CentOS7にPHP5.6,MySQL5.7,Nginx1.8の環境構築
はじめに
MySQLのgeometryカラムを使ってみたかったので、VagrantでCentOS7,PHP5.6,MySQL5.7,Nginx1.8の環境構築してみました。
fuelphpで開発するのでNginxの設定箇所にfuelphp用の設定もありますがコメントアウトしてます。
当手順ではfuelphpのインストールは含んでいません。
主机的设置
-
- OSX 10.5.1
-
- Vagrant 1.8.1
- VertualBox 5.0.12
虚拟机配置
-
- CentOS 7.0.1406
-
- PHP 5.6.17
-
- MySQL 5.7.10
- Nginx 1.8.0
准备基于CentOS7的虚拟机镜像。
有一个名为vagrantbox.ex的CentOS7.0 x86_64 minimal(带有VirtualBoxGuestAddtions 4.3.14版本),因此将以此为基础进行构建。
-
- boxの追加
-
- vagrant box add centos7 https://f0fff3908f081cb6461b407be80daf97f07ac418.googledrive.com/host/0BwtuV7VyVTSkUG1PM3pCeDJ4dVE/centos7.box
vagrant初期化
vagrant init centos7
生成されたVagrantfileの修正
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure(2) do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://atlas.hashicorp.com/search.
config.vm.box = "centos7"
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# config.vm.network "forwarded_port", guest: 80, host: 8080
# Create a private network, which allows host-only access to the machine
# using a specific IP.
config.vm.network "private_network", ip: "192.168.33.10" # ⇦ HOSTからVMにアクセス可能にするためコメント外す。他のVagrantがあるならip変える。
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
# config.vm.network "public_network"
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
# config.vm.provider "virtualbox" do |vb|
# # Display the VirtualBox GUI when booting the machine
# vb.gui = true
#
# # Customize the amount of memory on the VM:
# vb.memory = "1024"
# end
#
# View the documentation for the provider you are using for more
# information on available options.
# Define a Vagrant Push strategy for pushing to Atlas. Other push strategies
# such as FTP and Heroku are also available. See the documentation at
# https://docs.vagrantup.com/v2/push/atlas.html for more information.
# config.push.define "atlas" do |push|
# push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME"
# end
# Enable provisioning with a shell script. Additional provisioners such as
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
# documentation for more information about their specific syntax and use.
# config.vm.provision "shell", inline: <<-SHELL
# sudo apt-get update
# sudo apt-get install -y apache2
# SHELL
# vm側の時刻をhostに合わせる
# VM立ち上げっぱなしにしてPCスリープしたあとに見るとズレくる?
# CentOS7からはChronyがntpの代わりになったようなのでそっちに変更。
# config.vm.provider :virtualbox do |vb|
# vb.customize ["setextradata", :id, "VBoxInternal/Devices/VMMDev/0/Config/GetHostTimeDisabled", 1]
# end
end
-
- vagrant起動
-
- vagrant up
vmに接続
vagrant ssh
VM側作業 環境設定
假设所有VM操作都是以root用户执行。登录为root用户。
-
- バージョン確認
-
- cat /etc/redhat-release
-
- CentOS7.0より最新を使いたい場合 -> yum -y upgrade
-
- package updateの場合 -> yum -y update
-
- *upgrade,updateしなくても可
-
- selinux無効
-
- setenforce 0
-
- selinux永続無効
-
- sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/sysconfig/selinux
-
- sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/selinux/config
-
- *1番目だけだとサーバー再起動時に戻ってしまっていた。2番目だけでも平気?
-
- selinux確認
-
- getenforce
-
- Permissiveが表示されればOK
-
- 時刻を日本時間に設定
-
- \cp -f /usr/share/zoneinfo/Japan /etc/localtime
-
- timedatectl set-timezone Asia/Tokyo
-
- 時刻同期
-
- yum -y install chrony
- vim /etc/chrony.conf
+ server ntp.nict.jp iburst
+ server ntp1.jst.mfeed.ad.jp iburst
+ server ntp2.jst.mfeed.ad.jp iburst
+ server ntp3.jst.mfeed.ad.jp iburst
- #server 0.centos.pool.ntp.org iburst
- #server 1.centos.pool.ntp.org iburst
- #server 2.centos.pool.ntp.org iburst
- #server 3.centos.pool.ntp.org iburst
VM側設定 MySQL5.7インストール
-
- mariadbと競合しないように削除
-
- yum -y remove mariadb-libs
-
- rm -rf /var/lib/mysql/
-
- MySQLインストール
-
- yum -y install http://dev.mysql.com/get/mysql57-community-release-el7-7.noarch.rpm
- yum -y install mysql-community-server
安装PHP 5.6。
-
- epelインストール
-
- rpm -Uvh http://ftp.iij.ad.jp/pub/linux/fedora/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
remiインストール
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
PHPインストール(インストールモジュールは任意で)
yum -y install –enablerepo=remi –enablerepo=remi-php56 php php-devel php-gd php-mbstring php-mcrypt php-memcache php-mysql php-mysqlnd php-pdo php-gd php-fpm php-cli php-xml phpMyAdmin
安装Nginx
rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum -y install nginx
启动服务
-
- 一旦、MySQL、firewall、chronyのサービス起動
- systemctl start mysqld.service && systemctl start firewalld.service && systemctl start chronyd.service
各种服务的自动启动设置
-
- Nginx,php-fpm,MySQL,firewallの自動起動を設定
- systemctl enable nginx.service && systemctl enable php-fpm.service && systemctl enable mysqld.service && systemctl enable firewalld.service && systemctl enable chronyd
MySQL的配置
-
- my.cnfの修正(文字コードなど)
- vi /etc/my.cnf
[mysqld]
+ character-set-server = utf8 # 文字コード
+ validate_password = OFF # パスワードを複雑化していないと受け付けない設定を無効
+ default_password_lifetime = 0 # パスワード有効期限を無効。デフォルトだと365日で切れてログインできなくなる
+ log_timestamps=system # log出力タイムスタンプをJST。デフォルトだとUTC
# my.cnfの設定はもっとやることあると思うがとりあえず。
-
- cnf修正したのでMySQLを再起動
-
- systemctl restart mysqld.service
-
- root初期パスワード確認
-
- grep -e ‘A temporary password is generated for root@localhost’ /var/log/mysqld.log
-
- rootパスワードなどを変更
- mysql_secure_installation
2016-01-07T00:28:18.308696Z 1 [Note] A temporary password is generated for root@localhost: L!omqpK#k4bq
[root@localhost ~]# mysql_secure_installation
Securing the MySQL server deployment.
Enter password for user root:[grepで確認したパスワードを入力]
The existing password for the user account root has expired. Please set a new password.
New password: [vagrant としました]
Re-enter new password: [vagrant]
The 'validate_password' plugin is installed on the server.
The subsequent steps will run with the existing configuration
of the plugin.
Using existing password for root.
Estimated strength of the password: 0
Change the password for root ? ((Press y|Y for Yes, any other key for No) : No # 英数記号など含んだパスワードで設定するか?って聞いてくるけど設定しない。
... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.
Remove anonymous users? (Press y|Y for Yes, any other key for No) : y # anonymous ser削除する
Success.
Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.
By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y # test dbを削除する
- Dropping test database...
Success.
- Removing privileges on test database...
Success.
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y # 再起動する
Success.
All done!
PHP设置
-
- php.iniの修正
-
- timezone,session.save_pathを修正(CentOS7では/tmpにファイル置いてもシステムで消されるため)
-
- sed -i ‘s/;date.timezone =$/date.timezone = “Asia\/Tokyo”/g’ /etc/php.ini
-
- sed -i ‘s/;session.save_path = “\/tmp”$/session.save_path = “\/var\/lib\/php\/session”/g’ /etc/php.ini
-
- session.save_pathのグループ変更
-
- chown :vagrant /var/lib/php/session
-
- php-fpm.cnfの修正
-
- user,groupをvagrantに修正
-
- sed -i “s/user = apache$/user = vagrant/g” /etc/php-fpm.d/www.conf
- sed -i “s/group = apache$/group = vagrant/g” /etc/php-fpm.d/www.conf
Nginx配置
-
- ドキュメントルートディレクトリ作成
-
- rm -rf /var/www && mkdir -p /var/www/public
-
- 確認用phpファイル作成
-
- echo ‘ user,group変更
-
- chown -R vagrant:vagrant /var/www
-
- conf作成
- vi /etc/nginx/conf.d/dev.conf
# app
server {
listen 80;
server_name 192.168.33.10;
charset utf-8;
# file_upload_size.default 1mb.
client_max_body_size 32M;
# access_logはformatは指定可能だが、levelは指定不可
# "main"と記載しているのは、nginx.confにmainという名前でformatを設定していてそれを使っている
access_log /var/log/nginx/access.log main;
# error_logはformatは指定不可だが、levelは指定可能
# logレベルはdebug,info,notice,warn,error,critから選ぶ
error_log /var/log/nginx/error.log debug;
location / {
root /var/www/public;
index index.php;
# ===fuelphp使うなら必要===
# rewrite setting
# try_files $uri $uri/ /index.php$is_args$args;
# ===/ fuelphp使うなら必要===
}
location ~ \.php$ {
root /var/www/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param FUEL_ENV "production";# ===fuelphp使うなら必要===
include fastcgi_params;
}
}
# phpmyadmin
server {
listen 8080;
server_name 192.168.33.10;
charset utf-8;
access_log /var/log/nginx/phpmyadmin.access.log main;
error_log /var/log/nginx/phpmyadmin.error.log error;
location / {
root /usr/share/phpMyAdmin;
index index.php;
}
location ~ \.php$ {
root /usr/share/phpMyAdmin;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
-
- /etc/nginx/nginx.confの修正
-
- sed -i “s/user nginx;$/user vagrant;/g” /etc/nginx/nginx.conf
-
- /etc/nginx/conf.d/default.confを使わないのでリネーム
-
- mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bk
-
- php-fpm,nginx起動
-
- php-fpm,Nginxの設定ファイルを更新したので再起動
- systemctl start nginx.service && systemctl start php-fpm.service
防火墙设置
-
- 完全無効
-
- systemctl stop firewalld
-
- systemctl disable firewalld
-
- *開発環境なので上記のみで可。勉強がてら上記ではなく、下記設定にしてみました。
-
- http,https,8080ポートを永続許可
-
- firewall-cmd –add-service=http –permanent && firewall-cmd –add-service=https –permanent && firewall-cmd –add-port=8080/tcp –permanent
-
- firewall再起動
-
- firewall-cmd –reload
-
- 設定内容確認
-
- firewall-cmd –list-services
- firewall-cmd –list-ports
确认访问
-
- PHP
-
- http://192.168.33.10
-
- phpinfoが出る事
-
- phpMyAdmin
-
- http://192.168.33.10:8080
-
- id:root
-
- pw:vagrant
- でログイン出来る事
沉迷于的地方
どうも繋がらないと思ったら、selinuxが有効だった。。。
どうも繋がらないと思ったら、firewallが有効だった。。。
(´-`).。oO(我要学习Ansible和Docker。)