CentOS 7 编译安装 Nginx,Naxsi Waf 和 PHP 手记

2020年12 月 8 日,CentOS 项目宣布,CentOS 8 将于 2021 年底结束,而 CentOS 7 将在2024年,其生命周期结束后停止维护。为其接班的正是 CentOS Stream 滚动发行版本,原本拥有 10 年支持的 CentOS 8 将在2021年年底说结束维护就结束维护。所以火速将自己的服务器从 CentOS8 降到 CentOS 7。

mkdir /space
cd /space


wget https://nginx.org/download/nginx-1.18.0.tar.gz

yum -y install gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel

tar -zxvf nginx-1.18.0.tar.gz # 解压
mv nginx-1.18.0 nginx
cd nginx


# 下载 naxsi

cd /space
yum install git
git clone https://github.com/nbs-system/naxsi.git


# 安装

./configure --prefix=/space/nginx \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-file-aio \
--with-http_dav_module \
--add-module=../naxsi/naxsi_src/ \


#指定安装路径 --prefix=/space/nginx

make #编译
make install #安装


创建用户

useradd -s /sbin/nologin -M nginx


引入 naxsi 规则

cp /space/software/naxsi/naxsi_config/naxsi_core.rules /space/nginx/conf/


配置文件:

http {
  include /space/nginx/conf/naxsi_core.rules; # Naxsi 引用核心规则
  include    mime.types;
  default_type application/octet-stream;
  server_tokens off;

  server {
    listen    80;
    server_name localhost;

    location / {
      root  html;
      index index.html index.htm;

      SecRulesEnabled; #enable naxsi 启用 naxsi
      # LearningMode; #enable learning mode # 是否启用学习模式,只记录,不拦截,方便自己设置白名单
      LibInjectionSql; #enable libinjection support for SQLI
      LibInjectionXss; #enable libinjection support for XSS
      DeniedUrl "/RequestDenied"; # 触发规则以后显示的页面

      CheckRule "$SQL >= 8" BLOCK; #the action to take when the $SQL score is superior or equal to 8
      CheckRule "$RFI >= 8" BLOCK;
      CheckRule "$TRAVERSAL >= 5" BLOCK;
      CheckRule "$UPLOAD >= 5" BLOCK;
      CheckRule "$XSS >= 8" BLOCK;
    }
  }
}


添加到全局:

ln -s /space/nginx/sbin/nginx /usr/local/bin



编译PHP

yum install -y gcc gcc-c++
yum -y install libxml2 libxml2-devel openssl openssl-devel curl-devel libjpeg-devel libpng-devel libicu-devel freetype-devel libmcrypt-devel libzip-devel pcre-devel openldap openldap-devel libcurl-devel sqlite-devel 


cd /space/software
wget https://www.php.net/distributions/php-7.3.23.tar.gz
tar -xzf php-7.3.23.tar.gz
cd php-7.3.23



#命令列出所有用户
cat /etc/passwd |cut -f 1 -d:
#创建用户组和用户
groupadd www
useradd -g www www



编译安装 php

./configure --prefix=/space/php \
--with-config-file-path=/space/php/etc \
--with-config-file-scan-dir=/space/php/etc/php.d \
--enable-mysqlnd \
--with-mysqli \
--with-pdo-mysql \
--enable-fpm \
--with-fpm-user=www \
--with-fpm-group=www \
--with-gd \
--with-iconv \
--with-zlib \
--enable-xml \
--enable-shmop \
--enable-sysvsem \
--enable-inline-optimization \
--enable-mbregex \
--enable-mbstring \
--enable-ftp \
--with-openssl \
--enable-pcntl \
--enable-sockets \
--with-xmlrpc \
--enable-zip \
--enable-soap \
--without-pear \
--with-gettext \
--enable-session \
--with-curl \
--with-jpeg-dir \
--with-freetype-dir \
--disable-fileinfo \
--enable-opcache

make && make install



设置服务文件

php-fpm.service 文件,在 /usr/lib/systemd/system

[Unit]
Description=php-fpm
After=network.target
[Service]
Type=forking
ExecStart=/space/php/sbin/php-fpm
ExecStop=/bin/pkill -9 php-fpm
PrivateTmp=true
[Install]
WantedBy=multi-user.target


nginx.service 文件

[Unit]
Description=nginx service
After=network.target 
[Service] 
Type=forking 
ExecStart=/space/nginx/sbin/nginx
ExecStop=/space/nginx/sbin/nginx -s quit
PrivateTmp=true 
[Install] 
WantedBy=multi-user.target

# systemctl enable nginx 设置开机自启动

# systemctl disable nginx 取消开机自启动



开启 opcache,需要 添加 zend_extension="opcache.so"


配置

cp /space/software/php-7.3.23/php.ini-production /space/php/etc/php.ini

cd /space/php/etc
cp php-fpm.conf.default php-fpm.conf
cd /space/php/etc/php-fpm.d
cp www.conf.default www.conf


PHP 编译报错:

checking for libzip... configure: error: system libzip must be upgraded to version >= 0.11

wget https://libzip.org/download/libzip-1.3.2.tar.gz
tar xvf libzip-1.3.2.tar.gz
cd libzip-1.3.2
./configure
make && make install


修改时间 2021-09-23

声明:本站所有文章和图片,如无特殊说明,均为原创发布。商业转载请联系作者获得授权,非商业转载请注明出处。
随机推荐
Node.js 模块概念
JavaScript 引用类型
使用 svg 作为背景图片
WordPress 插入文章函数 wp_insert_post()
ReferenceError: __dirname is not defined in ES module scope
使用 MySQL 线程池对压力测试的影响
RESTful API 执行 delete 返回204无法获取 Body
JavaScript Global 对象