CentOs php + mysql + apache + ftp configuration, centosapache

Source: Internet
Author: User
Tags install openssl openssl x509

CentOs php + mysql + apache + ftp configuration, centosapache

Take notes when installing the server. This method is successful in person. As the version is constantly updated, there may be some differences, but the basic principles are the same.

1. Install CentOS 6. You can select the minimum installation or desktop installation.

2. upgrade the system

Yum update
3. Install mysql and set mysql to start automatically when mysql is started.

Yum install mysql
Yum install mysql-server
Chkconfig -- levels 35 mysqld on
Service mysqld start

4. Configure the mysql root Password

Mysql>; USE mysql;
Mysql>; UPDATE user SET Password = PASSWORD ('newpassword') WHERE user = 'root ';
Mysql>; flush privileges;

You can also use the mysql_secure_installation command to set the mysql password.

Mysql_secure_installation

Enter current password for root (enter for none): (Press Enter)
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
Root user without the proper authorisation.

Set root password? [Y/n] (Y)

New password: (123456)
Re-enter new password: (123456)
Password updated successfully!
Reloading privilege tables ..
... Success!

By default, a MySQL installation has an anonymous user, allowing anyone
To log into MySQL without having to have a user account created
Them. This is intended only for testing, and to make the installation
Go a bit smoother. You shoshould remove them before moving into
Production environment.

Remove anonymous users? [Y/n]

(Whether to remove the default account from the database. If it is removed, entering mysql directly on the terminal will prompt a connection error.) Y

Normally, root shoshould only be allowed to connect from 'localhost'. This
Ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]

(Whether to disable root remote logon) Y
By default, MySQL comes with a database named 'test' that anyone can
Access. This is also intended only for testing, and shocould be removed
Before moving into a production environment.

Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

** Later, we set whether to allow remote logon.
Mysql-u root-p
Enter Password: <your new password>
Mysql> grant all privileges on *. * TO 'username '@' % 'identified by 'Password' with grant option;
After that, you can use mysql-front to remotely manage mysql.
Set to boot
Chkconfig mysqld on

5. install apache and set startup.

Yum install httpd
Chkconfig -- levels 35 httpd on
Service httpd start
At this time, you can test whether apache works normally.

It should be okay to directly access localhost through a browser, but if other hosts cannot access it, it is because of the relationship between the firewall and the configuration of the firewall.

(This problem will occur later in ssl)

6. install php

If you install a version earlier than php53, the project may not run in this environment. When php5.2 appears
The current project is not running at all. It took a long time to find out that the php version is too low (I thought it was the reason for json before, because
Php5.2 does not have json Extension). Therefore, you must be optimistic about the version before installation. Otherwise, the project may encounter problems in the future.

Yum install php53

Yum install php53-mysql php53-gd php53-imap php53-ldap php53-odbc php53-pear php53-
Xmlrpc
At this time, the php installation is complete. Write a script to test it.

Vi/var/www/html/info. php
Input

<? Php
Phpinfo ();?>
Access localhost/info. php ~

7. Install phpMyAdmin

First, install epel and rpmfushion on the system.

Rpm-Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
Rpm-Uvh http://download1.rpmfusion.org/free/el/updates/testing/6/i386/rpmfusion-free-release-
6-0.1.noarch.rpm http://download1.rpmfusion.org/nonfree/el/updates/testing/6/i386/rpmfusion-
Nonfree-release-6-0.1.noarch.rpm
For centos 5, run the following command:

Rpm-Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
Rpm-Uvh http://download1.rpmfusion.org/free/el/updates/testing/5/i386/rpmfusion-free-release-
5-0.1.noarch.rpm http://download1.rpmfusion.org/nonfree/el/updates/testing/5/i386/rpmfusion-
Nonfree-release-5-0.1.noarch.rpm
The installation is very convenient ,~ You do not need to download the latest version.

Yum install phpmyadmin
After the installation is complete, you need to configure the access permission so that other hosts can access phpMyAdmin.

Vi/etc/httpd/conf. d/phpMyAdmin. conf
Find the permission settings for the two directories and Change Allow from to All.

<Directory/usr/share/phpMyAdmin/>
Order Deny, Allow
Deny from All
Allow from 127.0.0.1
Allow from All
</Directory>
<Directory/usr/share/phpMyAdmin/setup/>
Order Deny, Allow
Deny from All
Allow from 127.0.0.1
Allow from All
</Directory>

Restart the server

Service httpd restart
Test localhost/phpMyAdmin

Username and password: root 123456

OK ~ LAMP is built,

8. Set up SSL to enable apache to support https

Yum install mod_ssl
After this module is installed, You Can Use https: // localhost to test apache after it is restarted, because it creates the default certificate.

Under/etc/pki/tls

Of course, we can also use openssl to create our own certificates.

Yum install openssl
Generate Certificate file
Create an rsa private key named server. key

Openssl genrsa-out server. key 1024

Generating RSA private key, 1024 bit long modulus
...
...
E is 65537 (0x10001)


Use server. key to generate the CSR for signing the certificate

Openssl req-new-key server. key-out server. csr
Country Name: Country Code with two letters
State or Province Name: Province Name
Locality Name: city Name
Organization Name: Company Name
Organizational Unit Name: department Name
Common Name: Your Name
Email Address: Address
For 'extra 'attributes, you do not need to enter. Press enter directly.

Generate the certificate CRT file server. crt.

Openssl x509-days 365-req-in server. csr-signkey server. key-out server. crt
Modify ssl. conf to specify the certificate generated by ourselves.

Vi/etc/httpd/conf. d/ssl. conf
Find the following location and modify the path

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# The certificate is encrypted, then you will be prompted for
# Pass phrase. Note that a kill-HUP will prompt again. A new
# Certificate can be generated using the genkey (1) command.
SSLCertificateFile/etc/pki/tls/certs/localhost. crt

# Server Private Key:
# If the key is not combined with the certificate, use this
# Directive to point at the key file. Keep in mind that if
# You 've both a RSA and a DSA private key you can configure
# Both in parallel (to also allow the use of DSA ciphers, etc .)
SSLCertificateKeyFile/etc/pki/tls/private/localhost. key

OK

Service httpd restart

Yum install vsftpd

2. Start/restart/shut down the vsftpd Server
/Sbin/service vsftpd restart
Shutting down vsftpd: [OK]
Starting vsftpd for vsftpd: [OK]
OK indicates that the restart is successful.
Change restart to start/stop for start and stop respectively.
If the source code is installed, find the start. sh and shutdown. sh files in the installation folder and execute them.

Modify as follows

Vi/etc/vsftpd. conf

# Allow anonymous FTP? (Beware-allowed by default if you comment this out ).
Anonymous_enable = NO

# If your users CT that (022 is used by most other ftpd's)
Local_umask = 022
Local_root =/

Vi/etc/vsftpd/ftpusers

# Users that are not allowed to login via ftp
# Root

Vi/etc/vsftpd/user_list

# For users that are denied.
# Root

Firewall Configuration
A. Add. Allow access to port {80: http }.
-A input-m state -- state NEW-m tcp-p tcp -- dport 80-j ACCEPT
B. Disable the firewall {not recommended }.
Service iptables stop
C. Reset and load the Firewall
Service iptables restart

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.