php5.5.38 + mysql-5.5.32 + nginx-1.12.1 + centOS6.8_x64

2016-06-23 env


一、首先,部署nginx

0x01 依旧接着我们之前准备好的系统继续,首先,将所有准备安装的源码包上传至服务器,软件包列表如下:

1
2
3
4
libiconv-1.14.tar.gz
mysql-5.5.32-linux2.6-x86_64.tar.gz
nginx-1.12.1.tar.gz
php-5.5.38.tar.gz

此次要实现的大致架构如下:

1
php5.5.38 + mysql-5.5.32 + nginx-1.12.1 + centOS6.8_x64

0x02 开始编译安装nginx-1.10.3

安装所需的各种依赖库

1
2
3
4
# yum install pcre pcre-devel gcc gcc-c++ automake zlib zlib-devel openssl openssl-devel -y
# useradd -s /sbin/nologin -M nginx
# tar xf nginx-1.12.1.tar.gz
# cd nginx-1.12.1

1
2
3
4
5
# ./configure --prefix=/usr/local/nginx-1.12.1 \
--user=nginx --group=nginx \
--with-http_ssl_module \
--with-http_stub_status_module
# make && make install
1
2
3
4
5
6
7
8
# ln -s /usr/local/nginx-1.12.1/ /usr/local/nginx
# /usr/local/nginx/sbin/nginx -v
# /usr/local/nginx/sbin/nginx
# lsof -i :80
# /usr/local/nginx/sbin/nginx -s quit
# echo "/usr/local/nginx/sbin/nginx" >> /etc/rc.local
# cd /usr/local/nginx/conf/
# egrep -v "^$|#" nginx.conf.default > nginx.conf

0x03 详细配置nginx

添加基于域名的虚拟主机,顺便测试url重写是否真正可用

1
2
3
# mkdir /usr/local/nginx/html/{bwapp,wp,discuz,drupal,joomla,phpcms,phpbb,dvwa} -p
# mkdir /usr/local/nginx/conf/extra && cd /usr/local/nginx/conf/extra
# touch bwapp.conf wp.conf discuz.conf drupal.conf joomla.conf phpcms.conf phpbb.conf dvwa.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# vi /usr/local/nginx/conf/nginx.conf
worker_processes  1;
error_log logs/error.log error;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    log_format main '$remote_addr - $remote_user  [$time_local]  ' 
    ' "$request"  $status  $body_bytes_sent  '
    ' "$http_referer"  "$http_user_agent"  "$http_x_forwarded_for" $dm_cookie" ';    
    include extra/bwapp.conf;
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# vi /usr/local/nginx/conf/extra/bwapp.conf
server {
    set $dm_cookie "";
    if ($http_cookie ~* "(.+)(?:;|$)") {
        set $dm_cookie $1;
    }   
    listen 80;
    server_name  www.midbwapp.org;
    location / {
        root   html/bwapp;
        index  index.html index.htm;
        rewrite /hack /hellohacker.html permanent;
    }
    access_log logs/access_midbwapp.log main;
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html/bwapp;
    }
}
1
2
# /usr/local/nginx/sbin/nginx
# tail -f /usr/local/nginx/logs/access_bwapp.log

0x04 关于nginx访问日志轮询,可自行用shell实现

二,开始部署mysql,节省时间,我们还是直接用二进制包来配置部署

1
2
3
4
# useradd mysql -s /sbin/nologin -M
# tar xf mysql-5.5.32-linux2.6-x86_64.tar.gz
# mv mysql-5.5.32-linux2.6-x86_64 /usr/local/mysql-5.5.32
# ln -s /usr/local/mysql-5.5.32/ /usr/local/mysql

快速初始化mysql

1
2
3
4
5
6
7
8
9
# /usr/local/mysql/scripts/mysql_install_db --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data/ --user=mysql
# chown -R mysql.mysql /usr/local/mysql/
# cp /usr/local/mysql/support-files/my-small.cnf /etc/my.cnf
# /usr/local/mysql/bin/mysqld_safe &
# echo "/usr/local/mysql/bin/mysqld_safe &" >> /etc/rc.local
# lsof -i :3306
# echo "export PATH=$PATH:/usr/local/mysql/bin/" >> /etc/profile
# source /etc/profile
# mysqladmin -uroot password "admin"

1
2
3
4
5
6
# mysql -uroot -p
mysql> select user,host from mysql.user;
mysql> drop user ''@'localhost';
mysql> drop user 'root'@'::1';
mysql> drop user 'root'@'NewLNMP';
mysql> grant all on *.* to 'root'@'%' identified by 'admin' with grant option;flush privileges;

三,部署php

安装各种依赖库

1
2
3
4
5
# yum install -y zlib-devel libxml2-devel libjpeg-devel freetype-devel libpng-devel gd-devel curl-devel libxslt-devel
# yum install epel-release -y
# yum install openssl openssl-devel libmcrypt libmcrypt-devel mcrypt mhash mhash-devel -y
# tar xf libiconv-1.14.tar.gz && cd libiconv-1.14
# ./configure --prefix=/usr/local/libiconv && make && make install

0x02 编译安装 php-5.5.38

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# tar xf php-5.5.38.tar.gz
# cd php-5.5.38
# ./configure \
--prefix=/usr/local/php-5.5.38 \
--with-config-file-path=/usr/local/php-5.5.38/etc \
--with-mysql=/usr/local/mysql \
--with-mysqli=/usr/local/mysql/bin/mysql_config \
--with-pdo-mysql=/usr/local/mysql \
--with-iconv-dir=/usr/local/libiconv \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib \
--with-libxml-dir=/usr \
--enable-xml \
--disable-rpath \
--enable-bcmath \
--enable-shmop \
--enable-sysvsem \
--enable-inline-optimization \
--with-curl \
--enable-mbregex \
--enable-fpm \
--enable-mbstring \
--with-mcrypt \
--with-gd \
--enable-gd-native-ttf \
--with-openssl \
--with-mhash \
--enable-pcntl \
--enable-sockets \
--with-xmlrpc \
--enable-soap \
--enable-short-tags \
--enable-static \
--with-xsl \
--with-fpm-user=nginx \
--with-fpm-group=nginx \
--enable-ftp \
--enable-opcache=no
# ln -s /usr/local/mysql/lib/libmysqlclient.so.18  /usr/lib64/
# touch ext/phar/phar.phar
# make && make install
# ln -s /usr/local/php-5.5.38/ /usr/local/php
# cp php.ini-production /usr/local/php/etc/php.ini

0x03 详细配置php-fpm

1
2
3
# mkdir /app/logs/ -p
# cd /usr/local/php/etc/
# cp php-fpm.conf.default php-fpm.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# vi php-fpm.conf
[global]
pid = /app/logs/php-fpm.pid
error_log = /app/logs/php-fpm.log
log_level = error
rlimit_files = 32768
events.mechanism = epoll
[www]
user = nginx
group = nginx
listen = 127.0.0.1:9000
listen.owner = nginx
listen.group = nginx
pm = dynamic
pm.max_children = 1024
pm.start_servers = 16
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 2048
slowlog = /app/logs/$pool.log.slow
request_slowlog_timeout = 10
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f sec@bwapp.com
1
2
3
4
5
6
# /usr/local/php/sbin/php-fpm
# lsof -i :9000
# echo "/usr/local/php/sbin/php-fpm" >> /etc/rc.local
# cat /etc/rc.local
# systemctl stop firewalld.service
# systemctl disable firewalld.service

0x04 让nginx解析php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# vi /usr/local/nginx/conf/extra/bwapp.conf
server {
    listen       80;
    server_name  www.bwapp.org bwapp.org;
    root   html/bwapp/bWAPP;
    location / {
        index  index.php index.html index.htm;
        rewrite /adminer /hellohacker.html permanent;
    }
    location ~ .*\.(php|php5)?$ {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi.conf;
    }
    access_log logs/access_bwapp.log main;
    error_page   500 502 503 504  /50x.html;
        location = /50x.html {
        root   html/bwapp;
    }
}

1
2
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload

四,最后,对环境进行全面可用性检测

1
2
3
4
5
6
7
安装bwapp 漏洞演练程序
安装dvwa 漏洞演练程序
安装 Discuz X3.2 
安装drupal 7.56
安装 wordpress 4.8.1
安装 joomla 3.6.5
...



End
    写脚本,写脚本,写脚本,重要的事情说三遍,或者更暴力一点,配好了以后直接打成rpm包,以后如果是完全相同的系统,直接全程yum即可,不然得烦死,另外,此环境仅作为自己学习之用,所以基本没做过任何加固处理,严禁直接参考用于实际生产环境中,否则,一切后果自负

#env