最近配置一个线上的测试环境,centos7 nginx+php7,这里安装方式仅介绍最简捷的yum安装方法。
一.安装nginx
1.安装yum源
rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
2.安装nginx
yum install -y nginx
3.启动nginx并设置开机自动运行
systemctl start nginx#启动,restart-重启,stop-停止systemctl enable nginx#开机启动
4.查看版本及运行状态
nginx -v#查看版本ps -ef | grep nginx#查看运行状态
二.安装php7
1.安装yum源
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpmrpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
2.查看php7 yum组件,示例安装php7.2
# yum search php72w#显示如下结果…………mod_php72w.x86_64 : PHP module for the Apache HTTP Serverphp72w-bcmath.x86_64 : A module for PHP applications for using the bcmath libraryphp72w-cli.x86_64 : Command-line interface for PHPphp72w-common.x86_64 : Common files for PHPphp72w-dba.x86_64 : A database abstraction layer module for PHP applicationsphp72w-devel.x86_64 : Files needed for building PHP extensionsphp72w-embedded.x86_64 : PHP library for embedding in applicationsphp72w-enchant.x86_64 : Enchant spelling extension for PHP applicationsphp72w-fpm.x86_64 : PHP FastCGI Process Managerphp72w-gd.x86_64 : A module for PHP applications for using the gd graphics libraryphp72w-imap.x86_64 : A module for PHP applications that use IMAPphp72w-interbase.x86_64 : A module for PHP applications that use Interbase/Firebird databasesphp72w-intl.x86_64 : Internationalization extension for PHP applicationsphp72w-ldap.x86_64 : A module for PHP applications that use LDAPphp72w-mbstring.x86_64 : A module for PHP applications which need multi-byte string handlingphp72w-mysql.x86_64 : A module for PHP applications that use MySQL databasesphp72w-mysqlnd.x86_64 : A module for PHP applications that use MySQL databasesphp72w-odbc.x86_64 : A module for PHP applications that use ODBC databasesphp72w-opcache.x86_64 : An opcode cache Zend extensionphp72w-pdo.x86_64 : A database access abstraction module for PHP applicationsphp72w-pdo_dblib.x86_64 : MSSQL database module for PHPphp72w-pear.noarch : PHP Extension and Application Repository frameworkphp72w-pecl-apcu.x86_64 : APCu - APC User Cachephp72w-pecl-apcu-devel.x86_64 : APCu developer files (header)php72w-pecl-geoip.x86_64 : Extension to map IP addresses to geographic placesphp72w-pecl-igbinary.x86_64 : Replacement for the standard PHP serializerphp72w-pecl-igbinary-devel.x86_64 : Igbinary developer files (header)php72w-pecl-imagick.x86_64 : Provides a wrapper to the ImageMagick libraryphp72w-pecl-imagick-devel.x86_64 : Imagick developer files (header)php72w-pecl-libsodium.x86_64 : Wrapper for the Sodium cryptographic libraryphp72w-pecl-memcached.x86_64 : Extension to work with the Memcached caching daemonphp72w-pecl-mongodb.x86_64 : PECL package MongoDB driverphp72w-pecl-redis.x86_64 : Extension for communicating with the Redis key-value storephp72w-pecl-xdebug.x86_64 : PECL package for debugging PHP scriptsphp72w-pgsql.x86_64 : A PostgreSQL database module for PHPphp72w-phpdbg.x86_64 : Interactive PHP debuggerphp72w-process.x86_64 : Modules for PHP script using system process interfacesphp72w-pspell.x86_64 : A module for PHP applications for using pspell interfacesphp72w-recode.x86_64 : A module for PHP applications for using the recode libraryphp72w-snmp.x86_64 : A module for PHP applications that query SNMP-managed devicesphp72w-soap.x86_64 : A module for PHP applications that use the SOAP protocolphp72w-sodium.x86_64 : Wrapper for the Sodium cryptographic libraryphp72w-tidy.x86_64 : Standard PHP module provides tidy library supportphp72w-xml.x86_64 : A module for PHP applications which use XMLphp72w-xmlrpc.x86_64 : A module for PHP applications which use the XML-RPC protocol
3.选择自己需要的组件安装,php72w.x86_64 和 php72w-fpm.x86_64 为核心程序必装,下面示例中选择了一些常用组件的安装,不太理解各个组件用处的读者可以全部安装,以免以后使用相关组件时出错。
yum install php72w.x86_64 php72w-fpm.x86_64 php72w-cli.x86_64 php72w-common.x86_64 php72w-gd.x86_64 php72w-ldap.x86_64 php72w-mbstring.x86_64 php72w-mysqlnd.x86_64 php72w-pdo.x86_64 php72w-pecl-redis.x86_64 php72w-pecl-mongodb.x86_64 php72w-opcache.x86_64 php72w-devel.x86_64 php72w-bcmath.x86_64
此处建议安装更加高效的mysqlnd而不是落后的mysql扩展
4.启动php并设为开机启动
systemctl start php-fpm#启动,restart-重启,stop-停止systemctl enable php-fpm#开机启动
5.查看版本及运行状态
php-fpm -v#查看版本ps -ef | grep php-fpm#查看运行状态
进行完以上步骤之后,读者自行在nginx中配置web目录,已经可以正常运行了,但是此时nginx和php是以root身份运行,以最高权限运行web文件会给系统带来安全隐患,以下为权限配置示例
三.配置nginx权限
1.建立www用户及www用户组,将www用户同时加入www用户组和root组
adduser www#建立www用户groupadd www#建立www用户组usermod -G www www#将www用户加入www用户组同时从其他组移除usermod -a -G root www#将www用户加入root用户组,有-a参数不从其他组移除,此时www同时属于www和root组
2.将nginx以www用户及www用户组运行,修改nginx.conf文件,在文件头部:
userwww www;#以www身份运行
3.将web目录的拥有者改为www:www,权限改为755
chown www:www web目录 -R#修改拥有者chmod 755 web目录 -R#修改权限
4.重载nginx配置
nginx -t#测试nginx -s reload#重载配置
如果此时出现静态文件可以访问而php文件显示无权限访问的话,需要检查SELinux,将其关闭即可正常运行。
nginx配置的时候注意错误日志的路径,当你的php运行出现未知错误的时候,可以查看日志检查错误原因。
四.配置php-fpm权限
完成以上三步似乎就可以了,但是还有一些问题,那就是php-fpm的运行用户,默认情况下php-fpm是以apache运行的,这会导致php脚本在行使文件操作权限时受到权限限制:
1.打开php-fpm.conf,在最下面一行找到:
include=/etc/php-fpm.d/*.conf
2.显示引用了配置文件,进入查看
cd /etc/php-fpm.d/ll##显示出www.conf文件vim www.conf#找到user和group改为:user = wwwgroup = www