How to Install and configure LAMP-server (Linux, Apache, MariaDB/MySQL, PHP) in CentOS/RHEL 7
Содержание
LAMP is an acronym denoting the set of (complex) server software, widely used in the World Wide Web. LAMP is named after the first letters of its constituent components:
- Linux is the Linux operating system;
- Apache is a Web server;
- Mariadb/MySQL is a database management system;
- PHP is a programming language used to create Web applications (other than PHP can mean other languages such as Perl and Python).
Install the Apache Web server
Install the httpd package, run it and make any necessary changes to the firewall for it to work:
$ yum -y install httpd
$ nano -w /etc/httpd/conf/httpd.conf
ServerAdmin hostmaster@example.com
$ systemctl enable httpd.service
$ systemctl start httpd.service
$ systemctl status httpd.service
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
Active: active (running) since Sun 2014-11-23 18:52:36 MSK; 1s ago
Main PID: 30216 (httpd)
Status: "Processing requests..."
CGroup: /system.slice/httpd.service
├─30216 /usr/sbin/httpd -DFOREGROUND
├─30217 /usr/sbin/httpd -DFOREGROUND
├─30218 /usr/sbin/httpd -DFOREGROUND
├─30219 /usr/sbin/httpd -DFOREGROUND
├─30220 /usr/sbin/httpd -DFOREGROUND
└─30221 /usr/sbin/httpd -DFOREGROUND
Nov 23 18:52:36 examle.com systemd[1]: Started The Apache HTTP Server.
$ ss -tnlp | grep httpd
LISTEN 0 128 *:80 *:* users:(("httpd",30221,3),("httpd",30220,3),("httpd",30219,3),("httpd",30218,3),("httpd",30217,3),("httpd",30216,3))
$ firewall-cmd --permanent --zone=public --add-service=http
$ firewall-cmd --reload
Open in browser link http://example.com/ and make sure that the Web server is running.
Now configure HTTPS on Apache:
Install the special plug-in for Apache and configure it (the Secure Sockets Layer (SSL) certificates required for operation of the module, we will use the already available, which we created in this post)):
$ yum -y install mod_ssl $ nano -w /etc/httpd/conf.d/ssl.conf Listen 443 https SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCertificateFile /etc/pki/tls/certs/example.com.crt SSLCertificateKeyFile /etc/pki/tls/private/example.com.key SSLCertificateChainFile /etc/pki/tls/certs/sub.class1.server.ca.pem $ systemctl reload httpd.service $ firewall-cmd --permanent --zone=public --add-service=https $ firewall-cmd --reload
Open in browser link https://example.com/ and make sure that the Web server runs by using the HTTPS protocol.
Installation of MariaDB (MySQL)
Install the required packages will run and configure SQL Server:
$ yum -y install mariadb mariadb-server
$ systemctl enable mariadb.service
ln -s '/usr/lib/systemd/system/mariadb.service' '/etc/systemd/system/multi-user.target.wants/mariadb.service'
$ systemctl start mariadb.service
$ systemctl status mariadb.service -l
mariadb.service - MariaDB database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled)
Active: active (running) since Sun 2014-11-23 17:23:44 MSK; 21s ago
Process: 28722 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
Process: 28642 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
Main PID: 28721 (mysqld_safe)
CGroup: /system.slice/mariadb.service
├─28721 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
└─28878 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock
Nov 23 17:23:42 example.com mariadb-prepare-db-dir[28642]: The latest information about MariaDB is available at http://mariadb.org/.
Nov 23 17:23:42 example.com mariadb-prepare-db-dir[28642]: You can find additional information about the MySQL part at:
Nov 23 17:23:42 example.com mariadb-prepare-db-dir[28642]: http://dev.mysql.com
Nov 23 17:23:42 example.com mariadb-prepare-db-dir[28642]: Support MariaDB development by buying support/new features from
Nov 23 17:23:42 example.com mariadb-prepare-db-dir[28642]: SkySQL Ab. You can contact us about this at sales@skysql.com.
Nov 23 17:23:42 example.com mariadb-prepare-db-dir[28642]: Alternatively consider joining our community based development effort:
Nov 23 17:23:42 example.com mariadb-prepare-db-dir[28642]: http://mariadb.com/kb/en/contributing-to-the-mariadb-project/
Nov 23 17:23:42 example.com mysqld_safe[28721]: 141123 17:23:42 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Nov 23 17:23:42 example.com mysqld_safe[28721]: 141123 17:23:42 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Nov 23 17:23:44 example.com systemd[1]: Started MariaDB database server.
$ mysql_secure_installation
/usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): /пароль у нас ещё не установлен, нажимаем «Enter»/
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
Do not pay attention to the error:
/usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found
It has no effect, and in the following versions of MySQL this error will be gone. Here is a description of the bug on the website developers.
If you plan to connect to the SQL Server from the outside, you want to allow connections to port 3306 in firewall and configure the MariaDB to work on this port:
$ nano -w /etc/my.cnf.d/server.cnf
[mysqld]
bind-address = 0.0.0.0
$ systemctl restart mariadb.service
$ ss -tnlp | grep 3306
LISTEN 0 50 *:3306 *:* users:(("mysqld",29591,14))
$ firewall-cmd --permanent --zone=public --add-service=mysql
$ firewall-cmd --reload
Installing PHP
Set and change some of the default settings:
$ yum -y install php php-mysql $ nano -w /etc/php.ini post_max_size = 64M upload_max_filesize = 32M date.timezone = Europe/Moscow $ echo "<?php phpinfo(); ?>" >/var/www/html/phpinfo.php $ systemctl restart httpd.service
Open the link https://example.com/phpinfo.php in your browser and make sure that PHP is running. Making sure that PHP is working to remove the test script:
$ rm -f /var/www/html/phpinfo.php
Installing phpMyAdmin
First install phpMyAdmin:
$ yum -y install phpmyadmin
Then set the IP addresses with which are allowed to connect to phpMyAdmin:
$ nano -w /etc/httpd/conf.d/phpMyAdmin.conf
Now turn the SELinux permission Web server to make network connections, and sending mail:
$ setsebool -P httpd_can_network_connect_db on $ setsebool -P httpd_can_sendmail on
Restart the Web server:
$ systemctl restart httpd.service
Open the link in your browser https://example.com/phpMyAdmin/setup/ and configure phpMyAdmin.
In the first window “Browse” in the “Server” click on the button “New server”. Fill in the fields “User name”, “Host Server”, select the connection type and click on the button “Apply”. If you need to add more servers to the list – you can repeat this several times.
After this switch in the “Settings” window, open the “Security” tab and put a check mark next to “Prefer the SSL connection” and click on the button “Apply”.
Now in the window “Browse” in the “Configuration file” select the default language and click on the “Save” button.
Now save the configuration in the Web browser and move it to the directory /etc/phpMyAdmin, and then delete the config folder:
$ mv /etc/phpMyAdmin/config.inc.php /etc/phpMyAdmin/config.inc.php.orig $ mv /var/lib/phpMyAdmin/config/config.inc.php /etc/phpMyAdmin/ $ restorecon -v /etc/phpMyAdmin/config.inc.php $ chcon -u system_u /etc/phpMyAdmin/config.inc.php $ chown root:apache /etc/phpMyAdmin/config.inc.php $ chmod 0640 /etc/phpMyAdmin/config.inc.php $ rmdir /var/lib/phpMyAdmin/config
Create a virtual host in Apache
Install the cronolog, in order to be able to write to the log files with the names of access_log.YYYY-MM:
$ yum -y install cronolog
First prepare the Apache virtual host to work in Debian-style:
$ mkdir /etc/httpd/vhost.d
$ chcon -u system_u /etc/httpd/vhost.d
$ nano -w /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html"
</VirtualHost>
IncludeOptional vhost.d/vhost-*
In order to disable the virtual host – will have to run the command:
$ mv -v /etc/httpd/vhost.d/{,_}vhost-vhost.example.com
But in order to turn off virtual host, you will need to run the command:
$ mv -v /etc/httpd/vhost.d/{_,}vhost-vhost.example.com
So it’s a bit to automate, we will create in your .bashrc file a couple of aliases:
$ nano -w .bashrc
__a2ensite() {
if [ "$1" == "" ]; then
echo "Usage: a2ensite www.example.com"
elif [ ! -f "/etc/httpd/vhost.d/_vhost-$1" ]; then
echo "ERROR: Site $1 does not exist!"
else
mv -v /etc/httpd/vhost.d/{_,}vhost-$1
echo "Run 'systemctl reload httpd' to activate new configuration!"
fi
}
__a2dissite() {
if [ "$1" == "" ]; then
echo "Usage: a2dissite www.example.com"
elif [ ! -f "/etc/httpd/vhost.d/vhost-$1" ]; then
echo "ERROR: Site $1 does not exist!"
else
mv -v /etc/httpd/vhost.d/{,_}vhost-$1
echo "Run 'systemctl reload httpd' to activate new configuration!"
fi
}
alias a2ensite=__a2ensite
alias a2dissite=__a2dissite
Now to disable the virtual host you need to execute the command:
$ a2dissite www.example.com
And for enable:
$ a2ensite www.example.com
Now let’s create our virtual host configuration file:
$ nano -w /etc/httpd/vhost.d/vhost-vhost.example.com
# HTTP Virtual Host
<VirtualHost *:80>
ServerName vhost.example.com
ServerAdmin admin@example.com
DocumentRoot /var/www/vhost.example.com
CustomLog "|/usr/sbin/cronolog logs/vhost.example.com/access_log.%Y-%m" combined env=!dontlog
ErrorLog "|/usr/sbin/cronolog logs/vhost.example.com/error_log.%Y-%m"
<Directory /var/www/vhost.example.com>
AllowOverride Options
Require all granted
</Directory>
</VirtualHost>
# HTTPS Virtual Host
<VirtualHost *:443>
ServerName vhost.example.com
ServerAdmin admin@example.com
DocumentRoot /var/www/vhost.example.com
CustomLog "|/usr/sbin/cronolog logs/vhost.example.com/access_log.%Y-%m" combined env=!dontlog
ErrorLog "|/usr/sbin/cronolog logs/vhost.example.com/error_log.%Y-%m"
<Directory /var/www/vhost.example.com>
AllowOverride Options
Require all granted
</Directory>
</VirtualHost>
If HTTPS — the second part of the file, you can not write.
Just create the necessary folders and test file index.html:
$ mkdir /var/www/vhost.example.com $ mkdir /var/log/httpd/vhost.example.com $ chcon -u system_u /var/log/httpd/vhost.example.com $ echo '<h2>It Works!</h2>' >/var/www/vhost.example.com/index.html
Now make Apache reread the config files:
$ systemctl reload httpd.service
After these steps, you can try to open the link in your browser http://vhost.example.com/.
You need to be aware of the nuances of setting default aliases for Web applications with CentOS virtual hosts. Consider the example of phpMyAdmin. After you install phpMyAdmin in the file /etc/httpd/conf.d/phpMyAdmin.conf contains the following lines:
Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin
It is a normal aliases. But the problem is that if they leave in this file, it will work for all virtual hosts together! To avoid this, in this file, you need to comment out these aliases and move them to a separate configuration file:
$ nano -w /etc/httpd/conf.d/aliases.cnf Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin $ chcon -u system_u /etc/httpd/conf.d/aliases.cnf
Note the file extension, it is specifically not .conf, but .cnf, otherwise the contents of the config will be triggered where there is no need to. As for the point of including these aliases will be in the right places add this line IncludeOptional conf.d/aliases.cnf. First, we’ll add it to the file /etc/httpd/conf.d/vhost.conf:
$ nano -w /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
...
IncludeOptional conf.d/aliases.cnf
</VirtualHost>
$ chcon -u system_u /etc/httpd/conf.d/vhost.conf
as well as in the /etc/httpd/conf.d/ssl.conf file (aliases to the same work over https):
$ nano -w /etc/httpd/conf.d/ssl.conf
<VirtualHost _default_:443>
...
IncludeOptional conf.d/aliases.cnf
</VirtualHost>
If you include the aliases for a virtual host, you can do this, add the IncludeOptionalcode> to the desired block
After registering, be sure to run the command:
$ systemctl reload httpd.service