2020年12 月 8 日,CentOS 项目宣布,CentOS 8 将于 2021 年底结束,而 CentOS 7 将在2024年,其生命周期结束后停止维护。为其接班的正是 CentOS Stream 滚动发行版本,原本拥有 10 年支持的 CentOS 8 将在2021年年底说结束维护就结束维护。所以火速将自己的服务器从 CentOS8 降到 CentOS 7。
mkdir /space
cd /space
wget https://nginx.org/download/nginx-1.18.0.tar.gz
yum -y install gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel
tar -zxvf nginx-1.18.0.tar.gz # 解压
mv nginx-1.18.0 nginx
cd nginx
# 下载 naxsi
cd /space
yum install git
git clone https://github.com/nbs-system/naxsi.git
# 安装
./configure --prefix=/space/nginx \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-file-aio \
--with-http_dav_module \
--add-module=../naxsi/naxsi_src/ \
#指定安装路径 --prefix=/space/nginx
make #编译
make install #安装
创建用户
useradd -s /sbin/nologin -M nginx
引入 naxsi 规则
cp /space/software/naxsi/naxsi_config/naxsi_core.rules /space/nginx/conf/
配置文件:
http {
include /space/nginx/conf/naxsi_core.rules; # Naxsi 引用核心规则
include mime.types;
default_type application/octet-stream;
server_tokens off;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
SecRulesEnabled; #enable naxsi 启用 naxsi
# LearningMode; #enable learning mode # 是否启用学习模式,只记录,不拦截,方便自己设置白名单
LibInjectionSql; #enable libinjection support for SQLI
LibInjectionXss; #enable libinjection support for XSS
DeniedUrl "/RequestDenied"; # 触发规则以后显示的页面
CheckRule "$SQL >= 8" BLOCK; #the action to take when the $SQL score is superior or equal to 8
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 5" BLOCK;
CheckRule "$UPLOAD >= 5" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
}
}
}
添加到全局:
ln -s /space/nginx/sbin/nginx /usr/local/bin
编译PHP
yum install -y gcc gcc-c++
yum -y install libxml2 libxml2-devel openssl openssl-devel curl-devel libjpeg-devel libpng-devel libicu-devel freetype-devel libmcrypt-devel libzip-devel pcre-devel openldap openldap-devel libcurl-devel sqlite-devel
cd /space/software
wget https://www.php.net/distributions/php-7.3.23.tar.gz
tar -xzf php-7.3.23.tar.gz
cd php-7.3.23
#命令列出所有用户
cat /etc/passwd |cut -f 1 -d:
#创建用户组和用户
groupadd www
useradd -g www www
编译安装 php
./configure --prefix=/space/php \
--with-config-file-path=/space/php/etc \
--with-config-file-scan-dir=/space/php/etc/php.d \
--enable-mysqlnd \
--with-mysqli \
--with-pdo-mysql \
--enable-fpm \
--with-fpm-user=www \
--with-fpm-group=www \
--with-gd \
--with-iconv \
--with-zlib \
--enable-xml \
--enable-shmop \
--enable-sysvsem \
--enable-inline-optimization \
--enable-mbregex \
--enable-mbstring \
--enable-ftp \
--with-openssl \
--enable-pcntl \
--enable-sockets \
--with-xmlrpc \
--enable-zip \
--enable-soap \
--without-pear \
--with-gettext \
--enable-session \
--with-curl \
--with-jpeg-dir \
--with-freetype-dir \
--disable-fileinfo \
--enable-opcache
make && make install
设置服务文件
php-fpm.service 文件,在 /usr/lib/systemd/system
[Unit]
Description=php-fpm
After=network.target
[Service]
Type=forking
ExecStart=/space/php/sbin/php-fpm
ExecStop=/bin/pkill -9 php-fpm
PrivateTmp=true
[Install]
WantedBy=multi-user.target
nginx.service 文件
[Unit]
Description=nginx service
After=network.target
[Service]
Type=forking
ExecStart=/space/nginx/sbin/nginx
ExecStop=/space/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
# systemctl enable nginx 设置开机自启动
# systemctl disable nginx 取消开机自启动
开启 opcache,需要 添加 zend_extension="opcache.so"
配置
cp /space/software/php-7.3.23/php.ini-production /space/php/etc/php.ini
cd /space/php/etc
cp php-fpm.conf.default php-fpm.conf
cd /space/php/etc/php-fpm.d
cp www.conf.default www.conf
PHP 编译报错:
checking for libzip... configure: error: system libzip must be upgraded to version >= 0.11
wget https://libzip.org/download/libzip-1.3.2.tar.gz
tar xvf libzip-1.3.2.tar.gz
cd libzip-1.3.2
./configure
make && make install
修改时间 2021-09-23
声明:本站所有文章和图片,如无特殊说明,均为原创发布,转载请注明出处。