PHP message: PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 32768 bytes)

sudo vi /etc/php/7.0/cli/php.ini

sudo vi /etc/php/7.0/fpm/php.ini

sudo vi /etc/php/7.0/fpm/php-fpm.conf

change memory_limit=1024M

sudo systemctl restart php7.0-fpm.service

sudo systemctl restart nginx.service

Configuring MariaDB for Remote Client Access

resource- https://mariadb.com/kb/en/library/configuring-mariadb-for-remote-client-access/

Finding the Defaults File

To enable MariaDB to listen to remote connections, you need to edit your defaults file. See Configuring MariaDB with my.cnf for more detail.

Common locations for defaults files:

  * /etc/my.cnf                              (*nix/BSD)
  * $MYSQL_HOME/my.cnf                       (*nix/BSD) *Most Notably /etc/mysql/my.cnf
  * SYSCONFDIR/my.cnf                        (*nix/BSD)
  * DATADIR\my.ini                           (Windows)

Editing the Defaults File

Once you have located the defaults file, use a text editor to open the file and try to find lines like this under the [mysqld] section:

 [mysqld]
    ...
    skip-networking
    ...
    bind-address = 
    ...

(The lines may not be in this order, and the order doesn't matter.)

If you are able to locate these lines, make sure they are both commented out (prefaced with hash (#) characters), so that they look like this:

 [mysqld]
    ...
    #skip-networking
    ...
    #bind-address = 
    ...

(Again, the order of these lines don't matter)

Save the file and restart the mysqld daemon or service (see Starting and Stopping MariaDB).

Granting User Connections From Remote Hosts

Now that your MariaDB server installation is setup to accept connections from remote hosts, we have to add a user that is allowed to connect from something other than 'localhost' (Users in MariaDB are defined as 'user'@'host', so 'chadmaynard'@'localhost' and 'chadmaynard'@'1.1.1.1' (or 'chadmaynard'@'server.domain.local') are different users that can have completely different permissions and/or passwords.

To create a new user:

• log into the mysql command line client (or your favorite graphical client if you wish)

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 36
Server version: 5.5.28-MariaDB-mariadb1~lucid mariadb.org binary distribution

Copyright (c) 2000, 2012, Oracle, Monty Program Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> 

• if you are interested in viewing any existing remote users, issue the following SQL statement on the mysql.usertable:

SELECT User, Host FROM mysql.user WHERE Host <> 'localhost';
+--------+-----------+
| User   | Host      |
+--------+-----------+
| daniel | %         |
| root   | 127.0.0.1 |
| root   | ::1       |
| root   | gandalf   |
+--------+-----------+
4 rows in set (0.00 sec)

(If you have a fresh install, it is normal for no rows to be returned)

Now you have some decisions to make. At the heart of every grant statement you have these things:

• list of allowed privileges
• what database/tables these privileges apply to
• username
• host this user can connect from
• and optionally a password

It is common for people to want to create a "root" user that can connect from anywhere, so as an example, we'll do just that, but to improve on it we'll create a root user that can connect from anywhere on my local area network (LAN), which has addresses in the subnet 192.168.100.0/24. This is an improvement because opening a MariaDB server up to the Internet and granting access to all hosts is bad practice.

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.100.%' IDENTIFIED BY 'my-new-password' WITH GRANT OPTION;

(% is a wildcard)

For more information about how to use GRANT, please see the GRANT page.

At this point we have accomplished our goal and we have a user 'root' that can connect from anywhere on the 192.168.100.0/24 LAN.

Port 3306 is Configured in Firewall

One more point to consider whether the firwall is configured to allow incoming request from remote clients:

On RHEL and CentOS 7, it may be necessary to configure the firewall to allow TCP access to MySQL from remote hosts. To do so, execute both of these commands:

firewall-cmd --add-port=3306/tcp 
firewall-cmd --permanent --add-port=3306/tcp

CRITICAL_STRUCTURE_CORRUPTION on a VMWare virtual machine

From source: https://support.microsoft.com/en-us/help/2902739/stop-error-0x109-critical-structure-corruption-on-a-vmware-virtual-mac

Stop error 0x109: CRITICAL_STRUCTURE_CORRUPTION on a VMWare virtual machine

Symptoms

On a Windows Server Virtual Machine that is running VMWare ESXi 5.0.x, you receive a "CRITICAL_STRUCTURE_CORRUPTION" Stop error code that begins as follows:

Bugcheck code 00000109
Arguments a3a01f58`92797517 b3b72bde`e4f976b6 00000000`c0000103 00000000`00000007

Cause

This problem occurs because the system detects a Critical MSR modification, and then it crashes.

Resolution

To resolve this problem, go to the following VMWare website:

Windows 8.1/Windows Server 2012 virtual machines fail with a blue screen and report the error: CRITICAL_STRUCTURE_CORRUPTION (2060019)

This is a known issue that affects ESXi 5.0.x. For more information, contact VMWare.

To work around this issue, manually create a CPUID mask for the affected virtual machines. To do this, follow these steps:

1.      Turn off the virtual machine.

2.      Right-click the virtual machine, and then click Edit Settings.

3.      Click the Options tab.

4.      Under Advanced, click CPUID Mask.

5.      Click Advanced.

6.      In the Register column, locate the edx register under Level 80000001.

7.      In the Value field, enter the following character string exactly:

----:0---:----:----:----:----:----:----

8.      Click OK two times.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

More Information

0: kd> .bugcheck
Bugcheck code 00000109
Arguments a3a01f58`92797517 b3b72bde`e4f976b6 00000000`c0000103 00000000`00000007
0: kd> !sysinfo machineid
Machine ID Information [From Smbios 2.4, DMIVersion 0, Size=10150]
BiosMajorRelease = 4
BiosMinorRelease = 6
FirmwareMajorRelease = 0
FirmwareMinorRelease = 0
BiosVendor = Phoenix Technologies LTD
BiosVersion = 6.00
BiosReleaseDate = 07/09/2012
SystemManufacturer = VMware, Inc.
SystemProductName = VMware Virtual Platform
SystemVersion = None
BaseBoardManufacturer = Intel Corporation
BaseBoardProduct = 440BX Desktop Reference Platform
BaseBoardVersion = None

CRITICAL_STRUCTURE_CORRUPTION (109)

This Stop error is generated when the kernel detects that critical kernel code or data has been corrupted. Typically, any of the following situations can cause this corruption:

·        A driver inadvertently or deliberately modified critical kernel code or data. For more information, see Kernel patch protection for x64-based operating systems.

·        A developer tried to set a standard kernel breakpoint by using a kernel debugger that was not attached when the system was started. Standard breakpoints (bp) can be set only if the debugger is attached at startup. Processor breakpoints (ba) can be set at any time.

·        A hardware corruption occurred. For example, the kernel code or data might have been stored in memory that failed.

Arguments:
Arg1: a3a01f5892797517, Reserved
Arg2: b3b72bdee4f976b6, Reserved
Arg3: 00000000c0000103, Failure type-dependent information
Arg4: 0000000000000007, Type of corrupted region, can be 7: Critical MSR modification

Properties

Article ID: 2902739 - Last Review: Jan 31, 2014 - Revision: 1

關掉或開啟 selinux

原文 http://blog.xuite.net/tolarku/blog/195633562-CentOS+%E9%97%9C%E9%96%89+selinux
 
==暫時性的關掉或開啟 selinux==
$ getenforce
Enforcing
$ sudo setenforce 0
$ getenforce
Permissive
$ sudo setenforce 1
$ getenforce
Enforcing

==永久性的關掉 selinux==
 $ sudo vi /etc/sysconfig/selinux    
找到
SELINUX=enforcing
然後修改為
SELINUX=disabled
要重新開機 reboot / restart 後才會套用
 
==httpd 403 forbidden 錯誤
因為有使用 selinux 而你新增了一些檔案或目錄到「網頁目錄 /var/www/html」，明明檔案就存在，卻無法正常從瀏覽器觀看，這不是 file permission chmod 的問題，是 selinux 檔案 http 存取權限的問題，需要用
sudo restorecon -R -v /var/www/html/new_folder

CentOS 7 關閉防火牆及 SELinux

轉貼原文 https://www.phpini.com/linux/centos-7-disable-firewalld-selinux

CentOS 7 的 SELinux 及 Firewalld 防火牆都是安全相關的套件, RHEL 及 CentOS 均預設開啟, 但如果在開發或測試的機器上, 將它們關閉對除錯方便不少。

關閉 SELinux:

開啟檔案 /etc/selinux/config:

# vi /etc/selinux/config

找到以下一行:
SELINUX=enforce
改成:
SELINUX=disabled
另外將 “SELINUXTYPE=targeted” 加上註釋, 改成這樣:
# SELINUXTYPE=targeted
儲存後離開編輯器, 需要重新開機設定才會生效。
要檢查 SELinux 的狀態, 執行 sestatus 指令便可以看到:

# sestatus

關閉 Firewalld 防火牆:

關閉 Firewalld 防火牆指令:

# systemctl stop firewalld.service

設定下次開機不會啟動 Firewalld 防火牆

# systemctl disable firewalld.service

CentOS中apache與php寫入權限與SELinux設定

Original : http://diary.tw/tim/entry/config-selinux-with-apache-and-php-to-write-permission

由於 CentOS 有 SELinux 的權限設限, 所以相對一些安全層級也都比較高, 最近有個需要用 php 寫入檔案(或是上傳檔案的應用), 原本的 php 在預設狀況下, 就會對 /tmp 有寫入的權限(預設是會在 /tmp/systemd-private-xxxxxx 下的私有 /tmp), 所以上傳時沒有問題, 但使用 move_uploaded_file() 至目的目錄時, 會有寫入的權限問題.

方式如下:

Method A
1. 要寫入需要有對應的權限, 建議方式是將要寫入的目錄給予 apache 執行用戶的擁有者, 如 CentOS 配 apache 時, user 為 apache

chown -R apache /var/www/mysite1/upload

2. 此時只需要給予對應目錄 755 的權限即可(通常預設也是這個).

chmod -R 755 /var/www/mysite1/upload

Method B (不建議)
1. 直接給予該目錄 global write 的權限, 777 即可, 不過會有安全性的考量

chmod -R 777 /var/www/mysite1/upload

完成之後, 若仍無法寫入, 則是因為 SELinux 的設限, 所以即使完成了上面的設定也無法寫入, 此時要再進一步設定 SELinux, 方式如下:

sudo chcon -t httpd_sys_rw_content_t /var/www/mysite1/upload -R

原因為預設的 webservice 能擁有的權限角色為 httpd_sys_content_t , 是無法寫入檔案的, 所以需要再進一步設定 SELinux 才行.

參考資料:
https://blog.lysender.com/2015/07/centos-7-selinux-php-apache-cannot-writeaccess-file-no-matter-what/

另外寫得很仔細的 SELinux 資料可以參考:
https://www.digitalocean.com/community/tutorials/an-introduction-to-selinux-on-centos-7-part-1-basic-concepts
https://www.digitalocean.com/community/tutorials/an-introduction-to-selinux-on-centos-7-part-2-files-and-processes
https://www.digitalocean.com/community/tutorials/an-introduction-to-selinux-on-centos-7-part-3-users

yum install

yum install php-xml --enablerepo=remi,remi-php55