HIGO1. Local Mirror Installation
1.1 Install
Use nginx locally — OpenResty is recommended.
yum install -y gcc-c++ cmake make freetype-devel libpng-devel libjpeg-devel curl-devel libxml2-devel libmcrypt-devel ncurses-devel mhash-devel pcre-devel openssl-devel openldap-devel openldap-devel libtool-ltdl-devel neon-devel wget vim*
./configure --prefix=/usr/local/openresty
gmake && gmake installyum install -y gcc-c++ cmake make freetype-devel libpng-devel libjpeg-devel curl-devel libxml2-devel libmcrypt-devel ncurses-devel mhash-devel pcre-devel openssl-devel openldap-devel openldap-devel libtool-ltdl-devel neon-devel wget vim*
./configure --prefix=/usr/local/openresty
gmake && gmake installTest:
# Test config file
/usr/local/openresty/nginx/sbin/nginx -t
# Start
/usr/local/openresty/nginx/sbin/nginx
# Reload
/usr/local/openresty/nginx/sbin/nginx -s reload# Test config file
/usr/local/openresty/nginx/sbin/nginx -t
# Start
/usr/local/openresty/nginx/sbin/nginx
# Reload
/usr/local/openresty/nginx/sbin/nginx -s reload1.2 conf/nginx.conf
user www www;
worker_processes 8;
events {
use epoll;
worker_connections 51200;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
server_names_hash_bucket_size 128;
client_header_buffer_size 128k;
large_client_header_buffers 4 128k;
access_log off;
keepalive_timeout 60;
tcp_nodelay on;
gzip on;
include vhosts/*;
fastcgi_connect_timeout 3000;
fastcgi_send_timeout 3000;
fastcgi_read_timeout 3000;
}user www www;
worker_processes 8;
events {
use epoll;
worker_connections 51200;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
server_names_hash_bucket_size 128;
client_header_buffer_size 128k;
large_client_header_buffers 4 128k;
access_log off;
keepalive_timeout 60;
tcp_nodelay on;
gzip on;
include vhosts/*;
fastcgi_connect_timeout 3000;
fastcgi_send_timeout 3000;
fastcgi_read_timeout 3000;
}1.3 Create default under conf/vhosts/
server
{
listen 80;
server_name pigai.org;
index index.html index.php index.shtml index.htm ;
root /data/app/default;
location / {
proxy_pass http://www.pigai.org;
header_filter_by_lua_block {
ngx.header["X-Powered-By"] = nil
}
proxy_set_header Host www.pigai.org;
proxy_set_header P-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwardd-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 120s;
proxy_read_timeout 120s;
proxy_send_timeout 120s;
proxy_buffer_size 64k;
proxy_buffers 4 64k;
break;
}
## XSS security
if ( $args ~* "set([^&=]+)var" ) {
return 403;
}
if ( $args ~* "set(.+)echo" ) {
return 403;
}
if ( $args ~* "this\.src" ) {
return 403;
}
if ( $args ~* "(iframe%3E|%2fiframe)" ) {
return 403;
}
if ( $args ~* "(script%3E|%2fscript)" ) {
return 403;
}
## System
if ( $args ~* "(etc\/passwd)" ) {
return 403;
}
if ( $args ~* "%3C" ) {
return 403;
}
if ( $args ~* "%3E" ) {
return 403;
}
if ( $args ~* "\(*+\)" ) {
return 403;
}
}server
{
listen 80;
server_name pigai.org;
index index.html index.php index.shtml index.htm ;
root /data/app/default;
location / {
proxy_pass http://www.pigai.org;
header_filter_by_lua_block {
ngx.header["X-Powered-By"] = nil
}
proxy_set_header Host www.pigai.org;
proxy_set_header P-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwardd-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 120s;
proxy_read_timeout 120s;
proxy_send_timeout 120s;
proxy_buffer_size 64k;
proxy_buffers 4 64k;
break;
}
## XSS security
if ( $args ~* "set([^&=]+)var" ) {
return 403;
}
if ( $args ~* "set(.+)echo" ) {
return 403;
}
if ( $args ~* "this\.src" ) {
return 403;
}
if ( $args ~* "(iframe%3E|%2fiframe)" ) {
return 403;
}
if ( $args ~* "(script%3E|%2fscript)" ) {
return 403;
}
## System
if ( $args ~* "(etc\/passwd)" ) {
return 403;
}
if ( $args ~* "%3C" ) {
return 403;
}
if ( $args ~* "%3E" ) {
return 403;
}
if ( $args ~* "\(*+\)" ) {
return 403;
}
}1.4 Test
http://ip — homepage; requires server-side configuration to display correctly.
2. Server-Side Configuration
2.1 Modify conf/nserver.php
Use the IP or domain as the key (i.e., the access address):
,'202.202.200.131'=>array('name'=>'Sichuan International Studies University','tpl'=>'sisu.edu.cn')
2.2 Modify template/2011/login.html
sisu.edu.cn is the tpl value from section 2.1.
2.3 Add Template File login_xxx.html
Place it at template/2011/login_xxx.html.
Using login_sisu.html as an example — copy an existing template and do a bulk find-and-replace for images and text.
Images can be prepared by the design team: carousel images + logo. Typically 2 carousel images + 1 logo.
Place the images under res/images/.
3. Local Data Backup
3.1 MySQL Installation (deprecated)
See section 3.5 for one-click install.
plain
# Download
shell> wget https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
# Install MySQL source
shell> yum localinstall mysql57-community-release-el7-11.noarch.rpm
# Verify
shell> yum repolist enabled | grep "mysql.*-community.*"
# Install via yum
shell> yum install -y mysql-community-server# Download
shell> wget https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
# Install MySQL source
shell> yum localinstall mysql57-community-release-el7-11.noarch.rpm
# Verify
shell> yum repolist enabled | grep "mysql.*-community.*"
# Install via yum
shell> yum install -y mysql-community-serverReference: https://www.jianshu.com/p/1dab9a4d0d5f
If you get the error:
The GPG keys listed for the "MySQL 5.7 Community Server" repository are already installed but they are not correct for this package.
See: https://www.cnblogs.com/volun/p/15824751.html
3.2 PHP Installation (deprecated)
See section 3.5 for one-click install.
3.2.1 Install PHP 5.6 on CentOS 8 (default path: /opt/remi/php56)
plain
// 1. Install REMI repo:
yum install http://rpms.remirepo.net/enterprise/remi-release-8.rpm
yum install dnf-utils -y
yum config-manager --set-enabled remi
// 2. Set PHP version
phpversion=php56
// 3. Install components
yum install -y $phpversion-php-fpm $phpversion-php-cli $phpversion-php-bcmath $phpversion-php-gd $phpversion-php-json $phpversion-php-mbstring $phpversion-php-mcrypt $phpversion-php-mysqlnd $phpversion-php-opcache $phpversion-php-pdo $phpversion-php-pecl-crypto $phpversion-php-pecl-mcrypt $phpversion-php-pecl-geoip $phpversion-php-recode $phpversion-php-snmp $phpversion-php-soap $phpversion-php-xml
// 4. Config
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/opt/remi/php56/php.ini
// 5. Restart PHP
systemctl restart php56-php-fpm
// 6. Enable on boot
systemctl enable php56-php-fpm// 1. Install REMI repo:
yum install http://rpms.remirepo.net/enterprise/remi-release-8.rpm
yum install dnf-utils -y
yum config-manager --set-enabled remi
// 2. Set PHP version
phpversion=php56
// 3. Install components
yum install -y $phpversion-php-fpm $phpversion-php-cli $phpversion-php-bcmath $phpversion-php-gd $phpversion-php-json $phpversion-php-mbstring $phpversion-php-mcrypt $phpversion-php-mysqlnd $phpversion-php-opcache $phpversion-php-pdo $phpversion-php-pecl-crypto $phpversion-php-pecl-mcrypt $phpversion-php-pecl-geoip $phpversion-php-recode $phpversion-php-snmp $phpversion-php-soap $phpversion-php-xml
// 4. Config
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/opt/remi/php56/php.ini
// 5. Restart PHP
systemctl restart php56-php-fpm
// 6. Enable on boot
systemctl enable php56-php-fpm3.3 Local Application Deployment
a. Initialize
plain
# Option 1:
# Create local directory
mkdir -p /data/app/fxphp/apps/
cd /data/app/fxphp/apps/
# Update code via SVN (ask for credentials)
svn co http://svn.server.com/svn/local.pigai.org
# Copy framework and extract fxphp202009.zip
cp ~/fxphp202009.zip /data/app/fxphp/apps/
unzip fxphp202009.zip
# Option 2:
# Use local source fxphp.zip# Option 1:
# Create local directory
mkdir -p /data/app/fxphp/apps/
cd /data/app/fxphp/apps/
# Update code via SVN (ask for credentials)
svn co http://svn.server.com/svn/local.pigai.org
# Copy framework and extract fxphp202009.zip
cp ~/fxphp202009.zip /data/app/fxphp/apps/
unzip fxphp202009.zip
# Option 2:
# Use local source fxphp.zipb. Import Data
Initialize the data on the reference server before installation.
c. Local Installation
plain
1. Copy update_version/conf_db.php to conf/ and update username/password
Usually: copy conf/conf_db_bak.php to conf/conf_db.php
Update the database name: 'dbname'=> 'pigai_nju'
2. Import update_version/pigai_local.sql into the database
3. Copy server_name_bak.php to server_name.php and update:
define('_school','Nantong University');
define('_school_title','Nantong University English Essay Local Backup');
4. Set permissions:
chmod 777 -R cache
chmod 777 -R template/lc_2012_c/1. Copy update_version/conf_db.php to conf/ and update username/password
Usually: copy conf/conf_db_bak.php to conf/conf_db.php
Update the database name: 'dbname'=> 'pigai_nju'
2. Import update_version/pigai_local.sql into the database
3. Copy server_name_bak.php to server_name.php and update:
define('_school','Nantong University');
define('_school_title','Nantong University English Essay Local Backup');
4. Set permissions:
chmod 777 -R cache
chmod 777 -R template/lc_2012_c/d. Crontab — Daily Scheduled Backup on Backup Server
plain
1. php -f crontab/uplog.php # Fetch download tasks
2. php -f crontab/save.php # Execute download tasks
3. php -f crontab/upteacher.php # Update teacher count
Crontab:
10 2 * * * /usr/local/php/bin/php -f /data/app/fxphp/apps/local.pigai.org/crontab/uplog.php
40 3 * * * /usr/local/php/bin/php -f /data/app/fxphp/apps/local.pigai.org/crontab/save.php >/dev/null 2>&1
40 6 * * * /usr/local/php/bin/php -f /data/app/fxphp/apps/local.pigai.org/crontab/upteacher.php1. php -f crontab/uplog.php # Fetch download tasks
2. php -f crontab/save.php # Execute download tasks
3. php -f crontab/upteacher.php # Update teacher count
Crontab:
10 2 * * * /usr/local/php/bin/php -f /data/app/fxphp/apps/local.pigai.org/crontab/uplog.php
40 3 * * * /usr/local/php/bin/php -f /data/app/fxphp/apps/local.pigai.org/crontab/save.php >/dev/null 2>&1
40 6 * * * /usr/local/php/bin/php -f /data/app/fxphp/apps/local.pigai.org/crontab/upteacher.php3.4 nginx vhosts Configuration
Open port 81:
plain
vim /usr/local/openresty/nginx/conf/vhosts/defautl_81vim /usr/local/openresty/nginx/conf/vhosts/defautl_81defautl_81 config:
plain
server
{
listen 81;
server_name local.pigai.org;
index index.html index.php index.shtml index.htm ;
root /data/app/fxphp/apps/local.pigai.org/;
location ~ ^(.*)\/\.svn\/{
return 404;
}
location ~ .*\.php?$
{
include fastcgi_judian;
}
location ~* .(jpg|gif|png|js)$ {
if (-f $request_filename) {
expires max;
break;
}
}
}server
{
listen 81;
server_name local.pigai.org;
index index.html index.php index.shtml index.htm ;
root /data/app/fxphp/apps/local.pigai.org/;
location ~ ^(.*)\/\.svn\/{
return 404;
}
location ~ .*\.php?$
{
include fastcgi_judian;
}
location ~* .(jpg|gif|png|js)$ {
if (-f $request_filename) {
expires max;
break;
}
}
}3.5 LNMP One-Click Install (NGINX + PHP + MySQL)
plain
# Download
wget http://soft.vpser.net/lnmp/lnmp1.7.tar.gz -cO lnmp1.7.tar.gz
tar zxf lnmp1.7.tar.gz
cd lnmp1.7
lnmp
# Select MySQL 5.6, PHP 5.6# Download
wget http://soft.vpser.net/lnmp/lnmp1.7.tar.gz -cO lnmp1.7.tar.gz
tar zxf lnmp1.7.tar.gz
cd lnmp1.7
lnmp
# Select MySQL 5.6, PHP 5.64. Network & Startup Configuration
4.1 nmcli Network Configuration
CentOS 7+ uses nmcli for network configuration:
plain
# List network devices
nmcli d
# List connections; add one if a device has no connection
nmcli c
# Add a connection
nmcli c add type ethernet con-name ens33 ifname ens33 ipv4.addr <ip>/26 ipv4.gateway <gateway> ipv4.method manual
# Reload network
nmcli c reload
# Bring down interface
nmcli c down ens33
# Bring up interface
nmcli c up ens33# List network devices
nmcli d
# List connections; add one if a device has no connection
nmcli c
# Add a connection
nmcli c add type ethernet con-name ens33 ifname ens33 ipv4.addr <ip>/26 ipv4.gateway <gateway> ipv4.method manual
# Reload network
nmcli c reload
# Bring down interface
nmcli c down ens33
# Bring up interface
nmcli c up ens33Reference: https://www.jianshu.com/p/fe644bbaf8a8
4.2 Firewall (firewalld)
plain
# Open port 22
firewall-cmd --zone=public --add-port=22/tcp --permanent
# Open port 80
firewall-cmd --zone=public --add-port=80/tcp --permanent
# Reload firewall
firewall-cmd --reload
# List open ports
firewall-cmd --list-port
# Enable firewall on boot
systemctl enable firewalld# Open port 22
firewall-cmd --zone=public --add-port=22/tcp --permanent
# Open port 80
firewall-cmd --zone=public --add-port=80/tcp --permanent
# Reload firewall
firewall-cmd --reload
# List open ports
firewall-cmd --list-port
# Enable firewall on boot
systemctl enable firewalld4.3 NGINX Auto-Start
plain
cd /lib/systemd/system/
vim nginx.servicecd /lib/systemd/system/
vim nginx.serviceAdd to nginx.service:
plain
[Unit]
Description=nginx service
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/openresty/nginx/sbin/nginx
ExecReload=/usr/local/openresty/nginx/sbin/nginx -s reload
ExecStop=/usr/local/openresty/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target[Unit]
Description=nginx service
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/openresty/nginx/sbin/nginx
ExecReload=/usr/local/openresty/nginx/sbin/nginx -s reload
ExecStop=/usr/local/openresty/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.targetplain
# Enable NGINX auto-start
systemctl enable nginx
# Start NGINX
systemctl start nginx.service# Enable NGINX auto-start
systemctl enable nginx
# Start NGINX
systemctl start nginx.service5. Tools
1. SecureCRT
SecureCRT portable cracked version v8.5.4 Chinese edition
http://www.kkx.net/soft/473.html
2. VMware
Download available via cloud storage link.