In 2012, due to the new understanding and learning about Linux and related services, I specifically wrote a document of the entire service-building process for our start-up projects, allowing them to learn and participate.
Following this document as a manuscript, to make some changes and the deletion of sensitive information, to share to everyone, hope to everyone deliberately.
Description, the following Rafael is my English name. Application is currently changing direction of Kung Fu letter, English straight write pinyin gongfuxin. In addition to the Linux account number, the basic configuration of some security, there are Php/php-fpm/mysql/redis/nginx installation and configuration.
Reprint please indicate the source.
Update record:
Gu Yichin October 26, 2012 Install the machine from the virtual machine and start to describe the installation steps
Gu Yichin December 04, 2012 installs the machine through the virtual machine, and installs the internal test complete service, intact entire installation procedure
Gu Yichin August 7, 2014 in the network sharing purposes. Deleted and amended
First part of Clean server installation
========================
1. Download CentOS 6.3 (currently up to 6.5) 64bit CD1 (not Livedvd or LiveCD) and follow the wizard settings, here are some points of note for the settings:
1) boot from CD, install CentOS 6.3
2) Select the default English installation
3) disk Select entire Hard drive
4) Time Select Shanghai, do not select UTC
5) When setting Rootpassword, back up this password
6) Select the basic server installation method
7) Define your own selection package and select the Chinese package in the language
2. Network and System Configuration
1) Internal testing machine, can use static IP, also can be dynamic IP. The public network machine must use static IP, set with the Setup command, and can change the corresponding configuration file directly:
/etc/sysconfig/network-scripts/ifcfg-eth0, especially to change the value of onboot to Yes, generally modified after better restart, you can use the network
2) then run the Yum update to make a full update of the system, preferably once again after completion
3) Assuming the kernel is upgraded, do not delete all old kernels, at least keep the old kernel in the near future, in case the new kernel is in trouble.
4) Turn off SELinux and make changes to/etc/selinux/config. The server can be protected later through a firewall
3. Account Setup and Maintenance
1) Create an administrative user, such as Useradd Rafael
2) password settings for newly created users, such as passwd Rafael, typically back up this password
4) Add Rafael to wheel user group and configure in/etc/group
5) Set the wheel user group to Sudo's trusted user group, make changes in/etc/sudoers, note that this file should be changed to be writable first, and then go back after the change.
6) Disable root user remote SSH login, configure in/etc/ssh/sshd_config, set Permitrootlogin No, and start sshd again
7) Try to telnet to this machine via SSH later.
The second part installs Nginx, MySQL, PHP, Redis, etc.
========================
1. Set the Epel Update source (official source is too old)
1) Main photo http://www.if-not-true-then-false.com/2011/install-nginx-php-fpm-on-fedora-centos-red-hat-rhel/, there will be some small changes , whichever is the following. The first two steps are complete:
A. Sudo rpm-uvh http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm (preferably to http:// mirrors.ustc.edu.cn/fedora/epel/6/x86_64/look at the latest version of Epel, it should be more than 6-8.
B. sudo rpm-uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm (best to http://mirrors.ustc.edu.cn/fedora/ epel/6/x86_64/look at the latest version number)?
2) then find the Nginx source, to http://nginx.org/en/download.html to find the CentOS6 line, and then be able to download the corresponding RPM, can also be directly through such as the following command: sudo RPM-UVH/http nginx.org/packages/centos/6/noarch/rpms/nginx-release-centos-6-0.el6.ngx.noarch.rpm
2. Install the required software
1) Install PHP and nginx, such as: sudo yum--enablerepo=remi install nginx php php-fpm Php-common
2) Install PHP components, such as: sudo yum--enablerepo=remi install PHP-PECL-APC php-cli php-pear php-pdo php-mysql php-pgsql Php-pecl-mongo Php-sqlite php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml php-devel
3) Php-redis Please follow the instructions on Https://github.com/nicolasff/phpredis to download and compile and install with git (install gcc and git first: sudo yum--enablerepo=remi install gcc git) and then need to manually add redis.conf and related content to the/etc/php.d/
4) Install MySQL and redis, such as: sudo yum--enablerepo=remi install MySQL mysql-devel mysql-server redis
5) then configure the Php-fpm/nginx/mysql/redis at the 2/3/4/5 level to initiate their own initiative, can be set by chkconfig
Part III: Configuring MySQL, Redis, Nignx, PHP, etc.
========================
1. Configure MySQL
1) Start Mysql:sudo service mysqld start and you will be prompted for some initial considerations for the first launch
2) set root local password, backup password, can see if the remote account of root is set
3) Log in to MySQL, create other users and password with the command line, must set up gongfuxin account and password, backup password, this account is used for site login
4) Set up UTF8 based database gongfuxin, then import Gfx_recreate_all.sql, and the corresponding tables of cities, provinces and universities, give Gongfuxin account all the permissions of gongfuxin database: Grant All privileges on gongfuxin.* to [email protected];
5) can be set in remote login mysql, it is more convenient, but to configure the remote account, and to open the firewall 3306 (TCP) port, the previous account creation, database creation can use this way, but the security is not good
6) for MySQL configuration file, can be found in/usr/share/mysql/, and then according to the detailed memory size selection, covering to/etc/my.cnf can be, and then start again: sudo service mysqld restart
2. Configure Redis
1) configuration file in/etc/redis.conf, temporary no need to configure
2) Start Redis:sudo service Redis start
3. Configure PHP
1) Edit/etc/php.ini, changes such as the following (the configuration here is for the on-line server.) Not for the development environment):
? implicit_flush = On
? expose_php = Off
? error_log =/var/log/php-fpm/php_error.log
2) Change the permissions of the/var/lib/php/session, so that it belongs to the Nginx user group, not the Apache user group (root should be the user at this time, do not need to change)
3) Change the/VAR/LOG/PHP-FPM permissions to the Nginx user, not the Apache user (root should be the user group at this time, do not need to change)
4) Change the/etc/php-fpm.d/www.conf so that both user and group are Nginx
5) Start Php-fpm:sudo service php-fpm start
4. Configure Nginx
1)/etc/nginx/nginx.conf According to the actual situation configuration, for the internal test environment does not need to configure, note, generally need to change the system process maximum number of threads and the number of handles, with ulimit-a to view; the thread stack size of the process is self-altering in the program
2)/etc/nginx/conf.d/default.conf, need to be configured as our publication folder, assuming that there are multiple advertisement folders need a number of similar configuration files, and configured to PHP parsing, such as the following:
File start*********
Listen 8050;
server_name localhost;
CharSet Utf-8;
Access_log/var/log/nginx/access.log main;
Root/usr/share/nginx/gongfuxin;
Location/{
Index index.php;
}
Location ~ \.php$ {
Include Fastcgi_params;
Fastcgi_pass 127.0.0.1:9000;
Fastcgi_index index.php;
Fastcgi_param script_filename $document _root$fastcgi_script_name;
Client_max_body_size 8m;
}
# Deny access to. htaccess files, if Apache ' s document Root
# concurs with Nginx ' s one
Location ~/\.ht {
Deny all;
}
}
File end*********
3) Please change the PHP-CGI monitor port according to the configuration separately (said below); Then open the firewall settings (TCP, regular server, must be 80port) or 8050 (TCP, internal test, and other unused ports)
4) need to establish/usr/share/nginx/gongfuxin directory
5) Start Nginx:sudo service Nginx start
?
Linux/centos the complete process of various service frameworks