Ubuntu 12.04 安裝 Apache, MariaDB 和 PHP

Zeuxis  2013-03-05  Notes / Server

上月裝 Ubuntu 12.04 的 LAMP 筆記

  • Apache 的 2.2.23 版本
  • MariaDB 的 5.5.28a 版本
  • PHP 的 5.3.21 版本
  • suphp 的 0.7.1 版本
  • suhosin 的 github 版本
  • xcache 的 3.0.1 版本
  • ProFTPD 的 1.3.4b 版本
  • 簡單的不完全的 iptables 設置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
# 語系
locale-gen en_US.

# 加用戶
useradd The_User
passwd The_User

# 修改 ssh port 和禁止 root
vim /etc/ssh/sshd_config

	Port 3333
	PermitRootLogin no
	
	ChallengeResponseAuthentication no
	PasswordAuthentication no
	UsePAM no
	
/etc/init.d/ssh restart

# 更新系統套件
apt-get update
apt-get dist-upgrade

# 安裝環境
apt-get install git
apt-get install zsh
wget --no-check-certificate https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh -O - | sh
su -
apt-get install htop

# 建立安裝目錄
mkdir server
cd server

# 事前準備
apt-get --purge remove apache2
apt-get --purge remove apache2.2-common
apt-get install gcc
apt-get install zlib1g-dev
apt-get install cmake
apt-get install libaio-dev
apt-get install libncurses5-dev
apt-get install bison
apt-get install g++
apt-get install libxml2-dev
apt-get install libssl
apt-get install libssl-dev
apt-get install libbz2-dev
apt-get install curl
apt-get install libcurl4-openssl-dev
apt-get install libpng12-dev
apt-get install libicu-dev
apt-get install libmcrypt-dev
apt-get install libpspell-dev
apt-get install libreadline-dev
apt-get install libtidy-dev
apt-get install libtool
apt-get install autoconf
apt-get install snmp
apt-get install snmpd
apt-get install rrdtool
apt-get install libperl-dev
apt-get install libsnmp-dev

# 編輯 snmpd
vim /etc/snmp/snmpd.conf

	rocommunity public

# 安裝 Apache
groupadd www && useradd www -g www -s /sbin/nologin
wget http://mirrors.devlib.org/apache/httpd/httpd-2.2.23.tar.gz
tar zxvf httpd-2.2.23.tar.gz
cd httpd-2.2.23
./configure --prefix=/usr/local/apache-2.2 --enable-modules=all

# 安裝 MariaDB
# - 安裝 DB 時需確認
# - Installing MariaDB/MySQL system tables in '這位置是否正確'
# - 自己會用 mysql 用戶啟動?
cd ..
groupadd mysql && useradd mysql -g mysql -s /sbin/nologin
wget https://downloads.mariadb.org/f/mariadb-5.5.28a/kvm-tarbake-jaunty-x86/mariadb-5.5.28a.tar.gz/from/http:/mirror.yongbok.net/mariadb -O mariadb-5.5.28a.tar.gz
tar zxvf mariadb-5.5.28a.tar.gz
cd mariadb-5.5.28a
cmake . -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_CONFIG=mysql_release -DFEATURE_SET=community -DWITH_EMBEDDED_SERVER=OFF -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/usr/local/mysql/data -DEXTRA_CHARSETS=all -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_READLINE=1 -DWITH_XTRADB_STORAGE_ENGINE=1 -DWITH_FEDERATED_STORAGE_ENGINE=1
make -j 4
make install
cp support-files/my-small.cnf /etc/my.cnf
chown -Rf mysql:mysql /etc/my.cnf
/usr/local/mysql/scripts/mysql_install_db --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data
chown -Rf root:mysql /usr/local/mysql
chown -Rf mysql:mysql /usr/local/mysql/data
/usr/local/mysql/bin/mysqld_safe --defaults-file=/etc/my.cnf &
/usr/local/mysql/bin/mysqladmin -u root --socket=/tmp/mysql.sock password 'The_Password'

ln -s /usr/local/mysql/bin/mysql_config /usr/bin/mysql_config

# 安裝 PHP 的 CGI 模式
# - 不要有,否則不會出現 php-cgi
# -  --with-apxs2=/usr/local/apache-2.2/bin/apxs
# -  --enable-fpm
cd ..
wget http://hk1.php.net/get/php-5.3.21.tar.gz/from/this/mirror -O php-5.3.21.tar.gz
tar zxvf php-5.3.21.tar.gz
cd php-5.3.21
./configure --prefix=/usr/local/php-5.3 --enable-cgi --with-openssl --with-pcre-regex --with-zlib --enable-bcmath --with-bz2 --enable-calendar --with-curl --with-curlwrappers --enable-exif --enable-ftp --with-gd --enable-gd-native-ttf --enable-gd-jis-conv --with-gettext --with-mhash --enable-mbstring --with-mcrypt --with-mysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.sock --with-mysqli=/usr/local/mysql/bin/mysql_config --enable-pcntl --with-pdo-mysql --with-pspell --with-readline --enable-soap --enable-sockets --enable-sqlite-utf8 --with-tidy --enable-zip --enable-mysqlnd --with-snmp
make -j 4 
make install

cp php.ini-development /usr/local/php-5.3/lib/php.ini

# 安裝 suphp
cd ..
wget http://www.suphp.org/download/suphp-0.7.1.tar.gz
tar zxvf suphp-0.7.1.tar.gz
cd suphp-0.7.1
./configure --prefix=/usr/local/suphp --with-apxs=/usr/local/apache-2.2/bin/apxs --with-apr=/usr/local/apache-2.2/bin/apr-1-config --with-setid-mode=paranoid --with-apache-user=www --with-logfile=/usr/local/suphp/log
make -j 4
make install
mkdir /usr/local/suphp/{log,etc}
cp doc/suphp.conf-example /usr/local/suphp/etc/suphp.conf

# 安裝 suhosin
cd ..
wget https://github.com/stefanesser/suhosin/tarball/master -O suhosin-latest.tar.gz
tar zxvf suhosin-latest.tar.gz
cd stefanesser-suhosin-*
/usr/local/php-5.3/bin/phpize
./configure --with-php-config=/usr/local/php-5.3/bin/php-config
make -j 4
make install

# 安裝 xcache
cd ..
wget http://xcache.lighttpd.net/pub/Releases/3.0.1/xcache-3.0.1.tar.gz
tar zxvf xcache-3.0.1.tar.gz
cd xcache-3.0.1
./configure --enable-xcache --with-php-config=/usr/local/php-5.3/bin/php-config
make -j 4
make install

cat xcache.ini >> /usr/local/php-5.3/lib/php.ini
touch /tmp/cache && chmod 777 /tmp/cache

cp -Rf htdocs /home/user/sub.domain.com/public_html/
mv /home/user/sud.domain.com/public_html/htdocs /home/user/sud.domain.com/public_html/xcache
chown -Rf user:group /home/user/sud.domain.com/public_html/xcache

# 修改 suphp 設定檔
vim /usr/local/suphp/etc/suphp.conf
	
	logfile=/usr/local/suphp/log/suphp.log
	webserver_user=www
	docroot=/var/www:${HOME}/*/public_html
	x-httpd-php="php:/usr/local/php-5.3/bin/php-cgi"

# 修改 PHP 設定檔
vim /usr/local/php-5.3/lib/php.ini

	date.timezone = Asia/Hong_Kong
	
	extension_dir="/usr/local/php-5.3/lib/php/extensions/no-debug-non-zts-20090626/"
	extension="suhosin.so"
	
	xcache.mmap_path = "/tmp/xcache"
	
	# 生成密碼 
	# /usr/local/php-5.3/bin/php -r "echo md5('admin');"
	xcache.admin.pass = ""

# 修改 Apache 設定檔
vim /usr/local/apache-2.2/conf/httpd.conf

	User www
	Group www
	ServerName Your_IP:80
	
	LoadModule php5_module        modules/libphp5.so
	#AddType application/x-httpd-php .php
	
	LoadModule suphp_module modules/mod_suphp.so
	suPHP_Engine on
	suPHP_ConfigPath /usr/local/php-5.3/lib
	suPHP_AddHandler x-httpd-php
	AddHandler x-httpd-php .php
	
	Include conf/extra/httpd-vhosts.conf
	
	Order allow,deny
	Allow from all
	
	DirectoryIndex index.html index.php index.cgi index.pl
	
vim /usr/local/apache-2.2/conf/extra/httpd-vhosts.conf

	<VirtualHost *:80>
		DocumentRoot "/home/user/sub.domain.com/public_html"
		ServerName sub.domain.com
		ErrorLog "logs/sub.domain.com-error_log"
		CustomLog "logs/sub.domain.com-access_log" common
		<Directory "/home/user/domain.com/public_html">
		    suPHP_UserGroup user group
		</Directory>
		#<Directory "/home/user/domain.com/public_html/cacti">
		#	suPHP_Engine Off
		#	RemoveHandler .php
		#	AddType application/x-httpd-php .php
		#</Directory>
	</VirtualHost>
	
mkdir -p /home/user/sub.comain.com/public_html
chown -Rf user:group /home/user
	
/usr/local/apache-2.2/bin/apachectl restart

# 瀏覽網頁應該會見到以下結果就正常了 CGI/FastCGI
# 測試目前運行 Script 的用戶

	<?php echo get_current_user(); ?>

# 安裝 ProFTPD
cd ..
groupadd ftp && useradd ftp -g mysql -s /sbin/nologin
wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4b.tar.gz
tar zxvf proftpd-1.3.4b.tar.gz
cd proftpd-1.3.4b
./configure --prefix=/usr/local/proftpd-1.3 --enable-openssl
make -j 8
make install

# 編輯 ProFTPD 的設定
vim /usr/local/proftpd-1.3/etc/proftpd.conf

	User ftp
	Group ftp
	DefaultRoot ~
	RequireValidShell off
	DelayEngine off
	RootLogin off
	IdentLookups off
	UseReverseDNS off
	ServerIdent off
	PassivePorts 60000 65535
	
	AllowStoreRestart on
	AllowRetrieveRestart on
	AllowForeignAddress on
	
	RequireValidShell off

# 處理 iptables
vim /etc/iptables.test.rules

	*filter
	-F
	-A INPUT -i lo -j ACCEPT
	-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
	-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
	-A OUTPUT -j ACCEPT
	
	# HTTP HTTPS
	-A INPUT -p tcp --dport 80 -j ACCEPT
	-A INPUT -p tcp --dport 443 -j ACCEPT
	
	# SSH
	-A INPUT -p tcp -m state --state NEW --dport 3333 -j ACCEPT
	
	# FTP
	-A INPUT -p tcp --dport 21 -j ACCEPT
	-A INPUT -p tcp --dport 60000:65535 -j ACCEPT
	
	# Support ping
	-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
	
	# Reject all other inbound:
	-A INPUT -j REJECT
	-A FORWARD -j REJECT
	
	COMMIT

# 還原規則之後顯示出來是否正確
iptables-restore < /etc/iptables.test.rules
iptables -L

# 儲存目前的規則
iptables-save > /etc/iptables.up.rules

# 在開機時還原規則
vim /etc/rc.local

	/usr/local/mysql/bin/mysqld_safe --defaults-file=/etc/my.cnf --datadir=/usr/local/mysql/data &
	/usr/local/apache-2.2/bin/httpd -k restart
	/usr/local/proftpd-1.3/sbin/proftpd -c /usr/local/proftpd-1.3/etc/proftpd.conf
	/sbin/iptables-restore < /etc/iptables.up.rules

-----------------------------

# 安裝 PHP 時的問題

問題: 
checking for MySQL support for PDO... yes
checking for mysql_config... not found
configure: error: Unable to find your mysql installation

解決: (因為它是 hardcode 了位置,無論如何設定也失敗?)
ln -s /usr/local/mysql/bin/mysql_config /usr/bin/mysql_config
© Copyright 2007 - 2023 by Zeuxis Lo.