How to Install and configure LAMP-server (Linux, Apache, MariaDB/MySQL, PHP) in CentOS/RHEL 7
Содержание
LAMP is an acronym denoting the set of (complex) server software, widely used in the World Wide Web. LAMP is named after the first letters of its constituent components:
- Linux is the Linux operating system;
- Apache is a Web server;
- Mariadb/MySQL is a database management system;
- PHP is a programming language used to create Web applications (other than PHP can mean other languages such as Perl and Python).
Install the Apache Web server
Install the httpd package, run it and make any necessary changes to the firewall for it to work:
$ yum -y install httpd $ nano -w /etc/httpd/conf/httpd.conf ServerAdmin hostmaster@example.com $ systemctl enable httpd.service $ systemctl start httpd.service $ systemctl status httpd.service httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled) Active: active (running) since Sun 2014-11-23 18:52:36 MSK; 1s ago Main PID: 30216 (httpd) Status: "Processing requests..." CGroup: /system.slice/httpd.service ├─30216 /usr/sbin/httpd -DFOREGROUND ├─30217 /usr/sbin/httpd -DFOREGROUND ├─30218 /usr/sbin/httpd -DFOREGROUND ├─30219 /usr/sbin/httpd -DFOREGROUND ├─30220 /usr/sbin/httpd -DFOREGROUND └─30221 /usr/sbin/httpd -DFOREGROUND Nov 23 18:52:36 examle.com systemd[1]: Started The Apache HTTP Server. $ ss -tnlp | grep httpd LISTEN 0 128 *:80 *:* users:(("httpd",30221,3),("httpd",30220,3),("httpd",30219,3),("httpd",30218,3),("httpd",30217,3),("httpd",30216,3)) $ firewall-cmd --permanent --zone=public --add-service=http $ firewall-cmd --reload
Open in browser link http://example.com/
and make sure that the Web server is running.
Now configure HTTPS on Apache:
Install the special plug-in for Apache and configure it (the Secure Sockets Layer (SSL) certificates required for operation of the module, we will use the already available, which we created in this post)):
$ yum -y install mod_ssl $ nano -w /etc/httpd/conf.d/ssl.conf Listen 443 https SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCertificateFile /etc/pki/tls/certs/example.com.crt SSLCertificateKeyFile /etc/pki/tls/private/example.com.key SSLCertificateChainFile /etc/pki/tls/certs/sub.class1.server.ca.pem $ systemctl reload httpd.service $ firewall-cmd --permanent --zone=public --add-service=https $ firewall-cmd --reload
Open in browser link https://example.com/
and make sure that the Web server runs by using the HTTPS protocol.
Installation of MariaDB (MySQL)
Install the required packages will run and configure SQL Server:
$ yum -y install mariadb mariadb-server $ systemctl enable mariadb.service ln -s '/usr/lib/systemd/system/mariadb.service' '/etc/systemd/system/multi-user.target.wants/mariadb.service' $ systemctl start mariadb.service $ systemctl status mariadb.service -l mariadb.service - MariaDB database server Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled) Active: active (running) since Sun 2014-11-23 17:23:44 MSK; 21s ago Process: 28722 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS) Process: 28642 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS) Main PID: 28721 (mysqld_safe) CGroup: /system.slice/mariadb.service ├─28721 /bin/sh /usr/bin/mysqld_safe --basedir=/usr └─28878 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock Nov 23 17:23:42 example.com mariadb-prepare-db-dir[28642]: The latest information about MariaDB is available at http://mariadb.org/. Nov 23 17:23:42 example.com mariadb-prepare-db-dir[28642]: You can find additional information about the MySQL part at: Nov 23 17:23:42 example.com mariadb-prepare-db-dir[28642]: http://dev.mysql.com Nov 23 17:23:42 example.com mariadb-prepare-db-dir[28642]: Support MariaDB development by buying support/new features from Nov 23 17:23:42 example.com mariadb-prepare-db-dir[28642]: SkySQL Ab. You can contact us about this at sales@skysql.com. Nov 23 17:23:42 example.com mariadb-prepare-db-dir[28642]: Alternatively consider joining our community based development effort: Nov 23 17:23:42 example.com mariadb-prepare-db-dir[28642]: http://mariadb.com/kb/en/contributing-to-the-mariadb-project/ Nov 23 17:23:42 example.com mysqld_safe[28721]: 141123 17:23:42 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'. Nov 23 17:23:42 example.com mysqld_safe[28721]: 141123 17:23:42 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql Nov 23 17:23:44 example.com systemd[1]: Started MariaDB database server. $ mysql_secure_installation /usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): /пароль у нас ещё не установлен, нажимаем «Enter»/ OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
Do not pay attention to the error:
/usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found
It has no effect, and in the following versions of MySQL this error will be gone. Here is a description of the bug on the website developers.
If you plan to connect to the SQL Server from the outside, you want to allow connections to port 3306 in firewall and configure the MariaDB to work on this port:
$ nano -w /etc/my.cnf.d/server.cnf [mysqld] bind-address = 0.0.0.0 $ systemctl restart mariadb.service $ ss -tnlp | grep 3306 LISTEN 0 50 *:3306 *:* users:(("mysqld",29591,14)) $ firewall-cmd --permanent --zone=public --add-service=mysql $ firewall-cmd --reload
Installing PHP
Set and change some of the default settings:
$ yum -y install php php-mysql $ nano -w /etc/php.ini post_max_size = 64M upload_max_filesize = 32M date.timezone = Europe/Moscow $ echo "<?php phpinfo(); ?>" >/var/www/html/phpinfo.php $ systemctl restart httpd.service
Open the link https://example.com/phpinfo.php
in your browser and make sure that PHP is running. Making sure that PHP is working to remove the test script:
$ rm -f /var/www/html/phpinfo.php
Installing phpMyAdmin
First install phpMyAdmin:
$ yum -y install phpmyadmin
Then set the IP addresses with which are allowed to connect to phpMyAdmin:
$ nano -w /etc/httpd/conf.d/phpMyAdmin.conf
Now turn the SELinux permission Web server to make network connections, and sending mail:
$ setsebool -P httpd_can_network_connect_db on $ setsebool -P httpd_can_sendmail on
Restart the Web server:
$ systemctl restart httpd.service
Open the link in your browser https://example.com/phpMyAdmin/setup/
and configure phpMyAdmin.
In the first window “Browse” in the “Server” click on the button “New server”. Fill in the fields “User name”, “Host Server”, select the connection type and click on the button “Apply”. If you need to add more servers to the list – you can repeat this several times.
After this switch in the “Settings” window, open the “Security” tab and put a check mark next to “Prefer the SSL connection” and click on the button “Apply”.
Now in the window “Browse” in the “Configuration file” select the default language and click on the “Save” button.
Now save the configuration in the Web browser and move it to the directory /etc/phpMyAdmin
, and then delete the config
folder:
$ mv /etc/phpMyAdmin/config.inc.php /etc/phpMyAdmin/config.inc.php.orig $ mv /var/lib/phpMyAdmin/config/config.inc.php /etc/phpMyAdmin/ $ restorecon -v /etc/phpMyAdmin/config.inc.php $ chcon -u system_u /etc/phpMyAdmin/config.inc.php $ chown root:apache /etc/phpMyAdmin/config.inc.php $ chmod 0640 /etc/phpMyAdmin/config.inc.php $ rmdir /var/lib/phpMyAdmin/config
Create a virtual host in Apache
Install the cronolog, in order to be able to write to the log files with the names of access_log.YYYY-MM
:
$ yum -y install cronolog
First prepare the Apache virtual host to work in Debian-style:
$ mkdir /etc/httpd/vhost.d $ chcon -u system_u /etc/httpd/vhost.d $ nano -w /etc/httpd/conf.d/vhost.conf <VirtualHost *:80> DocumentRoot "/var/www/html" </VirtualHost> IncludeOptional vhost.d/vhost-*
In order to disable the virtual host – will have to run the command:
$ mv -v /etc/httpd/vhost.d/{,_}vhost-vhost.example.com
But in order to turn off virtual host, you will need to run the command:
$ mv -v /etc/httpd/vhost.d/{_,}vhost-vhost.example.com
So it’s a bit to automate, we will create in your .bashrc
file a couple of aliases:
$ nano -w .bashrc __a2ensite() { if [ "$1" == "" ]; then echo "Usage: a2ensite www.example.com" elif [ ! -f "/etc/httpd/vhost.d/_vhost-$1" ]; then echo "ERROR: Site $1 does not exist!" else mv -v /etc/httpd/vhost.d/{_,}vhost-$1 echo "Run 'systemctl reload httpd' to activate new configuration!" fi } __a2dissite() { if [ "$1" == "" ]; then echo "Usage: a2dissite www.example.com" elif [ ! -f "/etc/httpd/vhost.d/vhost-$1" ]; then echo "ERROR: Site $1 does not exist!" else mv -v /etc/httpd/vhost.d/{,_}vhost-$1 echo "Run 'systemctl reload httpd' to activate new configuration!" fi } alias a2ensite=__a2ensite alias a2dissite=__a2dissite
Now to disable the virtual host you need to execute the command:
$ a2dissite www.example.com
And for enable:
$ a2ensite www.example.com
Now let’s create our virtual host configuration file:
$ nano -w /etc/httpd/vhost.d/vhost-vhost.example.com # HTTP Virtual Host <VirtualHost *:80> ServerName vhost.example.com ServerAdmin admin@example.com DocumentRoot /var/www/vhost.example.com CustomLog "|/usr/sbin/cronolog logs/vhost.example.com/access_log.%Y-%m" combined env=!dontlog ErrorLog "|/usr/sbin/cronolog logs/vhost.example.com/error_log.%Y-%m" <Directory /var/www/vhost.example.com> AllowOverride Options Require all granted </Directory> </VirtualHost> # HTTPS Virtual Host <VirtualHost *:443> ServerName vhost.example.com ServerAdmin admin@example.com DocumentRoot /var/www/vhost.example.com CustomLog "|/usr/sbin/cronolog logs/vhost.example.com/access_log.%Y-%m" combined env=!dontlog ErrorLog "|/usr/sbin/cronolog logs/vhost.example.com/error_log.%Y-%m" <Directory /var/www/vhost.example.com> AllowOverride Options Require all granted </Directory> </VirtualHost>
If HTTPS — the second part of the file, you can not write.
Just create the necessary folders and test file index.html
:
$ mkdir /var/www/vhost.example.com $ mkdir /var/log/httpd/vhost.example.com $ chcon -u system_u /var/log/httpd/vhost.example.com $ echo '<h2>It Works!</h2>' >/var/www/vhost.example.com/index.html
Now make Apache reread the config files:
$ systemctl reload httpd.service
After these steps, you can try to open the link in your browser http://vhost.example.com/
.
You need to be aware of the nuances of setting default aliases for Web applications with CentOS virtual hosts. Consider the example of phpMyAdmin. After you install phpMyAdmin in the file /etc/httpd/conf.d/phpMyAdmin.conf
contains the following lines:
Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin
It is a normal aliases. But the problem is that if they leave in this file, it will work for all virtual hosts together! To avoid this, in this file, you need to comment out these aliases and move them to a separate configuration file:
$ nano -w /etc/httpd/conf.d/aliases.cnf Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin $ chcon -u system_u /etc/httpd/conf.d/aliases.cnf
Note the file extension, it is specifically not .conf
, but .cnf
, otherwise the contents of the config will be triggered where there is no need to. As for the point of including these aliases will be in the right places add this line IncludeOptional conf.d/aliases.cnf
. First, we’ll add it to the file /etc/httpd/conf.d/vhost.conf
:
$ nano -w /etc/httpd/conf.d/vhost.conf <VirtualHost *:80> ... IncludeOptional conf.d/aliases.cnf </VirtualHost> $ chcon -u system_u /etc/httpd/conf.d/vhost.conf
as well as in the /etc/httpd/conf.d/ssl.conf
file (aliases to the same work over https):
$ nano -w /etc/httpd/conf.d/ssl.conf <VirtualHost _default_:443> ... IncludeOptional conf.d/aliases.cnf </VirtualHost>
If you include the aliases for a virtual host, you can do this, add the IncludeOptional
code> to the desired block
in the configuration file.
After registering, be sure to run the command:
$ systemctl reload httpd.service