Step One—Open the Firewall

#/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
#/sbin/iptables -I INPUT -p tcp --dport 22 -j ACCEPT
#/sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT

#/etc/rc.d/init.d/iptables save

sudo yum install epel-release

 sudo yum install mysql-server

sudo /etc/init.d/mysqld restart

sudo /usr/bin/mysql_secure_installation

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y                                            
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

sudo yum install nginx

sudo /etc/init.d/nginx start

ifconfig eth0 | grep inet | awk '{ print $2 }'

sudo yum install php

yum install php-mysql php-gd libjpeg* php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-bcmath php-mhash libmcrypt libmcrypt-devel php-fpm

Configure the PHP Processor

We now have our PHP components installed, but we need to make a slight configuration change to make our setup more secure. Open the main php-fpm configuration file with root privileges:

• sudo vi /etc/php.ini

What we are looking for in this file is the parameter that sets cgi.fix_pathinfo. This will be commented out with a semi-colon (;) and set to “1” by default. This is an extremely insecure setting because it tells PHP to attempt to execute the closest file it can find if a PHP file does not match exactly. This basically would allow users to craft PHP requests in a way that would allow them to execute scripts that they shouldn’t be allowed to execute. We will change both of these conditions by uncommenting the line and setting it to “0” like this:

cgi.fix_pathinfo=0

Save and close the file when you are finished. Next, open the php-fpm configuration file www.conf:

• sudo vi /etc/php-fpm.d/www.conf

Find the line that specifies the listen parameter, and change it so it looks like the following:

listen = /var/run/php-fpm/php-fpm.sock

Next, find the lines that set the listen.owner and listen.group and uncomment them. They should look like this:

listen.owner = nobody
listen.group = nobody

Lastly, find the lines that set the user and group and change their values from “apache” to “nginx”:

user = nginx
group = nginx

Then save and quit. Now, we just need to start our PHP processor by typing:

• sudo systemctl start php-fpm

This will implement the change that we made. Next, enable php-fpm to start on boot:

• sudo systemctl enable php-fpm

Step Six — Configure Nginx to Process PHP Pages

Now, we have all of the required components installed. The only configuration change we still need to do is tell Nginx to use our PHP processor for dynamic content. We do this on the server block level (server blocks are similar to Apache’s virtual hosts). Open the default Nginx server block configuration file by typing:

• sudo vi /etc/nginx/conf.d/default.conf

Currently, with the comments removed, the Nginx default server block looks like this:

server {
    listen       80;
    server_name  localhost;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

We need to make some changes to this file for our site.

• First, we need to add an index.php option as the first value of our index directive to allow PHP index files to be served when a directory is requested
• We also need to modify the server_name directive to point to our server’s domain name or public IP address
• The actual configuration file includes some commented out lines that define error processing routines. We will uncomment those to include that functionality
• For the actual PHP processing, we will need to uncomment a portion of another section. We will also need to add a try_files directive to make sure Nginx doesn’t pass bad requests to our PHP processor

The changes that you need to make are in red in the text below. If you prefer, you may just copy and paste everything, then replace the value of server_name with the appropriate domain name or IP address:

server {
    listen       80;
    server_name  server_domain_name_or_IP;

    # note that these lines are originally from the "location /" block
    root   /usr/share/nginx/html;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

When you’ve made the above changes, you can save and close the file. Restart Nginx to make the necessary changes:

• sudo systemctl restart nginx

Step Seven — Test PHP Processing on your Web Server

In order to test that our system is configured properly for PHP, we can create a very basic PHP script. We will call this script info.php. In order for Apache to find the file and serve it correctly, it must be saved to a very specific directory, which is called the “web root”. In CentOS 7, this directory is located at /usr/share/nginx/html/. We can create the file at that location by typing:

• sudo vi /usr/share/nginx/html/info.php

This will open a blank file. We want to put the following text, which is valid PHP code, inside the file:

<?php phpinfo(); ?>

When you are finished, save and close the file. Now we can test whether our web server can correctly display content generated by a PHP script. To try this out, we just have to visit this page in our web browser. You’ll need your server’s public IP address again. The address you want to visit will be:

http://your_server_IP_address/info.php

The page that you come to should look something like this: This page basically gives you information about your server from the perspective of PHP. It is useful for debugging and to ensure that your settings are being applied correctly. If this was successful, then your PHP is working as expected. You probably want to remove this file after this test because it could actually give information about your server to unauthorized users. To do this, you can type this:

• sudo rm /usr/share/nginx/html/info.php

You can always recreate this page if you need to access the information again later.

Conclusion

Now that you have a LEMP stack installed, you have many choices for what to do next. Basically, you’ve installed a platform that will allow you to install most kinds of websites and web software on your server.

chown nginx.nginx /usr/share/nginx/html/ -R  #设置目录所有者

chmod 700  /usr/share/nginx/html/ -R   #设置目录权限