Shulou(Shulou.com)06/01 Report--

The server is upgraded to the website configuration of centos8 and the operation method of running php and mysql. In view of this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and easy way.

Linux centos8 installs php7 nginx1.4 mysql8, runs php website, and configures each module from scratch

The Choice between CentOS7 and centOS8

At present, the default centos system version of each major CVM in China is still 7. At present, there is no centos supporting support. Foreign CVM manufacturers default to 8, such as vultr.

The performance of centos8 is improved, which is described more clearly on the official website.

Install the centos8 min version, check it on my system, and find that nginx defaults to 1.14

Development language version

Python 3.6

PHP 7.2

Ruby 2.5

Node.js 10

Java::OpenJDK 11

Database version

MySQL 8.0

MariaDB 10.3

PostgreSQL 10 and PostgreSQL 9.6

Redis 5.0

And my server msyql is msyql5.6 php is php5.6, I chose to start all over again.

Centos8 installs nginx mysql php system from scratch default version builds php website centos8 installs nginx

Install nginx

Yum install nginx php

Start nginx

Systemctl start nginx.service

View nginx status

Systemctl status nginx

Set nginx to boot

Systemctl enable nginx.service

Centos8 install php

Install php

Yum install php

Install the php expansion Library

Yum install php-json php-xml php-mysqlnd php-mbstring php-common php-gd

Start php

Systemctl start php-fpm

View php version

Php-V

Set php to boot

Systemctl enable php-fpm

Centos8 install mysql

Check to see if MySQL is installed

Rpm-qa | grep mysql

Download the installation package file

Wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm

Install the mysql-community-release-el7-5.noarch.rpm package

Rpm-ivh mysql-community-release-el7-5.noarch.rpm

View available installation packages

Yum repolist all | grep mysql

Install mysql

Yum install mysql-server

Check that mysql is installed successfully.

Rpm-qa | grep mysql

Start the mysql service

Systemctl start mysqld.service

Web site nginx selinux file rights configuration website nginx configuration

Nginx basic configuration, not to say more here, check out the "Nginx sunflower treasure book-grass-roots webmaster configuration Nginx operation and maintenance encyclopedia"

For a small plumbing website like me, one thing to note is that nginx restricts traffic.

The approximate configuration is as follows

# 1m can store 16384 states, and the value of rete must be an integer. # if a request is limited to two seconds, it can be set to 30r/m, where $binary_remote_addr sometimes needs to replace limit_conn_zone $binary_remote_addr zone=perip:1m; limit_conn_zone $server_name zone=perserver:1m; # limit_req zone=perip burst=10 according to its existing log_format variable configuration. # limit the number of client concurrent connections to 20, allow only one connection per an IP address at a time (each time). ; # is to limit only 20 connections per IP (addr should correspond to the variable of limit_conn_zone) # indicates that when you use ip as a key to restrict each ip to access lmit.html files, you can only have one connection online at most, otherwise the rest must be returned unavailable. Limit_conn perip 14; limit_conn perserver 10; limit_req_zone $binary_remote_addr zone=per_ip:1m rate=400r/s; limit_req_zone $server_name zone=per_server:10m rate=600r/s; limit_req zone=per_ip burst=300 nodelay; limit_req zone=per_server burst=500

For details, it is recommended to read "Super detailed Analysis of burst parameters of limit_req Module under Nginx"

The nginx configuration directory structure is as follows

Post the configuration of this site here.

Basic configuration of nginx

Nginx configuration file is edited for HOCON,intellij, configuration view: "what format type folder is the HOCON:nginx profile suffix conf?" Other editors should also have plug-ins for how to edit intellij. There is a plug-in that knows the code, and the editor should be more comfortable.

# For more information on configuration, see:# * Official English Documentation: http://nginx.org/en/docs/# * Official Russian Documentation: http://nginx.org/ru/docs/user nginx;worker_processes auto;error_log / var/log/nginx/error.log;pid / run/nginx.pid;# Load dynamic modules. See / usr/share/doc/nginx/README.dynamic.include / etc/nginx/modules/*.conf;events {# essential for linux, optmized to serve many clients with each thread # Linux key configuration that allows a single thread to process multiple client requests. Use epoll; # Determines how many clients will be served by each worker process. # (Max clients = worker_connections * worker_processes) # "Max clients" is also limited by the number of socket connections available on the system (~ 64k) # configure the number of clients that a single Nginx can serve by a single process, (maximum number of clients = number of single-process connections * processes) # maximum number of clients is also affected by operating system socket connections (maximum 64K) worker_connections 51200 # used to configure whether the nginx server can receive multiple connection requests from the client. The default value is off multi_accept on;} # http configinclude / etc/nginx/http/default.conf;#include / etc/nginx/http/http_web.conf Nginx http configure http {# logs # # log_format main'$remote_addr-$remote_user [$time_local] "$request"'$status $body_bytes_sent "$http_referer"' '"$http_user_agent"$http_x_forwarded_for"' # Buffer log writes to speed up IO, or disable them altogether # writes logs to high-speed IO storage devices, or closes logs directly. # access_log / var/log/nginx/access.log main buffer=16k; access_log off; # only log critical errors only logs error logs at the critical level error_log / var/log/nginx/error.log crit # # file # types include / etc/nginx/mime.types; default_type application/octet-stream; charset UTF-8; # only allow get post to request add_header 'Access-Control-Allow-Methods'' GET, POST' # hide nginx version number server_tokens off;## to enable gzip compression related configuration # gzip on; gzip_disable "MSIE [1-6]\."; gzip_min_length 1k; gzip_buffers 4 16k Gzip_http_version 1.1; gzip_comp_level 4; gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss; gzip_vary on; gzip_proxied expired no-cache no-store private auth; # request setting optimized configuration # tcp_nodelay on # sendfile () can not only reduce the number of switches, but also reduce the number of copies. Sendfile on; # causes the data in the buffer to be sent out immediately tcp_nopush on; # specifies how long each TCP connection can last. The default value of Nginx is 75 seconds, and some browsers can only hold 60 seconds at most, so you can set it to 60 seconds # configure the connection keep-alive timeout, and the server will close the corresponding connection keepalive_timeout 65; types_hash_max_size 2048; client_max_body_size 2m; # Number of requests a client can make over the keep-alive connection. This is set high for testing. # the number of requests that can be sent by a single client on a keep-alive connection. In the test environment, you need to configure a larger value. Keepalive_requests 10000; # Timeout for keep-alive connections. Server will close connections after this time. # configure the connection keep-alive timeout, and the server will close the corresponding connection after the timeout. # the timeout for the client to send a complete request header to the server. If the client does not send a complete request header,Nginx within the specified time, return HTTP 408 (Request Timed Out client_header_timeout 40s; # send the client a "request timed out" if the body is not loaded by this time.) Default 60. # specify the timeout period for sending request body after the client establishes a connection with the server. If the client does not send any content within the specified time, Nginx returns HTTP 408 (Request Timed Out) client_body_timeout 40s; reset_timedout_connection on; # If the client stops reading data, free up the stale client connection after this much time. Default 60. # client data read timeout configuration. The client stops reading data and disconnects the connection after the timeout. The default is 60 seconds. The send_timeout 30; server_names_hash_bucket_size 128; # the buffer size of the client request header for transferring data from the server to the client. This can be set according to the paging size of your system. Generally, the size of a request header will not exceed 1k, but since the paging size of the system is generally greater than 1k, it is set to the paging size client_header_buffer_size 32k. Large_client_header_buffers 4 32kflagship # Speed limit configuration # # limit_conn_log_level error; limit_conn_status 503; # limit_conn_zone $binary_remote_addr zone=one:1m # limit_conn_zone $server_name zone=perserver:1m # define a limit_req_zone named allips to store session, with a size of 10m memory. # use $binary_remote_addr as key, limit the average number of requests per second to 20. # 1m can store 16384 states. The value of rete must be an integer. # if you limit one request for two seconds, you can set it to 30r/m. Among them, $binary_remote_addr sometimes needs to replace limit_conn_zone $binary_remote_addr zone=perip:1m according to its existing log_format variable configuration. Limit_conn_zone $server_name zone=perserver:1m; # limit_req zone=perip burst=10; # limits the number of client concurrent connections to 20, allow only one connection per an IP address at a time (each time). ; # is to limit only 20 connections per IP (addr should correspond to the variable of limit_conn_zone) # indicates that when you use ip as a key to restrict each ip to access lmit.html files, you can only have one connection online at most, otherwise the rest must be returned unavailable. Limit_conn perip 14; limit_conn perserver 10; limit_req_zone $binary_remote_addr zone=per_ip:1m rate=400r/s; limit_req_zone $server_name zone=per_server:10m rate=600r/s; limit_req zone=per_ip burst=300 nodelay; limit_req zone=per_server burst=500 # # web server # include / etc/nginx/http/http_web.conf;} nginx empty domain name setting to prohibit ip access

Prevent domain names from being resolved to our ip server, causing our ip to be blocked

# turn off nginx empty host header to prevent nginx empty host header and malicious domain name from pointing to server {listen *: 80 default; server_name _; # index index.html index.php index.htm; # root/ data/wwwroot/zhoulujun; # include / etc/nginx/conf.d/php.conf; # rewrite ^ (. *) / / zhoulujun.cn permanent; return 301 https://www.zhoulujun.cn$request_uri; } nginx php supports configuration # # php related configuration # Load modular configuration files from the / etc/nginx/conf.d directory. # include / etc/nginx/conf.d/php-fpm.conf upstream php-fpm {server unix:/run/php-fpm/www.sock;} # # php fastcgi related configuration # fastcgi_connect_timeout 300; fastcgi_send_timeout 300 Fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 256k leading # host # # include / etc/nginx/site/default.conf Linux server web directory permission settings

Set 644 for files that need to be read, 755 for files that need to be pointed to, such as php articles, and 777 for folders that need to read and write, such as html uploadfile folder

For specific permission settings, please refer to my previous article "clarifying user group concepts and file permissions-understanding website permission settings"

Permissions are set, and the website is still inaccessible because selinux is enabled by centos8 by default. A 403 error is generally reported.

Centos8 site Server selinux Settings

Internet search generally means to turn off selinux, but individuals do not recommend it.

Set selinux to read permissions to web directory

Chcon-v-R-type=httpd_sys_content_t / data/www/

Set selinux write permissions to the web directory

Chcon-R-t httpd_sys_rw_content_t / data/www/

For more information, see "centos8 nginx server root points to custom directories such as (/ data/www), access reports 403404, and all file user groups have root permissions of 755"

Once set up, the website will be ready to run

Linux website basic security settings linux add users, change user passwords, modify user permissions, and set root operations

Add a user named andyZhou

Useradd andyZhou

Modify the password

Passwd chenjiafa

Give the user root permission

Usermod-g root chenjiafa

The website usually uses this new user to log in. If you need root permission, you can switch over su.

See "linux add users, change user passwords, modify user permissions, and set root user actions"

Disable root ssh login to modify the default port

Modify ssh configuration file

Modify ssh login port

Vim / etc/ssh/sshd_config

Find "# Port 22", type "yyp" directly on this line to copy the line to the next line, and then remove the "#" sign from the two lines, that is, the comment, and modify it to:

# Port 22Port 10086

When you modify the port, you'd better choose the port number between 10000 and 65535. Less than 10000 is easy to be occupied by the system or some special software, or when the new application is ready to occupy the port in the future, it is occupied by you first, resulting in the software unable to run.

Disable root ssh login

PermitRootLogin no

Increase the number of ssh ordinary login users

AllowUsers andyzhou

Restart the ssh service

Systemctl restart sshd

Linux Firewall Port Settin

Linux Firewall shuts down a port

Firewall-cmd-permanent-zone=public-remove-port=8080/tcp

Linux Firewall opens a port

Firewall-cmd-permanent-add-port=10086/tcp

Reload the firewall policy:

Firewall-cmd-reload

Check the opening of firewall ports

Firewall-cmd-list-ports

Linux virtual memory settings

My personal blog is 1g of small memory, mysql runs, often crashes.

Free-m looks at the memory and sets the memory according to the situation. Generally, the virtual machine memory is twice the physical memory. Then set 2g virtual memory, and the command is as follows

Dd if=/dev/zero of=/opt/swap bs=1024 count=2048000chmod / opt/swapmkswap / opt/swapswapon / opt/swapmysql creates and authorizes new users, forbids root login

The following lines of sql should meet your needs

-- create a user and log in with this user later

CREATE USER 'userName' @' access restriction 'IDENTIFIED BY' password'

-- authorized users, permissions given to data

GRANT ALL PRIVILEGES ON database name. Table name TO 'userName'@' access restrictions'

-change the user's password (change the root password)

ALTER USER 'root'@'localhost' IDENTIFIED BY' newPassword'

-- refresh user permissions

FLUSH PRIVILEGES

Website cloudflare acceleration

Aliyun, export the zone file, then clouefare export the template, and then copy and paste

There are many online tutorials, such as "how to accelerate your website with CDN-detailed tutorials for the free version of Cloudflare"

Here are a few points to pay attention to.

If you open Under Attack Mode, there will always be a 5m launch page, and now free users cannot be configured in customer page

The second is cloudflare Rocket Loader, the domestic is blocked, my asynchronous execution, the inserted js will be blocked by this js. No matter what happens to domestic users, it is better to close them.

This is the answer to the question about the website configuration of upgrading the server to centos8 and the operation method of running php and mysql. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.