|
本帖最後由 cliff 於 2020-6-6 22:51 編輯
修改 hostname
- hostnamectl set-hostname cloud.hk
複製代碼
使用 Yum 更新
- sudo dnf install httpd mariadb-server wget unzip
複製代碼- sudo dnf install php php-pdo php-pecl-zip php-json php-mbstring php-mysqlnd
複製代碼- sudo systemctl enable httpd.service
- sudo systemctl start httpd.service
複製代碼
- systemctl start httpd
- systemctl start mariadb
- systemctl enable httpd
- systemctl enable mariadb
複製代碼
設定 MariaDB
- mysql_secure_installation
複製代碼- Securing the MySQL server deployment.
- Connecting to MySQL using a blank password.
- VALIDATE PASSWORD COMPONENT can be used to test passwords
- and improve security. It checks the strength of password
- and allows the users to set only those passwords which are
- secure enough. Would you like to setup VALIDATE PASSWORD component?
- Press y|Y for Yes, any other key for No: y
- There are three levels of password validation policy:
- LOW Length >= 8
- MEDIUM Length >= 8, numeric, mixed case, and special characters
- STRONG Length >= 8, numeric, mixed case, special characters and dictionary file
- Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2
- Please set the password for root here.
- New password:
- Re-enter new password:
- Estimated strength of the password: 100
- Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : Y
- By default, a MySQL installation has an anonymous user,
- allowing anyone to log into MySQL without having to have
- a user account created for them. This is intended only for
- testing, and to make the installation go a bit smoother.
- You should remove them before moving into a production
- environment.
- Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y
- Success.
- Normally, root should only be allowed to connect from
- 'localhost'. This ensures that someone cannot guess at
- the root password from the network.
- Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y
- Success.
- By default, MySQL comes with a database named 'test' that
- anyone can access. This is also intended only for testing,
- and should be removed before moving into a production
- environment.
- Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y
- - Dropping test database...
- Success.
- - Removing privileges on test database...
- Success.
- Reloading the privilege tables will ensure that all changes
- made so far will take effect immediately.
- Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y
- Success.
- All done!
複製代碼
- wget https://files.phpmyadmin.net/phpMyAdmin/5.0.2/phpMyAdmin-5.0.2-all-languages.zip
- unzip phpMyAdmin-5.0.2-all-languages.zip
- mv phpMyAdmin-5.0.2-all-languages /usr/share/phpmyadmin
- cp -pr /usr/share/phpmyadmin/config.sample.inc.php /usr/share/phpmyadmin/config.inc.php
複製代碼
創建一個 tmp 在 phpmyadmin 裡面
- mkdir /usr/share/phpmyadmin/tmp
- chown -R apache:apache /usr/share/phpmyadmin
- chmod 777 /usr/share/phpmyadmin/tmp
複製代碼
設定 config.inc.php, 加入 Blowfish Secret
Blowfish Secret Generator
- sudo vim /usr/share/phpmyadmin/config.inc.php
複製代碼
並加入以下
- $cfg['TempDir'] = '/tmp';
複製代碼
- vi /etc/httpd/conf.d/phpmyadmin.conf
複製代碼
- Alias /phpmyadmin /usr/share/phpmyadmin
-
- <Directory /usr/share/phpmyadmin/>
- AddDefaultCharset UTF-8
- <IfModule mod_authz_core.c>
- # Apache 2.4
- <RequireAny>
- Require all granted
- </RequireAny>
- </IfModule>
- </Directory>
-
- <Directory /usr/share/phpmyadmin/setup/>
- <IfModule mod_authz_core.c>
- # Apache 2.4
- <RequireAny>
- Require all granted
- </RequireAny>
- </IfModule>
- </Directory>
複製代碼
- chcon -Rv --type=httpd_sys_content_t /usr/share/phpmyadmin/*
複製代碼
增加到服務器的防火牆
- sudo firewall-cmd --permanent --zone=public --add-service=http
- sudo firewall-cmd --permanent --zone=public --add-service=https
- sudo firewall-cmd --reload
複製代碼
First, install the policycoreutils-python-utils package to manage an SELinux environment with the following command:
dnf install policycoreutils-python-utils
Next, enable access to /usr/share/phpmyadmin directory with the following command:
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/phpmyadmin/'
semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/phpmyadmin/tmp(/.*)?"
Now recurse through all the files in your phpmyadmin directory by running the following command:
restorecon -Rv '/usr/share/phpmyadmin/'
Next, you will need to create a firewall rule to allow HTTP service from external networks. You can allow it with the following command:
firewall-cmd --permanent --add-service=http
firewall-cmd --reload |
|