因為最近開機器的需求越來越多了,所以就乾脆寫一個流程來加強記憶
1.安裝 apache
安裝 apache 包含 SSL 模組並啟動 apache
sudo yum install httpd mod_ssl openssl
sudo systemctl start httpd
sudo systemctl enable httpd
2.安裝 php5.6
安裝 wget
sudo yum install wget
安裝 epel & remi
wget http://mirror.centos.org/centos/7/extras/x86_64/Packages/epel-release-7-11.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
rpm -Uvh remi-release-7*.rpm epel-release-7*.rpm
修改啟動程式庫(Repo,repository)
vi /etc/yum.repos.d/remi.repo
[remi-php56]
name=Les RPM de remi de PHP 5.6 pour Enterprise Linux 6 - $basearch
#baseurl=http://rpms.famillecollet.com/enterprise/6/php56/$basearch/
mirrorlist=http://rpms.famillecollet.com/enterprise/6/php56/mirror
# WARNING: If you enable this repository, you must also enable "remi"
#將 enabled=0 修改成 1
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi
安裝PHP5.6
sudo yum install php php-gd php-mysql php-mcrypt php-mbstring
安裝時要確認版本是否有跳成 5.6
================================================================================================================================ Package Arch Version Repository Size ================================================================================================================================ Installing: php x86_64 5.5.20-2.el6.remi remi-php55 2.6 M php-gd x86_64 5.5.20-2.el6.remi remi-php55 72 k php-mysqlnd x86_64 5.5.20-2.el6.remi remi-php55 3.6 M Installing for dependencies: php-cli x86_64 5.5.20-2.el6.remi remi-php55 3.7 M php-common x86_64 5.5.20-2.el6.remi remi-php55 1.0 M php-pdo x86_64 5.5.20-2.el6.remi remi-php55 112 k php-pear noarch 1:1.9.5-3.el6.remi remi 375 k php-pecl-jsonc x86_64 1.3.6-1.el6.remi.5.5.1 remi-php55 47 k php-pecl-zip x86_64 1.12.4-1.el6.remi.5.5 remi-php55 269 k php-process x86_64 5.5.20-2.el6.remi remi-php55 57 k php-xml x86_64 5.5.20-2.el6.remi remi-php55 208 k Transaction Summary ================================================================================================================================ Install 11 Package(s)
3.安裝 vsftpd
yum -y install vsftpd
vi /etc/vsftpd/vsftpd.conf
修改的 conf 內容
#限制匿名登入
anonymous_enable=NO
#限制使用者無法跳出家目錄
chroot_list_enable=YES 啟用鎖定家目錄
#排除根目錄寫入的問題
allow_writeable_chroot=YES
sudo vi /etc/pam.d/vsftpd
修改pam設定
auth required pam_shells.so 改成 auth required pam_nologin.so
啟動 FTP
sudo systemctl start vsftpd
設定開機後啟動
sudo systemctl enable vsftpd
4.建立使用者帳號並指向到 Web 目錄
#新增使用者並指派為虛擬帳戶以及指定目錄
sudo useradd -s /sbin/nologin -d /var/www username
#建立使用者密碼
sudo passwd username
5.修改 selinux
一般來說會直接關掉 selinux ,但是相對的會有安全性問題,所以還是針對特例關閉就好了
#查詢目前放行狀態
getsebool -a | grep ftp ftpd_anon_write --> off ftpd_connect_all_unreserved --> off ftpd_connect_db --> off ftpd_full_access --> off ftpd_use_cifs --> off ftpd_use_fusefs --> off ftpd_use_nfs --> off ftpd_use_passive_mode --> off httpd_can_connect_ftp --> off httpd_enable_ftp_server --> off tftp_anon_write --> off tftp_home_dir --> off
這邊會看到 ftpd_full_access 是 off 狀態
#將ftpd_full_access 改成 on
setsebool -P ftpd_full_access=1
#再查詢一次
getsebool -a | grep ftp ftpd_anon_write --> off ftpd_connect_all_unreserved --> off ftpd_connect_db --> off ftpd_full_access --> on ftpd_use_cifs --> off ftpd_use_fusefs --> off ftpd_use_nfs --> off ftpd_use_passive_mode --> off httpd_can_connect_ftp --> off httpd_enable_ftp_server --> off tftp_anon_write --> off tftp_home_dir --> off
5.修改 防火牆設定
sudo firewall-cmd --zone=public --add-service=ftp sudo firewall-cmd --zone=public --add-service=http sudo firewall-cmd --zone=public --add-service=https