野猪佩奇
2020年12 月 8 日,CentOS 项目宣布,CentOS 8 将于 2021 年底结束,而 CentOS 7 将在2024年,其生命周期结束后停止维护。为其接班的正是 CentOS Stream 滚动发行版本,原本拥有 10 年支持的 CentOS 8 将在2021年年底说结束维护就结束维护。所以火速将自己的服务器从 CentOS8 降到 CentOS 7。
mkdir /space cd /space
wget https://nginx.org/download/nginx-1.18.0.tar.gz yum -y install gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel tar -zxvf nginx-1.18.0.tar.gz # 解压 mv nginx-1.18.0 nginx cd nginx
# 下载 naxsi
cd /space yum install git git clone https://github.com/nbs-system/naxsi.git
# 安装
./configure --prefix=/space/nginx \ --user=nginx \ --group=nginx \ --with-http_ssl_module \ --with-http_stub_status_module \ --with-http_gzip_static_module \ --with-file-aio \ --with-http_dav_module \ --add-module=../naxsi/naxsi_src/ \
#指定安装路径 --prefix=/space/nginx
make #编译 make install #安装
创建用户
useradd -s /sbin/nologin -M nginx
引入 naxsi 规则
cp /space/software/naxsi/naxsi_config/naxsi_core.rules /space/nginx/conf/
配置文件:
http {
include /space/nginx/conf/naxsi_core.rules; # Naxsi 引用核心规则
include mime.types;
default_type application/octet-stream;
server_tokens off;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
SecRulesEnabled; #enable naxsi 启用 naxsi
# LearningMode; #enable learning mode # 是否启用学习模式,只记录,不拦截,方便自己设置白名单
LibInjectionSql; #enable libinjection support for SQLI
LibInjectionXss; #enable libinjection support for XSS
DeniedUrl "/RequestDenied"; # 触发规则以后显示的页面
CheckRule "$SQL >= 8" BLOCK; #the action to take when the $SQL score is superior or equal to 8
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 5" BLOCK;
CheckRule "$UPLOAD >= 5" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
}
}
}
添加到全局:
ln -s /space/nginx/sbin/nginx /usr/local/bin
编译PHP
yum install -y gcc gcc-c++ yum -y install libxml2 libxml2-devel openssl openssl-devel curl-devel libjpeg-devel libpng-devel libicu-devel freetype-devel libmcrypt-devel libzip-devel pcre-devel openldap openldap-devel libcurl-devel sqlite-devel
cd /space/software wget https://www.php.net/distributions/php-7.3.23.tar.gz tar -xzf php-7.3.23.tar.gz cd php-7.3.23
#命令列出所有用户 cat /etc/passwd |cut -f 1 -d: #创建用户组和用户 groupadd www useradd -g www www
编译安装 php
./configure --prefix=/space/php \ --with-config-file-path=/space/php/etc \ --with-config-file-scan-dir=/space/php/etc/php.d \ --enable-mysqlnd \ --with-mysqli \ --with-pdo-mysql \ --enable-fpm \ --with-fpm-user=www \ --with-fpm-group=www \ --with-gd \ --with-iconv \ --with-zlib \ --enable-xml \ --enable-shmop \ --enable-sysvsem \ --enable-inline-optimization \ --enable-mbregex \ --enable-mbstring \ --enable-ftp \ --with-openssl \ --enable-pcntl \ --enable-sockets \ --with-xmlrpc \ --enable-zip \ --enable-soap \ --without-pear \ --with-gettext \ --enable-session \ --with-curl \ --with-jpeg-dir \ --with-freetype-dir \ --disable-fileinfo \ --enable-opcache make && make install
设置服务文件
php-fpm.service 文件,在 /usr/lib/systemd/system
[Unit] Description=php-fpm After=network.target [Service] Type=forking ExecStart=/space/php/sbin/php-fpm ExecStop=/bin/pkill -9 php-fpm PrivateTmp=true [Install] WantedBy=multi-user.target
nginx.service 文件
[Unit] Description=nginx service After=network.target [Service] Type=forking ExecStart=/space/nginx/sbin/nginx ExecStop=/space/nginx/sbin/nginx -s quit PrivateTmp=true [Install] WantedBy=multi-user.target
# systemctl enable nginx 设置开机自启动
# systemctl disable nginx 取消开机自启动
开启 opcache,需要 添加 zend_extension="opcache.so"
配置
cp /space/software/php-7.3.23/php.ini-production /space/php/etc/php.ini cd /space/php/etc cp php-fpm.conf.default php-fpm.conf cd /space/php/etc/php-fpm.d cp www.conf.default www.conf
PHP 编译报错:
checking for libzip... configure: error: system libzip must be upgraded to version >= 0.11 wget https://libzip.org/download/libzip-1.3.2.tar.gz tar xvf libzip-1.3.2.tar.gz cd libzip-1.3.2 ./configure make && make install
修改时间 2021-09-23
声明:本站所有文章和图片,如无特殊说明,均为原创发布。商业转载请联系作者获得授权,非商业转载请注明出处。