[三木]十分钟教程之CentOS6.x安装搭建Apache+MariaDB(MySQL)+PHP+SSL+phpMyAdmin+Git+Gitweb(带LAMP服务器全自动安装shell脚本)

[三木]十分钟系列教程快速导读
第一篇:[三木]十分钟教程之本地安装搭建Ubuntu12.04+Apache+PHP+MySQL+phpMyAdmin+Git+Gitweb(带LAMP全自动安装shell脚本)

第二篇:[三木]十分钟教程之服务器安装搭建CentOS6.x+Nginx+PHP+MariaDB(MySQL)+phpMyAdmin+Git+Gitweb(带LAMP全自动安装shell脚本)

第三篇:PHP环境搭建:Windows 7下安装配置PHP(VC6)+Apache+Mysql+phpMyAdmin环境教程(带自启动bat脚本)

第四篇:[三木]十分钟教程之本地安装搭建Ubuntu12.04+Java7+ZendStudio9.03汉化破解(带全自动安装shell脚本)

第五篇:[三木]十分钟教程之CenotOS6.x字符(最简化)安装+网卡设置+更新yum源(带自动设置网卡和更新yum源shell脚本)

第六篇:[三木]十分钟教程之CenotOS5.x 6.x服务器初始化安全设置+用SSH Key远程登录linux服务器(带自动设置shell脚本)

第七篇:[三木]十分钟教程之CentOS6.x安装搭建Apache+MariaDB(MySQL)+PHP+SSL+phpMyAdmin+Git+Gitweb(带LAMP服务器全自动安装shell脚本)

第八篇:VisualSVN Server + Tortoise SVN windows平台快速搭建SVN服务器(带SVN Hooks(钩子)自动更新测试网站)使用教程

 

网上的一些文章都已经比较老了,现在版本高了之后,其实配置是很省力的(不考虑什么负载的话)

分享全过程,出了文中提到的安装epel rpmforge源指令不同外,其他的过程也适用与Centos 5
准备篇:

1、配置防火墙,开启80端口、3306端口
vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT(允许80端口通过防火墙)
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT(允许3306端口通过防火墙)
特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面
添加好之后防火墙规则如下所示:
#########################################################

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
#########################################################

/etc/init.d/iptables restart  #最后重启防火墙使配置生效

2、关闭SELINUX
vi /etc/selinux/config
#SELINUX=enforcing       #注释掉
#SELINUXTYPE=targeted    #注释掉
SELINUX=disabled         #增加
:wq  保存,关闭
shutdown -r now   #重启系统
3、先卸载掉系统上原有的MySQL、Apache、php,如果原系统没有安装这三个软件,则可以不用执行这一步。
卸载步骤如下:

卸载Mysql
[root@localhost ~]# rpm -qa|grep mysql
mod_auth_mysql-2.6.1-2.2
php-mysql-4.3.9-3.15
mysql-devel-4.1.20-1.RHEL4.1
mysql-4.1.20-1.RHEL4.1
mysqlclient10-3.23.58-4.RHEL4.1
libdbi-dbd-mysql-0.6.5-10.RHEL4.1

说明:rpm –qa | grep mysql 命令是为了把mysql相关的包都列出来,我上面的例子是Linux AS4默认安装mysql的rpm软件包列表,

如果是别的Linux版本列出来的列表有可能会不一样,不过不用担心,不管是什么,卸载都从最下面的一个包开始,直到卸载掉第一个为止。

说明:rpm –e 是卸载rpm包的命令,后面是包名称,最后的版本号是不用打的,比如我们下一步卸载mysqlclient10-3.23.58-4.RHEL4.1包

方法如下:
rpm –e mysqlclient

卸载Apache
[root@localhost ~]# rpm -qa|grep httpd
httpd-manual-2.0.52-25.ent
system-config-httpd-1.3.1-1
httpd-2.0.52-25.ent
httpd-suexec-2.0.52-25.ent

说明:方法跟卸载Mysql一样,不用说了吧

卸载PHP
[root@localhost ~]# rpm -qa|grep php
php-odbc-4.3.9-3.15
php-4.3.9-3.15
php-mysql-4.3.9-3.15
php-pear-4.3.9-3.15
php-ldap-4.3.9-3.15
php-pgsql-4.3.9-3.15

说明:方法跟卸载Mysql一样

注意:卸载的时候如果卸载不掉,系统一般会提示包的依赖关系,并且列出依赖的包的名称,先卸载提示依赖的包就可以了。

安装篇:

2.升级系统

yum update

3.安装mysql,并设置mysql开机自启动,同时启动mysql

yum install mysql
yum install mysql-server
chkconfig --levels 35 mysqld on
service mysqld start

4.配置mysql的root密码

mysql_secure_installation

Enter current password for root (enter for none): ( 回车)
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] (Y)

New password: (123456)
Re-enter new password: (123456)
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n]

(是否移出数据库的默认帐户,如果移出,那么在终端中直接输入mysql是会提示连接错误的)Y

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]

(是否禁止root的远程登录)Y
By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

最后出现:Thanks for using MySQL!
MySql密码设置完成,重新启动 MySQL:
/etc/init.d/mysqld stop   #停止
/etc/init.d/mysqld start  #启动
/etc/init.d/mysqld restart #重启
5.安装apache,并设置开机启动

yum install httpd    #根据提示,输入Y安装即可成功安装
/etc/init.d/httpd start  #启动Apache
备注:Apache启动之后会提示错误:
正在启动 httpd:httpd: Could not reliably determine the server's fully qualif domain name, using ::1 for ServerName
解决办法:
vi /etc/httpd/conf/httpd.conf   #编辑
找到     #ServerName  www.example.com:80
修改为    ServerName  www.osyunwei.com:80
:wq!    #保存退出
chkconfig httpd on   #设为开机启动
/etc/init.d/httpd restart  #重启Apache

这时候可以测试apache是否正常工作

直接浏览器访问localhost应该没问题,但是如果别的机子访问不了的话,是因为防火墙的关系,配置防火墙

(后面的ssl还会有这个问题的)

6.安装php

1、安装PHP5
yum install php
根据提示输入Y直到安装完成

2、安装PHP组件,使 PHP5 支持 MySQL
yum install php-mysql php-gd libjpeg* php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-bcmath php-mhash libmcrypt
这里选择以上安装包进行安装
根据提示输入Y回车
/etc/init.d/mysqld restart  #重启MySql
/etc/init.d/httpd restart  #重启Apche

这个时候php就安装完成拉,写个脚本测试一下

vi /var/www/html/info.php

输入

<?php
phpinfo();?>

访问localhost/info.php即可~

7.安装phpMyAdmin

首先先给系统安装epel 和rpmforge两个软件大仓库

#安装EPEL源###########################################################################
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm(这是64位系统源,32位请到以上这个网址列表找)
#安装RPMforge源###########################################################################
rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

如果是centos 5 的话执行下面

#安装EPEL源###########################################################################
rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm(这是64位系统源,32位请到以上这个网址列表找)
#安装RPMforge源###########################################################################
rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

接着安装起来就很方便拉,~根本不需要去下载就可以获得最新的版本

yum install phpmyadmin

安装完成后还需要配置一下访问权限,使得出了本机外,其他机子也能访问phpMyAdmin

vi /etc/httpd/conf.d/phpMyAdmin.conf

找到两个directory的权限设置,Allow from 改成All

<Directory /usr/share/phpMyAdmin/>
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from All
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from All
</Directory>

重启服务器

service httpd restart

测试localhost/phpMyAdmin

用户名密码:root 123456

OK~ LAMP搭建完毕

LAMP服务器全自动安装shell脚本

#!/bin/bash

# -------------------------------------------------------------------------------
# Filename:    lamp.sh
# Revision:    1.0
# Date:        2012/09/06
# Author:      三木
# Email:       linmaogan#gmail.com
# Website:     www.3mu.me
# Description: CentOS6.3+Apache+PHP+MariaDB+phpMyAdmin及相关扩展安装脚本
# Notes:       需要切换到root运行,版本针对64位系统,操作系统为CentOS6.3
# -------------------------------------------------------------------------------
# Copyright:   2012 (c) 三木
# License:     GPL
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty
# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# you should have received a copy of the GNU General Public License
# along with this program (or with Nagios);
#
# Credits go to Ethan Galstad for coding Nagios
# If any changes are made to this script, please mail me a copy of the changes
# -------------------------------------------------------------------------------
#Version 1.0
#2012-09-01 三木 初始版本建立
#Version 1.1
#2012-09-06 三木 修复php不能连接mysql的bug
# -------------------------------------------------------------------------------

#变量定义#############################################################################
IS_VPS=1
#解锁系统文件#########################################################################
chattr -i /etc/passwd
chattr -i /etc/group
chattr -i /etc/shadow
chattr -i /etc/gshadow
#chattr -i /etc/service
#如果已安装Apache和PHP,则卸载########################################################
yum -y remove httpd* php*  mysql
#更新软件库###########################################################################
yum update
#安装EPEL源###########################################################################
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
#安装REMI源###########################################################################
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
#安装apache###########################################################################
yum -y install httpd
#加入启动项###########################################################################
chkconfig --levels 345 httpd on
#启用Mod_rewrite模块
#a2enmod rewrite
#启用mod_ssl模块
#a2enmod ssl
#start apache#########################################################################
/etc/init.d/httpd start
#安装PHP5#############################################################################
yum -y install php
#为PHP5取得MySQL支持和安装PHP常用库###################################################
yum -y install php-mysql php-gd libjpeg* php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-bcmath php-mhash libmcrypt
#安装phpmyadmin#######################################################################
yum -y install phpmyadmin
#安装compat-mysql55,解决MariaDB与mysql-lib版本突的问题###############################
##CenotOS6用到,不用也可以
rpm -Uvh http://rpms.famillecollet.com/enterprise/6/test/x86_64/compat-mysql55-5.5.11-1.el6.remi.x86_64.rpm
#Importing the MariaDB Signing Key####################################################
rpm --import http://yum.mariadb.org/RPM-GPG-KEY-MariaDB
#Adding the MariaDB YUM Repository####################################################
echo '# MariaDB repository list - created 2012-08-12 09:38 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/5.5/centos6-amd64
gpgcheck=1'>>/etc/yum.repos.d/MariaDB.repo
#Installing MariaDB with YUM##########################################################
yum -y install MariaDB-server MariaDB-client
#加入启动项###########################################################################
chkconfig --levels 345 mysql on
#start MariaDB########################################################################
/etc/init.d/mysql start
#设置mysql密码及相关设置##############################################################
mysql_secure_installation

#####################################################################################
#####################################################################################
#目录设置############################################################################
#创建网站相关目录####################################################################
if [ $IS_VPS ];then
mkdir /home/data
ln -s /home/data /data
else
mkdir /data
fi

mkdir /www
mkdir /data/wwwroot
ln -s /data/wwwroot /www/
mkdir /data/wwwroot/log
mkdir /data/wwwroot/web
mkdir /data/wwwroot/git
mkdir /data/conf
mkdir /data/conf/sites-available
mkdir /data/conf/sites-enabled

mkdir /backup
ln -s /backup /data/

#配置文件目录设置######################################################################
#移动apache配置文件
cp -p /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak
mv /etc/httpd/conf/httpd.conf /data/conf/
ln -s /data/conf/httpd.conf /etc/httpd/conf/

#移动phpmyadmin配置文件
cp -p /etc/httpd/conf.d/phpmyadmin.conf /etc/httpd/conf.d/phpmyadmin.conf.bak
mv /etc/httpd/conf.d/phpmyadmin.conf /data/conf/sites-available/
#apache创建sites-available/*到sites-enabled/*的链接
ln -s /data/conf/sites-available/phpmyadmin.conf /data/conf/sites-enabled/phpmyadmin.conf
#移动mysql配置文件
cp -p /etc/my.cnf /etc/my.cnf.bak
mv /etc/my.cnf /data/conf/
ln -s /data/conf/my.cnf /etc/
#移动mysql数据库
cp -p /var/lib/mysql /var/lib/mysql-bak
mv /var/lib/mysql /data/
ln -s /data/mysql /var/lib/
#移动php配置文件
cp -p /etc/php.ini /etc/php.ini.bak
mv /etc/php.ini /data/conf/
ln -s /data/conf/php.ini /etc/
#日志文件目录设置######################################################################
#mysql错误日志

#添加www组和www用户####################################################################
groupadd www
useradd -g www www
#设置目录权限##########################################################################
chown -R www:www /data/wwwroot/web
#Apache配置############################################################################
#解决 httpd: Could not reliably determine the server's fully qualified domain name的错误提示
echo 'ServerName localhost:80' >> /data/conf/httpd.conf
#包含虚拟主机配置文件
echo 'Include /data/conf/sites-enabled/*' >> /data/conf/httpd.conf
echo 'NameVirtualHost *:80' >> /data/conf/httpd.conf
#在出现错误页的时候不显示服务器操作系统的名称
#在错误页中不显示Apache的版本
#禁止列出目录
#不在浏览器上显示树状目录结构
#设置默认首页文件,增加index.php
#允许程序性联机
#增加同时连接数
sed -i 's/ServerTokens OS/ServerTokens Prod/
s/ServerSignature On/ServerSignature Off/
s/Options Indexes FollowSymLinks/Options FollowSymLinks/
s/Options Indexes MultiViews FollowSymLinks/Options MultiViews FollowSymLinks/
s/DirectoryIndex index.html/DirectoryIndex index.html index.php/
s/KeepAlive Off/KeepAlive On/
s/MaxKeepAliveRequests 100/MaxKeepAliveRequests 1000/
s/User apache/User www/
s/Group apache/Group www/
s#/var/www/html#/data/wwwroot/web#' /data/conf/httpd.conf
#删除默认测试页
rm -f /etc/httpd/conf.d/welcome.conf /var/www/error/noindex.html
#php配置#############################################################################
#修改时区
#禁用的函数
#禁止显示php版本的信息
sed -i 's/;date.timezone \=/date.timezone \= PRC/
s/disable_functions \=/disable_functions \= passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname/
s/expose_php = On/expose_php = Off/' /data/conf/php.ini
#设置session文件为www用户组
chown -R root:www /var/lib/php/session
#phpMyAdmin配置######################################################################
#phpMyAdmin允许外部访问
sed -i 's/Allow from 127.0.0.1/Allow from all/' /data/conf/sites-available/phpmyadmin.conf
#设置config.inc.php文件为www用户组
chown root:www /usr/share/phpmyadmin/config.inc.php
#配置配置文件
sed -i "/blowfish_secret/s/''/'tooqe.com'/" /usr/share/phpmyadmin/config.inc.php

#开启防火墙
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -I INPUT -p tcp --dport 443 -j ACCEPT
/sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT
/etc/rc.d/init.d/iptables save
/etc/init.d/iptables restart

#重启所有服务器
/etc/init.d/httpd restart
/etc/init.d/mysql restart

#系统文件加锁
chattr +i /etc/passwd
chattr +i /etc/shadow
chattr +i /etc/gshadow
chattr +i /etc/group

8.安装git和gitweb

安装git
安装git非常简单,在CentOS下只要以下命令即可

# yum install git
(用 yum install git-core也可以)
安装gitweb
# yum install gitweb
系统默认安装到了/var/www/git下
配置文件在/etc/gitweb.conf下
apache配置文件/etc/httpd/conf.d/git.conf

重启apache
/etc/init.d/httpd restart
就可以通过IE浏览,http://xxxx/git/gitweb.cgi
也可以通过客户端访问 git clone http://xxx/git/仓库名

Git全自动安装shell脚本

#!/bin/bash

# -------------------------------------------------------------------------------
# Filename:    git.sh
# Revision:    1.1
# Date:        2012/09/10
# Author:      三木
# Email:       linmaogan#gmail.com
# Website:     www.3mu.me
# Description: 安装git
# Notes:       需要切换到root运行,版本针对64位系统,操作系统为CentOS6.3
# -------------------------------------------------------------------------------
# Copyright:   2012 (c) 三木
# License:     GPL
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty
# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# you should have received a copy of the GNU General Public License
# along with this program (or with Nagios);
#
# Credits go to Ethan Galstad for coding Nagios
# If any changes are made to this script, please mail me a copy of the changes
# -------------------------------------------------------------------------------
#Version 1.0
#2012-08-21 三木 初始版本建立
#Version 1.1
#2012-09-10 三木 增加git的web服务器类型判断
# -------------------------------------------------------------------------------

#变量定义#############################################################################
#设置做为git的web服务器的类型,apache或nginx
SERVICE=apache
#设置Git默认访问的用户名和密码,可根据实际进行修改
DEFAULT_USER1=linmaogan
DEFAULT_USER2=linmaogan
DEFAULT_PASSWORD=123456
#安装git###############################################################################
yum -y install git
#安装gitweb############################################################################
yum -y install gitweb
#设置版本库的根目录####################################################################
cp -p /etc/gitweb.conf /etc/gitweb.conf.bak
sed -i 's/$projectroot = /#$projectroot = /g' /etc/gitweb.conf
echo '$projectroot = "/data/wwwroot/git";' >> /etc/gitweb.conf
#开启网址伪静态
echo '$feature{'pathinfo'}{'default'} = [1];' >> /etc/gitweb.conf
#生成虚拟主机配置文件##################################################################
if [ $SERVICE == 'apache' ];then
echo '<VirtualHost *:80>
    ServerAdmin webmaster@build-server
    ServerName nb.tooqe.com
    #ServerAlias guiwan.com

    Alias /gitweb.css /var/www/git/gitweb.css
	Alias /gitweb.js /var/www/git/gitweb.js
	Alias /git-logo.png /var/www/git/git-logo.png
	Alias /git-favicon.png /var/www/git/git-favicon.png

    SetEnv GIT_PROJECT_ROOT /data/wwwroot/git
    SetEnv GIT_HTTP_EXPORT_ALL
    SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER

    <Location /git>
        AuthType Basic
        AuthName "Git"
        AuthUserFile /data/conf/gitweb.passwd
        Require valid-user

        Options +ExecCGI -Includes
    </Location>

    # This pattern matches git operations and passes them to http-backend
    ScriptAliasMatch \
        "(?x)^/git/(.*/(HEAD | \
                        info/refs | \
                        objects/(info/[^/]+ | \
                                 [0-9a-f]{2}/[0-9a-f]{38} | \
                                 pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
                        git-(upload|receive)-pack))$" \
        /usr/libexec/git-core/git-http-backend/$1

    # Anything not matched above goes to displayable gitweb interface
    ScriptAlias /git /var/www/git/gitweb.cgi/

    <Directory /var/www/git>
        Options FollowSymLinks +ExecCGI
  		AddHandler cgi-script .cgi
    </Directory>

</VirtualHost>' > /data/conf/sites-available/gitweb.conf
else
cat > /data/conf/sites-available/gitweb.conf << EOFI
server {
	listen 80;
  #listen 443;
  server_name cgi.test.com;
  index gitweb.cgi;

  error_log /var/log/nginx/git.error.log;
  access_log /var/log/nginx/git.access.log;

  # ssl because cox sucks
  #ssl on;
  #ssl_certificate /etc/nginx/ssl/git.eatabrick.org;
  #ssl_certificate_key /etc/nginx/ssl/server.key;

  root /var/www/git;

  # static repo files for cloning over https
  location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
    root /data/wwwroot/git/;
  }

  # requests that need to go to git-http-backend
  location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
    root /data/wwwroot/git;

    fastcgi_pass  unix:/tmp/perl-fastcgi.sock;
    fastcgi_param SCRIPT_FILENAME   /usr/libexec/git-core/git-http-backend;
    fastcgi_param PATH_INFO         \$uri;
    fastcgi_param GIT_PROJECT_ROOT  /data/wwwroot/git;
    include fastcgi_params;
  }

  # send anything else to gitweb if it\'s not a real file
  try_files \$uri @gitweb;
  location @gitweb {
	fastcgi_pass  unix:/tmp/perl-fastcgi.sock;
    fastcgi_param SCRIPT_FILENAME   /var/www/git/gitweb.cgi;
    fastcgi_param PATH_INFO         \$uri;
    fastcgi_param GITWEB_CONFIG     /etc/gitweb.conf;
    include fastcgi_params;
  }
}
EOFI
fi

#apache创建sites-available/*到sites-enabled/*的链接
ln -s /data/conf/sites-available/gitweb.conf /data/conf/sites-enabled/
#创建初始密码##########################################################################
htpasswd -bc /data/conf/gitweb.passwd $DEFAULT_USER1 $DEFAULT_PASSWORD
htpasswd -b /data/conf/gitweb.passwd $DEFAULT_USER2 $DEFAULT_PASSWORD
#重启所有服务器
if [ $SERVICE == 'apache' ];then
	/etc/init.d/nginx restart
	/etc/init.d/php-fpm restart
	/etc/init.d/perl-fastcgi restart
else
	/etc/init.d/httpd restart
fi

/etc/init.d/mysql restart

9.搭建SSL,让apache支持https

yum install mod_ssl

其实安装完这个模块后,重启完apache 就可以用https://localhost测试了,因为他创建了默认的证书

在/etc/pki/tls下

当然我们也可以用openssl创建自己的证书

yum install openssl

生成证书文件
创建一个rsa私钥,文件名为server.key

openssl genrsa -out server.key 1024

Generating RSA private key, 1024 bit long modulus
............++++++
............++++++
e is 65537 (0x10001)

用 server.key 生成证书签署请求 CSR

openssl req -new -key server.key -out server.csr

Country Name:两个字母的国家代号
State or Province Name:省份名称
Locality Name:城市名称
Organization Name:公司名称
Organizational Unit Name:部门名称
Common Name:你的姓名
Email Address:地址
至于 'extra' attributes 不用输入.直接回车

生成证书CRT文件server.crt。

openssl x509 -days 365 -req -in server.csr -signkey server.key -out server.crt

修改ssl.conf指定我们自己生成的证书

vi /etc/httpd/conf.d/ssl.conf

找到如下位置,修改路径

#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

OK

service httpd restart

整个过程我们不需要修改/etc/httpd/conf/httpd.conf 这就是版本高了的好处阿~

配置篇

一、Apache配置
vi /etc/httpd/conf/httpd.conf 编辑文件
ServerTokens OS     在44行  修改为:ServerTokens Prod (在出现错误页的时候不显示服务器操作系统的名称)
ServerSignature On  在536行 修改为:ServerSignature Off (在错误页中不显示Apache的版本)
Options Indexes FollowSymLinks  在331行 修改为:Options Includes ExecCGI FollowSymLinks(允许服务器执行CGI及SSI,禁止列出目录)
#AddHandler cgi-script .cgi 在796行 修改为:AddHandler cgi-script .cgi .pl (允许扩展名为.pl的CGI脚本运行)
AllowOverride None  在338行 修改为:AllowOverride All (允许.htaccess)
AddDefaultCharset UTF-8 在759行 修改为:AddDefaultCharset GB2312 (添加GB2312为默认编码)
Options Indexes MultiViews FollowSymLinks 在554行 修改为 Options MultiViews FollowSymLinks(不在浏览器上显示树状目录结构)
DirectoryIndex index.html index.html.var  在402行 修改为:DirectoryIndex index.html index.htm Default.html Default.htm index.php Default.php index.html.var  (设置默认首页文件,增加index.php)
KeepAlive Off   在76行 修改为:KeepAlive On (允许程序性联机)
MaxKeepAliveRequests 100   在83行 修改为:MaxKeepAliveRequests 1000 (增加同时连接数)
:wq!  #保存退出
/etc/init.d/httpd restart 重启
rm -f /etc/httpd/conf.d/welcome.conf /var/www/error/noindex.html    #删除默认测试页
二、php配置
vi  /etc/php.ini   #编辑
date.timezone = PRC     #在946行 把前面的分号去掉,改为date.timezone = PRC
disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname
#在386行 列出PHP可以禁用的函数,如果某些程序需要用到这个函数,可以删除,取消禁用。
expose_php = Off        #在432行 禁止显示php版本的信息
magic_quotes_gpc = On   #在745行 打开magic_quotes_gpc来防止SQL注入
open_basedir = .:/tmp/  #在380行,设置表示允许访问当前目录(即PHP脚本文件所在之目录)和/tmp/目录,可以防止php木马跨站,如果改了之后安装程序有问题,可注销此行,或者直接写上程序目录路径/var/www/html/www.3mu.me/:/tmp/
:wq!  #保存退出
/etc/init.d/mysqld restart  #重启MySql
/etc/init.d/httpd restart   #重启Apche

测试篇

cd  /var/www/html
vi  index.php   #新建index.php文件
<?php
phpinfo();
?>
:wq!

在客户端浏览器输入服务器IP地址,可以看到相关的配置信息!
注意:apache默认的程序目录是/var/www/html
权限设置:chown apache.apache -R /var/www/html
MySQL数据库目录是:/var/lib/mysql
权限设置:chown mysql.mysql -R  /var/lib/mysql

9.相关链接

Apache: http://httpd.apache.org/

PHP: http://www.php.net/

MySQL: http://www.mysql.com/

CentOS: http://www.centos.org/

phpMyAdmin: http://www.phpmyadmin.net/

发表评论?

1 条评论。

  1. 不错!直接用脚本就行了!自己也不用动手,呵呵,不过还是喜欢自己动手的好!

发表评论

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据