centos7.6升级ssh7.9、安装PHP7.2、Nginx1.15.9、PHP加密扩展php_screw1.5

1、centos7 安装PHP7.2版本
	#查询是否安装过php
	yum list installed | grep php
	yum provides php
	
	#移除php
	yum remove php-common
	
	#下载源
	rpm -Uvh https://mirror.webtatic.com/yum/el7/epel-release.rpm
	rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
	
	yum install php72w php72w-opcache php72w-xml php72w-gd php72w-devel php72w-mysql php72w-intl php72w-mbstring php72w-fpm php72w-cli php72w-mbstring php72w-pdo php-redis
	
	php -v
	#PHP 7.2.14	
	
	#设置时区
	vim /etc/php.ini
	date.timezone = "Asia/Shanghai"
	
	#设置php-fpm运行用户组
	vim /etc/php-fpm.d/www.conf
	user  = nginx
	group = nginx
	listen.owner = nobody      前面;去掉
	listen.group = nobody      前面;去掉
	listen.mode = 0660     	   前面;去掉
	
	#启动php-fpm
	systemctl start php-fpm.service
	systemctl status php-fpm.service
	systemctl stop php-fpm.service
	systemctl restart php-fpm.service
	#设置开机自启动
	systemctl enable php-fpm.service
　　　　　#移除开机启动

         systemctl disable php-fpm.service

	#安装mcrypt扩展
	#mcrypt扩展从php7.1.0开始废弃,自php7.2.0起会移到pecl
	#http://pecl.php.net/package/mcrypt
	yum install libmcrypt libmcrypt-devel mcrypt mhash
	wget  http://pecl.php.net/get/mcrypt-1.0.1.tgz
	tar -zxvf mcrypt-1.0.1.tgz
	cd mcrypt-1.0.1
	
	#whereis phpize
	/usr/bin/phpize
	#whereis php-config
	./configure --with-php-config=/usr/bin/php-config && make && make install
	
	#vim php.ini
	extension=mcrypt.so
	
	#重启php-fpm
	systemctl restart php-fpm.service
	
2、nginx安装nginx-1.15.9
	ps aux | grep nginx
	
	#kill 45124(ps aux | grep nginx执行之后第一条是pid)
	#踢出nginx所有进程
	pkill -9 nginx
	
	systemctl stop nginx.service
	#移除nginx
	yum remove nginx
	yum list installed | grep nginx
	yum remove ****
	
	#再次检查nginx文件夹
	find / -name nginx*
	#找出nginx目录(删除目录)
	rm -rf *****
	#以上处理之后证明nginx已经清理干净了
	
	#安装库
	yum install zlib-devel
	yum install openssl openssl-devel
	yum install gcc gcc-c++ wget
	yum install automake autoconf libtool libxml2-devel libxslt-devel perl-devel perl-ExtUtils-Embed pcre-devel
	
	#cd /home/tools
	wget -c https://nginx.org/download/nginx-1.15.9.tar.gz
	tar -zxvf nginx-1.15.9.tar.gz
	cd nginx-1.15.9
	
	./configure
	make &&	make install
	#nginx默认安装在/usr/local/nginx
	
	
	#查看nginx当前版本 nginx/1.15.9
	/usr/local/nginx/sbin/nginx -v
	pkill -9 nginx
	/usr/local/nginx/sbin/nginx
	
	#添加nginx项目配置文件夹
	mkdir -p /usr/local/nginx/conf/conf.d
	
	#添加nginx运行错误日志文件夹
	mkdir -p /var/log/nginx
	
	#完善nginx配置	
	vim /usr/local/nginx/conf/nginx.conf
	
	#修改nginx用户组
	user  nginx;
	
	#设置工作进程数 方便的话可以直接设置成auto	
	worker_processes auto;
	
	#lscpu 可以查看下cpu的数量 
	#worker_processes一般设置和CPU数量一样且配合worker_cpu_affinity一起配置
	worker_processes 2;
	worker_cpu_affinity 01 10;
	
	#配置nginx错误日志
	error_log /var/log/nginx/error.log;
	
	#设置nginx.pid nginx.pid存放的是nginx的master进程的进程号
	pid /run/nginx.pid;
	
	#http 对象中修改
	#log_format 前的#去掉
	#添加 client_max_body_size    200m;
	#添加 include /usr/local/nginx/conf/conf.d/*.conf;
	#项目的http配置文件可以放到conf.d文件夹中了
	
	#nginx的启动与重启
	/usr/local/nginx/sbin/nginx -s quit 	#nginx停止
	/usr/local/nginx/sbin/nginx -s reload 	#nginx reload
	/usr/local/nginx/sbin/nginx				#nginx启动
	
	#nginx设置开机自启动
	#即在rc.local增加启动代码就可以了
	vi /etc/rc.local
	#增加一行 /usr/local/nginx/sbin/nginx
	
	#设置执行权限
	chmod 755 /etc/rc.local
　　　　 
　　　　　

　　　　　　Nginx配置SSL报错 nginx: [emerg] unknown directive "ssl"

　　　　　　1、去nginx解压目录下执行
　　　　　　　　　./configure --with-http_ssl_module

　　　　　　2、执行 make（切记不能 make install 会覆盖安装目录）

　　　　　　3、将新的 nginx 覆盖旧安装目录
　　　　　　cp objs/nginx /usr/local/nginx/sbin/nginx

3、redis安装
	yum install redis
	
	#启动redis
	systemctl start redis.service
	systemctl status redis.service
	systemctl stop redis.service
	systemctl restart redis.service
	#设置开机自启动
	systemctl enable redis.service

4、mysql5.7.20安装
	wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm
	#安装mysql源
	yum localinstall mysql57-community-release-el7-8.noarch.rpm
	#安装mysql server
	yum install mysql-community-server
	
	#启动mysqld
	systemctl start mysqld.service
	systemctl status mysqld.service
	systemctl enable mysqld.service
	
	#查看临时密码 grep 'A temporary password' /var/log/mysqld.log
	#登录设置root新密码 alter user 'root'@'localhost' identified by 'Abc123!@#';

5、php_screw-1.5 扩展编译
	#进入http://sourceforge.net/projects/php-screw/下载最新版本php_screw-1.5.tar.gz
	#cd /home/tools
	tar -zxvf php_screw-1.5.tar.gz
	cd php_screw-1.5
	
	#更改加密策略
	vim php_screw.h
	#修改 define PM9SCREW “\tPHPSCREW\t”
	
	vim my_screw.h
	#数组中数据随便修改,但最多保持在5位数
	
	vim php_screw.c
	#CG(extended_info) = 1; 修改为 CG(compiler_options) |= ZEND_COMPILE_EXTENDED_INFO;
	
	/usr/bin/phpize
	./configure --with-php-config=/usr/bin/php-config
	make && make install
	#编译会在/home/tools/php_screw-1.5/modules文件夹
	#/usr/lib64/php/modules/文件夹生成php_screw.so文件
	
	#php.ini添加extension=php_screw.so
	vim /etc/php.ini 
	systemctl restart php-fpm.service
	
	#生成加密二进制文件screw
	cd /home/tools/php_screw-1.5/tools
	make
	#make生成二进制文件screw
	
	cp screw /usr/bin/screw
	#接下来就玩起来吧

6、openssh升级到7.9
	
	#先安装telnet服务,以防卸载openssh后连接不到服务器
	yum list telnet-server
	yum install telnet-server
	yum list xinetd
	yum install xinetd
	
	#启动telnet服务
	systemctl enable xinetd
	systemctl enable telnet.socket
	systemctl start telnet.socket
	systemctl start xinetd
	
	#默认情况下系统是不允许root用户telnet远程登录的
	#如果要使用root用户直接登录需设置/etc/securetty
	vim /etc/securetty
	#添加 pts/0 
	#添加 pts/1
	systemctl restart xinetd
	
	#root登录时总是提示 login incorrect
	vim /etc/pam.d/login
	#auth ****** pam_securetty.so    注释这行
	
	#设置好后,最好重启下服务器
	reboot
	systemctl start telnet.socket
	systemctl start xinetd
	
	#wget 下载资源包
	wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.9p1.tar.gz
	
	#安装依赖包
	yum install openssl openssl-devel pam-devel gcc gcc-c++ zlib zlib-devel zlib-static
	
	#解压openssh-7.9p1.tar.gz
	tar -zxvf openssh-7.9p1.tar.gz
	cd openssh-7.9p1
	
	#备份/etc/ssh
	mv /etc/ssh /opt/ssh.bak
	
	#安装openssh7.9
	./configure --sysconfdir=/etc/ssh
	#没有错误继续
	make && make install
	
	#查看版本
	/usr/local/sbin/sshd -v

	#编译安装完毕后,默认不允许root远程登录
	vim /etc/ssh/sshd_config
	#PermitRootLogin prohibit-password 改成 PermitRootLogin yes
	
	#重启sshd
	systemctl restart sshd
	systemctl stop sshd
	systemctl start sshd
	systemctl enable sshd
	
	#可以关闭下sshd来体验下telnet,登录telnet后台启动下sshd
	#记得systemctl start telnet.socket systemctl start xinetd

7、一些问题总结
	#测试nginx是否配置有误,如果有误请去查看nginx的error_log日志
	/usr/local/nginx/sbin/nginx -t
	
	#/var/lib/php 需要设置777权限,PHP写入session
	chmod -R 777 /var/lib/php
	
	#检查是否开启selinux
	#查看是否开启了selinux [disabled或permissive是关闭|enforcing是开启]
	getenforce
	
	#setenforce 0关闭/1开启
	setenforce 0
	setenforce 1
	
	#PHP7.2开始mcrypt_encrypt已被移除需使用openssl_encrypt
	openssl_encrypt('加密串串','AES-128-ECB','加密种子',OPENSSL_RAW_DATA);
	openssl_decrypt('加密串串','AES-128-ECB','加密种子',OPENSSL_RAW_DATA);

　　

--防火墙
systemctl status firewalld 
systemctl disable firewalld
systemctl enable firewalld

查看版本： firewall-cmd --version
查看所有打开的端口： firewall-cmd --zone=public --list-ports
更新防火墙规则： firewall-cmd --reload

添加端口： firewall-cmd --zone=public --add-port=45168/tcp --permanent    (--permanent永久生效，没有此参数重启后失效)
查看端口： firewall-cmd --zone=public --query-port=45168/tcp
删除端口： firewall-cmd --zone=public --remove-port=45168/tcp --permanent (--permanent永久生效，没有此参数重启后失效)

-- selinux
查看状态： getenforce
永久关闭： vi /etc/selinux/config (将SELINUX=enforcing改为SELINUX=disabled 重启才能生效