Shulou(Shulou.com)06/01 Report--

1.1mysql installation

LAMP is the abbreviation of linux apache mysql php.

MySQL is a database file apache provides http services many websites use php to write

Install and download MySQL

Www.aminglinux.com/study_v2/chapter12.html

Download r.aminglinux.com/

1.2Apache Editing installation

Path and method

Www.aminglinux.com/study_v2/chapter12.html

Download r.aminglinux.com/

/ usr/local/apache2/bin/apachectl start (stop off) start apache

Ps aux | grep httpd to see if it is started

Netstat-lnp View listening window 80

/ usr/local/apache2/bin/apachectl-M View Module static is static shared is dynamic

-L lists only static modules

-t check if there are any errors in the configuration file syntax

/ usr/local/apache2/bin/apachectl graceful reload configuration file

The prefock.c in-L indicates that apache is performed in prefock mode

Prefock worker event3 mode

1.4php compilation installation-installation order is last

Path is also a method

Www.aminglinux.com/study_v2/chapter12.html

Download r.aminglinux.com/

/ usr/local/php/bin/php-m View modules are all static

-I view the relevant configuration

Test php interpretation

Restart apache (restart)

Vim / usr/local/apache2/conf/httpd.conf view configuration file

DocumentRoot is the directory where you visit the website.

Add an entry under AddType application/x-gzip.gz.tgz

AddType application/x-httpd-php.php

Modify DirectoryIndex index.html index.php

Save exit

Restart (or graceful) apache

You can use ip website or instruct curl to test whether apache combines php to build LAMP.

1.6 install discuz

Discuz create Forum

Mkdir / data/www

Cd / data/www

Wget http://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_SC_GBK.zip

Unzip Discuz_X3.2_SC_GBK.zip

Ls

Mv upload/*. / remove all the files under the upload

Ls

Rm-rf readme/ utility/ upload/Discuz_X3.2_SC_GBK.zip deleted a few extra files

Ps aux | grep httpd to check whether apache is started

/ usr/local/apache2/bin/apachectl start enabled

Vim / usr/local/apache2/conf/httpd.conf

Find httpd-vhosts.conf, delete the previous #, and use the configuration file of the virtual host

Find Deny and change it to Allow

: wq

Vim / usr/local/apache2/conf/extra/httpd-vhosts.conf

Delete the second whole paragraph

Modify the first one

Delete the whole serveradmin line

Change documentroot to "/ data/www"

Change servername to www.test.com

Serveralias (alias) www.aaa.com

Errorlog customlog error log and access log are preceded by #

: wq

/ usr/local/apache2/bin/apachectl-t

/ usr/local/apache2/bin/apachectl restart

Hosts and ip, domain name related to dns service

Vim/etc/hosts

Add a line of 192.168.73.10 (ip) www.baidu.com

: wq

Find the hosts file on the host

Add on the line under #:: 1 localhost

192.168.73.10 www.test.com www.aaa.com

Save exit

The host uses a browser to log in to www.test.com

Click "agree"

Change the red cross to writable

Change their subordinate group root to daemon

Chown-R daemon config data uc_client/data uc_server/data

Refresh browser

Next step

The first new installation

Create a database

/ usr/local/mysql/bin/mysql

Create database discuz; (database name)

Grant all on discuz.* to '111 thanks to localhost' identified by 'vincentlinux'

Go back to the browser

Library name discuz

User 111

Password vincentlinux

Administrator password 123456

Next step

Installation completed

Click here to visit

1.7apache user authentication

Set the abc directory to be accessible only to administrators

Cd / data/www

Mkdir abc

Cd abc

Cp / etc/passwd. / 12.txt

Vim / usr/local / apache2/conf/extra/httpd-vhosts.conf

Add on the next line # CustomLog

AllowOverride AuthConfig

AuthName "aaaa"

AuthType Basic

AuthUserFile / data/.htpasswd

Require valid-user

: wq

Vim / etc/profile.d/path.sh modify path

Export PATH=$PATH:/usr/local/mysql/bin/:/usr/local/apache2/bin

: wq

Source / etc/profile.d/path.sh

Set user and password

Htpasswd-c / data/.htpasswd user1 username user1

Password

Create another user2 and delete-c

Restart apache

Apachectl graceful

If the browser logs in to www.test.com/abc/12.txt, it will be required to log in with a user name and password.

1.8 default virtual host

Mkdir / tmp/123 creates an empty directory

Chmod 600 / tmp/123

Vim / use/local/apache2/conf/extra/http-vhosts.conf

Add a paragraph to it.

DocumentRoot "/ tmp/123"

ServerName 1111.com

This forbids the default virtual host

You can only log in to the forum with the specified domain names www.test.com and www.aaa.com

1.9 Domain name 301 Domain name

Make the www.aaa.com domain name automatically jump to www.test.com

Vim / usr/local/apache2/conf/extra/httpd-vhosts.conf

Add a paragraph to the next line # CustomLog

RewriteEngine on

RewriteCond% {HTTP_HOST} ^ www.aaa.com$

RewriteRule ^ / (. *) $http://www.test.com/$1 [Rust 301m L]

: wq

If there is another domain name www.bbb.com that needs to be redirected to test, add another RewriteCond to bbb on the next line of aaa, and add [OR] a few boxes after aaa.com$

2.0 Apache log slicing

Access logging

Vim / usr/local / apache2/conf/extra/httpd-vhosts.conf

Remove the # before ErrorLog and CustomLog to open the error log and access log.

The common after CustomLog refers to the format and name of the log.

Vim / usr/local / apache2/conf/httpd.conf

Search / common

Find two LogFormat that is the format and name of the log, preferably in combined format

Vim / usr/local / apache2/conf/extra/httpd-vhosts.conf

Change common to combined

: wq

Apachectl-t

Apachectl graceful

External browsers access the forum

Cd / usr/local/apache2/logs

Ls

Generate access_log and error_log logs

Cutting log

Vim / usr/local / apache2/conf/extra/httpd-vhosts.conf

Modify the path of CustomLog "| / usr/local/apache2/bin/rotatelogs-l / usr/local/apache2/logs/+ original name-access_%Y%m%d_log 86400" combined

The named log is divided into a log in 86400 seconds, that is, a day.

2.1Apache does not log specified file types

There is no need to record small pictures of the forum, css and other plug-ins.

Only need to record the address of each page.

Tag these plug-ins first.

Vim / usr/local / apache2/conf/extra/httpd-vhosts.conf

Add on the next line of serverAlias

SetEnvIf Request_URI ". *\ .gif $" p_w_picpath-request

SetEnvIf Request_URI ". *\ .jpg $" p_w_picpath-request

SetEnvIf Request_URI ". *\ .png $" p_w_picpath-request

SetEnvIf Request_URI ". *\ .bmp $" p_w_picpath-request

SetEnvIf Request_URI ". *\ .swf $" p_w_picpath-request

SetEnvIf Request_URI ". *\ .js $" p_w_picpath-request

SetEnvIf Request_URI ". *\ .css $" p_w_picpath-request

Then at the end of the CustomLog, add the envailable picture picture request.

Except for the above p_w_picpath-request tags, they will be recorded.

: wq

Apachectl-t

Apachectl restart

External browser refresh

Ls

Name of the access log generated by less

The content in the above format does not exist in the view log.

2.2Apache configure static cache

Use the small pictures and icons in the web page as a cache to reduce the bandwidth

Vim / usr/local / apache2/conf/extra/httpd-vhosts.conf

Add in the next paragraph of CustomLog

ExpiresActive on

ExpiresByType p_w_picpath/gif "access plus 1 days"

ExpiresByType p_w_picpath/jpeg "access plus 24 hours"

ExpiresByType p_w_picpath/png "access plus 24 hours"

ExpiresByType test/css "now plus 2 hours"

ExpiresByType application/x-javascript "now plus 2 hours"

ExpiresByType application/x-shockwave-flash "now plus 2 hours"

ExpiresDefault "now plus 0 min"

: wq

Apachectl-t

Apachectl graceful

2.3Apache configuration hotlink protection

Prevent things from your website from being embezzled.

Vim / usr/local / apache2/conf/extra/httpd-vhosts.conf

Add on the next line

SetEnvIfNoCase Referer "^ http://.*\.test\.com" local_ref

SetEnvIfNoCase Referer ". *\ .aminglinux\ .com" local_ref

Order Allow,Deny

Allow from env=local_ref

The domain names are www.test.com and www.aminglinux.com on the whitelist, marked as local_ref

Add hotlink protection to (txt | doc | mp3 | zip | rar | jpg | png | gif | js | css).

Only addresses marked with local_ref are allowed to call

: wq

Apachectl restart

External browser testing

2.4Apache access control

Restrict related ip access to the site

Vim / usr/local / apache2/conf/extra/httpd-vhosts.conf

Add a paragraph above the ErrorLog

(website root directory)

AllowOverride None

Options None

Order allow,deny (allow before deny is blacklisted, ip is not allowed to access 127.0.0.1)

Allow from all

Deny from 127.0.0.1

(visit the background)

Order deny,allow (deny before allow is whitelist, 127.0.0.1 access is allowed)

Deny from all

Allow from 127.0.0.1

Test curl-x127.0.0.1 80-I www.test.com

Or

Curl-x127.0.0.1 80-I www.test.com/admin.php

If the admin.php is matched by both configuration segments, choose the one with higher accuracy.

These two are the following filesmatch with high accuracy, so it shall prevail. So 127.0.0.1 can access www.test.com/admin.php

2.5 Apache forbids parsing php

Ls-l / data/www/data

Check the array of apache is all daemon.

Php_admin_flag engine off (shuts down php parsing engine)

(access to or download php files is prohibited)

Order deny,allow

Deny from all

2.6Apache prohibits the assignment of user_agent

Add on the next line of RewriteRule

RewriteCond% {HTTP_USER_AGENT} ^. * curl.* [NC,OR] (matches curl related, NC is case-insensitive, OR or)

RewriteCond% {HTTP_USER_AGENT} ^. * chrome* [NC] (matches chrome-related, NC is not case-sensitive, the browser cannot access the website after startup, and the ban should be removed before the test is completed)

RewriteRule. *-[F] (forbidden, forbids the above two related pleas)

: wq

Apachectl restart

2.7Apache restricts a directory through rewrite

Add in the next line under RewriteRule. *-[F]

RewriteCond% {REQUEST_URI} ^. * / tmp/.* [NC] (restrict access to tmp directories)

RewriteRule. *-[F]

Detailed explanation of 2.8php.ini configuration file

The configuration file path / usr/local/php/etc/php.ini of php (used; used as an annotation symbol)

Modify

Disable functions= disable_functions=eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfs (disabled high risk function)

Display_errors = off

Log_errors = On

Error_log = / usr/local/php/logs/php_errors.log (if the directory logs does not exist, create a new mkdir / usr/local/php/logs and then modify the permission chmod 777! $)

Errors_reporting = E_ALL & ~ E_NOTICE

: wq

Apachectl graceful

(the error log will not be exposed, and the generation is stored in the logs directory)

Continue to modify

Php and apache want to visit a website. If the website has a loophole and is granted permission by others, it should be limited to a certain directory.

Open_basedir = / data/www:/tmp (the directory where the website program is located)

Or it can be defined under apache (open_basedir is annotated first). Only one php.ini can be configured, and multiple apache can be configured.

Vim / usr/local / apache2/conf/extra/httpd-vhosts.conf

Add on the previous party

Php_admin_value open_basedir "/ data/www/:/tmp/"

: wq

How to install the 2.9php expansion module

Cd / usr/local/src/php-5.4.36

Ls

Cd ext/ (source code packages are all under ext)

Ls

Example compiler module curl

Cd curl/

Ls

/ usr/local/php/bin/phpize

Ls (generated configure file)

. / configure-- with-php-config=/usr/local/php/bin/php-config

Make

Make install

Generated curl.so

/ usr/local/php/bin/php/-I | grep extension_dir

Vim / usr/local/php/etc/php.ini

At; extension=php_... Add at the bottom

Extension=curl.so

: wq

3.0mysql configuration explanation

Mysql profile

Vim / etc/my.cnf

The core configuration is the mysqld part

Port port

Socket monitored by socket

Whether skip-locking filters out lock and does not lock it.

Key-buffer-size index block buffer

(the reference value size of posts that can be tuned through mysql

Www.aminglinux.com/bbs/thread-5758-1-1.html)

Max-allowed-packet allows the largest package

Table-open-cache...

:

:

In addition, log-bin, server-id, interactive_timeout, wait timeout, long_query_time, log_slow_queries=/data/mysql/slow.log may be used

3.1 root password reset for mysql

Mysqladmin-uroot password 'password' sets mysql to a login password

Command quit to exit mysql mode

Reset password

Vim / etc/my.cnf

Add at the bottom of mysqld

Skip-grant

: wq

/ etc/init.d/mysqld restart restart

No password is required for mysql to log in to mysql

Use mysql

Update user set password=password ('new password') where user='root; set a new password

Vim / etc/my.cnf

Delete skip-grant

: wq

/ etc/init.d/mysqld restart restart

Mysql

Mysql-uroot-p New password Login to mysql

3.2mysql login

Remote login mysql

Mysql-uroot-h292.168.11.160-P3306-p password 3306 port

Authorized ip

In mysql mode

Grant all on *. * to 'root' @' 192.168.11.160 'identified by' password'; authorize ip192... Log in

Select user (); View login to the current user

Common 3.3mysql operations-1

Library-"Table"-"Row -" field

Show databases; to see what libraries are available in mysql

Libraries information_schema, discuz, mysql, test

Use library name switching library

Select database (); view the current database

Select version (); view the version

Show tables; View Table

Desc table name; view the fields in the table

Show create table table name\ G; view the creation of the table

Create database A; create Library A

Use A

Create table B ('id' int (4),' name' char (40)) ENGINE=MyISAM DEFAULT CHARSET=gbk

For backquotation marks, create Table B with field id, format int, length 4 digits, field name, format char, up to 40 bits, engine myisam, character set Default charset gbk

Show tables

Desc B

Insert data into a table

Insert into B values (1); id (1) changed from name to aming

Delete from B where name='aming'; deletes the line name as aming

Truncate table A.B; clear form B

Drop table B; deletes Table B

Drop database A; delete library A

Common operations of 3.4mysql 2

Authorized grant all on database name...

Flush privileges; refresh permissions

Show processlist; views queues in the database

View mysql's error log

Cd / data/mysql

Ls

The .err file is the error log.

Tail .err view error log

3.5mysql backup and recovery

Can be backed up remotely or locally

Mysqldump-uroot-p password discuz > / data/discuz.sql backup database discuz

Mysql-uroot-p password discuz < / data/discuz.sql restore backup

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.