Ubuntu Server 11.10 Installation configuration lamp (apache+mysql+php) _linux

Source: Internet
Author: User
Tags php script sql injection ssh iptables server port ssh access

Prepare the article:

1, configure the firewall, open 80 ports, 3306 ports

Note: The Ubuntu default installation is not open any firewall, for the security of the server, we recommend that you install the firewall settings, it is recommended to use the Iptables firewall.
Whereis iptables #查看系统是否安装防火墙
Iptables:/sbin/iptables/usr/share/iptables/usr/share/man/man8/iptables.8.gz #表示已经安装iptables
Apt-get Install iptables #如果默认没有安装, please run this command to install the firewall
Iptables-l #查看防火墙配置信息, shown below:

#####################################################
Chain INPUT (Policy ACCEPT)
Target Prot opt source destination

Chain FORWARD (Policy ACCEPT)
Target Prot opt source destination

Chain OUTPUT (Policy ACCEPT)
Target Prot opt source destination
#####################################################
Nano/etc/iptables.default.rules #添加以下内容
##################################################################################################
*filter
# allows all loopback (lo0) Traffic and drop all traffic to 127/8 this doesn ' t use Lo0
-A input-i lo-j ACCEPT
# accepts all established inbound connections
-A input-m state--state established,related-j ACCEPT
# allows all outbound traffic
# You could modify the allow certain traffic
-A output-j ACCEPT
# allows HTTP and mysqlconnections from anywhere (the normal ports for websites)
-A Input-p TCP--dport 80-j ACCEPT
-A Input-p TCP--dport 3306-j ACCEPT
# allows SSH connections for script kiddies
# the-dport number is the SAME one your SET up in the Sshd_config FILE
-A input-p tcp-m state--state NEW--dport 22-j ACCEPT
# Now, should read up on iptables rules and consider whether SSH access
# for the everyone is really desired. Most likely you'll only have allow access from certain IPs.
# Allow Ping
-A input-p icmp-m ICMP--icmp-type 8-j ACCEPT
# log Iptables denied calls (access via ' DMESG ' command)
-A input-m limit--limit 5/min-j LOG--log-prefix "iptables denied:"--log-level 7
# Reject all other inbound-default deny unless explicitly allowed policy:
-A input-j REJECT
-A forward-j REJECT
COMMIT
##################################################################################################
Ctrl+o #保存
Ctrl+x #退出


Note: 80 refers to the Web server port, 3306 refers to the MySQL database link port, 22 refers to the SSH remote management port
Iptables-restore </etc/iptables.default.rules #使防火墙规则生效
Nano/etc/network/if-pre-up.d/iptables #创建文件, add the following to enable the firewall to boot
##########################################################
#!/bin/bash
/sbin/iptables-restore </etc/iptables.default.rules
##########################################################
chmod +x/etc/network/if-pre-up.d/iptables #添加执行权限

Installation article

First, install Apache

Apt-get Install apache2 #安装apache, enter y installation as prompted
Service Apache2 Start #启动apache
Service Apache2 Restart #重启
Apt-get Install Chkconfig #安装chkconfig
Chkconfig apache2 on #开机启动apache

Second, the installation of MySQL

Apt-get Install Mysql-server #安装mysql, enter y installation as prompted
During the installation, you will jump out of the input root password interface
Enter the password 2 times to continue the automatic installation

Service MySQL start #启动
Chkconfig MySQL on #开机启动mysql
Service MySQL Restart #重启

Third, the installation of PHP

1, apt-get install PHP5 #安装php5, according to the prompts to enter Y installation
2, the installation of PHP components, so that PHP support MySQL
Apt-get Install php5-mysql php5-gd libjpeg8-dev php5-imap php5-ldap php5-odbc php*-pear php*-xml php5-xmlrpc php5-mcrypt p Hp5-mhash libmcrypt* Libmcrypt-dev php-fpdf
/etc/init.d/mysql Restart #重启mysql
/etc/init.d/apache2 Restart #重启apache2
Ln-s/etc/php5/apache2/php.ini/etc/php.ini #把php配置文件链接到系统默认位置

Configuration Chapter

First, Apache configuration
Cp/etc/apache2/apache2.conf/etc/apache2/apache2.confbak #备份
Nano/etc/apache2/apache2.conf #编辑
Servertokens Prod #在出现错误页的时候不显示服务器操作系统的名称
Serversignature off #在在错误页中不显示apache2的版本
Maxkeepaliverequests 1000 #修改为1000 (default is 100, increase simultaneous connections)
ServerName localhost #添加apache2默认服务名
Ctrl+o #保存
Ctrl+x #退出
Nano/etc/apache2/sites-enabled/000-default #编辑
Options multiviews followsymlinks #不在浏览器上显示树状目录结构
Ctrl+o #保存
Ctrl+x #退出
nano/etc/apache2/mods-enabled/dir.conf #编辑, setting the default home page order
DirectoryIndex index.html index.php index.htm
Ctrl+o #保存
Ctrl+x #退出
A2enmod rewrite #激活apache2伪静态模块mod rewrite

Second, configure PHP

Nano/etc/php5/apache2/php.ini #编辑
Date.timezone = PRC #在946行 Remove the preceding semicolon and change it to Date.timezone = PRC
Disable_functions = Passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_ Alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server, Escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space, POSIX_CTERMID,POSIX_GET_LAST_ERROR,POSIX_GETCWD, Posix_getegid,posix_geteuid,posix_getgid, Posix_getgrgid,posix_ Getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, Posix_getppid,posix_getpwnam, Posix_getpwuid, Posix_getrlimit, Posix_getsid,posix_getuid,posix_isatty, Posix_kill,posix_mkfifo,posix_setegid, Posix_seteuid,posix_setgid, Posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname, Posix_uname
#在386行 lists the functions that PHP can disable, and if some programs need to use this function, you can remove them and disable them.
expose_php = off #在432行 suppresses the display of PHP version information
MAGIC_QUOTES_GPC = on #在745行 open MAGIC_QUOTES_GPC to prevent SQL injection
Open_basedir =.:/ tmp/#在380行, set to allow access to the current directory (that is, the directory where the php script files) and the/tmp/directory, you can prevent the PHP Trojan Cross station, if the installation program after the problem, you can log off this line, or directly write the program directory path/var/www/ www.osyunwei.com/:/tmp/
Ctrl+o #保存
Ctrl+x #退出

Test article
Cd/var/www #进入默认站点目录
Nano-index.php #新建测试文件

<?php
phpinfo ();
? >

Ctrl+o #保存
Ctrl+x #退出
Chown www-data.www-data-r/var/www #添加目录所有者
chmod 700-r/var/www #设置目录权限
In the client browser input server IP address, you can see the relevant configuration information!

Note:

Apache2 Default Site Directory is:/var/www
Permission settings: Chown www-data.www-data-r/var/www
Apache2 Virtual Host configuration file:/etc/apache2/sites-enabled/000-default #虚拟主机配置文件
MySQL database directory is:/var/lib/mysql
Permission settings: Chown mysql.mysql-r/var/lib/mysql

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.