一适袜、準備一臺centos7虛擬機苦酱，ip為192.168.10.30给猾。同時作為httpd服務器敢伸，fpm服務器池颈，mariadb服務器。192.168.10.20測試機

使用yum倉庫下載mariadb? ? ?httpd版本：2.4.6每币，php-fpm版本：5.4.16脯爪，mariadb版本：5.5.64，php-mysql版本：5.4.16尚揣，php-mbstring版本：5.4.16

（1）安裝并配置MariaDB服務

# yum -y install mariadb-server

編輯mariadb的配置文件添加常用選項

# vim /etc/my.cnf.d/server.cnf

skip_name_resolve=ON 跳過名稱解析

innodb_file_per_table=ON 每表使用單獨的表空間文件

啟動mariadb并開機自啟動

# systemctl start mariadb

# systemctl enable mariadb

本地連接測試：

# mysql

Welcome to the MariaDB monitor.? Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 5.5.64-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>exit

Bye

安全加固

# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

? ? ? SERVERS IN PRODUCTION USE!? PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current

password for the root user.? If you've just installed MariaDB, and

you haven't set the root password yet, the password will be blank,

so you should just press enter here.

Enter current password for root (enter for none):? ? ? ? ?為空娜庇，直接回車

OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.

Set root password? [Y/n] Y? ? ? 設置root密碼

New password:? ? ? ? ? ? ? ? ? ? ? ? 輸入新密碼

Re-enter new password:? ? ? ? ? 確認新密碼

Password updated successfully!

Reloading privilege tables..

... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them.? This is intended only for testing, and to make the installation

go a bit smoother.? You should remove them before moving into a

production environment.

Remove anonymous users? [Y/n] Y? ? ? ? ?刪除默認的匿名用戶

... Success!

Normally, root should only be allowed to connect from 'localhost'.? This

ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y? ?禁止root管理員遠程登陸，建議禁止

... Success!

By default, MariaDB comes with a database named 'test' that anyone can

access.? This is also intended only for testing, and should be removed

before moving into a production environment.

Remove test database and access to it? [Y/n] n? ? 是否刪除名為test的測試庫

... skipping.

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

Reload privilege tables now? [Y/n] Y? ? ? ? ? ? ? ? ? ? ?重載特權表

... Success!

Cleaning up...

All done!? If you've completed all of the above steps, your MariaDB

installation should now be secure.

Thanks for using MariaDB!

加固之后匕得，再使用用戶名密碼登陸

# mysql -uroot -h127.0.0.1 -plhp@ssw0rd

Welcome to the MariaDB monitor.? Commands end with ; or \g.

Your MariaDB connection id is 10

Server version: 5.5.64-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

授權一個普通用戶做后面的測試汁掠，用戶名 myuser? 密碼mypass

MariaDB [(none)]> GRANT ALL ON testdb.* TO 'myuser'@'192.168.10.%' IDENTIFIED BY 'mypass';

Query OK, 0 rows affected (0.00 sec)

刷新授權表

? ??MariaDB [(none)]> FLUSH PRIVILEGES;

Query OK, 0 rows affected (0.00 sec)

退出sql用新建的用戶測試連接

# mysql -umyuser -h192.168.10.30 -pmypass

Welcome to the MariaDB monitor.? Commands end with ; or \g.

Your MariaDB connection id is 11

Server version: 5.5.64-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

創(chuàng)建數據庫testdb并指定默認字符集為utf8

MariaDB [(none)]> CREATE DATABASE testdb CHARACTER SET 'utf8';

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> exit?

Bye

(2)安裝并配置pmp-fpm服務

確保沒有和php同時安裝

# yum info php

還在倉庫中

# yum info php-fpm

還在倉庫中

安裝php-fpm和連接數據庫的php-mysql和支持多字符的php-mbstring和加解密的php-mcrypt

# yum -y install php-fpm php-mysql php-mbstring php-mcrypt

服務配置文件：/etc/php-fpm.conf , /etc/php-fpm.d/*.conf

/etc/php-fpm.d/www.conf中的關鍵參數：

listen = 127.0.0.1:9000? ? 監(jiān)聽的主機和端口，跨主機部署需要修改

;listen.backlog = -1? 后援隊列乞榨，等待隊列，請求等待政溃，-1表示無限制

listen.allowed_clients = 127.0.0.1 允許哪些主機有權限連接請求董虱，跨主機部署amp時需要修改?

user = apache? 運行進程的用戶

group = apache? ?運行進程的組

pm = dynamic? ? 連接池運行為動態(tài)

pm.max_children = 50? 運行的最大子進程數

pm.start_servers = 5? ?服務剛啟動是運行的子進程個數

pm.min_spare_servers = 5? ?最少空閑子進程個數

pm.max_spare_servers = 35? 最大空閑子進程數

;pm.max_requests = 500? ? 每個子進程響應500個請求后重新起一個子進程

;pm.status_path = /status? ?內置狀態(tài)頁

;ping.path = /ping? ? 服務遠程健康狀態(tài)測試

;ping.response = pong??服務遠程健康狀態(tài)測試

php_value[session.save_path] = /var/lib/php/session? 會話持久保持在這個目錄

php環(huán)境配置文件：/etc/php.ini, /etc/php.d/*.ini

創(chuàng)建session保存的目錄愤诱，默認沒創(chuàng)建捐友，在/etc/php-fpm.d/www.conf中定義

# mkdir -pv /var/lib/php/session

mkdir: created directory ‘/var/lib/php/session’

設置運行用戶apache匣砖，組apache猴鲫，和php-fpm一致

# chown apache:apache /var/lib/php/session/

啟動php-fpm服務

# systemctl start php-fpm

# ss -tnl

（3）安裝并配置httpd服務

安裝啟動httpd

# yum -y install httpd

# systemctl start httpd

# systemctl enable httpd

配置一個虛擬主機做測試

# vim /etc/httpd/conf.d/vhosts.conf

<VirtualHost *:80>

? ? ? ? ServerName www.b.net

? ? ? ? DocumentRoot "/apps/vhosts/b.net"

? ? ? ? <Directory "/apps/vhosts/b.net">

? ? ? ? ? ? ? ? Options None

? ? ? ? ? ? ? ? AllowOverride None

? ? ? ? ? ? ? ? Require all granted

? ? ? ? </Directory>

</VirtualHost>

創(chuàng)建虛擬主機對應的網頁目錄及文件

# mkdir -pv /apps/vhosts/b.net

# touch /apps/vhosts/b.net/index.html

# vim /apps/vhosts/b.net/index.html

<h1>

? ? ? ? test page

</h1>

語法檢查

# httpd -t

重啟httpd服務及關閉防火墻和SELinux

# systemctl restart httpd

# systemctl stop firewalld

關閉SELinux

# setenforce 0

測試

配置httpd通過fpm訪問動態(tài)資源

增加/etc/httpd/conf.d/vhost.conf的參數

DirectoryIndex index.php 主頁支持index.php

ProxyRequests Off 關閉正向代理

ProxyPassMatch? ?^/(.*\.php)$? ?fcgi://127.0.0.1:9000/apps/vhosts/b.net/$1? ? ? ?正則表達式模式匹配牺弄，如果用戶請求的URL是以任意字符開頭但以.php結尾势告，那么我們就把他反代到?fcgi://127.0.0.1:9000端口?抚恒，指定動態(tài)網頁存放路徑為/apps/vhosts/b.net/$1俭驮，$1為后向引用，引用第一個括號中的內容馅而，在正則表達式外用$引用瓮恭，在正則表達式中用\引用

進入虛擬主機配置文件目錄

# cd /apps/vhosts/b.net/

將原來的靜態(tài)頁面改名保持屯蹦，創(chuàng)建新的動態(tài)資源.php

# mv index.html test.html

# vim index.php

<?php

? ? ? ? phpinfo()

?>

重啟服務測試

# systemctl restart httpd

（4）設置能通過phpmyadmin網頁管理數據庫

使用宿主機下載phpmyadmin圖形工具用于圖形化管理數據庫：由于當前php版本為5.4.16登澜，所以從https://www.phpmyadmin.net/files/找到降低版本phpMyAdmin-4.0.10.20-all-languages.zip,上傳至centos7服務器/root目錄下脑蠕。

切換到/root目錄對文件進行解壓

# cd ~

# unzip phpMyAdmin-4.0.10.20-all-languages.zip

將解壓后的文件移動至虛擬主機所在的DocumentRoot路徑下的phpmyadmin目錄

# mv phpMyAdmin-4.0.10.20-all-languages /apps/vhosts/b.net/phpmyadmin

切換當前目錄到/apps/vhosts/b.net/phpmyadmin/目錄

# cd /apps/vhosts/b.net/phpmyadmin/

復制其中的文件config.sample.inc.php 命名為config.inc.php?

# cp config.sample.inc.php config.inc.php

編輯配置文件config.inc.php,添加隨機數谴仙，此版本默認有可以不填晃跺，有的版本沒有必須填寫

# vim config.inc.php?

測試機瀏覽器打開192.168.10.30/phpmyadmin/index.php即可訪問

輸入此前設置的數據庫root用戶名密碼即可登陸