Fifi atupa (Linux, Apache, MySQL/MariaDB, ati PHP/PhpMyAdmin) sori Arch Linux
Arch Linux n pese ayika eto ọjọ ori gige ti o rọ ati agbara ti o dara julọ ti o baamu ti o dara julọ fun idagbasoke awọn ohun elo wẹẹbu lori awọn ọna ṣiṣe ti kii ṣe lominu ni kekere nitori otitọ ti o jẹ Orisun Open pipe ati pese awọn itusilẹ ti o kẹhin titi di oni lori awọn Kernels ati sọfitiwia wẹẹbu fun awọn olupin ati awọn apoti isura data.
Dopin akọkọ ti ẹkọ yii ni lati ṣe itọsọna fun ọ nipasẹ igbesẹ pipe nipasẹ awọn itọnisọna igbesẹ ti ni ipari yoo yorisi fifi sori ọkan ninu idapọ sọfitiwia ti a lo julọ ni Idagbasoke wẹẹbu: LATU (Linux, Apache, MySQL/MariaDB, ati PHP/PhpMyAdmin) ati pe yoo fun ọ ni awọn ẹya ti o wuyi (awọn iwe afọwọkọ Bash ti o yara ati idọti) ti ko si ni eto Arch Linux kan, ṣugbọn o le mu iṣẹ naa rọrun lori sisẹda ọpọ Awọn alejo gbigba foju , ṣe ipilẹṣẹ SSL Awọn iwe-ẹri ati Awọn bọtini nilo fun aabo awọn iṣowo HTTS .
- Ilana Fifi Linux Arch ti tẹlẹ - foju apakan to kẹhin pẹlu DHCP.
- Fifi sori LEMP ti tẹlẹ lori Arch Linux - apakan nikan pẹlu tito leto Adirẹsi IP Aimi ati latọna jijin Wiwọle SSH .
Igbesẹ 1: Fi sii atupa Software ipilẹ
1. Lẹhin fifi sori ẹrọ eto ti o kere ju pẹlu adiresi IP aimi ati iraye si eto latọna jijin nipa lilo SSH , ṣe igbesoke apoti Arch Linux rẹ nipa lilo ohun elo pacman .
$ sudo pacman -Syu
2. Nigbati ilana igbesoke ba pari fifi sori ẹrọ LAMP lati awọn ege, kọkọ fi sori ẹrọ Apakan Wẹẹbu Apache ki o bẹrẹ/ṣayẹwo gbogbo ilana daemon olupin.
$ sudo pacman -S apache $ sudo systemctl start httpd $ sudo systemctl status httpd
3. Fi sori ẹrọ PHP ede akọọlẹ olupin olupin ẹgbẹ ati modulu Apache rẹ.
$ sudo pacman -S php php-apache
4. Lori igbesẹ ti o kẹhin fi sori ẹrọ ibi ipamọ data MySQL , yan ibi-ipamọ data agbegbe 1 ( MariaDB ) lẹhinna bẹrẹ ati ṣayẹwo ipo daemon.
$ sudo pacman -S mysql $ sudo systemctl start mysqld $ sudo systemctl status mysqld
Bayi o ni ipilẹ LAMP sọfitiwia ti fi sori ẹrọ ti o bẹrẹ pẹlu awọn atunto aiyipada bẹ.
Igbesẹ 2: Ṣe aabo aaye data MySQL
5. Igbese ti n tẹle ni lati ni aabo ibi ipamọ data MySQL nipa siseto ọrọ igbaniwọle kan fun akọọlẹ gbongbo, yọ awọn akọọlẹ awọn olumulo alailorukọ kuro, yọ ibi ipamọ data idanwo kuro ki o ṣe iwọle wiwọle latọna jijin fun gbongbo olumulo (tẹ [ Tẹ ] bọtini fun ọrọ igbaniwọle iroyin lọwọlọwọ ati idahun pẹlu Bẹẹni lori gbogbo awọn ibeere aabo).
$ sudo mysql_secure_installation
6. Ṣayẹwo sisopọ ibi ipamọ data MySQL nipasẹ ṣiṣe pipaṣẹ wọnyi lẹhinna fi ikarahun data silẹ pẹlu olodun tabi jade alaye.
$ mysql -u root -p
Igbesẹ 3: Ṣe atunṣe Faili Iṣeto Ifilelẹ Apache
7. Awọn atunto atẹle ni o pọ julọ ninu wọn ni ibatan si Olupin Wẹẹbu Apache lati pese wiwo ti o ni agbara fun Alejo gbigba pẹlu ede kikọ iwe afọwọkọ PHP, SSL tabi Awọn alejo Alailegbe ti kii ṣe SSL ati pe ṣee ṣe nipa ṣiṣatunṣe awọn atunto faili iṣẹ httpd.
Ni akọkọ ṣii iṣeto faili faili Apache akọkọ pẹlu olootu ọrọ ayanfẹ rẹ.
$ sudo nano /etc/httpd/conf/httpd.conf
Ni isale faili naa, ṣafikun awọn ila meji wọnyi.
IncludeOptional conf/sites-enabled/*.conf IncludeOptional conf/mods-enabled/*.conf
Ipa ti Ṣafikun awọn alaye nibi ni lati sọ fun Apache pe lati isinsinyi, o yẹ ki o ka awọn atunto siwaju lati gbogbo awọn faili ti o ngbe ni /etc/httpd/conf/ojula-enabled/ (fun Alejo alejo foju ) ati /ati be be/httpd/conf/mods-enabled/ (fun olupin ti o ṣiṣẹ awọn modulu) awọn ọna eto ti o pari ni itẹsiwaju .conf
8. Lẹhin ti a ti kọ Afun pẹlu awọn itọsọna meji yii, ṣẹda awọn ilana eto pataki ti o fun awọn ofin wọnyi.
$ sudo mkdir /etc/httpd/conf/sites-available $ sudo mkdir /etc/httpd/conf/sites-enabled $ sudo mkdir /etc/httpd/conf/mods-enabled
Ọna awọn aaye wa- n mu gbogbo awọn faili atunto Awọn ogun ti ko ṣiṣẹ lori Apache ṣugbọn iwe afọwọkọ Bash ti o tẹle yoo lo itọsọna yii lati sopọ ati mu awọn oju opo wẹẹbu ti o wa nibẹ wa.
Igbesẹ 4: Ṣẹda a2eniste ati a2diste Awọn pipaṣẹ Apache
9. Nisisiyi o to akoko lati ṣẹda a2ensite ati a2dissite awọn iwe afọwọkọ Apache ti yoo ṣiṣẹ bi awọn aṣẹ lati mu ṣiṣẹ tabi mu faili iṣeto iṣeto Gbalejo foju. Tẹ aṣẹ cd lati pada si ọna olumulo rẹ $HOME ki o ṣẹda ipilẹ rẹ a2eniste ati awọn iwe afọwọkọ a2dissite ni lilo olootu ayanfẹ.
$ sudo nano a2ensite
Ṣafikun akoonu atẹle lori faili yii.
#!/bin/bash if test -d /etc/httpd/conf/sites-available && test -d /etc/httpd/conf/sites-enabled ; then echo "-------------------------------" else mkdir /etc/httpd/conf/sites-available mkdir /etc/httpd/conf/sites-enabled fi avail=/etc/httpd/conf/sites-available/$1.conf enabled=/etc/httpd/conf/sites-enabled site=`ls /etc/httpd/conf/sites-available/` if [ "$#" != "1" ]; then echo "Use script: n2ensite virtual_site" echo -e "\nAvailable virtual hosts:\n$site" exit 0 else if test -e $avail; then sudo ln -s $avail $enabled else echo -e "$avail virtual host does not exist! Please create one!\n$site" exit 0 fi if test -e $enabled/$1.conf; then echo "Success!! Now restart Apache server: sudo systemctl restart httpd" else echo -e "Virtual host $avail does not exist!\nPlease see avail virtual hosts:\n$site" exit 0 fi fi
Bayi ṣẹda faili afọwọkọ a2dissite bash.
$ sudo nano a2dissite
Fi akoonu wọnyi sii.
#!/bin/bash avail=/etc/httpd/conf/sites-enabled/$1.conf enabled=/etc/httpd/conf/sites-enabled site=`ls /etc/httpd/conf/sites-enabled` if [ "$#" != "1" ]; then echo "Use script: n2dissite virtual_site" echo -e "\nAvailable virtual hosts: \n$site" exit 0 else if test -e $avail; then sudo rm $avail else echo -e "$avail virtual host does not exist! Exiting" exit 0 fi if test -e $enabled/$1.conf; then echo "Error!! Could not remove $avail virtual host!" else echo -e "Success! $avail has been removed!\nsudo systemctl restart httpd" exit 0 fi fi
10. Lẹhin ti a ti ṣẹda awọn faili pin awọn igbanilaaye ṣiṣẹ ki o daakọ wọn si itọsọna $PATH ṣiṣe lati jẹ ki eto wọn wa jakejado.
$ sudo chmod +x a2ensite a2dissite $ sudo cp a2ensite a2dissite /usr/local/bin/
Igbesẹ 5: Ṣẹda Awọn ogun ti o foju ni Apache
11. Faili iṣeto ni aiyipada Ogun ti o gbalejo fun olupin Wẹẹbu afun lori Arch Linux ti pese nipasẹ httpd-vhosts.conf faili ti o wa ni ọna /etc/httpd/conf/extra/ ṣugbọn ti o ba ni eto ti o nlo ọpọlọpọ Awọn Ile-iṣẹ foju le nira pupọ lati tọju abala ohun ti oju opo wẹẹbu ti muu ṣiṣẹ tabi rara ati. Ti o ba fẹ lati mu oju opo wẹẹbu kan o gbọdọ ṣe asọye tabi paarẹ gbogbo awọn itọnisọna rẹ ati pe o le jẹ iṣẹ ti o nira ti o ba jẹ pe eto pese ọpọlọpọ awọn oju opo wẹẹbu ati oju opo wẹẹbu rẹ ni awọn itọsọna iṣeto diẹ sii.
Lilo awọn ọna awọn aaye-wa ati awọn aaye ti a muu ṣiṣẹ , jẹ ki iṣẹ-ṣiṣe ti muu tabi muu ṣiṣẹ rọrun pupọ gbogbo awọn faili iṣeto oju opo wẹẹbu rẹ botilẹjẹpe wọn ti muu ṣiṣẹ tabi rara.
Ni igbesẹ ti n tẹle a yoo kọ Olumulo Gbajumọ akọkọ ti o tọka si localhost aiyipada pẹlu ọna aiyipada DocumentRoot fun sisẹ awọn faili oju opo wẹẹbu (/srv/http ).
$ sudo nano /etc/httpd/conf/sites-available/localhost.conf
Ṣafikun awọn itọsọna Apache wọnyi nibi.
<VirtualHost *:80> DocumentRoot "/srv/http" ServerName localhost ServerAdmin [email ErrorLog "/var/log/httpd/localhost-error_log" TransferLog "/var/log/httpd/localhost-access_log" <Directory /> Options +Indexes +FollowSymLinks +ExecCGI AllowOverride All Order deny,allow Allow from all Require all granted </Directory> </VirtualHost>
Awọn alaye pataki julọ nibi ni Ibudo ati ServerName awọn itọsọna ti o kọ Apache lati ṣii asopọ nẹtiwọọki kan lori ibudo 80 ki o ṣe atunṣe gbogbo awọn ibeere pẹlu orukọ localhost si sin awọn faili ti o wa ni ọna /srv/http/.
12. Lẹhin ti a ti ṣẹda faili localhost, muu ṣiṣẹ lẹhinna tun bẹrẹ httpd daemon lati wo awọn ayipada.
$ sudo a2ensite localhost $ sudo systemctl restart httpd
13. Lẹhinna tọka aṣawakiri rẹ si http:// localhost , ti o ba ṣiṣẹ lati eto Arch tabi http:// Arch_IP ti o ba lo eto latọna jijin.
Igbesẹ 6: Jeki SSL pẹlu Alejo gbigba Foju lori atupa
SSL ( Secure Sockets Layer ) jẹ ilana-iṣe ti a ṣe apẹrẹ lati paroko awọn isopọ HTTP lori awọn nẹtiwọọki tabi Intanẹẹti, eyiti o jẹ ki ṣiṣan data lati tan kaakiri lori ikanni to ni aabo nipa lilo awọn bọtini cryptology ti asimetric/asymmetric ati pe o wa ni Arch Linux nipasẹ OpenSSL package.
14. Nipa aiyipada SSL module ko ṣiṣẹ lori Apache ni Arch Linux ati pe o le muu ṣiṣẹ nipasẹ apọju mod_ssl.so modulu lati akọkọ httpd.conf faili iṣeto ati Ni httpd-ssl.conf faili ti o wa ni afikun ọna httpd.
Ṣugbọn lati ṣe irọrun awọn ohun a yoo ṣẹda faili modulu tuntun fun SSL ni ọna mods-enabled ati fi faili atunto Apache akọkọ silẹ laiṣe. Ṣẹda faili atẹle fun module SSL ati ṣafikun akoonu isalẹ.
$ sudo nano /etc/httpd/conf/mods-enabled/ssl.conf
Fi akoonu wọnyi sii.
LoadModule ssl_module modules/mod_ssl.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so Listen 443 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/run/httpd/ssl_scache(512000)" SSLSessionCacheTimeout 300
15. Nisisiyi ṣẹda faili Alejo Foju ti o tọka si orukọ kanna localhost ṣugbọn lilo awọn atunto olupin SSL ni akoko yii, ati yi orukọ rẹ pada diẹ lati leti si ọ pe o duro fun localhost pẹlu SSL.
$ sudo nano /etc/httpd/conf/sites-available/localhost-ssl.conf
Ṣafikun akoonu atẹle lori faili yii.
<VirtualHost *:443> DocumentRoot "/srv/http" ServerName localhost ServerAdmin [email ErrorLog "/var/log/httpd/localhost-ssl-error_log" TransferLog "/var/log/httpd/localhost-ssl-access_log" SSLEngine on SSLCertificateFile "/etc/httpd/conf/ssl/localhost.crt" SSLCertificateKeyFile "/etc/httpd/conf/ssl/localhost.key" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/srv/http/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "/var/log/httpd/ssl_request_log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" <Directory /> Options +Indexes +FollowSymLinks +ExecCGI AllowOverride All Order deny,allow Allow from all Require all granted </Directory> </VirtualHost>
Yato si awọn itọsọna Port ati ServerName awọn itọsọna, awọn itọsọna pataki miiran nibi ni awọn ti o tọka si SSL Certificate faili ati SSL Key faili eyiti ko tii ṣẹda nitorinaa maṣe tun bẹrẹ Server Web Apache tabi o yoo gba diẹ ninu awọn aṣiṣe.
16. Lati ṣẹda faili ijẹrisi SSL ti a beere ati Awọn bọtini fi sori ẹrọ package OpenSSL ti o fun ni aṣẹ ni isalẹ.
$ sudo pacman -S openssl
17. Lẹhinna ṣẹda atẹle Bash ti o ṣẹda laifọwọyi ati tọju gbogbo Awọn iwe-ẹri Apache ati Awọn bọtini ni /etc/httpd/conf/ssl/ ọna eto.
$ sudo nano apache_gen_ssl
Ṣafikun akoonu faili atẹle naa lẹhinna ṣafipamọ ki o jẹ ki o ṣiṣẹ.
#!/bin/bash mkdir /etc/httpd/conf/ssl cd /etc/httpd/conf/ssl echo -e "Enter your virtual host FQDN: \nThis will generate the default name for Nginx SSL certificate!" read cert openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out $cert.key chmod 600 $cert.key openssl req -new -key $cert.key -out $cert.csr openssl x509 -req -days 365 -in $cert.csr -signkey $cert.key -out $cert.crt echo -e " The certificate "$cert" has been generated!\nPlease link it to Apache SSL available website!" ls -all /etc/httpd/conf/ssl exit 0
$ sudo chmod +x apache_gen_ssl
Ti o ba fẹ ki iwe afọwọkọ naa wa eto jakejado daakọ rẹ si adaṣe $PATH .
$ sudo cp /apache_gen_ssl /usr/local/bin/
18. Nisisiyi ṣe ipilẹṣẹ Ijẹrisi rẹ ati Awọn bọtini nipa ṣiṣe akosile naa. Pese awọn aṣayan SSL rẹ ki o maṣe gbagbe orukọ ijẹrisi naa ati Orukọ Tuntun lati baamu pẹlu aṣẹ aṣẹ rẹ ( FQDN ).
$ sudo ./apache_gen_ssl
Lẹhin ti a ti ṣẹda ijẹrisi ati awọn bọtini maṣe gbagbe lati tunṣe ijẹrisi Alejo Ile-iṣẹ SSL rẹ ati awọn atunto awọn bọtini lati ba orukọ ijẹrisi yii mu.
19. Igbesẹ ti o kẹhin ni lati muu Gbalejo Virtual SSL tuntun ṣiṣẹ ati tun bẹrẹ olupin rẹ lati lo awọn atunto.
$ sudo a2ensite localhost-ssl $ sudo systemctl restart httpd
O n niyen! Lati ṣayẹwo rẹ aṣawakiri ṣiṣi ati ṣafikun Arch IP lori URL ni lilo ilana HTTPS: https:/localhost tabi https:/system_IP .
Igbesẹ 7: Mu PHP ṣiṣẹ lori Apache
20. Nipa aiyipada Apache n ṣe iranṣẹ akoonu awọn faili aimi HTML nikan ni Arch Linux laisi atilẹyin awọn ede afọwọkọ ti o ni agbara. Lati mu PHP ṣiṣẹ akọkọ ṣii faili iṣeto akọkọ Apache lẹhinna wa ati aibikita atẹle LoadModule alaye ( php-apache ko ṣiṣẹ pẹlu mod_mpm_event ni Arch Linux ).
$ sudo nano /etc/httpd/conf/httpd.conf
Lilo [Ctrl] + [w] wa ki o sọ asọye laini atẹle lati dabi eleyi.
#LoadModule mpm_event_module modules/mod_mpm_event.so
21. Lẹhinna ṣẹda faili tuntun fun modulu PHP ni ọna mods-enabled pẹlu ọna atẹle.
$ sudo nano /etc/httpd/conf/mods-enabled/php.conf
Ṣafikun akoonu atẹle yii (o gbọdọ lo mod_mpm_prefork ).
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so LoadModule php5_module modules/libphp5.so Include conf/extra/php5_module.conf
22. Lati jẹrisi iṣeto ṣiṣẹda PHP faili kan ti a npè ni info.php ninu DocumnetRoot rẹ (/srv/http/), lẹhinna tun bẹrẹ Apache ki o tọka aṣawakiri rẹ si alaye .php faili: https: //localhost/info.php .
<?php phpinfo(); ?>
$ sudo systemctl restart httpd
O n niyen! Ti ohun gbogbo ba dabi aworan loke, o ni bayi ni ede afọwọkọ olupin ẹgbẹ ẹgbẹ PHP ti o ṣiṣẹ lori Apache ati pe o le ṣe idagbasoke awọn oju opo wẹẹbu nipa lilo Open Source CMS bii WordPress fun apẹẹrẹ.
Ti o ba fẹ lati ṣayẹwo awọn atunto sintasi Apache ki o wo atokọ ti awọn modulu ti kojọpọ laisi tun bẹrẹ httpd daemon ṣiṣe awọn ofin wọnyi.
$ sudo apachectl configtest $ sudo apachectl -M
Igbesẹ 8: Fi sori ẹrọ ati tito leto PhpMyAdmin
23. Ti o ko ba ṣakoso laini aṣẹ MySQL ati pe o fẹ iraye si ọna jijin ti o rọrun si ibi ipamọ data MySQL ti a pese nipasẹ wiwo wẹẹbu lẹhinna o nilo package PhpMyAdmin ti a fi sori apoti Apoti rẹ.
$ sudo pacman -S phpmyadmin php-mcrypt
24. Lẹhin ti a ti fi awọn idii sii o nilo lati mu diẹ ninu awọn amugbooro PHP ṣiṣẹ ( mysqli.so , mcrypt.so - fun afọwọsi inu) ati pe o le, tun, jẹki omiiran awọn modulu fun nilo fun awọn iru ẹrọ CMS ti ọjọ iwaju bii openssl.so , imap.so tabi iconv.so ati bẹbẹ lọ
$ sudo nano /etc/php/php.ini
Wa ki o ṣoki awọn amugbooro ti o wa loke.
extension=mcrypt.so extension=mssql.so extension=mysqli.so extension=openssl.so extension=iconv.so extension=imap.so extension=zip.so extension=bz2.so
Pẹlupẹlu, lori faili kanna, wa ki o wa ọrọ open_basedir ki o ṣafikun ọna eto PhpMyAdmin (/etc/webapps/ ati /usr/share/webapps/) lati rii daju pe PHP le wọle ati ka awọn faili labẹ awọn ilana wọnyẹn (Ti iwọ, tun, yi ọna Awọn ọmọ ogun DocumentRoot lati /srv/http/ lọ si ipo miiran ti o nilo lati fi ọna tuntun kun mọ nibi paapaa ).
25. Ohun ikẹhin ti o nilo lati ṣe lati ni iraye si Ọlọpọọmídíà Wẹẹbu PhpMyAdmin ni lati ṣafikun awọn gbólóhùn Apache PhpMyAdmin lori Awọn alejo Gbigbe. Gẹgẹbi iwọn aabo yoo rii daju pe Oju opo wẹẹbu PhpMyAdmin le jẹ iraye si nikan lati localhost (tabi adiresi IP eto) nipa lilo ilana HTTPS kii ṣe lati ọdọ Awọn ogun Agbaye miiran ti o yatọ. Nitorinaa, ṣii localhost-ssl.conf faili Apache rẹ ati ni isalẹ, ṣaaju alaye to kẹhin ṣafikun akoonu atẹle.
$ sudo nano /etc/httpd/conf/sites-enabled/localhost-ssl.conf
Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin" <Directory "/usr/share/webapps/phpMyAdmin"> DirectoryIndex index.html index.php AllowOverride All Options FollowSymlinks Require all granted </Directory>
26. Lẹhinna tun bẹrẹ afun daemon ki o tọka aṣawakiri rẹ si adirẹsi atẹle naa o yẹ ki o ni anfani lati wọle si Ọlọpọọmídíà oju-iwe wẹẹbu PhpMyAdmin rẹ: https:/localhost/phpmyadmin or https:/system_IP/phpmyadmin .
27. Ti, lẹhin ti o buwolu wọle si PhpMyAdmin, o ri aṣiṣe isalẹ nipa blowfish_secret , ṣii ati ṣatunkọ /etc/webapps/phpmyadmin/config.inc.php faili ati fi okun alailowaya sii bi ọkan ninu alaye atẹle, lẹhinna sọ oju-iwe di mimọ.
$cfg['blowfish_secret'] = ‘{^QP+-(3mlHy+Gd~FE3mN{gIATs^1lX+T=KVYv{ubK*U0V’ ;
Igbesẹ 9: Jeki Eto atupa jakejado
28. Ti o ba fẹ akopọ LAMP lati bẹrẹ laifọwọyi lẹhin atunbere eto ṣiṣe awọn ofin wọnyi.
$ sudo systemctl enable httpd mysqld
Eyi ni diẹ ninu awọn eto iṣeto akọkọ lori LAMP nilo lati yi ọna Arch Linux pada si ọna ti o rọrun ṣugbọn ti o lagbara, pẹpẹ ati oju opo wẹẹbu ti o lagbara pẹlu sọfitiwia olupin-ori fun kekere ti kii ṣe -awọn agbegbe ti o ṣe pataki, ṣugbọn ti o ba ni agidi ati tun fẹ lati lo ni agbegbe iṣelọpọ nla o yẹ ki o fi ọwọ gba ara rẹ pẹlu ọpọlọpọ suuru ki o san ifojusi diẹ si awọn imudojuiwọn awọn idii ati ṣe awọn aworan afẹyinti eto deede fun imupadabọ eto iyara ni ọran ti awọn ikuna eto.