Centos7 LNMP/LEMP 安装配置
网站根目录 /var/www/ktxsz 网站目录 /var/www/ktxsz/hmtl
/* mkdir –p /var/www/ktxsz/html # -p 创建一条完整的路径,当路径中的某个目录已经存在时,跳过该目录继续创建下一级目录。*/
[root@web2 ~]# cat /etc/redhat-release #查看系统版本
CentOS Linux release 7.2.1511 (Core)
设置root远程不能直接登陆 需要用lhj账号su到root
[root@web2 ~]# usermod -G wheel lhj
[root@web2 ~]# vi /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid #取消该行注释
auth substack system-auth
auth include postlogin
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session include postlogin
session optional pam_xauth.so
[root@web2 ~]# vi /etc/ssh/sshd_config
PermitRootLogin no #取消注释,yes改no,禁止root远程登陆
PermitEmptyPasswords no #取消注释 应该是非空密码登陆
PasswordAuthentication yes #默认如此
[root@web2 ~]# systemctl restart sshd
设置sftp账号只登陆指定目录下的读写权限,此示例是以/var/www为根目录sftp服务,如果不存在,须建立mkdir /var/www
第一步:创建sftp服务用户组,创建sftp服务根目录
[root@web2 ~]# ll /var
[root@web2 ~]# mkdir /var/www #此目录及上级目录的所有者(owner)必须为root,权限不高于755,此目录的组最好设定为sftp
[root@web2 ~]# ll /var/
......
drwxr-xr-x. 2 root root 6 Feb 29 21:19 www
drwxr-xr-x. 2 root root 6 Aug 12 2015 yp
[root@web2 ~]# groupadd sftp
[root@web2 ~]# chown -R root:sftp /var/www # 查看此目录下所有组在root下,所以改为sftp组所有
[root@web2 ~]# chmod -R 0755 /var/www
第二步:备份sshd配置文件然后编辑,本示例未备份
[root@web2 ~]# vi /etc/ssh/sshd_config
这一步,注释掉/etc/ssh/sshd_config文件中的此行代码:
Subsystem sftp /usr/libexec/openssh/sftp-server
添加如下代码:
Subsystem sftp internal-sftp
Match Group sftp
ChrootDirectory /var/www/%u
X11Forwarding no # X11Forwarding 11是数字
AllowTcpForwarding no
ForceCommand internal-sftp
功能可简述为:凡是在用户组sftp里的用户,都可以使用sftp服务
使用sftp服务连接上之后,可访问目录为/srv/sftp/username
[root@web2 ~]# systemctl restart sshd
第三步:添加有效的sftp用户,且给予用户写权限
#此例将创建一个名称为ktxsz的sftp帐号
#创建ktxsz的家目录:ktxsz目录的所有者必须是root,组最好设定为sftp,权限不高于755
[root@web2 ~]# mkdir /var/www/ktxsz #是本示例的网站的根目录(先设置这个,安装nginx后,指定到这个目录上,访问时,提示 http 403,权限问题,删除后再建此目录就正常访问。未测试先安装nginx,再设置此功能)
[root@web2 ~]# chmod 0755 /var/www/ktxsz
[root@web2 ~]# chown root:sftp /var/www/ktxsz
[root@web2 ~]# useradd -g sftp -d /var/www/ktxsz -s /sbin/nologin ktxsz #增加一个不能用于登陆ssh,只用于/var/www/ktxsz目录下sftp,并属于sftp组的ktxsz账号;
#如果ktxsz账号已存在,用 usermod –g sftp –d /var/www/ktxsz –s /sbin/nologin ktxsz
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[root@web2 ~]# usermod -g sftp -d /var/www/ktxsz -s /sbin/nologin ktxsz
usermod: no changes
[root@web2 ~]# passwd ktxsz
Changing password for user ktxsz.
New password:
BAD PASSWORD: The password fails the dictionary check - it is too simplistic/systematic
Retype new password:
passwd: all authentication tokens updated successfully.
[root@web2 ~]# ll /var/www/
total 0
drwxr-xr-x. 2 root sftp 6 Feb 29 21:24 ktxsz
为ktxsz目录下创建一个ktxsz账号可写的html目录,如有多个,如同再建
[root@web2 ~]# mkdir /var/www/ktxsz/html #是本示例的网站的目录
[root@web2 ~]# chown -R ktxsz:sftp /var/www/ktxsz/html
[root@web2 ~]#
最后再强调一下,sftp服务的根目录的所有者必须是root,权限不能超过755(上级目录也必须遵循此规则),sftp的用户目录所有者也必须是root,且最高权限不能超过755.
安装LEMP
yum安装MariaDB
添加MariaDB的YUM源
源生成器 http://downloads.mariadb.org/mariadb/repositories/
一旦生成了你的 MariaDB.repo内容条目,把它添加到文件并置于“/etc/yum.repos.d/”目录下。(我们建议命名类似为 /etc/yum.repos.d/MariaDB.repo)
下面是CentOS 7 X64的一个例子MariaDB.repo文件:
[root@web2 ~]# vi /etc/yum.repos.d/MariaDB.repo
# MariaDB 10.1 CentOS repository list - created 2016-02-29 14:27 UTC
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
用yum安装MariaDB
准备好repo文件后你现在可以像这样安装MariaDB:
[root@web2 ~]# yum install MariaDB-server MariaDB-client –y
……
Replaced:
mariadb-libs.x86_64 1:5.5.44-2.el7.centos
Complete!
[root@web2 ~]# systemctl start mariadb
[root@web2 ~]# systemctl enable mariadb
查看版本
[root@web2 ~]# mysql –V # V要大写
mysql Ver 15.1 Distrib 10.1.12-MariaDB, for Linux (x86_64) using readline 5.1
[root@web2 ~]#
设置MariaDB及密码
[root@web2 ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y # 设置 root 密码
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y # 删除匿名用户
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y # 不允许 root 远程登陆
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y # 删除测试数据库
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y # 重新加载权限表
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@web2 ~]# mysql -u root –p # 使用 root用户登陆数据库
Enter password: # 密码
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 14
Server version: 10.1.12-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
/* 或以其他方式创建一个新的数据库用户:
MariaDB [(none)]> CREATE USER 'dba'@'localhost' IDENTIFIED BY 'YourPasswordHere'; # dba 用户名; YourPasswordHere登陆密码
MariaDB [(none)]> GRANT ALL PRIVILEGES ON * . * TO 'dba'@'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;
*/
MariaDB [(none)]> SELECT user,host,password from mysql.user; #显示用户列表
+------+-----------+-------------------------------------------+
| user | host | password |
+------+-----------+-------------------------------------------+
| root | localhost | *F8************************************** |
| root | 127.0.0.1 | *F8************************************** |
| root | ::1 | *F8************************************** |
+------+-----------+-------------------------------------------+
3 rows in set (0.05 sec)
MariaDB [(none)]> SHOW databases; #显示数据列表
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.06 sec)
MariaDB [(none)]> exit #退出数据库
Bye
设置数据库字符集(默认)
[root@web ~]# vi /etc/my.cnf.d/server.cnf
#
# These groups are read by MariaDB server.
# Use it for options that only the server (but not clients) should see
#
# See the examples of server my.cnf files in /usr/share/mysql/
#
# this is read by the standalone daemon and embedded servers
[server]
# this is only for the mysqld standalone daemon
[mysqld]
init_connect = 'SET collation_connection = utf8_general_ci'
init_connect = 'SET NAMES utf8'
character_set_server = utf8
collation_server = utf8_general_ci
[mysqld_safe]
init_connect = 'SET collation_connection = utf8_general_ci'
init_connect = 'SET NAMES utf8'
character_set_server = utf8
collation_server = utf8_general_ci
#
# * Galera-related settings
#
[galera]
# Mandatory settings
#wsrep_on=ON
#wsrep_provider=
#wsrep_cluster_address=
#binlog_format=row
#default_storage_engine=InnoDB
#innodb_autoinc_lock_mode=2
#
# Allow server to accept connections on all interfaces.
#
#bind-address=0.0.0.0
#
# Optional setting
#wsrep_slave_threads=1
#innodb_flush_log_at_trx_commit=0
# this is only for embedded server
[embedded]
# This group is only read by MariaDB servers, not by MySQL.
# If you use the same .cnf file for MySQL and MariaDB,
# you can put MariaDB-only options here
[mariadb]
# This group is only read by MariaDB-10.1 servers.
# If you use the same .cnf file for MariaDB of different versions,
# use this group for options that older servers don't understand
[mariadb-10.1]
[root@web ~]# systemctl restart mariadb
MariaDB [(none)]> show variables like 'character%';
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id: 2
Current database: *** NONE ***
+--------------------------+----------------------------+
| Variable_name | Value |
+--------------------------+----------------------------+
| character_set_client | utf8 |
| character_set_connection | utf8 |
| character_set_database | utf8 |
| character_set_filesystem | binary |
| character_set_results | utf8 |
| character_set_server | utf8 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.00 sec)
安装 NGINX
[root@web2 ~]# rpm -Uivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
[root@web2 ~]# yum -y install nginx
[root@web2 ~]# nginx -v
nginx version: nginx/1.8.1
[root@web2 ~]# systemctl start nginx
[root@web2 ~]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@web2 ~]# cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.back
[root@web2 ~]# vi /etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
server_tokens off; # 隐藏nginx 版本号,phpinfo中版本另外设置
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
#在此后面添加如下内容
server {
/* listen 80 default_server;
listen [::]:80 default_server;
server_name _; */
listen 80;
server_name localhost;
charset utf-8;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
} # 止
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
}
[root@web2 ~]# systemctl restart nginx
[root@web2 ~]# firewall-cmd --permanent --zone=public --add-service=http
success
[root@web2 ~]# firewall-cmd --permanent --zone=public --add-service=https
success
[root@web2 ~]# firewall-cmd --reload
success
[root@web2 ~]# vi /usr/share/nginx/html/12.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
KTXSZ 欢迎您!
</div>
</body>
</html>
查看服务器版本
[root@web2 ~]# curl -I www.ktxsz.cn
HTTP/1.1 200 OK
Via: 1.1 SERVER-DELL
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Content-Length: 738
Date: Tue, 08 Mar 2016 00:33:55 GMT
Age: 17803
Content-Type: text/html
ETag: "56442231-2e2"
Server: nginx/1.6.3
Last-Modified: Thu, 12 Nov 2015 05:22:57 GMT
Accept-Ranges: bytes
安装 php7
[root@web2 ~]# yum install epel-release –y
[root@web2 ~]# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
[root@web2 ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
[root@web2 ~]# rpm -Uvh http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
[root@web2 ~]# yum search php70w
============================== N/S matched: php70w ===============================
php70w.x86_64:PHP脚本语言,用于创建动态网站
php70w-bcmath.x86_64:一个PHP应用程序模块使用bcmath库
php70w-cli.x86_64:命令行界面PHP
php70w-common.x86_64:为PHP通用文件
php70w-dba.x86_64:为PHP应用程序的数据库抽象层模块
php70w-devel.x86_64:文件需要构建PHP扩展
php70w-embedded.x86_64:PHP库在应用程序中嵌入
php70w-enchant.x86_64:附魔为PHP应用程序扩展名的拼写
php70w-fpm.x86_64:PHP的FastCGI进程管理器
php70w-gd.x86_64:一个PHP应用程序模块使用的GD图形库
php70w-imap.x86_64:一个使用IMAP的PHP应用程序模块
php70w-interbase.x86_64:一个使用InterBase /火鸟数据库,PHP应用程序模块
php70w-intl.x86_64:国际化扩展PHP应用程序
php70w-ldap.x86_64:一个使用LDAP PHP应用程序模块
php70w-mbstring.x86_64:一种为需要多字节字符串处理PHP应用程序模块
php70w-mcrypt.x86_64:标准PHP模块提供的mcrypt库支持
php70w-mysql.x86_64:一个PHP应用程序模块使用MySQL数据库
php70w-mysqlnd.x86_64:一个PHP应用程序模块使用MySQL数据库
php70w-odbc.x86_64:一个使用ODBC数据库的PHP应用程序模块
php70w-opcache.x86_64:操作码缓存Zend扩展
php70w-pdo.x86_64:为PHP应用程序的数据库访问抽象模块
php70w-pdo_dblib.x86_64:PHP的MSSQL数据库模块
php70w-pear.noarch:PHP扩展和应用程序库框架
php70w-PECL-apcu.x86_64:APCu - APC用户缓存
php70w-PECL-apcu-devel.x86_64:APCu开发文件(头)
php70w-PECL-imagick.x86_64:提供的包装到ImageMagick库
php70w-PECL-imagick-devel.x86_64:Imagick开发文件(头)
php70w-PECL-xdebug.x86_64:PECL包调试PHP脚本
php70w-pgsql.x86_64:PHP的PostgreSQL数据库模块
php70w-phpdbg.x86_64:互动PHP调试器
php70w-process.x86_64:使用系统进程接口PHP脚本模块
php70w-pspell.x86_64:一种为使用pspell接口的PHP应用程序模块
php70w-recode.x86_64:一个PHP应用程序模块使用重新编码库
php70w-snmp.x86_64:一个用于查询SNMP管理型设备的PHP应用程序模块
php70w-soap.x86_64:一个使用SOAP协议的PHP应用程序模块
php70w-tidy.x86_64:标准PHP模块提供整洁库支持
php70w-xml.x86_64:一种对于使用XML的PHP应用程序模块
php70w-xmlrpc.x86_64:一,对那些使用XML-RPC协议的PHP应用程序模块
名称和摘要仅匹配,使用“搜索所有”的一切。
安装所需的模块,比如下面
[root@web2 ~]# yum install php70w-mysqlnd php70w-xml php70w-soap php70w-xmlrpc –y
# [root@web2 ~]# yum install php70w-mysql php70w-xml php70w-soap php70w-xmlrpc –y # php70w-mysql 适用老版本的数据库,不然会出现类似提示 “ mysqli_real_connect(): Headers and client library minor version mismatch. Headers:50547 Library:100116 “
[root@web2 ~]# yum install php70w-mbstring php70w-json php70w-gd php70w-mcrypt php70w-devel -y
现在,使用以下命令,使用以下命令来安装php7 FPM包
[root@web2 ~]# yum install php70w-fpm -y
……
Installed:
php70w-fpm.x86_64 0:7.0.3-1.w7
Complete!
[root@web2 ~]# systemctl start php-fpm
[root@web2 ~]# systemctl enable php-fpm
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.
[root@web2 ~]# php-fpm -v
PHP 7.0.3 (fpm-fcgi) (built: Feb 4 2016 20:52:54)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
[root@web2 ~]# cp /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.conf.back #备份
[root@web2 ~]# vi /etc/php-fpm.d/www.conf
user = nginx # apache 变为 nginx , 在8行
group = nginx # apache 变为 nginx , 在10行
保存退出
按”Esc” 输:wq!
[root@web2 ~]# vi /etc/nginx/nginx.conf
……
error_page 500 502 503 504 /50x.html;
location = /50x.html {
} #在此后面添加如下内容
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
} #止
}
}
[root@web2 ~]# systemctl restart nginx
[root@web2 ~]# systemctl restart php-fpm
[root@web2 ~]# echo "<?php phpinfo(); ?>" > /usr/share/nginx/html/info.php
隐藏 php版本号
[root@web2 ~]# find / -name php.ini
/etc/php.ini
[root@web2 ~]# vi /etc/php.ini
; Local Variables:
; tab-width: 4
; End:
[root@web2 ~]# vi /etc/php.ini
; It receives a comma-delimited list of function names.
; http://php.net/disable-functions
;disable_functions =
disable_functions = phpinfo #停用PHP指针
; This directive allows you to disable certain classes for security reasons.
; It receives a comma-delimited list of class names.
; http://php.net/disable-classes
;disable_classes =
; Colors for Syntax Highlighting mode. Anything that's acceptable in
; <span style="color: ???????"> would work.
; http://php.net/syntax-highlighting
;highlight.string = #DD0000
;highlight.comment = #FF9900
;highlight.keyword = #007700
;highlight.default = #0000BB
;highlight.html = #000000
……
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
;expose_php = On
expose_php = Off #隐藏 php版本号
;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;
[root@web2 ~]# systemctl restart nginx
[root@web2 ~]# systemctl restart php-fpm
设置虚拟主机
[root@web2 ~]# vi /etc/nginx/conf.d/ktxsz.conf
/* server {
listen 80;
server_name www.ktxsz.cn www.ktxsz.local;
root /var/www/ktxsz/html;
index index.html index.htm;
location / {
try_files $uri $uri/ /index.html;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = 50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
}
} */
server {
listen 80;
server_name www2.ktxsz.local www.ktxsz.cn;
charset utf-8;
root /var/www/ktxsz/html;
index index.html index.htm;
location / {
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
}
}
[root@web2 ~]# systemctl restart nginx
[root@web2 ~]# systemctl restart php-fpm
自定义网站的根目录,需要selinux开放权限,如下操作:
[root@web2 ~]# chcon -R -u system_u /var/www/ktxsz/html/
[root@web2 ~]# chcon -R -t usr_t /var/www/ktxsz/html/
[root@web2 ~]# systemctl restart firewalld
安装phpmyadmin
[root@web2 ~]# yum –y install wget
[root@web2 ~]# wget https://files.phpmyadmin.net/phpMyAdmin/4.5.5.1/phpMyAdmin-4.5.5.1-all-languages.tar.gz
[root@web2 ~]# wget https://files.phpmyadmin.net/phpMyAdmin/4.6.0/phpMyAdmin-4.6.0-all-languages.tar.gz (下载地址列表 http://www.phpmyadmin.net/downloads/)
[root@web2 ~]# tar zxvf phpMyAdmin-4.5.5.1-all-languages.tar.gz -C /usr/share/
[root@web2 ~]# mv /usr/share/phpMyAdmin-4.5.5.1-all-languages /usr/share/phpMyAdmin
[root@web2 ~]# ln -s /usr/share/phpMyAdmin /var/www/ktxsz/phpmyadmin
[root@web2 ~]# find / -name phpMyAdmin*
/root/phpMyAdmin-4.5.5.1-all-languages.tar.gz
[root@web2 ~]# rm /root/phpMyAdmin-4.5.5.1-all-languages.tar.gz
rm: remove regular file ‘/root/phpMyAdmin-4.5.5.1-all-languages.tar.gz’? y
[root@web2 ~]# vi /etc/nginx/conf.d/ktxsz.conf
server {
listen 80;
server_name www2.ktxsz.local www.ktxsz.cn;
charset utf-8;
root /var/www/ktxsz/html;
index index.html index.htm;
location / {
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
}
location /phpmyadmin {
root /var/www/ktxsz/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /var/www/ktxsz/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
# fastcgi_param HTTPS on;
fastcgi_param HTTPS $https if_not_empty; # 有 https 协议时才自动使用 https on,否则忽略这个参数。
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /var/www/ktxsz/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
}
[root@web2 ~]# cd /usr/share/phpMyAdmin
[root@web2 phpMyAdmin]# cp config.sample.inc.php config.inc.php
[root@web2 ~]# systemctl restart nginx
[root@web2 ~]# systemctl restart php-fpm
测试PHPMYADMIN
登陆PHPMYADMIN 网页提示
Warning in
./libraries/session.inc.php#105
session_start():
open(/var/lib/php/session/sess_ajvn8uv3er77efoe8hh7vec0u82er6rs,
O_RDWR) failed: No such file or directory (2)
Backtrace
./libraries/session.inc.php#105: session_start()
./libraries/common.inc.php#371: require(./libraries/session.inc.php)
./index.php#12: require_once(./libraries/common.inc.php)
[root@web2 ~]# find / -name session
/var/lib/php/session
[root@web2 ~]# find / -name session # 没找到
[root@web2 ~]# mkdir /var/lib/php/session
[root@web2 ~]# chown -R nginx:nginx /var/lib/php/session
[root@web2 ~]# chmod 755 /var/lib/php/session # [root@web2 ~]# chmod 777 /var/lib/php/session #可能需要770以上权限才正常
/*
改变Session用户及用户组
chown –R nginx:nginx /var/lib/php/session #
无法显示此页
在高级设置中启用 TLS 1.0、TLS 1.1 和 TLS 1.2,然后尝试再次连接到 https://www2.ktxsz.local:80 。如果此错误持续出现,则可能是由于此站点使用了不受支持的协议。请联系站点管理员。
[root@web2 ~]# find / -name session
/var/lib/php/session
#改变Session用户及用户组
#Chown –R nginx:nginx /var/lib/php/session #本例未设置
[root@web2 ~]# chmod 777 /var/lib/php/session
*/
提示“配置文件现在需要一个短语密码。”
[root@web2 ~]# cd /usr/share/phpMyAdmin
[root@web2 phpMyAdmin]# cp config.sample.inc.php config.inc.php
[root@web2 phpMyAdmin]# systemctl restart nginx
[root@web2 phpMyAdmin]# systemctl restart php-fpm
[root@web2 phpMyAdmin]# openssl rand -base64 32 #然后去生成一串随机的密码,可以使用 openssl去做:
tlyoZ//ZcwiJVksRtORpGuIyGTh+fCpKmOqu61+TxaM= #返回值
[root@web2 phpMyAdmin]# vi config.inc.php
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* phpMyAdmin sample configuration, you can use it as base for
* manual configuration. For easier setup you can use setup/
*
* All directives are explained in documentation in the doc/ folder
* or at <http://docs.phpmyadmin.net/>.
*
* @package PhpMyAdmin
*/
/**
* This is needed for cookie based authentication to encrypt password in
* cookie
*/
$cfg['blowfish_secret'] = 'tlyoZ//ZcwiJVksRtORpGuIyGTh+fCpKmOqu61+TxaM='; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
/**
* Servers configuration
*/
$i = 0;
/**
* First server
*/
$i++;
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'cookie';
/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
/*
[root@web2 ~]# vi /usr/share/phpMyAdmin/libraries/config.default.php #此方法,登陆时,要刷新几次才能进入页面
……
* @global boolean $cfg['TranslationWarningThreshold']
*/
$cfg['TranslationWarningThreshold'] = 80;
/**
* Allows phpMyAdmin to be included from a other document in a frame;
* setting this to true is a potential security hole
*
* @global boolean $cfg['AllowThirdPartyFraming']
*/
$cfg['AllowThirdPartyFraming'] = false;
/**
* The 'cookie' auth_type uses AES algorithm to encrypt the password. If
* at least one server configuration uses 'cookie' auth_type, enter here a
* pass phrase that will be used by AES. The maximum length seems to be 46
* characters.
*
* @global string $cfg['blowfish_secret']
*/
#$cfg['blowfish_secret'] = '';
$cfg['blowfish_secret'] = 'wirl1329w4imfsuwef!@3srwirlsuir^%';
/*******************************************************************************
* Server(s) configuration
*
* The $cfg['Servers'] array starts with $cfg['Servers'][1]. Do not use
* $cfg['Servers'][0]. You can disable a server configuration entry by setting host
* to ''. If you want more than one server, just copy following section
* (including $i incrementation) several times. There is no need to define
* full server array, just define values you need to change.
*
* @global array $cfg['Servers']
*/
$cfg['Servers'] = array();
……
*/
会出现这个问题,是在配置phpmyadmin填写认证方法时,即下面这行:
$cfg['Servers'][$i]['auth_type'] = ‘cookie’;
在此有四种模式可供选择,cookie,http,HTTP,config
config方式即输入phpmyadmin的访问网址即可直接进入,无需输入用户名和密码,是不安全的,不推荐使用。
当该项设置为cookie,http或HTTP时,登录phpmyadmin需要数据用户名和密码进行验证,,具体如下:
PHP安装模式为Apache,可以使用http和cookie;
PHP安装模式为CGI,可以使用cookie
phpMyAdmin 高级功能尚未完全设置,部分功能未激活。查找原因。
或者也可以去某个数据库的“操作”选项卡那里进行设置。
phpMyAdmin 高级功能尚未完全设置,部分功能未激活。查找原因。
或者也可以去某个数据库的“操作”选项卡那里进行设置。
点击 查找原因
Configuration of pmadb… 错误
基本功能 已禁用
Create a database named 'phpmyadmin'
and setup the phpMyAdmin configuration storage there.
点击 Create
创建了phpmyadmin数据库