CentOS7にPHP5.6,MySQL5.7,Nginx1.8の環境構築

はじめに

MySQLのgeometryカラムを使ってみたかったので、VagrantでCentOS7,PHP5.6,MySQL5.7,Nginx1.8の環境構築してみました。
fuelphpで開発するのでNginxの設定箇所にfuelphp用の設定もありますがコメントアウトしてます。
当手順ではfuelphpのインストールは含んでいません。

主机的设置

    • OSX 10.5.1

 

    • Vagrant 1.8.1

 

    VertualBox 5.0.12

虚拟机配置

    • CentOS 7.0.1406

 

    • PHP 5.6.17

 

    • MySQL 5.7.10

 

    Nginx 1.8.0

准备基于CentOS7的虚拟机镜像。

有一个名为vagrantbox.ex的CentOS7.0 x86_64 minimal(带有VirtualBoxGuestAddtions 4.3.14版本),因此将以此为基础进行构建。

    • boxの追加

 

    • vagrant box add centos7 https://f0fff3908f081cb6461b407be80daf97f07ac418.googledrive.com/host/0BwtuV7VyVTSkUG1PM3pCeDJ4dVE/centos7.box

vagrant初期化
vagrant init centos7

生成されたVagrantfileの修正

# -*- mode: ruby -*-
# vi: set ft=ruby :

# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure(2) do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.

  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://atlas.hashicorp.com/search.
  config.vm.box = "centos7"

  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
  # `vagrant box outdated`. This is not recommended.
  # config.vm.box_check_update = false

  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # config.vm.network "forwarded_port", guest: 80, host: 8080

  # Create a private network, which allows host-only access to the machine
  # using a specific IP.
  config.vm.network "private_network", ip: "192.168.33.10" # ⇦ HOSTからVMにアクセス可能にするためコメント外す。他のVagrantがあるならip変える。

  # Create a public network, which generally matched to bridged network.
  # Bridged networks make the machine appear as another physical device on
  # your network.
  # config.vm.network "public_network"

  # Share an additional folder to the guest VM. The first argument is
  # the path on the host to the actual folder. The second argument is
  # the path on the guest to mount the folder. And the optional third
  # argument is a set of non-required options.
  # config.vm.synced_folder "../data", "/vagrant_data"

  # Provider-specific configuration so you can fine-tune various
  # backing providers for Vagrant. These expose provider-specific options.
  # Example for VirtualBox:
  #
  # config.vm.provider "virtualbox" do |vb|
  #   # Display the VirtualBox GUI when booting the machine
  #   vb.gui = true
  #
  #   # Customize the amount of memory on the VM:
  #   vb.memory = "1024"
  # end
  #
  # View the documentation for the provider you are using for more
  # information on available options.

  # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies
  # such as FTP and Heroku are also available. See the documentation at
  # https://docs.vagrantup.com/v2/push/atlas.html for more information.
  # config.push.define "atlas" do |push|
  #   push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME"
  # end

  # Enable provisioning with a shell script. Additional provisioners such as
  # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
  # documentation for more information about their specific syntax and use.
  # config.vm.provision "shell", inline: <<-SHELL
  #   sudo apt-get update
  #   sudo apt-get install -y apache2
  # SHELL

  # vm側の時刻をhostに合わせる
  # VM立ち上げっぱなしにしてPCスリープしたあとに見るとズレくる?
  # CentOS7からはChronyがntpの代わりになったようなのでそっちに変更。
  # config.vm.provider :virtualbox do |vb|
  #  vb.customize ["setextradata", :id, "VBoxInternal/Devices/VMMDev/0/Config/GetHostTimeDisabled", 1]
  # end
end
    • vagrant起動

 

    • vagrant up

vmに接続
vagrant ssh

VM側作業 環境設定

假设所有VM操作都是以root用户执行。登录为root用户。

    • バージョン確認

 

    • cat /etc/redhat-release

 

    • CentOS7.0より最新を使いたい場合 -> yum -y upgrade

 

    • package updateの場合 -> yum -y update

 

    • *upgrade,updateしなくても可

 

    • selinux無効

 

    • setenforce 0

 

    • selinux永続無効

 

    • sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/sysconfig/selinux

 

    • sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/selinux/config

 

    • *1番目だけだとサーバー再起動時に戻ってしまっていた。2番目だけでも平気?

 

    • selinux確認

 

    • getenforce

 

    • Permissiveが表示されればOK

 

    • 時刻を日本時間に設定

 

    • \cp -f /usr/share/zoneinfo/Japan /etc/localtime

 

    • timedatectl set-timezone Asia/Tokyo

 

    • 時刻同期

 

    • yum -y install chrony

 

    vim /etc/chrony.conf
+ server ntp.nict.jp iburst
+ server ntp1.jst.mfeed.ad.jp iburst
+ server ntp2.jst.mfeed.ad.jp iburst
+ server ntp3.jst.mfeed.ad.jp iburst
- #server 0.centos.pool.ntp.org iburst
- #server 1.centos.pool.ntp.org iburst
- #server 2.centos.pool.ntp.org iburst
- #server 3.centos.pool.ntp.org iburst

VM側設定 MySQL5.7インストール

    • mariadbと競合しないように削除

 

    • yum -y remove mariadb-libs

 

    • rm -rf /var/lib/mysql/

 

    • MySQLインストール

 

    • yum -y install http://dev.mysql.com/get/mysql57-community-release-el7-7.noarch.rpm

 

    yum -y install mysql-community-server

安装PHP 5.6。

    • epelインストール

 

    • rpm -Uvh http://ftp.iij.ad.jp/pub/linux/fedora/epel/7/x86_64/e/epel-release-7-5.noarch.rpm

remiインストール
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

PHPインストール(インストールモジュールは任意で)
yum -y install –enablerepo=remi –enablerepo=remi-php56 php php-devel php-gd php-mbstring php-mcrypt php-memcache php-mysql php-mysqlnd php-pdo php-gd php-fpm php-cli php-xml phpMyAdmin

安装Nginx

rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum -y install nginx

启动服务

    • 一旦、MySQL、firewall、chronyのサービス起動

 

    systemctl start mysqld.service && systemctl start firewalld.service && systemctl start chronyd.service

各种服务的自动启动设置

    • Nginx,php-fpm,MySQL,firewallの自動起動を設定

 

    systemctl enable nginx.service && systemctl enable php-fpm.service && systemctl enable mysqld.service && systemctl enable firewalld.service && systemctl enable chronyd

MySQL的配置

    • my.cnfの修正(文字コードなど)

 

    vi /etc/my.cnf
[mysqld]
+ character-set-server = utf8       # 文字コード
+ validate_password = OFF           # パスワードを複雑化していないと受け付けない設定を無効
+ default_password_lifetime = 0     # パスワード有効期限を無効。デフォルトだと365日で切れてログインできなくなる
+ log_timestamps=system             # log出力タイムスタンプをJST。デフォルトだとUTC
# my.cnfの設定はもっとやることあると思うがとりあえず。
    • cnf修正したのでMySQLを再起動

 

    • systemctl restart mysqld.service

 

    • root初期パスワード確認

 

    • grep -e ‘A temporary password is generated for root@localhost’ /var/log/mysqld.log

 

    • rootパスワードなどを変更

 

    mysql_secure_installation
2016-01-07T00:28:18.308696Z 1 [Note] A temporary password is generated for root@localhost: L!omqpK#k4bq
[root@localhost ~]# mysql_secure_installation

Securing the MySQL server deployment.

Enter password for user root:[grepで確認したパスワードを入力] 

The existing password for the user account root has expired. Please set a new password.

New password: [vagrant としました]

Re-enter new password: [vagrant]
The 'validate_password' plugin is installed on the server.
The subsequent steps will run with the existing configuration
of the plugin.
Using existing password for root.

Estimated strength of the password: 0 
Change the password for root ? ((Press y|Y for Yes, any other key for No) : No # 英数記号など含んだパスワードで設定するか?って聞いてくるけど設定しない。

 ... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y # anonymous ser削除する
Success.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y # test dbを削除する
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y # 再起動する
Success.

All done! 

PHP设置

    • php.iniの修正

 

    • timezone,session.save_pathを修正(CentOS7では/tmpにファイル置いてもシステムで消されるため)

 

    • sed -i ‘s/;date.timezone =$/date.timezone = “Asia\/Tokyo”/g’ /etc/php.ini

 

    • sed -i ‘s/;session.save_path = “\/tmp”$/session.save_path = “\/var\/lib\/php\/session”/g’ /etc/php.ini

 

    • session.save_pathのグループ変更

 

    • chown :vagrant /var/lib/php/session

 

    • php-fpm.cnfの修正

 

    • user,groupをvagrantに修正

 

    • sed -i “s/user = apache$/user = vagrant/g” /etc/php-fpm.d/www.conf

 

    sed -i “s/group = apache$/group = vagrant/g” /etc/php-fpm.d/www.conf

Nginx配置

    • ドキュメントルートディレクトリ作成

 

    • rm -rf /var/www && mkdir -p /var/www/public

 

    • 確認用phpファイル作成

 

    • echo ‘ user,group変更

 

    • chown -R vagrant:vagrant /var/www

 

    • conf作成

 

    vi /etc/nginx/conf.d/dev.conf
# app
server {
    listen       80;
    server_name  192.168.33.10;
    charset utf-8;

    # file_upload_size.default 1mb.
    client_max_body_size  32M;

    # access_logはformatは指定可能だが、levelは指定不可
    # "main"と記載しているのは、nginx.confにmainという名前でformatを設定していてそれを使っている
    access_log  /var/log/nginx/access.log main;

    # error_logはformatは指定不可だが、levelは指定可能
    # logレベルはdebug,info,notice,warn,error,critから選ぶ
    error_log  /var/log/nginx/error.log debug;

    location / {
        root   /var/www/public;
        index  index.php;

        # ===fuelphp使うなら必要===
        # rewrite setting
        # try_files $uri $uri/ /index.php$is_args$args;
        # ===/ fuelphp使うなら必要===
    }

    location ~ \.php$ {
        root           /var/www/public;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        # fastcgi_param  FUEL_ENV "production";# ===fuelphp使うなら必要===
        include        fastcgi_params;
    }
}

# phpmyadmin
server {
    listen       8080;
    server_name  192.168.33.10;

    charset utf-8;
    access_log  /var/log/nginx/phpmyadmin.access.log  main;
    error_log  /var/log/nginx/phpmyadmin.error.log  error;

    location / {
        root   /usr/share/phpMyAdmin;
        index  index.php;
    }

    location ~ \.php$ {
        root           /usr/share/phpMyAdmin;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
}
    • /etc/nginx/nginx.confの修正

 

    • sed -i “s/user nginx;$/user vagrant;/g” /etc/nginx/nginx.conf

 

    • /etc/nginx/conf.d/default.confを使わないのでリネーム

 

    • mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bk

 

    • php-fpm,nginx起動

 

    • php-fpm,Nginxの設定ファイルを更新したので再起動

 

    systemctl start nginx.service && systemctl start php-fpm.service

防火墙设置

    • 完全無効

 

    • systemctl stop firewalld

 

    • systemctl disable firewalld

 

    • *開発環境なので上記のみで可。勉強がてら上記ではなく、下記設定にしてみました。

 

    • http,https,8080ポートを永続許可

 

    • firewall-cmd –add-service=http –permanent && firewall-cmd –add-service=https –permanent && firewall-cmd –add-port=8080/tcp –permanent

 

    • firewall再起動

 

    • firewall-cmd –reload

 

    • 設定内容確認

 

    • firewall-cmd –list-services

 

    firewall-cmd –list-ports

确认访问

    • PHP

 

    • http://192.168.33.10

 

    • phpinfoが出る事

 

    • phpMyAdmin

 

    • http://192.168.33.10:8080

 

    • id:root

 

    • pw:vagrant

 

    でログイン出来る事

沉迷于的地方

どうも繋がらないと思ったら、selinuxが有効だった。。。
どうも繋がらないと思ったら、firewallが有効だった。。。

(´-`).。oO(我要学习Ansible和Docker。)

广告
将在 10 秒后关闭
bannerAds