的系统初始脚本
clamav-unofficial-sigs.noarch : 用于下载非官方clamav签名的脚本
clamav.x86_64 : Clam Antivirus扫描程序的最终用户工具
clamav-data.noarch :  Clam Antivirus扫描程序的病毒签名数据
clamav-devel.x86_64 : Clam Antivirus扫描程序的头文件和库
clamav-lib.x86_64 : Clam Antivirus扫描程序的动态库
clamav-milter.x86_64 :  用于Clam Antivirus扫描仪的Milter模块
clamav-update.x86_64 :  Clam Antivirus扫描程序数据文件的自动更新程序

  Name and summary matches only, use "search all" for everything.

[root@web ~]# yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
或 [root@web ~]# yum install clamav-filesystem clamav-milter-systemd clamav-scanner-systemd clamav-server-systemd clamav clamav-data clamav-devel clamav-lib clamav-milter clamav-update

在两个配置文件/etc/freshclam.conf和/etc/clamd.d/scan.conf中移除“Example”字符

[root@web ~]# sed -i -e "s/^Example/#Example/" /etc/freshclam.conf                 
[root@www ~]# sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf
[root@www ~]# sed -i -e "s/^#LocalSocket/LocalSocket/" /etc/clamd.d/scan.conf # 如果没有去掉 LocalSocket 开始头的注释，systemctl start clamd@scan 时，提示出错。 好像是ClamAV 0.101.1版本起

更新数据

[root@web ~]# freshclam

如果在手动更新病毒库的时候遇到错误：Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working.

此时就要删除掉旧的镜像地址文件

[root@web ~]# rm -f /var/lib/cleamav/mirrors.dat

# 再手动更新一次病毒库
[root@web ~]# freshclam

SELinux 要修改其配置以允许ClamAV，请运行以下命令

[root@web ~]# setsebool -P antivirus_can_scan_system on
# 省略如下两个命令也可正常工作
[root@web ~]# setsebool -P clamd_use_jit 1 
[root@web ~]# getsebool -a | grep antivirus

freshclam更新病毒数据库

安装好后，会自动创建一个每天的定时任务 rkhunter

[root@web ~]# ll /etc/cron.daily
total 12
-rwx------. 1 root root  219 Oct 31 03:12 logrotate
-rwxr-xr-x. 1 root root  618 Oct 30 22:55 man-db.cron
-rwxr-xr-x. 1 root root 1745 Feb 26  2018 rkhunter

要自动运行它，您可以创建一个cron定时任务，也可以创建一个systemd服务文件。

cron 定时更新病毒数据库

[root@web ~]# crontab -e
00 01,13 * * *  /usr/bin/freshclam --quiet # 每天 凌晨1点和下午1点更新数据库

如果您不想使用cron作业，也可以创建systemd服务。

[root@www ~]# vi /usr/lib/systemd/system/freshclam.service
[Unit]
Description=freshclam scanner
After=network.target

[Service]
Type=forking
ExecStart=/usr/bin/freshclam -d -c 2
Restart=on-failure
PrivateTmp=true

[Install]
WantedBy=multi-user.target

[root@www ~]# systemctl start freshclam
[root@www ~]# systemctl enable freshclam

启动扫描程序服务

[root@www ~]# systemctl start clamd@scan
[root@www ~]# systemctl enable clamd@scan

查看版本

[root@www ~]# clamdscan -V
ClamAV 0.101.1/25372/Tue Feb 26 18:34:09 2019

源安装

[root@web ~]# wget https://www.clamav.net/downloads/production/clamav-0.101.0.tar.gz

基于Web的系统管理工具

系统管理员的管理工具Webmin

为管理员安装Webmin，这是基于Web的系统配置工具。

首先安装所需的包

[root@web ~]# yum -y install perl-Net-SSLeay

安装Webmin

确保最新的Webmin并从此处下载。

[root@web ~]# yum -y install http://download.webmin.com/download/yum/webmin-1.900-1.noarch.rpm
[root@web ~]# vi /etc/webmin/miniserv.conf
port=10000
root=/usr/libexec/webmin
mimetypes=/usr/libexec/webmin/mime.types
addtype_cgi=internal/cgi
realm=Webmin Server
logfile=/var/webmin/miniserv.log
errorlog=/var/webmin/miniserv.error
pidfile=/var/webmin/miniserv.pid
logtime=168
ssl=1
no_ssl2=1
no_ssl3=1
no_tls1=1
no_tls1_1=1
ssl_honorcipherorder=1
no_sslcompression=1
env_WEBMIN_CONFIG=/etc/webmin
env_WEBMIN_VAR=/var/webmin
atboot=1
logout=/etc/webmin/logout-flag
listen=10000
denyfile=\.pl$
log=1
blockhost_failures=5
blockhost_time=60
syslog=1
ipv6=1
session=1
premodules=WebminCore
server=MiniServ/1.900
userfile=/etc/webmin/miniserv.users
keyfile=/etc/webmin/miniserv.pem
passwd_file=/etc/shadow
passwd_uindex=0
passwd_pindex=1
passwd_cindex=2
passwd_mindex=4
passwd_mode=0
preroot=authentic-theme
passdelay=1
login_script=/etc/webmin/login.pl
logout_script=/etc/webmin/logout.pl
cipher_list_def=1
failed_script=/etc/webmin/failed.pl
allow=127.0.0.1 10.2.0.0/24 # 添加允许访问的IP地址

[root@web ~]# /etc/rc.d/init.d/webmin restart  # 启动服务
Stopping Webmin server in /usr/libexec/webmin
Starting Webmin server in /usr/libexec/webmin
Cron 15453575686957 missing any time spec

[root@web ~]# firewall-cmd --permanent --add-port=10000/tcp
success
[root@web ~]# firewall-cmd --reload
success

在localhost或网络上的其他客户端上启动Web浏览器，并访问“https://(服务器的主机名或IP地址):10000/”。然后，显示Webmin站点，使用root帐户登录。

系统用户的管理工具Usermin

为用户安装Usermin，这是基于Web的配置工具。

首先安装所需的包

[root@web ~]# yum -y install perl-Net-SSLeay perl-Authen-PAM

安装Usermin

确保最新的Usermin并从此处下载。

[root@web ~]# yum -y install http://download.webmin.com/download/yum/usermin-1.750-1.noarch.rpm
[root@web ~]# vi /etc/usermin/miniserv.conf
port=20000
root=/usr/libexec/usermin
mimetypes=/usr/libexec/usermin/mime.types
addtype_cgi=internal/cgi
realm=Usermin Server
logfile=/var/usermin/miniserv.log
errorlog=/var/usermin/miniserv.error
pidfile=/var/usermin/miniserv.pid
logtime=168
ppath=
ssl=1
no_ssl2=1
no_ssl3=1
no_tls1=1
no_tls1_1=1
env_WEBMIN_CONFIG=/etc/usermin
env_WEBMIN_VAR=/var/usermin
atboot=
logout=/etc/usermin/logout-flag
listen=20000
denyfile=\.pl$
log=1
blockhost_failures=5
blockhost_time=60
session=1
unixauth=user
pam=usermin
premodules=WebminCore
server=MiniServ/1.750
userfile=/etc/usermin/miniserv.users
keyfile=/etc/usermin/miniserv.pem
passwd_file=/etc/shadow
passwd_uindex=0
passwd_pindex=1
passwd_cindex=2
passwd_mindex=4
passwd_mode=2
sidname=usid
preroot=authentic-theme
passdelay=1
allow=127.0.0.1 10.2.0.0/24 # 添加允许访问的IP地址
denyusers=root # 禁止root登录

[root@web ~]# cat /etc/usermin/miniserv.conf
port=20000
addtype_cgi=internal/cgi
realm=Usermin Server
logfile=/var/usermin/miniserv.log
errorlog=/var/usermin/miniserv.error
pidfile=/var/usermin/miniserv.pid
logtime=168
ppath=
ssl=1
env_WEBMIN_CONFIG=/etc/usermin
env_WEBMIN_VAR=/var/usermin
atboot=
logout=/etc/usermin/logout-flag
listen=20000
denyfile=\.pl$
log=1
blockhost_failures=5
blockhost_time=60
session=1
unixauth=user
pam=usermin
premodules=WebminCore
userfile=/etc/usermin/miniserv.users
keyfile=/etc/usermin/miniserv.pem
passwd_file=/etc/shadow
passwd_uindex=0
passwd_pindex=1
passwd_cindex=2
passwd_mindex=4
passwd_mode=2
sidname=usid
preroot=gray-theme
passdelay=1
allow=127.0.0.1 10.2.0.0/24
denyusers=root
root=/usr/libexec/usermin
mimetypes=/usr/libexec/usermin/mime.types
server=MiniServ/1.750

[root@web ~]# /etc/rc.d/init.d/usermin start  # 启动服务
[root@web ~]# firewall-cmd --permanent --add-port=20000/tcp
success
[root@web ~]# firewall-cmd --reload
success

在localhost或网络上的其他客户端上启动Web浏览器，并访问“https://(服务器的主机名或IP地址):20000/”。然后，显示Usermin站点，使用普通帐户登录。