一、首先,部署nginx
0x01 依旧接着我们之前准备好的系统继续,首先,将所有准备安装的源码包上传至服务器,软件包列表如下:
1 2 3 4 5
| libiconv-1.14.tar.gz libmcrypt-2.5.8.tar.gz mysql-5.5.32-linux2.6-x86_64.tar.gz nginx-1.10.3.tar.gz php-5.3.27.tar.gz
|
此次要实现的大致架构如下:
1
| php5.3.27 + mysql-5.5.32 + nginx-1.10.3 + centOS6.8_x64
|
0x02 开始编译安装nginx-1.10.3
安装所需的各种依赖库
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
| # yum install pcre pcre-devel gcc gcc-c++ automake zlib zlib-devel openssl openssl-devel -y # useradd -s /sbin/nologin -M nginx # tar xf nginx-1.10.3.tar.gz # cd nginx-1.10.3 # ./configure --prefix=/usr/local/nginx-1.10.3 \ --user=nginx --group=nginx --with-http_ssl_module \ --with-http_stub_status_module --with-http_gzip_static_module
# make && make install # ln -s /usr/local/nginx-1.10.3/ /usr/local/nginx # /usr/local/nginx/sbin/nginx -v # /usr/local/nginx/sbin/nginx # lsof -i :80 # /usr/local/nginx/sbin/nginx -s quit # echo "/usr/local/nginx/sbin/nginx" >> /etc/rc.local # cd /usr/local/nginx/conf/ # egrep -v "^$|#" nginx.conf.default > nginx.conf
|
0x03 详细配置nginx
添加基于域名的虚拟主机,顺便测试url重写是否真正可用
1 2 3
| # mkdir /usr/local/nginx/html/{bwapp,wp,discuz,drupal,joomla,phpcms,phpbb,dvwa} -p # mkdir /usr/local/nginx/conf/extra && cd /usr/local/nginx/conf/extra # touch bwapp.conf wp.conf discuz.conf drupal.conf joomla.conf phpcms.conf phpbb.conf dvwa.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
| worker_processes 1; error_log logs/error.log error; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; log_format main '$remote_addr - $remote_user [$time_local] ' ' "$request" $request_body $status $body_bytes_sent ' ' "$http_referer" "$http_user_agent" "$http_x_forwarded_for" "$dm_cookie" '; include extra/bwapp.conf; }
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
|
server { set $dm_cookie ""; if ($http_cookie ~* "(.+)(?:;|$)") { set $dm_cookie $1; } listen 80; server_name www.bwapp.org; location / { root html/bwapp; index index.html index.htm; rewrite /admin /hellohacker.html permanent; } access_log logs/access_bwapp.log main; error_page 500 502 503 504 /50x.html; location = /50x.html { root html/bwapp; } }
|
1 2 3
| # /usr/local/nginx/sbin/nginx -t # /usr/local/nginx/sbin/nginx # tail -f /usr/local/nginx/logs/access_bwapp.log
|
0x04 关于nginx访问日志轮询,可自行用shell实现
二,开始部署mysql,节省时间,我们还是直接用二进制包来配置部署
1 2 3 4
| # useradd mysql -s /sbin/nologin -M # tar xf mysql-5.5.32-linux2.6-x86_64.tar.gz # mv mysql-5.5.32-linux2.6-x86_64 /usr/local/mysql-5.5.32 # ln -s /usr/local/mysql-5.5.32/ /usr/local/mysql
|
快速初始化mysql
1 2 3 4 5 6 7 8 9
| # /usr/local/mysql/scripts/mysql_install_db --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data/ --user=mysql # chown -R mysql.mysql /usr/local/mysql/ # cp /usr/local/mysql/support-files/my-small.cnf /etc/my.cnf # /usr/local/mysql/bin/mysqld_safe & # echo "/usr/local/mysql/bin/mysqld_safe &" >> /etc/rc.local # lsof -i :3306 # echo "export PATH=$PATH:/usr/local/mysql/bin/" >> /etc/profile # source /etc/profile # mysqladmin -uroot password "admin"
|
1 2 3 4 5 6
| # mysql -uroot -p mysql> select user,host from mysql.user; mysql> drop user ''@'localhost'; mysql> drop user 'root'@'::1'; mysql> drop user 'root'@'OldLNMP'; mysql> grant all on *.* to 'root'@'%' identified by 'admin' with grant option;flush privileges;
|
三,部署php
安装各种依赖库
1 2 3 4 5
| # yum install -y zlib-devel libxml2-devel openssl openssl-devel # yum install -y libjpeg-devel -y freetype-devel libpng-devel # yum install -y gd-devel curl-devel libxslt-devel # yum install -y epel-release # yum install -y libmcrypt libmcrypt-devel mcrypt mhash mhash-devel
|
1 2 3
| # tar xf libiconv-1.14.tar.gz # cd libiconv-1.14 # ./configure --prefix=/usr/local/libiconv && make && make install
|
0x02 编译安装php 5.3.27
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
| # tar xf php-5.3.27.tar.gz # cd php-5.3.27 # ./configure \ --prefix=/usr/local/php-5.3.27 \ --with-mysql=/usr/local/mysql \ --with-iconv-dir=/usr/local/libiconv \ --with-freetype-dir \ --with-jpeg-dir \ --with-png-dir \ --with-zlib \ --with-libxml-dir=/usr \ --enable-xml \ --disable-rpath \ --enable-safe-mode \ --enable-bcmath \ --enable-shmop \ --enable-sysvsem \ --enable-inline-optimization \ --with-curl \ --with-curlwrappers \ --enable-mbregex \ --enable-fpm \ --enable-mbstring \ --with-mcrypt \ --with-gd \ --enable-gd-native-ttf \ --with-openssl \ --with-mhash \ --enable-pcntl \ --enable-sockets \ --with-xmlrpc \ --enable-zip \ --enable-soap \ --enable-short-tags \ --enable-zend-multibyte \ --enable-static \ --with-xsl \ --with-fpm-user=nginx \ --with-fpm-group=nginx \ --enable-ftp # ln -s /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib64/ # touch ext/phar/phar.phar # make && make install # ln -s /usr/local/php-5.3.27/ /usr/local/php # cp php.ini-production /usr/local/php/lib/php.ini
|
快速安装各种php扩展模块
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
| # yum install autoconf -y # cd ext/mysqli/ # /usr/local/php/bin/phpize # ./configure --prefix=/usr/local/mysqli \ --with-php-config=/usr/local/php/bin/php-config \ --with-mysqli=/usr/local/mysql/bin/mysql_config
# make && make install # ls /usr/local/php-5.3.27/lib/php/extensions/no-debug-non-zts-20090626/ # vi /usr/local/php/lib/php.ini extension_dir = "/usr/local/php-5.3.27/lib/php/extensions/no-debug-non-zts-20090626/" extension=mysqli.so # /usr/local/php/bin/phpize # ./configure --with-php-config=/usr/local/php/bin/php-config --with-pdo-mysql=/usr/local/mysql/ # make && make install
|
0x03 详细配置php-fpm
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
| [global] pid = /app/logs/php-fpm.pid error_log = /app/logs/php-fpm.log log_level = error rlimit_files = 32768 events.mechanism = epoll [www] user = nginx group = nginx listen = 127.0.0.1:9000 listen.owner = nginx listen.group = nginx pm = dynamic pm.max_children = 1024 pm.start_servers = 16 pm.min_spare_servers = 5 pm.max_spare_servers = 20 pm.max_requests = 2048 slowlog = /app/logs/$pool.log.slow request_slowlog_timeout = 10 php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f sec@bwapp.com
|
0x04 让nginx解析php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
| server { listen 80; server_name www.bwapp.org bwapp.org; root html/bwapp/bWAPP; location / { index index.php index.html index.htm; rewrite /adminer /hellohacker.html permanent; } location ~ .*\.(php|php5)?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } access_log logs/access_bwapp.log main; error_page 500 502 503 504 /50x.html; location = /50x.html { root html/bwapp; } }
|
1 2
| # /usr/local/nginx/sbin/nginx -t # /usr/local/nginx/sbin/nginx -s reload
|
四,最后,对环境进行全面可用性检测
1 2 3 4 5 6 7
| 安装bwapp 漏洞演练程序 安装dvwa 漏洞演练程序 安装 Discuz X3.2 安装drupal 7.56 安装 wordpress 4.8.1 安装 joomla 3.6.5 ...
|
End
写脚本,写脚本,写脚本,重要的事情说三遍,或者更暴力一点,配好了以后直接打rpm包,不然得烦死,另外,此环境仅作为自己学习之用,所以基本没做过任何加固处理,严禁直接参考用于实际生产环境中,否则,一切后果自负