Month: April 2018

CentOS彻底禁止某IP访问

  1. #屏蔽单个IP的命令是iptables -I INPUT -s 123.45.6.7 -j DROP

     

  2. #封整个段即从123.0.0.1到123.255.255.254的命令iptables -I INPUT -s 123.0.0.0/8 -j DROP

     

  3. #封IP段即从123.45.0.1到123.45.255.254的命令iptables -I INPUT -s 124.45.0.0/16 -j DROP

     

  4. #封IP段即从123.45.6.1到123.45.6.254的命令是iptables -I INPUT -s 123.45.6.0/24 -j DROP

centos7 编译 php-7

[root@localhost php-7.0.0RC5]# pwd
/opt/project/php-7.0.0RC5
[root@localhost php-7.0.0RC5]#
[root@localhost php-7.0.0RC5]# ./buildconf –force

#####安装编译php7时需要的依赖包
yum -y install libxml2 libxml2-devel openssl openssl-devel curl-devel libjpeg-devel libpng-devel freetype-devel libmcrypt-devel

##### install all of the required packages
yum install gcc libxml2-devel pkgconfig openssl-devel bzip2-devel libpng-devel libpng-devel libjpeg-devel libXpm-devel freetype-devel gmp-devel libmcrypt-devel mariadb-devel aspell-devel recode-devel httpd-devel

#####PHP7编译参数的配置
./configure –prefix=/usr/local/php7 –with-config-file-path=/etc –enable-mbstring –enable-zip –enable-bcmath –enable-pcntl –enable-ftp –enable-exif –enable-calendar –enable-sysvmsg –enable-sysvsem –enable-sysvshm –enable-wddx –with-curl –with-mcrypt –with-iconv –with-gmp –with-pspell –with-gd –with-jpeg-dir=/usr –with-png-dir=/usr –with-zlib-dir=/usr –with-xpm-dir=/usr –with-freetype-dir=/usr –enable-gd-native-ttf –enable-gd-jis-conv –with-openssl –with-pdo-mysql=/usr –with-gettext=/usr –with-zlib=/usr –with-bz2=/usr –with-recode=/usr –with-mysqli=/usr/bin/mysql_config –with-apxs2

#######新建php用户和php组
groupadd -r php && useradd -r -g php -s /bin/false -d /usr/local/php7 -M php

make -j4 && make install

#####PHP7编译参数的配置  这个命令不用
./configure –prefix=/usr/local/php7 –exec-prefix=/usr/local/php7 –bindir=/usr/local/php7/bin –sbindir=/usr/local/php7/sbin –includedir=/usr/local/php7/include –libdir=/usr/local/php7/lib/php –mandir=/usr/local/php7/php/man –with-config-file-path=/usr/local/php7/etc –with-mysql-sock=/tmp/mysql.sock –with-mcrypt=/usr/include –with-mhash –with-openssl –with-mysql=shared,mysqlnd –with-mysqli=shared,mysqlnd –with-pdo-mysql=shared,mysqlnd –with-gd –with-iconv –with-zlib –enable-zip –enable-inline-optimization –disable-debug –disable-rpath –enable-shared –enable-xml –enable-bcmath –enable-shmop –enable-sysvsem –enable-mbregex –enable-mbstring –enable-ftp –enable-gd-native-ttf –enable-pcntl –enable-sockets –with-xmlrpc –enable-soap –without-pear –with-gettext –enable-session –with-curl –with-jpeg-dir –with-freetype-dir –enable-opcache –enable-fpm –enable-fastcgi –with-fpm-user=apache –with-fpm-group=apache –without-gdbm –disable-fileinfo

————————–
Installing PHP SAPI module:       apache2handler
/usr/lib64/httpd/build/instdso.sh SH_LIBTOOL=’/usr/lib64/apr-1/build/libtool’ libphp7.la /usr/lib64/httpd/modules
/usr/lib64/apr-1/build/libtool –mode=install install libphp7.la /usr/lib64/httpd/modules/
libtool: install: install .libs/libphp7.so /usr/lib64/httpd/modules/libphp7.so
libtool: install: install .libs/libphp7.lai /usr/lib64/httpd/modules/libphp7.la
libtool: install: warning: remember to run `libtool –finish /opt/project/php-7.0.0RC5/libs’
chmod 755 /usr/lib64/httpd/modules/libphp7.so
[activating module `php7′ in /etc/httpd/conf/httpd.conf]
Installing shared extensions:     /usr/local/php7/lib/php/extensions/no-debug-non-zts-20151012/
Installing PHP CLI binary:        /usr/local/php7/bin/
Installing PHP CLI man page:      /usr/local/php7/php/man/man1/
Installing phpdbg binary:         /usr/local/php7/bin/
Installing phpdbg man page:       /usr/local/php7/php/man/man1/
Installing PHP CGI binary:        /usr/local/php7/bin/
Installing PHP CGI man page:      /usr/local/php7/php/man/man1/
Installing build environment:     /usr/local/php7/lib/php/build/
Installing header files:          /usr/local/php7/include/php/
Installing helper programs:       /usr/local/php7/bin/
program: phpize
program: php-config
Installing man pages:             /usr/local/php7/php/man/man1/
page: phpize.1
page: php-config.1
Installing PEAR environment:      /usr/local/php7/lib/php/
[PEAR] Archive_Tar    – installed: 1.4.0
[PEAR] Console_Getopt – installed: 1.4.1
[PEAR] Structures_Graph- installed: 1.1.1
[PEAR] XML_Util       – installed: 1.3.0
[PEAR] PEAR           – installed: 1.10.0
Wrote PEAR system config file at: /usr/local/php7/etc/pear.conf
You may want to add: /usr/local/php7/lib/php to your php.ini include_path
/opt/project/php-7.0.0RC5/build/shtool install -c ext/phar/phar.phar /usr/local/php7/bin
ln -s -f phar.phar /usr/local/php7/bin/phar
Installing PDO headers:          /usr/local/php7/include/php/ext/pdo/

————————–
/usr/bin/cp php.ini-production /usr/local/php7/etc/php.ini
/usr/bin/cp php.ini-production /etc/php.ini
/usr/bin/cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
/usr/bin/cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf
/usr/bin/cp /usr/local/php7/etc/php-fpm.d/www.conf.default /usr/local/php7/etc/php-fpm.d/www.conf
echo -e ‘\nexport PATH=/usr/local/php7/bin:/usr/local/php7/sbin:$PATH\n’ >> /etc/profile && source /etc/profile
mkdir -p /var/log/php-fpm/ && mkdir -p /var/run/php-fpm && cd /var/run/ && chown -R apache:apache php-fpm
mkdir -p /var/lib/php/session
chown -R apache:apache /var/lib/php/

chmod +x /etc/init.d/php-fpm
chkconfig –add php-fpm
chkconfig php-fpm on
php-fpm -t
service php-fpm start

通过命令ps -aux|grep php查看是否成功(图中的php-fpm进程数和进程用户apache都是由www.conf中pm.start_servers和user的值分别决定
可以通过命令php -v查看当前PHP版本信息,图中可以看到当前PHP7还使用了Zend OPcache缓存,是因为在php.ini文件中添加了zend_extension=opcache.so配置。

# gedit /etc/php.ini      修改内容如下:
—————
;extension=pdo_mysql.so
;extension=mysqli.so
;extension=mysql.so

mysqli.default_socket =/var/lib/mysql/mysql.sock
pdo_mysql.default_socket=/var/lib/mysql/mysql.sock
short_open_tag = On
zend_extension=opcache.so
—————

# gedit /etc/httpd/conf/httpd.conf      修改内容如下:
—————
# LoadModule php5_module        /usr/lib64/httpd/modules/libphp5.so
LoadModule php7_module        /usr/lib64/httpd/modules/libphp7.so
FilesMatch \.php$>
SetHandler application/x-httpd-php
/FilesMatch>

—————

php -v
php –ini

————
MariaDB [(none)]> STATUS;
UNIX socket:        /var/lib/mysql/mysql.sock
————

# cp /usr/local/php7/lib/php/extensions/no-debug-non-zts-20151012/pdo_mysql.so /usr/lib64/
# cp /usr/local/php7/lib/php/extensions/no-debug-non-zts-20151012/mysqli.so /usr/lib64/

# systemctl restart mariadb
# systemctl restart httpd

# php /var/www/html/index.php

# gedit /var/www/html/index.php

——————————–
?php
/*** mysql hostname ***/
$hostname = ‘localhost’;

/*** mysql username ***/
$DBusername = ‘root’;

/*** mysql password ***/
$DBpassword = ‘123456’;

try {
$dbh = new PDO(“mysql:host=$hostname;dbname=mysql”, $DBusername, $DBpassword);
/*** echo a message saying we have connected ***/
echo ‘Connected to database’;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
?>

使用systemctl设置Nginx、PHP、Mysql开机启动

CentOS 7继承了RHEL 7的新的特性,例如强大的systemctl,而systemctl的使用也使得以往系统服务的/etc/init.d的启动脚本的方式就此改变,也大幅提高了系统服务的运行效率。但服务的配置和以往也发生了极大的不同,说实在的,变的简单而易用了许多。

CentOS 7的服务systemctl脚本存放在:/usr/lib/systemd/,有系统(system)和用户(user)之分,像需要开机不登陆就能运行的程序,最好还是存在系统服务里面,即:/usr/lib/systemd/system目录下,每一个服务以.service结尾,一般会分为3部分:[Unit][Service][Install]

我们可以使用systemctl -a来查看所有服务,如果列表里面没有Nginx,PHP、Mysql,又想借助于systemctl来进行统一管理的话,就到上述所说的/usr/lib/systemd/system目录下面创建以下文件吧

Nginx之nginx.service文件[自定义]

  1. [Unit]
  2. Description=nginx
  3. After=network.target
  5. [Service]
  6. Type=forking
  7. PIDFile=/usr/local/nginx/logs/nginx.pid
  8. ExecStart=/usr/local/nginx/sbin/nginx
  9. ExecReload=/usr/local/nginx/sbin/nginx -s reload
  10. ExecStop=/usr/local/nginx/sbin/nginx stop
  11. PrivateTmp=true
  13. [Install]
  14. WantedBy=multi-user.target

PHP之php.service文件[自定义]

  1. [Unit]
  2. Description=php
  3. After=network.target
  5. [Service]
  6. Type=forking
  7. ExecStart=/usr/local/php/sbin/php-fpm
  8. ExecStop=/bin/pkill php-fpm
  9. PrivateTmp=true
  11. [Install]
  12. WantedBy=multi-user.target

Redis之php.service文件[自定义]

  1. [Unit]
  2. Description=php
  3. After=network.target
  5. [Service]
  6. Type=forking
  7. ExecStart=/usr/local/bin/redis-server /etc/redis.conf
  8. ExecStop=/bin/pkill redis-server
  9. PrivateTmp=true
  11. [Install]
  12. WantedBy=multi-user.target

Mysql之mysqld.service文件[安装的时候软件自动生成]

  1. #
  2. # Simple MySQL systemd service file
  3. #
  4. # systemd supports lots of fancy features, look here (and linked docs) for a full list:
  5. # http://www.freedesktop.org/software/systemd/man/systemd.exec.html
  6. #
  7. # Note: this file ( /usr/lib/systemd/system/mysql.service )
  8. # will be overwritten on package upgrade, please copy the file to
  9. #
  10. # /etc/systemd/system/mysql.service
  11. #
  12. # to make needed changes.
  13. #
  14. # systemd-delta can be used to check differences between the two mysql.service files.
  15. #
  17. [Unit]
  18. Description=MySQL Community Server
  19. After=network.target
  20. After=syslog.target
  22. [Install]
  23. WantedBy=multi-user.target
  24. Alias=mysql.service
  26. [Service]
  27. User=mysql
  28. Group=mysql
  30. # Execute pre and post scripts as root
  31. PermissionsStartOnly=true
  33. # Needed to create system tables etc.
  34. ExecStartPre=/usr/bin/mysql-systemd-start pre
  36. # Start main service
  37. ExecStart=/usr/bin/mysqld_safe
  39. # Don't signal startup success before a ping works
  40. ExecStartPost=/usr/bin/mysql-systemd-start post
  42. # Give up if ping don't get an answer
  43. TimeoutSec=600
  45. Restart=always
  46. PrivateTmp=false

上述文件创建完成后,只要使用systemctl enable xxxxx就可以将所编写的服务添加至开机启动了

注意:

[Unit]部分主要是对这个服务的说明,内容包括DescriptionAfter,Description用于描述服务,After用于描述服务类别

[Service]部分是服务的关键,是服务的一些具体运行参数的设置,这里 Type=forking是后台运行的形式,PIDFile为存放PID的文件路径,
ExecStart为服务的具体运行命令,ExecReload为重启命令,ExecStop为停止命令,PrivateTmp=True表示给服务分配独立的临时空间。[Service]部分的启动、重启、停止命令全部要求使用绝对路径,使用相对路径则会报错!

[Install]部分是服务安装的相关设置,可设置为多用户的

服务脚本按照上面编写完成后,以754的权限保存在/usr/lib/systemd/system目录下,这时就可以利用systemctl进行配置了

使用systemctl start [服务名(也是文件名)]可以测试服务是否可以成功运行,如果不能运行则可以使用systemctl status [服务名(也是文件名)]查看错误信息和其他服务信息。然后根据报错进行修改,直到可以start,如果不放心还可以测试restart和stop命令