- 論壇徽章:
- 0
|
Web服務(wù)器和數(shù)據(jù)庫服務(wù)器分離搭建配置文檔
一.配置MySQL服務(wù)器
1.下載軟件
# cd /usr/local/src
# wget
http://download.discuz.net/env/mysql-5.0.27.tar.gz
2.編譯安裝
# tar xzvf mysql-5.0.27.tar.gz
# cd mysql-5.0.27
# ./configure \
"--prefix=/usr/local/mysql" \
"--localstatedir=/var/lib/mysql" \ (注意:/var 分區(qū)是否適合?)
"--with-comment=Source" \
"--with-server-suffix=-Comsenz" \
"--with-mysqld-user=mysql" \
"--without-debug" \
"--with-big-tables" \
"--with-charset=" \ (此處設(shè)置MySQL默認字符集)
"--with-collation= " \ (此處設(shè)置MySQL校正字符集)
"--with-extra-charsets=all" \
"--with-pthread" \
"--enable-static" \
"--enable-thread-safe-client" \
"--with-client-ldflags=-all-static" \
"--with-mysqld-ldflags=-all-static" \
"--enable-assembler" \
"--without-isam" \
"--without-innodb" \
"--without-ndb-debug"
# make
# make install
# useradd mysql
# cd /usr/local/mysql
# bin/mysql_install_db --user=mysql
# chown -R root:mysql .
# chown -R mysql /var/lib/mysql
# cp share/mysql/my-huge.cnf /etc/my.cnf
# cp share/mysql/mysql.server /etc/rc.d/init.d/mysqld
# chmod 755 /etc/rc.d/init.d/mysqld
# chkconfig --add mysqld
# chkconfig –level 3 mysqld on
# /etc/rc.d/init.d/mysqld start
# bin/mysqladmin -u root password 'password_for_root'
3.創(chuàng)建WEB服務(wù)器所用數(shù)據(jù)庫���,并授權(quán)給WEB服務(wù)器���。
#/usr/local/mysql/bin/mysql -u root –p
Enter password:
>create database dbname; (dbname為所建數(shù)據(jù)庫的名字)
>grant all on dbname.* to 'dbuser'@'192.168.1.2' identified by 'dbpw'; (授權(quán)給192.168.1.2(WEB服務(wù)器ip地址)上的dbuser用戶,并設(shè)置密碼為dbpw)
>flush privileges; (使更改的權(quán)限生效)
>quit
二.配置WEB服務(wù)器
1.安裝MySQL二進制包并測試能否連接MySQL服務(wù)器
#cd /usr/local/src
#wget
http://mirror.mysql-partners-jp.biz/Downloads/MySQL-5.0/mysql-5.0.45-linux-i686.tar.gz
#cd ..
#tar –xzvf src/mysql-5.0.45-linux-i686.tar.gz
#mv mysql-5.0.45-linux-i686 mysql
#/usr/local/mysql/bin/mysql -u dbuser -h 192.168.1.1 –p (192.168.1.1為MySQL服務(wù)器ip地址)
Enter password:
>use dbname;
>quit
2.源代碼編譯安裝所需包
(1) GD2
# cd /usr/local/src
# wget
http://www.libgd.org/releases/oldreleases/gd-2.0.34.tar.gz
# tar xzvf gd-2.0.34.tar.gz
# cd gd-2.0.34
# ./configure --prefix=/usr/local/gd2
# make
# make install
(2) LibXML2
# cd /usr/local/src
# wget
ftp://xmlsoft.org/libxml2/libxml2-2.6.29.tar.gz
# tar xzvf libxml2-2.6.29.tar.gz
# cd libxml2-2.6.29
# ./configure --prefix=/usr/local/libxml2
# make
# make install
(3) LibMcrypt
# cd /usr/local/src
#wget
http://jaist.dl.sourceforge.net/sourceforge/mcrypt/libmcrypt-2.5.8.tar.bz2
# tar xjvf libmcrypt-2.5.8.tar.bz2
# cd libmcrypt-2.5.8
# ./configure –prefix=/usr/local/libmcrypt
# make
# make install
(4) Apache 日志截斷程序
# cd /usr/local/src
# wget
http://cronolog.org/download/cronolog-1.6.2.tar.gz
# tar xzvf cronolog-1.6.2.tar.gz
# cd cronolog-1.6.2
# ./configure –prefix=/usr/local/cronolog
# make
# make install
3.升級OpenSSL和OpenSSH
# cd /usr/local/src
# wget
http://www.openssl.org/source/openssl-0.9.8e.tar.gz
# wget
http://mirror.mcs.anl.gov/openssh/portable/openssh-4.6p1.tar.gz
# tar xzvf openssl-0.9.8e.tar.gz
# cd openssl-0.9.8e
# ./config --prefix=/usr/local/openssl
# make
# make test
# make install
# cd ..
# tar xzvf openssh-4.6p1.tar.gz
# cd openssh-4.6p1
# ./configure \
"--prefix=/usr" \
"--with-pam" \
"--with-zlib" \
"--sysconfdir=/etc/ssh" \
"--with-ssl-dir=/usr/local/openssl" \
"--with-md5-passwords"
# make
# make install
(1)禁用 SSH V1 協(xié)議
找到:
#Protocol 2,1
改為:
Protocol 2
(2)禁止root直接登錄
此處先建立一個普通系統(tǒng)用戶:
# useradd username
# passwd username
找到:
#PermitRootLogin yes
改為:
PermitRootLogin no
(3)禁用服務(wù)器端GSSAPI
找到以下兩行,并將它們注釋:
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
(4)禁用 DNS 名稱解析
找到:
#UseDNS yeas
改為:
UseDNS no
(5)禁用客戶端 GSSAPI
# vi /etc/ssh/ssh_config
找到:
GSSAPIAuthentication yes
將這行注釋掉����。
最后,確認修改正確后重新啟動 SSH 服務(wù)
# service sshd restart
# ssh -v
確認 OpenSSH 以及 OpenSSL 版本正確�。
4.編譯安裝apache和php
(1)下載軟件包
# cd /usr/local/src
# wget
http://apache.mirror.phpchina.com/httpd/httpd-2.2.4.tar.bz2
# wget
http://cn.php.net/distributions/php-5.2.3.tar.bz2
#wget
http://downloads.phpchina.com/zend/optimizer/3.3.0/ZendOptimizer-3.3.0-linux-glibc21-i386.tar.gz
(2)編譯安裝Apache
# cd /usr/local/src
# tar xjvf httpd-2.2.4.tar.bz2
# cd httpd-2.2.4
# ./configure \
"--prefix=/usr/local/apache2" \
"--with-included-apr" \
"--enable-so" \
"--enable-deflate=shared" \
"--enable-expires=shared" \
"--enable-rewrite=shared" \
"--enable-static-support" \
"--disable-userdir"
# make
# make install
# echo '/usr/local/apache2/bin/apachectl start ' >> /etc/rc.local
(3)編譯安裝PHP
# cd /usr/local/src
# tar xjvf php-5.2.3.tar.bz2
# cd php-5.2.3
# ./configure \
"--prefix=/usr/local/php" \
"--with-apxs2=/usr/local/apache2/bin/apxs" \
"--with-config-file-path=/usr/local/php/etc" \
"--with-mysql=/usr/local/mysql" \
"--with-libxml-dir=/usr/local/libxml2" \
"--with-gd=/usr/local/gd2" \
"--with-jpeg-dir" \
"--with-png-dir" \
"--with-bz2" \
"--with-freetype-dir" \
"--with-iconv-dir" \
"--with-zlib-dir " \
"--with-openssl=/usr/local/openssl" \
"--with-mcrypt=/usr/local/libmcrypt" \
"--enable-soap" \
"--enable-gd-native-ttf" \
"--enable-memory-limit" \
"--enable-ftp" \
"--enable-mbstring" \
"--enable-exif" \
"--disable-ipv6" \
"--disable-cgi" \
"--disable-cli"
# make
# make install
# mkdir /usr/local/php/etc
# cp php.ini-dist /usr/local/php/etc/php.ini
(4)安裝Zend Optimizer
# cd /usr/local/src
# tar xzvf ZendOptimizer-3.2.8-linux-glibc21-i386.tar.gz
# ./ZendOptimizer-3.2.8-linux-glibc21-i386/install.sh
安裝Zend Optimizer過程的最后不要選擇重啟Apache。
(5)整合Apache與PHP
# vi /usr/local/apache2/conf/httpd.conf
找到:
AddType application/x-gzip .gz .tgz
在該行下面添加
AddType application/x-httpd-php .php
找到:
DirectoryIndex index.html
將該行改為
DirectoryIndex index.html index.htm index.php
找到:
#Include conf/extra/httpd-mpm.conf
#Include conf/extra/httpd-info.conf
#Include conf/extra/httpd-vhosts.conf
#Include conf/extra/httpd-default.conf
去掉前面的“#”號���,取消注釋�。
注意:以上 4 個擴展配置文件中的設(shè)置請按照相關(guān)原則進行合理配置�����!
修改完成后保存退出����。
# /usr/local/apache2/bin/apachectl restart
(6)查看確認L.A.M.P環(huán)境信息、提升 PHP 安全性
在網(wǎng)站根目錄放置 phpinfo.php 腳本�,檢查phpinfo中的各項信息是否正確。
#vi phpinfo.php
確認 PHP 能夠正常工作后��,在 php.ini 中進行設(shè)置提升 PHP 安全性��。
# vi /etc/php.ini
找到:
disable_functions =
設(shè)置為:
phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_open,proc_get_status,error_log,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server
本文來自ChinaUnix博客�,如果查看原文請點:http://blog.chinaunix.net/u1/36577/showart_586591.html |
|
免費注冊
發(fā)表于 2008-04-26 09:05