Nginx安装

添加源，可以参考官网安装说明

新建文件

vi /etc/yum.repos.d/Nginx.repo

保存文件

[Nginx]
name=Nginx repo
baseurl=http://Nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

安装

yum install Nginx

运行

systemctl start Nginx

开机自运行

systemctl enable Nginx

防火墙设置

//开放80端口
firewall-cmd --zone=public --add-port=80/tcp --permanent
//重启防火墙
systemctl restart firewalld

新建网站示例

//新建网站目录
mkdir -p /www/domain

由于SELinux的安全保护，会导致新建网站目录403 Forbidden无权访问。

//解决方式：可以参考Nginx默认网站目录的安全设置，设置同样环境。
ls -Z /usr/share/Nginx
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
//设置指定用户的目标安全环境
chcon -R -u system_u /www
//设置指定类型的目标安全环境
chcon -R -t httpd_sys_content_t /www

配置文件介绍

默认配置
/etc/Nginx/Nginx.conf
自定义配置，会自动加载
/etc/Nginx/conf.d/default.conf
/etc/Nginx/conf.d/*.conf

新增配置

vi /etc/Nginx/conf.d/domain.conf

保存配置

server {
    listen 80;
    server_name localhost;
    root /www/domain;
    index index.html index.htm index.PHP;
    location / {
    	try_files $uri $uri/ /index.PHP;
    }
    location ~ \.PHP$ {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.PHP;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

注意：/etc/Nginx/conf.d/default.conf里面用了localhost主机名，所以新建站点不能用localhost名称。

重载生效

/usr/sbin/Nginx -s reload

PHP安装

安装PHP-fpm

//添加源
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
//错误，要先安装epel-release
yum -y install epel-release
//安装PHP
yum install PHP71w-fpm
//安装数据库模块
yum install PHP71w-pdo PHP71w-MysqL
//安装常用模块
yum install PHP71w-mbstring
//开机启动
systemctl enable PHP-fpm
//启动
systemctl start PHP-fpm
//重启
systemctl restart PHP-fpm

MysqL安装

源

wget https://dev.MysqL.com/get/MysqL57-community-release-el7-11.noarch.rpm
yum localinstall MysqL57-community-release-el7-11.noarch.rpm

安装

yum install MysqL-community-server
//启动
systemctl start MysqLd
//开机启动
systemctl enable MysqLd

配置

//配置字符集和关闭密码策略
vi /etc/my.cnf
[MysqLd]
character_set_server=utf8
init_connect='SET NAMES utf8'
validate_password = off
//重启
systemctl restart MysqLd
//查看预置密码
grep 'temporary password' /var/log/MysqLd.log
MysqL -uroot -p
//修改root本地登录密码
ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password'; 
//新建一个远程用户
GRANT ALL PRIVILEGES ON *.* TO 'new_user'@'%' IDENTIFIED BY 'new_password' WITH GRANT OPTION;

防火墙设置

//开放3306端口
firewall-cmd --zone=public --add-port=3306/tcp --permanent
//重启防火墙
systemctl restart firewalld

SELinux的影响

PHP无法连接外部数据库

getsebool -a | grep httpd
//可以看到是关闭的
httpd_can_network_connect_db --> off
//设置打开，-P参数是永久，否则重启后又复原
setsebool -P httpd_can_network_connect_db on

SELinux号称是最后的防线，嫌麻烦的可以关闭SELinux保护，执行以下操作：

vi /etc/selinux/config
SELINUX=enforcing 改为 SELINUX=disabled