[三木]十分钟系列教程快速导读:
第一篇:[三木]十分钟教程之本地安装搭建Ubuntu12.04+Apache+PHP+MySQL+phpMyAdmin+Git+Gitweb(带LAMP全自动安装shell脚本)
第二篇:[三木]十分钟教程之服务器安装搭建CentOS6.x+Nginx+PHP+MariaDB(MySQL)+phpMyAdmin+Git+Gitweb(带LAMP全自动安装shell脚本)
第三篇:PHP环境搭建:Windows 7下安装配置PHP(VC6)+Apache+Mysql+phpMyAdmin环境教程(带自启动bat脚本)
第四篇:[三木]十分钟教程之本地安装搭建Ubuntu12.04+Java7+ZendStudio9.03汉化破解(带全自动安装shell脚本)
第五篇:[三木]十分钟教程之CenotOS6.x字符(最简化)安装+网卡设置+更新yum源(带自动设置网卡和更新yum源shell脚本)
第六篇:[三木]十分钟教程之CenotOS5.x 6.x服务器初始化安全设置+用SSH Key远程登录linux服务器(带自动设置shell脚本)
第七篇:[三木]十分钟教程之CentOS6.x安装搭建Apache+MariaDB(MySQL)+PHP+SSL+phpMyAdmin+Git+Gitweb(带LAMP服务器全自动安装shell脚本)
第八篇:VisualSVN Server + Tortoise SVN windows平台快速搭建SVN服务器(带SVN Hooks(钩子)自动更新测试网站)使用教程
网上的一些文章都已经比较老了,现在版本高了之后,其实配置是很省力的(不考虑什么负载的话)
分享全过程,出了文中提到的安装epel rpmforge源指令不同外,其他的过程也适用与Centos 5
准备篇:
1、配置防火墙,开启80端口、3306端口
vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT(允许80端口通过防火墙)
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT(允许3306端口通过防火墙)
特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面
添加好之后防火墙规则如下所示:
#########################################################
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
#########################################################
/etc/init.d/iptables restart #最后重启防火墙使配置生效
2、关闭SELINUX
vi /etc/selinux/config
#SELINUX=enforcing #注释掉
#SELINUXTYPE=targeted #注释掉
SELINUX=disabled #增加
:wq 保存,关闭
shutdown -r now #重启系统
3、先卸载掉系统上原有的MySQL、Apache、php,如果原系统没有安装这三个软件,则可以不用执行这一步。
卸载步骤如下:
卸载Mysql
[root@localhost ~]# rpm -qa|grep mysql
mod_auth_mysql-2.6.1-2.2
php-mysql-4.3.9-3.15
mysql-devel-4.1.20-1.RHEL4.1
mysql-4.1.20-1.RHEL4.1
mysqlclient10-3.23.58-4.RHEL4.1
libdbi-dbd-mysql-0.6.5-10.RHEL4.1
说明:rpm –qa | grep mysql 命令是为了把mysql相关的包都列出来,我上面的例子是Linux AS4默认安装mysql的rpm软件包列表,
如果是别的Linux版本列出来的列表有可能会不一样,不过不用担心,不管是什么,卸载都从最下面的一个包开始,直到卸载掉第一个为止。
说明:rpm –e 是卸载rpm包的命令,后面是包名称,最后的版本号是不用打的,比如我们下一步卸载mysqlclient10-3.23.58-4.RHEL4.1包
方法如下:
rpm –e mysqlclient
卸载Apache
[root@localhost ~]# rpm -qa|grep httpd
httpd-manual-2.0.52-25.ent
system-config-httpd-1.3.1-1
httpd-2.0.52-25.ent
httpd-suexec-2.0.52-25.ent
说明:方法跟卸载Mysql一样,不用说了吧
卸载PHP
[root@localhost ~]# rpm -qa|grep php
php-odbc-4.3.9-3.15
php-4.3.9-3.15
php-mysql-4.3.9-3.15
php-pear-4.3.9-3.15
php-ldap-4.3.9-3.15
php-pgsql-4.3.9-3.15
说明:方法跟卸载Mysql一样
注意:卸载的时候如果卸载不掉,系统一般会提示包的依赖关系,并且列出依赖的包的名称,先卸载提示依赖的包就可以了。
安装篇:
2.升级系统
yum update
3.安装mysql,并设置mysql开机自启动,同时启动mysql
yum install mysql
yum install mysql-server
chkconfig --levels 35 mysqld on
service mysqld start
4.配置mysql的root密码
mysql_secure_installation
Enter current password for root (enter for none): ( 回车)
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] (Y)
New password: (123456)
Re-enter new password: (123456)
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]
(是否移出数据库的默认帐户,如果移出,那么在终端中直接输入mysql是会提示连接错误的)Y
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
(是否禁止root的远程登录)Y
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
最后出现:Thanks for using MySQL!
MySql密码设置完成,重新启动 MySQL:
/etc/init.d/mysqld stop #停止
/etc/init.d/mysqld start #启动
/etc/init.d/mysqld restart #重启
5.安装apache,并设置开机启动
yum install httpd #根据提示,输入Y安装即可成功安装
/etc/init.d/httpd start #启动Apache
备注:Apache启动之后会提示错误:
正在启动 httpd:httpd: Could not reliably determine the server's fully qualif domain name, using ::1 for ServerName
解决办法:
vi /etc/httpd/conf/httpd.conf #编辑
找到 #ServerName www.example.com:80
修改为 ServerName www.osyunwei.com:80
:wq! #保存退出
chkconfig httpd on #设为开机启动
/etc/init.d/httpd restart #重启Apache
这时候可以测试apache是否正常工作
直接浏览器访问localhost应该没问题,但是如果别的机子访问不了的话,是因为防火墙的关系,配置防火墙
(后面的ssl还会有这个问题的)
6.安装php
1、安装PHP5
yum install php
根据提示输入Y直到安装完成
2、安装PHP组件,使 PHP5 支持 MySQL
yum install php-mysql php-gd libjpeg* php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-bcmath php-mhash libmcrypt
这里选择以上安装包进行安装
根据提示输入Y回车
/etc/init.d/mysqld restart #重启MySql
/etc/init.d/httpd restart #重启Apche
这个时候php就安装完成拉,写个脚本测试一下
vi /var/www/html/info.php
输入
<?php
phpinfo();?>
访问localhost/info.php即可~
7.安装phpMyAdmin
首先先给系统安装epel 和rpmforge两个软件大仓库
#安装EPEL源###########################################################################
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm(这是64位系统源,32位请到以上这个网址列表找)
#安装RPMforge源###########################################################################
rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
如果是centos 5 的话执行下面
#安装EPEL源###########################################################################
rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm(这是64位系统源,32位请到以上这个网址列表找)
#安装RPMforge源###########################################################################
rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
接着安装起来就很方便拉,~根本不需要去下载就可以获得最新的版本
yum install phpmyadmin
安装完成后还需要配置一下访问权限,使得出了本机外,其他机子也能访问phpMyAdmin
vi /etc/httpd/conf.d/phpMyAdmin.conf
找到两个directory的权限设置,Allow from 改成All
<Directory /usr/share/phpMyAdmin/>
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from All
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from All
</Directory>
重启服务器
service httpd restart
测试localhost/phpMyAdmin
用户名密码:root 123456
OK~ LAMP搭建完毕
LAMP服务器全自动安装shell脚本
#!/bin/bash # ------------------------------------------------------------------------------- # Filename: lamp.sh # Revision: 1.0 # Date: 2012/09/06 # Author: 三木 # Email: linmaogan#gmail.com # Website: www.3mu.me # Description: CentOS6.3+Apache+PHP+MariaDB+phpMyAdmin及相关扩展安装脚本 # Notes: 需要切换到root运行,版本针对64位系统,操作系统为CentOS6.3 # ------------------------------------------------------------------------------- # Copyright: 2012 (c) 三木 # License: GPL # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty # of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # you should have received a copy of the GNU General Public License # along with this program (or with Nagios); # # Credits go to Ethan Galstad for coding Nagios # If any changes are made to this script, please mail me a copy of the changes # ------------------------------------------------------------------------------- #Version 1.0 #2012-09-01 三木 初始版本建立 #Version 1.1 #2012-09-06 三木 修复php不能连接mysql的bug # ------------------------------------------------------------------------------- #变量定义############################################################################# IS_VPS=1 #解锁系统文件######################################################################### chattr -i /etc/passwd chattr -i /etc/group chattr -i /etc/shadow chattr -i /etc/gshadow #chattr -i /etc/service #如果已安装Apache和PHP,则卸载######################################################## yum -y remove httpd* php* mysql #更新软件库########################################################################### yum update #安装EPEL源########################################################################### rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm #安装REMI源########################################################################### rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm #安装apache########################################################################### yum -y install httpd #加入启动项########################################################################### chkconfig --levels 345 httpd on #启用Mod_rewrite模块 #a2enmod rewrite #启用mod_ssl模块 #a2enmod ssl #start apache######################################################################### /etc/init.d/httpd start #安装PHP5############################################################################# yum -y install php #为PHP5取得MySQL支持和安装PHP常用库################################################### yum -y install php-mysql php-gd libjpeg* php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-bcmath php-mhash libmcrypt #安装phpmyadmin####################################################################### yum -y install phpmyadmin #安装compat-mysql55,解决MariaDB与mysql-lib版本突的问题############################### ##CenotOS6用到,不用也可以 rpm -Uvh http://rpms.famillecollet.com/enterprise/6/test/x86_64/compat-mysql55-5.5.11-1.el6.remi.x86_64.rpm #Importing the MariaDB Signing Key#################################################### rpm --import http://yum.mariadb.org/RPM-GPG-KEY-MariaDB #Adding the MariaDB YUM Repository#################################################### echo '# MariaDB repository list - created 2012-08-12 09:38 UTC # http://downloads.mariadb.org/mariadb/repositories/ [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/5.5/centos6-amd64 gpgcheck=1'>>/etc/yum.repos.d/MariaDB.repo #Installing MariaDB with YUM########################################################## yum -y install MariaDB-server MariaDB-client #加入启动项########################################################################### chkconfig --levels 345 mysql on #start MariaDB######################################################################## /etc/init.d/mysql start #设置mysql密码及相关设置############################################################## mysql_secure_installation ##################################################################################### ##################################################################################### #目录设置############################################################################ #创建网站相关目录#################################################################### if [ $IS_VPS ];then mkdir /home/data ln -s /home/data /data else mkdir /data fi mkdir /www mkdir /data/wwwroot ln -s /data/wwwroot /www/ mkdir /data/wwwroot/log mkdir /data/wwwroot/web mkdir /data/wwwroot/git mkdir /data/conf mkdir /data/conf/sites-available mkdir /data/conf/sites-enabled mkdir /backup ln -s /backup /data/ #配置文件目录设置###################################################################### #移动apache配置文件 cp -p /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak mv /etc/httpd/conf/httpd.conf /data/conf/ ln -s /data/conf/httpd.conf /etc/httpd/conf/ #移动phpmyadmin配置文件 cp -p /etc/httpd/conf.d/phpmyadmin.conf /etc/httpd/conf.d/phpmyadmin.conf.bak mv /etc/httpd/conf.d/phpmyadmin.conf /data/conf/sites-available/ #apache创建sites-available/*到sites-enabled/*的链接 ln -s /data/conf/sites-available/phpmyadmin.conf /data/conf/sites-enabled/phpmyadmin.conf #移动mysql配置文件 cp -p /etc/my.cnf /etc/my.cnf.bak mv /etc/my.cnf /data/conf/ ln -s /data/conf/my.cnf /etc/ #移动mysql数据库 cp -p /var/lib/mysql /var/lib/mysql-bak mv /var/lib/mysql /data/ ln -s /data/mysql /var/lib/ #移动php配置文件 cp -p /etc/php.ini /etc/php.ini.bak mv /etc/php.ini /data/conf/ ln -s /data/conf/php.ini /etc/ #日志文件目录设置###################################################################### #mysql错误日志 #添加www组和www用户#################################################################### groupadd www useradd -g www www #设置目录权限########################################################################## chown -R www:www /data/wwwroot/web #Apache配置############################################################################ #解决 httpd: Could not reliably determine the server's fully qualified domain name的错误提示 echo 'ServerName localhost:80' >> /data/conf/httpd.conf #包含虚拟主机配置文件 echo 'Include /data/conf/sites-enabled/*' >> /data/conf/httpd.conf echo 'NameVirtualHost *:80' >> /data/conf/httpd.conf #在出现错误页的时候不显示服务器操作系统的名称 #在错误页中不显示Apache的版本 #禁止列出目录 #不在浏览器上显示树状目录结构 #设置默认首页文件,增加index.php #允许程序性联机 #增加同时连接数 sed -i 's/ServerTokens OS/ServerTokens Prod/ s/ServerSignature On/ServerSignature Off/ s/Options Indexes FollowSymLinks/Options FollowSymLinks/ s/Options Indexes MultiViews FollowSymLinks/Options MultiViews FollowSymLinks/ s/DirectoryIndex index.html/DirectoryIndex index.html index.php/ s/KeepAlive Off/KeepAlive On/ s/MaxKeepAliveRequests 100/MaxKeepAliveRequests 1000/ s/User apache/User www/ s/Group apache/Group www/ s#/var/www/html#/data/wwwroot/web#' /data/conf/httpd.conf #删除默认测试页 rm -f /etc/httpd/conf.d/welcome.conf /var/www/error/noindex.html #php配置############################################################################# #修改时区 #禁用的函数 #禁止显示php版本的信息 sed -i 's/;date.timezone \=/date.timezone \= PRC/ s/disable_functions \=/disable_functions \= passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname/ s/expose_php = On/expose_php = Off/' /data/conf/php.ini #设置session文件为www用户组 chown -R root:www /var/lib/php/session #phpMyAdmin配置###################################################################### #phpMyAdmin允许外部访问 sed -i 's/Allow from 127.0.0.1/Allow from all/' /data/conf/sites-available/phpmyadmin.conf #设置config.inc.php文件为www用户组 chown root:www /usr/share/phpmyadmin/config.inc.php #配置配置文件 sed -i "/blowfish_secret/s/''/'tooqe.com'/" /usr/share/phpmyadmin/config.inc.php #开启防火墙 /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT /sbin/iptables -I INPUT -p tcp --dport 443 -j ACCEPT /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT /etc/rc.d/init.d/iptables save /etc/init.d/iptables restart #重启所有服务器 /etc/init.d/httpd restart /etc/init.d/mysql restart #系统文件加锁 chattr +i /etc/passwd chattr +i /etc/shadow chattr +i /etc/gshadow chattr +i /etc/group
8.安装git和gitweb
安装git
安装git非常简单,在CentOS下只要以下命令即可
# yum install git
(用 yum install git-core也可以)
安装gitweb
# yum install gitweb
系统默认安装到了/var/www/git下
配置文件在/etc/gitweb.conf下
apache配置文件/etc/httpd/conf.d/git.conf
重启apache
/etc/init.d/httpd restart
就可以通过IE浏览,http://xxxx/git/gitweb.cgi
也可以通过客户端访问 git clone http://xxx/git/仓库名
Git全自动安装shell脚本
#!/bin/bash # ------------------------------------------------------------------------------- # Filename: git.sh # Revision: 1.1 # Date: 2012/09/10 # Author: 三木 # Email: linmaogan#gmail.com # Website: www.3mu.me # Description: 安装git # Notes: 需要切换到root运行,版本针对64位系统,操作系统为CentOS6.3 # ------------------------------------------------------------------------------- # Copyright: 2012 (c) 三木 # License: GPL # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty # of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # you should have received a copy of the GNU General Public License # along with this program (or with Nagios); # # Credits go to Ethan Galstad for coding Nagios # If any changes are made to this script, please mail me a copy of the changes # ------------------------------------------------------------------------------- #Version 1.0 #2012-08-21 三木 初始版本建立 #Version 1.1 #2012-09-10 三木 增加git的web服务器类型判断 # ------------------------------------------------------------------------------- #变量定义############################################################################# #设置做为git的web服务器的类型,apache或nginx SERVICE=apache #设置Git默认访问的用户名和密码,可根据实际进行修改 DEFAULT_USER1=linmaogan DEFAULT_USER2=linmaogan DEFAULT_PASSWORD=123456 #安装git############################################################################### yum -y install git #安装gitweb############################################################################ yum -y install gitweb #设置版本库的根目录#################################################################### cp -p /etc/gitweb.conf /etc/gitweb.conf.bak sed -i 's/$projectroot = /#$projectroot = /g' /etc/gitweb.conf echo '$projectroot = "/data/wwwroot/git";' >> /etc/gitweb.conf #开启网址伪静态 echo '$feature{'pathinfo'}{'default'} = [1];' >> /etc/gitweb.conf #生成虚拟主机配置文件################################################################## if [ $SERVICE == 'apache' ];then echo '<VirtualHost *:80> ServerAdmin webmaster@build-server ServerName nb.tooqe.com #ServerAlias guiwan.com Alias /gitweb.css /var/www/git/gitweb.css Alias /gitweb.js /var/www/git/gitweb.js Alias /git-logo.png /var/www/git/git-logo.png Alias /git-favicon.png /var/www/git/git-favicon.png SetEnv GIT_PROJECT_ROOT /data/wwwroot/git SetEnv GIT_HTTP_EXPORT_ALL SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER <Location /git> AuthType Basic AuthName "Git" AuthUserFile /data/conf/gitweb.passwd Require valid-user Options +ExecCGI -Includes </Location> # This pattern matches git operations and passes them to http-backend ScriptAliasMatch \ "(?x)^/git/(.*/(HEAD | \ info/refs | \ objects/(info/[^/]+ | \ [0-9a-f]{2}/[0-9a-f]{38} | \ pack/pack-[0-9a-f]{40}\.(pack|idx)) | \ git-(upload|receive)-pack))$" \ /usr/libexec/git-core/git-http-backend/$1 # Anything not matched above goes to displayable gitweb interface ScriptAlias /git /var/www/git/gitweb.cgi/ <Directory /var/www/git> Options FollowSymLinks +ExecCGI AddHandler cgi-script .cgi </Directory> </VirtualHost>' > /data/conf/sites-available/gitweb.conf else cat > /data/conf/sites-available/gitweb.conf << EOFI server { listen 80; #listen 443; server_name cgi.test.com; index gitweb.cgi; error_log /var/log/nginx/git.error.log; access_log /var/log/nginx/git.access.log; # ssl because cox sucks #ssl on; #ssl_certificate /etc/nginx/ssl/git.eatabrick.org; #ssl_certificate_key /etc/nginx/ssl/server.key; root /var/www/git; # static repo files for cloning over https location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ { root /data/wwwroot/git/; } # requests that need to go to git-http-backend location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ { root /data/wwwroot/git; fastcgi_pass unix:/tmp/perl-fastcgi.sock; fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend; fastcgi_param PATH_INFO \$uri; fastcgi_param GIT_PROJECT_ROOT /data/wwwroot/git; include fastcgi_params; } # send anything else to gitweb if it\'s not a real file try_files \$uri @gitweb; location @gitweb { fastcgi_pass unix:/tmp/perl-fastcgi.sock; fastcgi_param SCRIPT_FILENAME /var/www/git/gitweb.cgi; fastcgi_param PATH_INFO \$uri; fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; include fastcgi_params; } } EOFI fi #apache创建sites-available/*到sites-enabled/*的链接 ln -s /data/conf/sites-available/gitweb.conf /data/conf/sites-enabled/ #创建初始密码########################################################################## htpasswd -bc /data/conf/gitweb.passwd $DEFAULT_USER1 $DEFAULT_PASSWORD htpasswd -b /data/conf/gitweb.passwd $DEFAULT_USER2 $DEFAULT_PASSWORD #重启所有服务器 if [ $SERVICE == 'apache' ];then /etc/init.d/nginx restart /etc/init.d/php-fpm restart /etc/init.d/perl-fastcgi restart else /etc/init.d/httpd restart fi /etc/init.d/mysql restart
9.搭建SSL,让apache支持https
yum install mod_ssl
其实安装完这个模块后,重启完apache 就可以用https://localhost测试了,因为他创建了默认的证书
在/etc/pki/tls下
当然我们也可以用openssl创建自己的证书
yum install openssl
生成证书文件
创建一个rsa私钥,文件名为server.key
openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modulus
............++++++
............++++++
e is 65537 (0x10001)
用 server.key 生成证书签署请求 CSR
openssl req -new -key server.key -out server.csr
Country Name:两个字母的国家代号
State or Province Name:省份名称
Locality Name:城市名称
Organization Name:公司名称
Organizational Unit Name:部门名称
Common Name:你的姓名
Email Address:地址
至于 'extra' attributes 不用输入.直接回车
生成证书CRT文件server.crt。
openssl x509 -days 365 -req -in server.csr -signkey server.key -out server.crt
修改ssl.conf指定我们自己生成的证书
vi /etc/httpd/conf.d/ssl.conf
找到如下位置,修改路径
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
OK
service httpd restart
整个过程我们不需要修改/etc/httpd/conf/httpd.conf 这就是版本高了的好处阿~
配置篇
一、Apache配置
vi /etc/httpd/conf/httpd.conf 编辑文件
ServerTokens OS 在44行 修改为:ServerTokens Prod (在出现错误页的时候不显示服务器操作系统的名称)
ServerSignature On 在536行 修改为:ServerSignature Off (在错误页中不显示Apache的版本)
Options Indexes FollowSymLinks 在331行 修改为:Options Includes ExecCGI FollowSymLinks(允许服务器执行CGI及SSI,禁止列出目录)
#AddHandler cgi-script .cgi 在796行 修改为:AddHandler cgi-script .cgi .pl (允许扩展名为.pl的CGI脚本运行)
AllowOverride None 在338行 修改为:AllowOverride All (允许.htaccess)
AddDefaultCharset UTF-8 在759行 修改为:AddDefaultCharset GB2312 (添加GB2312为默认编码)
Options Indexes MultiViews FollowSymLinks 在554行 修改为 Options MultiViews FollowSymLinks(不在浏览器上显示树状目录结构)
DirectoryIndex index.html index.html.var 在402行 修改为:DirectoryIndex index.html index.htm Default.html Default.htm index.php Default.php index.html.var (设置默认首页文件,增加index.php)
KeepAlive Off 在76行 修改为:KeepAlive On (允许程序性联机)
MaxKeepAliveRequests 100 在83行 修改为:MaxKeepAliveRequests 1000 (增加同时连接数)
:wq! #保存退出
/etc/init.d/httpd restart 重启
rm -f /etc/httpd/conf.d/welcome.conf /var/www/error/noindex.html #删除默认测试页
二、php配置
vi /etc/php.ini #编辑
date.timezone = PRC #在946行 把前面的分号去掉,改为date.timezone = PRC
disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname
#在386行 列出PHP可以禁用的函数,如果某些程序需要用到这个函数,可以删除,取消禁用。
expose_php = Off #在432行 禁止显示php版本的信息
magic_quotes_gpc = On #在745行 打开magic_quotes_gpc来防止SQL注入
open_basedir = .:/tmp/ #在380行,设置表示允许访问当前目录(即PHP脚本文件所在之目录)和/tmp/目录,可以防止php木马跨站,如果改了之后安装程序有问题,可注销此行,或者直接写上程序目录路径/var/www/html/www.3mu.me/:/tmp/
:wq! #保存退出
/etc/init.d/mysqld restart #重启MySql
/etc/init.d/httpd restart #重启Apche
测试篇
cd /var/www/html
vi index.php #新建index.php文件
<?php
phpinfo();
?>
:wq!
在客户端浏览器输入服务器IP地址,可以看到相关的配置信息!
注意:apache默认的程序目录是/var/www/html
权限设置:chown apache.apache -R /var/www/html
MySQL数据库目录是:/var/lib/mysql
权限设置:chown mysql.mysql -R /var/lib/mysql
9.相关链接
Apache: http://httpd.apache.org/
PHP: http://www.php.net/
MySQL: http://www.mysql.com/
CentOS: http://www.centos.org/
phpMyAdmin: http://www.phpmyadmin.net/
不错!直接用脚本就行了!自己也不用动手,呵呵,不过还是喜欢自己动手的好!