分类 selinux 下的文章

centos6.6搭建LANP环境(yum)

nginx
自带的yum源的nginx版本比较低,到nginx官网下载版本对应的源http://nginx.org/en/linux_packages.html#stable

然后安装

rpm -ivf nginx-release-centos-6-0.el6.ngx.noarch.rpm

再安装nginx

yum install nginx

安装成功,启动nginx

service nginx start 

mysql
去mysql的官网下载源,http://dev.mysql.com/downloads/repo/yum/
这个页面有安装步骤,http://dev.mysql.com/doc/mysql-yum-repo-quick-guide/en/
安装下载的源

rpm -ivf mysql-community-release-el6-5.noarch.rpm

安装mysql

yum install mysql-community-server

启动mysql

service mysqld start

会报错,启动不成功

初始化 MySQL 数据库: 2015-06-08T13:15:59.011125Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2015-06-08T13:15:59.013681Z 0 [ERROR] Can't change data directory owner to mysql
2015-06-08T13:15:59.013693Z 0 [ERROR] Aborting

关闭下selinux

setenforce 0

再启动下,然后进行运行mysql的命令进行一些初始化工作(具体设置内容可以看centos7安装LANP)
运行这个命令需要的密码可以用这个命令看到

grep 'temporary password' /var/log/mysqld.log
mysql_secure_installation

php
安装php的源,比较新

yum install epel-release
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

安装php(这里安装了一些php的扩展,有些不知道是干嘛的~~~可以根据需求去掉,但是php-fpm和php-mysqlnd最好别去掉,一个是之后和nginx整合需要用到的,一个连接mysql的)

yum install --enablerepo=remi --enablerepo=remi-php56 php php-fpm php-opcache php-devel php-mbstring php-mcrypt php-mysqlnd php-phpunit-PHPUnit php-pecl-xdebug php-pecl-xhprof

php和nginx
先启动php-fpm

service php-fpm start

修改nginx配置文件(配置在这里点击我)
然后就ok了

php和mysql
先打开selinux的一个选项

setsebool -P httpd_can_network_connect=1

再测试下,应该就ok了~~~~

设置下服务在开机的时候自启动

chkconfig --level 235 php-fpm on
chkconfig --level 235 mysqld on
chkconfig --level 235 nginx on

这样设置之后因为防火墙的关系,只有本机可以访问,查看防火墙的设定防火墙设定

centos7安装搭建LNMP

nginx

    rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
   yum install nginx
   systemctl start nginx
   yum install links
   links 127.0.0.1
   links 192.168.208.6
   firewall-cmd --get-active-zones 
   firewall-cmd --zone=public --list-services 
   firewall-cmd --permanent --zone=public --add-service=http
   firewall-cmd --reload

安装安装成功,可以测试,出现nginx欢迎页面就ok

mysql

   rpm -ivf mysql-community-release-el7-5.noarch.rpm 
   yum search yum-utils
   yum install yum-utils
   yum-config-manager --disable mysql56-community
   yum-config-manager --enable mysql57-community-dmr
   yum search mysql-server
   yum repolist | grep 'mysql'
   yum repolist enabled | grep 'mysql'
   yum search mysql-community-server
   yum install mysql-community-server
   [root@localhost log]# systemctl start mysqld.service 
   [root@localhost log]# grep 'temporary password' /var/log/mysqld.log
2015-06-08T01:44:44.713032Z 1 [Warning] A temporary password is generated for root@localhost: ln3hb?;Jkk6w

    [root@localhost log]# mysql_secure_installation 

    Securing the MySQL server deployment.

    Enter password for root user: 这里填grep 'temporary password' /var/log/mysqld.log命令显示出的密码

    The existing password for the user account has expired. Please set a new password.
    重新设置密码
    New password: 

    Re-enter new password: 

    VALIDATE PASSWORD PLUGIN can be used to test passwords
    and improve security. It checks the strength of password
    and allows the users to set only those passwords which are
    secure enough. Would you like to setup VALIDATE PASSWORD plugin?
    密码强度插件
    Press y|Y for Yes, any other key for No: y

    There are three levels of password validation policy:

    LOW    Length >= 8
    MEDIUM Length >= 8, numeric, mixed case, and special characters
    STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

    Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2
    Using existing root password.

    Estimated strength of the password: 100 
    Change the root password? (Press y|Y for Yes, any other key for No) : n

     ... skipping.
    By default, a MySQL installation has an anonymous user,
    allowing anyone to log into MySQL without having to have
    a user account created for them. This is intended only for
    testing, and to make the installation go a bit smoother.
    You should remove them before moving into a production
    environment.
    删除anonymous用户,
    Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
    Success.


    Normally, root should only be allowed to connect from
    'localhost'. This ensures that someone cannot guess at
    the root password from the network.
    是都禁止root远程连接
    Disallow root login remotely? (Press y|Y for Yes, any other key for No) : n

     ... skipping.
    By default, MySQL comes with a database named 'test' that
    anyone can access. This is also intended only for testing,
    and should be removed before moving into a production
    environment.

    删除test数据库
    Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
     - Dropping test database...
    Success.

     - Removing privileges on test database...
    Success.

    Reloading the privilege tables will ensure that all changes
    made so far will take effect immediately.
    重新载入权限表
    Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
    Success.

    All done!

php

yum install epel-release
   rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
   yum install --enablerepo=remi --enablerepo=remi-php56 php php-fpm php-opcache php-devel php-mbstring php-mcrypt php-mysqlnd php-phpunit-PHPUnit php-pecl-xdebug php-pecl-xhprof

整合nginx和php
修改vi /etc/php.ini
cgi.fix_pathinfo=0
修改nginx配置文件

vim /etc/nginx/conf.d/default.conf
server {
    listen       80;
    server_name  localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;

    root   /usr/share/nginx/html;
    location / {
        #root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        #root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
    #    root           html;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

[root@localhost log]# systemctl start php-fpm.service
[root@localhost log]# systemctl restart nginx.service 

ok
php和mysql
新建一个文件连接mysql试试

<?php
$con = mysql_connect("192.168.208.6:3306","root","testTEST!@#123");
if($con){
echo "ok";
}else{
echo mysql_error();
}
?>

但是连接报错
Permission denied
于是用远程连接mysql试试看
进入mysql

GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'IDENTIFIED BY 'testTEST!@#123' WITH GRANT OPTION;
FLUSH PRIVILEGES;

然后再本机上面用远程连接时ok的,于是试着关掉selinux,

setenforce 0

就ok了
于是再开启selinux,查看http相关的selinux选项

[root@localhost html]# getsebool -a|grep -i httpd | grep net
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off

修改selinux的选项

[root@localhost html]# setsebool -P httpd_can_network_connect=1

再就ok了~~~

nginx访问selinux权限问题

今天在服务器上面安装phpcms,安装过程中提示不可写,于是设置了权限,但是依然是不可写的状态,想了下可能是selinux的问题
设置了下

sudo chcon -R -t httpd_sys_content_t phpcmstest

ok