centOS7_x64 + php7.1.9 + mysql 5.7.18 + nginx-1.12.1

2016-06-27 env


一、首先,部署nginx

0x01 依旧接着我们之前准备好的系统继续,首先,将所有准备安装的软件包上传至服务器,软件包列表如下:

1
2
3
4
libiconv-1.14.tar.gz
mysql-5.7.18-linux-glibc2.5-x86_64.tar.gz
nginx-1.12.1.tar.gz
php-7.1.9.tar.gz

此次要实现的大致架构如下:

1
centOS7 + php7.1.9 + mysql 5.7.18 + nginx-1.12.1

0x02 开始编译安装nginx-1.10.3

安装所需的各种依赖库

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# yum install pcre pcre-devel gcc gcc-c++ automake zlib zlib-devel openssl openssl-devel -y
# useradd -s /sbin/nologin -M nginx
# tar xf nginx-1.12.1.tar.gz
# cd nginx-1.12.1
# ./configure --prefix=/usr/local/nginx-1.12.1 \
--user=nginx --group=nginx --with-http_ssl_module \
--with-http_stub_status_module --with-http_gzip_static_module
# make && make install
# ln -s /usr/local/nginx-1.12.1/ /usr/local/nginx
# /usr/local/nginx/sbin/nginx -v
# /usr/local/nginx/sbin/nginx
# netstat -tulnp | grep "80"
# /usr/local/nginx/sbin/nginx -s quit
# echo "/usr/local/nginx/sbin/nginx" >> /etc/rc.local
# cd /usr/local/nginx/conf/
# egrep -v "^$|#" nginx.conf.default > nginx.conf

0x03 详细配置nginx

添加基于域名的虚拟主机,顺便测试url重写是否真正可用

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# mkdir /usr/local/nginx/html/{bwapp,wp,discuz,drupal,joomla,phpcms,phpbb,dvwa} -p
# mkdir /usr/local/nginx/conf/extra && cd /usr/local/nginx/conf/extra
# touch bwapp.conf wp.conf discuz.conf drupal.conf joomla.conf phpcms.conf phpbb.conf dvwa.conf
# vi /usr/local/nginx/conf/nginx.conf
worker_processes  1;
error_log logs/error.log error;
events {
    	worker_connections  1024;
}
http {
    	include       mime.types;
    	default_type  application/octet-stream;
    	sendfile        on;
    	keepalive_timeout  65;
    	log_format main '$remote_addr - $remote_user  [$time_local]  ' 
    	' "$request"  $status  $body_bytes_sent  '
    	' "$http_referer"  "$http_user_agent"  "$http_x_forwarded_for" ';    
    	include extra/bwapp.conf;
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# vi /usr/local/nginx/conf/extra/bwapp.conf
server {
    	listen       80;
    	server_name  www.bwapp.org;
    	location / {
        	root   html/bwapp;
        	index  index.html index.htm;
		rewrite /admin /hellohacker.html permanent;
    	}
    	access_log logs/access_bwapp.log main;
    	error_page   500 502 503 504  /50x.html;
        	location = /50x.html {
        	root   html/bwapp;
    	}
}
1
2
# /usr/local/nginx/sbin/nginx
# tail -f /usr/local/nginx/logs/access_bwapp.log

0x04 关于nginx访问日志轮询,可自行用shell实现

二, 部署mysql [ 为了节约时间,此次会用二进制包的方式进行部署]

0x01 安装前的一些准备工作

1
# yum -y install gcc glibc libaio libstdc++

0x02 编写mysql主配置文件,my.cnf

1
2
3
4
5
6
7
8
9
10
11
12
13
# cp /etc/my.cnf /etc/my.cnf.bak
# > /etc/my.cnf
# vi /etc/my.cnf
[mysqld]
user=mysql
port = 3306
server_id = 1
socket=/tmp/mysql.sock
basedir =/usr/local/mysql
datadir =/usr/local/mysql/data
pid-file=/usr/local/mysql/data/mysqld.pid
log-error=/usr/local/mysql/log/mysql-error.log

0x03 安装初始化mysql

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# tar xf mysql-5.7.18-linux-glibc2.5-x86_64.tar.gz
# mv mysql-5.7.18-linux-glibc2.5-x86_64 /usr/local/
# cd /usr/local/
# ln -s mysql-5.7.18-linux-glibc2.5-x86_64/ mysql
# echo "export PATH=$PATH:/usr/local/mysql/bin/" >> /etc/profile
# source /etc/profile
# groupadd mysql
# useradd -r -g mysql -s /bin/false mysql
# cd mysql && mkdir log
# chown -R mysql:mysql . && ll
# mysqld --defaults-file=/etc/my.cnf --initialize --user=mysql --explicit_defaults_for_timestamp
# cat /usr/local/mysql/log/mysql-error.log
	root@localhost: MpN!-vw,X5Oz
# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
# /etc/init.d/mysqld start
# /etc/init.d/mysqld stop
# echo "/etc/init.d/mysqld start" >> /etc/rc.local
# mysqld_safe --skip-grant-tables
# mysql -uroot -p
mysql> use mysql;
mysql> update user set authentication_string=password("admin") where user="root" and Host = 'localhost';
mysql> flush privileges;
mysql> exit
# pkill mysqld
# /etc/init.d/mysqld start
# mysql -uroot -p
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'mysql';
mysql> use mysql;
mysql> select Host,User from user;
mysql> exit

三、部署php

0x01 仍旧是先安装好所需的各种依赖库

1
2
3
4
5
6
# yum install -y zlib zlib-devel libxml2-devel libjpeg libjpeg-devel libpng libpng-devel 
# yum install -y freetype freetype-devel gd gd-devel curl curl-devel libxslt-devel
# yum install -y bison-devel libedit-devel readline-devel sqlite-devel libzip
# yum install -y epel-release 
# yum install -y libmcrypt libmcrypt-devel  mcrypt mhash mhash-devel openssl openssl-devel 
# yum install -y bzip2-devel jemalloc jemalloc-devel

1
2
3
4
5
6
7
# ln -s /usr/lib64/libjpeg.so /usr/lib/libjpeg.so
# ln -s /usr/lib64/libpng.so /usr/lib/libpng.so
# tar xf libiconv-1.14.tar.gz
# cd libiconv-1.14/srclib/
# sed -i -e '/gets is a security/d' ./stdio.in.h
# cd ..
# ./configure --prefix=/usr/local/libiconv && make && make install

0x02 开始编译安装php 7.1.9

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# tar xf php-7.1.9.tar.gz
# cd php-7.1.9
# ./configure \
--prefix=/usr/local/php-7.1.9 \
--exec-prefix=/usr/local/php-7.1.9 \
--bindir=/usr/local/php-7.1.9/bin \
--sbindir=/usr/local/php-7.1.9/sbin \
--includedir=/usr/local/php-7.1.9/include \
--libdir=/usr/local/php-7.1.9/lib/php \
--mandir=/usr/local/php-7.1.9/php/man \
--with-config-file-path=/usr/local/php-7.1.9/etc \
--with-iconv-dir=/usr/local/libiconv \
--with-mysqli=/usr/local/mysql/bin/mysql_config \
--with-pdo-mysql=/usr/local/mysql \
--with-mcrypt \
--with-mhash \
--with-openssl \
--with-mysqli=shared,mysqlnd \
--with-pdo-mysql=shared,mysqlnd \
--with-gd \
--with-zlib \
--enable-zip \
--enable-inline-optimization \
--disable-debug \
--disable-rpath \
--enable-shared \
--enable-xml \
--enable-bcmath \
--enable-shmop \
--enable-sysvsem \
--enable-mbregex \
--enable-mbstring \
--enable-ftp \
--enable-gd-native-ttf \
--enable-pcntl \
--enable-sockets \
--with-xmlrpc \
--enable-soap \
--without-pear \
--with-gettext \
--enable-session \
--with-curl \
--with-jpeg-dir \
--enable-short-tags \
--enable-static \
--with-png-dir \
--with-freetype-dir \
--enable-fpm \
--with-fpm-user=nginx \
--with-fpm-group=nginx \
--enable-opcache \
--without-gdbm \
--with-xsl \
--disable-fileinfo
# make && make install
# ll /usr/local/php-7.1.9/
# ln -s /usr/local/php-7.1.9/ /usr/local/php
# cp php.ini-production /usr/local/php/etc/php.ini

0x03 详细配置php-fpm.conf

1
2
3
4
5
6
7
8
9
10
11
# mkdir /app/logs/ -p
# cd /usr/local/php/etc/
# cp php-fpm.conf.default php-fpm.conf
# vi php-fpm.conf
[global]
pid = /app/logs/php-fpm.pid
error_log = /app/logs/php-fpm.log
log_level = error
rlimit_files = 32768
events.mechanism = epoll

0x04 详细配置www.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# cd /usr/local/php/etc/php-fpm.d/
# cp www.conf.default www.conf
# vi www.conf
[www]
user = nginx
group = nginx
listen = 127.0.0.1:9000
listen.owner = nginx
listen.group = nginx
pm = dynamic
pm.max_children = 1024
pm.start_servers = 16
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 2048
slowlog = /app/logs/$pool.log.slow
request_slowlog_timeout = 10
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f sec@bwapp.com
# /usr/local/php/sbin/php-fpm
# netstat -tulnp | grep "9000"
# echo "/usr/local/php/sbin/php-fpm" >> /etc/rc.local
# cat /etc/rc.local

0x05 详细配置php.ini

1
2
3
4
5
6
7
8
# yum install autoconf -y
# cd ext/mysqli/
# /usr/local/php/bin/phpize
# ./configure --prefix=/usr/local/mysqli \
--with-php-config=/usr/local/php/bin/php-config \
--with-mysqli=/usr/local/mysql/bin/mysql_config
# make && make install

1
2
3
4
5
6
7
8
9
10
11
12
13
# vi /usr/local/php/etc/php.ini
extension_dir = "/usr/local/php-7.1.9/lib/php/extensions/no-debug-non-zts-20160303/"
extension=mysqli.so
extension=opcache.so
extension=pdo_mysql.so
expose_php = Off
opcache.enable=1
date.timezone = PRC
error_log = /usr/local/php/php_error.log
# pkill php-fpm
# /usr/local/php/sbin/php-fpm
# /usr/local/nginx/sbin/nginx

0x06 让nginx解析php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# vi /usr/local/nginx/conf/extra/bwapp.conf
server {
    set $dm_cookie "";
    if ($http_cookie ~* "(.+)(?:;|$)") {
        set $dm_cookie $1;
    }
listen       80;
    server_name  www.bwapp.org bwapp.org;
    root   html/bwapp/bWAPP;
    location / {
        index  index.php index.html index.htm;
        rewrite /adminer /hellohacker.html permanent;
    }
    location ~ .*\.(php|php5)?$ {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi.conf;
    }
    access_log logs/access_bwapp.log main;
    error_page   500 502 503 504  /50x.html;
        location = /50x.html {
        root   html/bwapp;
    }
}
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
# systemctl stop firewalld
# systemctl disable firewalld

四、安装各类开源程序对环境进行全面可用性检测

1
2
3
4
5
6
7
安装bwapp 漏洞演练程序
安装dvwa 漏洞演练程序
安装 Discuz X3.2 
安装drupal 7.56
安装 wordpress 4.8.1
安装 joomla 3.6.5
...



End
    写脚本,写脚本,写脚本,重要的事情说三遍,或者更暴力一点,配好了以后直接打成rpm包,以后如果是完全相同的系统,直接全程yum即可,不然得烦死,另外,此环境仅作为自己学习之用,所以基本没做过任何加固处理,严禁直接参考用于实际生产环境中,否则,一切后果自负

#env