lamp的PHP相关配置
lamp的PHP相关配置
脑洞老湿_ 发表于6个月前
lamp的PHP相关配置
  • 发表于 6个月前
  • 阅读 2
  • 收藏 0
  • 点赞 0
  • 评论 0

新睿云服务器60天免费使用,快来体验!>>>   

11.30 PHP相关配置(上+下)

 查看php配置文件位置
 /usr/local/php/bin/php -i|grep -i "loaded configuration file" 
 date.timezone 
 disable_functions
eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close 
 display_errors, log_errors,error_log,  error_reporting
 open_basedir
 php_admin_value open_basedir "/data/wwwroot/111.com:/tmp/"

1、查找php.ini配置文件

lamp的php查看配置文件有两种方法:
1、/usr/local/php/bin/php -i|grep -i "loaded configuration file"

[root@DasonCheng ~]# /usr/local/php/bin/php -i|grep -i "loaded configuration file"
Loaded Configuration File => /usr/local/php/etc/php.ini  //这个就是配置文件php.ini

2、通过网页浏览找到其配置文件(<?php phpinfo(); ?>)页面最可靠)
mark

2、定义时区:

[root@DasonCheng ~]# vim /usr/local/php/etc/php.ini 
……
date.timezone = Asia/Shanghai    //定义时区为上海;
……

3、禁用函数:disable_functions

[root@DasonCheng ~]# vim /usr/local/php/etc/php.ini 
……
disable_functions = eval,assert,popen,passthru,escapeshellarg,escapeshellcmd,passthru,exec,system,chroot,scandir,chgrp,chown,escapeshellcmd,escapeshellarg,shell_exec,proc_get_status,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,leak,popepassthru,stream_socket_server,popen,proc_open,proc_close,phpinfo
……
//其中eval就是一句话木马采用的函数之一!
//这里我先将phpinfo 禁用,看看效果(部分公司会禁用该函数,因为其暴露了太多目录)

phpinfo禁用之后,那么问题就来了; mark 访问空白了;现在我们可以把display_errors打开--在浏览器上面显示报错!

[root@DasonCheng ~]# vim /usr/local/php/etc/php.ini
display_errors = On
[root@DasonCheng ~]# /usr/local/apache2.4/bin/apachectl graceful

mark
但是这样是不允许的,报错直接显示在浏览器上面行不通;那怎么办呢?
这边我们把display_errors = Off关闭,配置错误日志!

4、配置错误日志

display_errors = Off
log_errors = On    //开启日志记录了,那我们得定义一个日志目录文件;
error_log=/tmp/lamp_php_error.log    
//定义日志目录文件了之后,我们还得定义日志记录级别呀;级别高--只记录严峻的错误,级别低--记录大部分错误
error_reporting = E_ALL    
//这个就是记录所有错误;生产环境中,我们用"E_ALL & ~E_NOTICE  (Show all errors, except for notices)"这个,因为notice太多了;
[root@DasonCheng ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@DasonCheng ~]# /usr/local/apache2.4/bin/apachectl graceful

测试错误日志:

[root@DasonCheng ~]# curl -x127.0.0.1:80 www.abc.com/1.php -i
HTTP/1.1 200 OK
Date: Thu, 17 Aug 2017 11:42:01 GMT
Server: Apache/2.4.27 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Length: 0
Content-Type: text/html; charset=UTF-8

[root@DasonCheng ~]# ll /tmp/lamp_php_error.log 
-rw-r--r--. 1 daemon daemon 141 8月  17 19:42 /tmp/lamp_php_error.log
[root@DasonCheng ~]# chmod 777 !$
chmod 777 /tmp/lamp_php_error.log    //这里是保证日志有写入权限
[root@DasonCheng ~]# cat /tmp/lamp_php_error.log
[17-Aug-2017 19:42:01 Asia/Shanghai] PHP Warning:  phpinfo() has been disabled for security reasons in /data/wwwroot/abc.com/1.php on line 2    
//这个是警告,这个函数被禁用了;

有时候,发现配置不自动生成日志文件,可以先查看是否有写入这个目录的权限!

[root@DasonCheng ~]# ls -ld /tmp
drwxrwxrwt. 9 root root 4096 8月  17 19:42 /tmp

我们写错一个php页面,开看看报错日志!

[root@DasonCheng ~]# vim /data/wwwroot/abc.com/2.php    //加入错误行;
<?php
echo sfasdf
asdfasdf
……
[root@DasonCheng ~]# curl -x127.0.0.1:80 www.abc.com/2.php -i
HTTP/1.0 500 Internal Server Error     //报错500,查看日志
……
[root@DasonCheng ~]# cat /tmp/lamp_php_error.log
[17-Aug-2017 19:42:01 Asia/Shanghai] PHP Warning:  phpinfo() has been disabled for security reasons in /data/wwwroot/abc.com/1.php on line 2
[17-Aug-2017 19:54:07 Asia/Shanghai] PHP Parse error:  syntax error, unexpected 'asdfasdf' (T_STRING), expecting ',' or ';' in /data/wwwroot/abc.com/2.php on line 3    
//error这就是错误日志了,比warning严重!

11.30配置open_basedir(安全考虑)

为了防止不法分子通过技术手段进入其他网站目录,破坏网站稳定性,特将其固定在该网站目录下面!

open_basedir /data/wwwroot/abc.com:/tmp/    
//这个是在php.ini里面定义;但是这个只能定义全局,不能单独一个网站定义。
php_admin_value open_basedir "/data/wwwroot/abc.com:/tmp/"   
//这个是在httpd的每一个vhost主机里面配置;可以一个网站一个网站定义。更实用;

1、定义所有站点同一目录:

[root@DasonCheng ~]# vim /usr/local/php/etc/php.ini
open_basedir = /data/wwwroot/abcd.com:/tmp/    //故意定义错,查看其访问效果!
[root@DasonCheng ~]# vim /data/wwwroot/abc.com/2.php 
<?php
echo "hello" ;
……
[root@DasonCheng ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@DasonCheng ~]# curl -x127.0.0.1:80 www.abc.com/2.php
[root@DasonCheng ~]# cat /tmp/lamp_php_error.log
[17-Aug-2017 20:21:51 Asia/Shanghai] PHP Warning:  Unknown: open_basedir restriction in effect. File(/data/wwwroot/abc.com/2.php) is not within the allowed path(s): (/data/wwwroot/abcd.com:/tmp/) in Unknown on line 0
//这句日志告诉我们,这个目录不在允许的范围里面!
[17-Aug-2017 20:21:51 Asia/Shanghai] PHP Warning:  Unknown: failed to open stream: Operation not permitted in Unknown on line 0
[17-Aug-2017 20:21:51 Asia/Shanghai] PHP Fatal error:  Unknown: Failed opening required '/data/wwwroot/abc.com/2.php' (include_path='.:/usr/local/php/lib/php') in Unknown on line 0

测试:
[root@DasonCheng ~]# vim /usr/local/php/etc/php.ini
open_basedir = /data/wwwroot/abc.com:/tmp/  
[root@DasonCheng ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@DasonCheng ~]# curl -x127.0.0.1:80 www.abc.com/2.php 
hello[root@DasonCheng ~]# 
测试ok!但是如果有很多个站点的话,这个就不适用了?接下来叫大家定义每一个站点限定目录

2、定义每一个站点目录:

[root@DasonCheng ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/abc.com"
    ServerName abc.com
    ServerAlias www.abc.com www.123.com
    ErrorLog "logs/abc.com-error_log"
    CustomLog "logs/abc.com-access_log" common
    php_admin_value open_basedir "/data/wwwroot/abc.com:/tmp/" 
 //php_admin_value这个参数可以定义php.ini里面的参数,如error_log等等......;为什么会有:/tmp/目录呢?这个是php的默认临时文件,必须得有的;
</VirtualHost>

这样就针对每一个站点做了open_basedir限制了哦!!

11.32 PHP扩展模块安装

 /usr/local/php/bin/php -m //查看模块
 下面安装一个redis的模块
 cd /usr/local/src/
 wget https://codeload.github.com/phpredis/phpredis/zip/develop 
 mv develop phpredis-develop.zip
 unzip phpredis-develop.zip
 cd phpredis-develop
 /usr/local/php/bin/phpize //生成configure文件
 ./configure --with-php-config=/usr/local/php/bin/php-config
 make && make install
 /usr/local/php/bin/php -i |grep extension_dir //查看扩展模块存放目录,我们可以在php.ini中去自定义该路径 
 vim /usr/local/php/etc/php.ini  //增加一行配置(可以放到文件最后一行)
extension = redis.so  

1、安装第三方扩展模块

1.1下载模块并解压
[root@DasonCheng ~]# /usr/local/php/bin//php -m |grep redis
[root@DasonCheng ~]# cd /usr/local/src/
[root@DasonCheng src]# wget https://codeload.github.com/phpredis/phpredis/zip/develop
正在保存至: “develop”
100%[===============================================>] 221,964      284KB/s 用时 0.8s   
2017-08-18 16:51:05 (284 KB/s) - 已保存 “develop” [221964/221964])
[root@DasonCheng src]# mv develop develop.zip
[root@DasonCheng src]# unzip develop.zip
1.2生成configure并安装
[root@DasonCheng src]# cd phpredis-develop/
[root@DasonCheng phpredis-develop]# /usr/local/php/bin/phpize 
Configuring for:
PHP Api Version:         20131106
Zend Module Api No:      20131226
Zend Extension Api No:   220131226
[root@DasonCheng phpredis-develop]# ./configure --with-php-config=/usr/local/php/bin/php-config
……
[root@DasonCheng phpredis-develop]# echo $?
0
[root@DasonCheng phpredis-develop]# make && make install
……
Build complete.
Don't forget to run 'make test'.

Installing shared extensions:     /usr/local/php/lib/php/extensions/no-debug-zts-20131226/
[root@DasonCheng phpredis-develop]# ls /usr/local/php/lib/php/extensions/no-debug-zts-20131226/
opcache.so  redis.so    //.so模块已经生成!
1.3修改php.ini使模块生效:
[root@DasonCheng phpredis-develop]# vim /usr/local/php/etc/php.ini 
……
;extension=php_xmlrpc.dll
;extension=php_xsl.dll
extension = redis.so    //添加这一行;
[root@DasonCheng phpredis-develop]# /usr/local/php/bin//php -m |grep redis
redis    //扩展模块以已经安装成功;

2、安装自带模块

2.1进入php解压包找到模块目录:
[root@DasonCheng src]# cd php-5.6.30/ext/
[root@DasonCheng ext]# ls
curl        gd                  mcrypt    pdo_dblib     recode      sybase_ct  zip
date        gettext             mssql     pdo_firebird  reflection  sysvmsg    zlib
dba         gmp                 mysql     pdo_mysql     session     sysvsem
dom         hash                mysqli    pdo_oci       shmop       sysvshm
enchant     iconv               mysqlnd   pdo_odbc      simplexml   tidy
ereg        imap                oci8      pdo_pgsql     skeleton    tokenizer
exif        interbase           odbc      pdo_sqlite    snmp        wddx
[root@DasonCheng ext]# /usr/local/php/bin/php -m |grep zip    //让我们来安装zip模块;

2.2生成configure并安装:
[root@DasonCheng ext]# cd zip/
[root@DasonCheng zip]# /usr/local/php/bin/phpize 
Configuring for:
PHP Api Version:         20131106
Zend Module Api No:      20131226
Zend Extension Api No:   220131226
[root@DasonCheng zip]# ./configure --with-php-config=/usr/local/php/bin/php-config
[root@DasonCheng zip]# make && make install
……
Build complete.
Don't forget to run 'make test'.

Installing shared extensions:     /usr/local/php/lib/php/extensions/no-debug-zts-20131226/
[root@DasonCheng zip]# ls /usr/local/php/lib/php/extensions/no-debug-zts-20131226/
opcache.so  redis.so  zip.so
2.3修改php.ini使模块生效:
[root@DasonCheng zip]# vim /usr/local/php/etc/php.ini
……
;extension=php_xsl.dll
extension = redis.so
extension = zip.so
[root@DasonCheng zip]# /usr/local/php/bin/php -m |grep zip
zip
  • 打赏
  • 点赞
  • 收藏
  • 分享
共有 人打赏支持
粉丝 1
博文 117
码字总数 108066
×
脑洞老湿_
如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!
* 金额(元)
¥1 ¥5 ¥10 ¥20 其他金额
打赏人
留言
* 支付类型
微信扫码支付
打赏金额:
已支付成功
打赏金额: