lnmp搭建+openssl(仅测试)

搭建LNMP环境

一,安装nginx

卸载rpm安装的httpd

安装支持软件pcre-devel zlib-devel gcc gcc-c++ make

创建nginx用户和组

[[email protected] ~]# useradd -M -s /sbin/nologin nginx

编译安装Nginx

[[email protected] ~]# tar xf nginx-1.6.0.tar.gz -C /usr/src/

[[email protected] ~]# cd /usr/src/nginx-1.6.0/

[[email protected] nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module && make && make install

其中--with-http_stub_status_module模块,为日志统计模块

为主程序nginx创建链接文件

[[email protected] nginx-1.6.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/

检查语法,启动服务

[[email protected] nginx-1.6.0]# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[[email protected] nginx-1.6.0]# nginx

[[email protected] nginx-1.6.0]# netstat -anpt | grep :80

tcp     0      0 0.0.0.0:80                  0.0.0.0:*       LISTEN              4513/nginx

编写nginx服务脚本

[[email protected] ~]# vim /etc/init.d/nginx

#!/bin/bash

# chkconfig: 2345 99 20

# description: Nginx Server Control Scripts shell

PROG="/usr/local/nginx/sbin/nginx"

PIDF="/usr/local/nginx/logs/nginx.pid"

case "$1" in

start)

if [ -f $PIDF ];then

echo "Nginx is running...Start it is error"

else

$PROG

fi

;;

stop)

if [ -f $PIDF ];then

kill -3 $(cat $PIDF)

rm -f $PIDF

else

echo "Nginx is stopping...Stop it is error"

fi

;;

restart)

$0 stop

$0 start

;;

reload)

if [ -f $PIDF ];then

kill -1 $(cat $PIDF)

else

echo "Nginx is stopping...reload it is error"

fi

;;

status)

if [ -f $PIDF ];then

echo "Nginx is running"

else

echo "Nginx is stopped"

fi

;;

*)

echo "Usage:$0 (start|stop|restart|reload|status)"

exit 1

esac

exit 0

[[email protected] ~]# chmod +x /etc/init.d/nginx

[[email protected] ~]# chkconfig --add nginx

[[email protected] ~]# chkconfig --list nginx

nginx              0:关闭      1:关闭      2:启用      3:启用      4:启用      5:启用      6:关闭

修改nginx.conf主配置文件,添加两个虚拟主机

[[email protected] ~]# cd /usr/local/nginx/conf/

[[email protected] conf]# cp -p nginx.conf nginx.conf.bak

[[email protected] conf]# vim nginx.conf

[[email protected] conf]# cat nginx.conf

user  nginx nginx;

worker_processes  2;

#error_log  logs/error.log;

#error_log  logs/error.log  notice;

error_log  logs/error.log  info;

pid        logs/nginx.pid;

events {

use epoll;

worker_connections  1024;

}

http {

include       mime.types;

default_type  application/octet-stream;

log_format  main  ‘$remote_addr - $remote_user [$time_local] "$request" ‘

‘$status $body_bytes_sent "$http_referer" ‘

‘"$http_user_agent" "$http_x_forwarded_for"‘;

access_log  logs/access.log  main;

sendfile        on;

#tcp_nopush     on;

#keepalive_timeout  0;

keepalive_timeout  65;

gzip  on;

server {

listen       80;

server_name  www.wx001.com;

charset utf-8;

access_log  logs/host.access.log  main;

location / {

root   html/wx001;

index  index.html index.htm;

}

error_page   500 502 503 504  /50x.html;

location = /50x.html {

root   html;

}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80

#    proxy_pass   http://127.0.0.1;

}

server {

listen       80;

server_name  www.wx002.com;

charset utf-8;

access_log  logs/host.access.log  main;

location / {

root   html/wx002;

index  index.html index.htm;

}

error_page   500 502 503 504  /50x.html;

location = /50x.html {

root   html;

}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80

#    proxy_pass   http://127.0.0.1;

}

}

添加网页文件后,测试

搭建Mysql数据 库

安装支持软件

[[email protected] ~]# rpm -q ncurses-devel

ncurses-devel-5.7-4.20090207.el6.x86_64

安装cmake

[[email protected] ~]# tar xf cmake-2.8.6.tar.gz -C /usr/src/

[[email protected] ~]# cd /usr/src/cmake-2.8.6/

[[email protected] cmake-2.8.6]# ./configure && gmake && gmake install

编译安装Mysql数据库

[[email protected] ~]# tar xf mysql-5.5.22.tar.gz -C /usr/src/

[[email protected] ~]# cd /usr/src/mysql-5.5.22/

[[email protected] mysql-5.5.22]# cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_EXTRA_CHARSETS=all -DSYSCONFDIR=/etc && make && make install

安装后调整优化

[[email protected] ~]# echo "PATH=$PATH:/usr/local/mysql/bin" >>/etc/profile

[[email protected] ~]# . /etc/profile

[[email protected] ~]# cp -p /usr/src/mysql-5.5.22/support-files/my-medium.cnf /etc/my.cnf

cp:是否覆盖"/etc/my.cnf"? y

[[email protected] ~]# cp -p /usr/src/mysql-5.5.22/support-files/mysql.server /etc/init.d/mysqld[[email protected] ~]# chmod +x /etc/init.d/mysqld

[[email protected] ~]# chkconfig --add mysqld

[[email protected] ~]# chkconfig --list mysqld

mysqld            0:关闭      1:关闭      2:启用      3:启用      4:启用      5:启用      6:关闭

[[email protected] ~]#

初始化数据库

[[email protected] ~]# useradd -M -s /sbin/nologin mysql

[[email protected] ~]# chown -R mysql:mysql /usr/local/mysql/

[[email protected] ~]# /usr/local/mysql/scripts/mysql_install_db --basedir=/usr/local/mysql/ --datadir=/usr/local/mysql/data/ --user=mysql

启动Mysql服务

[[email protected] ~]# /etc/init.d/mysqld start

Starting MySQL...                                          [确定]

[[email protected] ~]# netstat -anpt| grep mysql

tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      28555/mysqld

[[email protected] ~]#

创建root用户密码

[[email protected] ~]# mysqladmin -uroot password "123";history -c

安装PHP服务

安装支持软件

[[email protected] wx001]# rpm -q gd libxml2-devel libjpeg-devel libpng-devel

package gd is not installed

libxml2-devel-2.7.6-21.el6_8.1.x86_64

package libjpeg-devel is not installed

libpng-devel-1.2.49-2.el6_7.x86_64

[[email protected] wx001]# yum -y install gd

编译安装PHP

[[email protected] ~]# tar xf php-5.3.28.tar.gz -C /usr/src/

[[email protected] ~]# cd /usr/src/php-5.3.28/

[[email protected] php-5.3.28]# ./configure --prefix=/usr/local/php5 --with-gd --with-zlib --with-mysql=/usr/local/mysql/ --with-config-file-path=/usr/local/php5 --enable-mbstring --enable-fpm --with-jpeg-dir=/usr/lib && make && make install

安装后优化调整

[[email protected] php-5.3.28]# cp -p /usr/src/php-5.3.28/php.ini-development /usr/local/php5/php.ini

[[email protected] php-5.3.28]# ln -s /usr/local/php5/bin/* /usr/local/bin/

[[email protected] php-5.3.28]# ln -s /usr/local/php5/sbin/* /usr/local/sbin/

安装ZendGuardLoaderPHP的优化模块)

[[email protected] ~]# tar xf ZendGuardLoader-php-5.3-linux-glibc23-x86_64.tar.gz -C /usr/src/

[[email protected] ~]# cd /usr/src/ZendGuardLoader-php-5.3-linux-glibc23-x86_64/

[[email protected] ZendGuardLoader-php-5.3-linux-glibc23-x86_64]# cd

[[email protected] ~]# cp /usr/src/ZendGuardLoader-php-5.3-linux-glibc23-x86_64/php-5.3.x/ZendGuardLoader.so /usr/local/php5/lib/php/

[[email protected] ~]# echo -e "zend_extension=/usr/local/php5/lib/php/ZendGuardLoader.so\nzend_loader.enable=1" >> /usr/local/php5/php.ini

启用php-fpm进程

[[email protected] ~]# cd /usr/local/php5/etc/

[[email protected] etc]# cp -p php-fpm.conf.default php-fpm.conf

[[email protected] etc]# vim php-fpm.conf

25 pid = run/php-fpm.pid //确认pid文件位置

140 user = nginx //程序用户

141 group = nginx //程序组

217 pm.max_children = 50 //子进程的最大数

222 pm.start_servers = 20 //启动时开启的进程数

227 pm.min_spare_servers = 5 //最少空闲进程数

232 pm.max_spare_servers = 35 //最大空闲进程数

[[email protected] etc]# php-fpm

[[email protected] etc]# netstat -anpt | grep php-fpm

tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      123477/php-fpm

修改/etc/init.d/nginx服务脚本

[[email protected] etc]# vim /etc/init.d/nginx

#!/bin/bash

# chkconfig: 2345 99 20

# description: Nginx Server Control Script

PROG="/usr/local/nginx/sbin/nginx"

PIDF="/usr/local/nginx/logs/nginx.pid"

PROG_FPM="/usr/local/sbin/php-fpm"

PIDF_FPM="/usr/local/php5/var/run/php-fpm.pid"

case "$1" in

start)

$PROG

$PROG_FPM

;;

stop)

kill -s QUIT $(cat $PIDF)

kill -s QUIT $(cat $PIDF_FPM)

;;

restart)

$0 stop

$0 start

;;

reload)

kill -s HUP $(cat $PIDF)

;;

*)

echo "Usage: $0 (start|stop|restart|reload)"

exit 1

esac

exit 0

[[email protected] etc]# chkconfig --del nginx

[[email protected] etc]# chkconfig --add nginx

[[email protected] etc]# /etc/init.d/nginx stop

[[email protected] etc]# /etc/init.d/nginx start

[[email protected] etc]# netstat -anpt |egrep "nginx|php-fpm"

tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      123527/php-fpm

tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      123522/nginx

配置Nginx支持PHP解析(黄色添加项)

location / {

root   html/wx002;

index  index.php index.html index.htm;

}

location ~ \.php$ {

          root html/wx002;

    fastcgi_pass 127.0.0.1:9000;

    fastcgi_index index.php;

include fastcgi.conf;

}

[[email protected] ~]# nginx –t

[[email protected] ~]# vim /usr/local/nginx/html/wx002/test.php

<?php

$link=mysql_connect(‘localhost‘,‘root‘,‘123‘);

if($link) echo "<h1>这是一个PHP解析的页面</h1>";

mysql_close();

?>

重启服务,PHP页面访问测试

部署Nginx+Apache动静分离

开两台主机,一台搭建LNMP,一台搭建LAMP

192.168.108.111     LAMP环境

192.168.108.112     LNMP环境

静态网页由LNMP服务器提供解析,动态PHP语言由LAMP服务器提供解析。

环境搭建OK

修改nginx.conf主配置文件(添加lication)

location ~ \.php$ { //区分大小写匹配,以php结尾的的网页去下面的服务器访问

proxy_pass http://192.168.108.111:80;

}

location ~ \.(gif|jpg|jpeg|bmp|png|swf) { //区分大小写匹配,以gif、jpg…swf结尾的文件,到下面路径去找

root html/wx002;

}

[[email protected] ~]# ulimit -n 65000

[[email protected] ~]# echo "ulimit -n 65000" >>/etc/profile

在LAMP服务器Apache网页目录下

[[email protected] htdocs]# vim test.php

<?php

$link=mysql_connect(‘localhost‘,‘root‘,‘123‘);

if($link) echo "<h1>这是一个PHP解析的页面,由LAMP提供解析服务</h1>";

mysql_close();

?>

<img src="http://www.wx002.com/jdqs.jpg"/>

[[email protected] htdocs]# echo "192.168.108.112 www.wx001.com www.wx002.com" >>/etc/hosts

重启nginx服务,网页浏览测试

nginx使用openssl安装数字证书

编译安装nginx时,添加openssl模块,把openssl路径指定到解压出来的路径

[[email protected] ~]# tar xf nginx-1.6.0.tar.gz -C /usr/src/

[[email protected] ~]# tar xf openssl-1.0.2l.tar.gz -C /usr/src/

[[email protected] ~]# cd /usr/src/nginx-1.6.0/

[[email protected] nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-openssl=/usr/src/openssl-1.0.2l/ --with-http_gzip_static_module  && make && make install

生成RSA密钥【这个命令会生成一个2048位的密钥,同时有一个des3方法加密的密码,如果你不想要每次都输入密码,可以改成:

openssl genrsa -out privkey.pem 2048

建议用2048位密钥,少于此可能会不安全或很快将不安全。】

[[email protected] nginx-1.6.0]# openssl genrsa
-des3 -out privkey.pem 2048

Generating RSA private key, 2048 bit long
modulus

................................................+++

....+++

e is 65537 (0x10001)

Enter pass phrase for privkey.pem:

Verifying - Enter pass phrase for
privkey.pem:

生成一个证书请求

【openssl
req -new -key privkey.pem -out cert.csr

这个命令将会生成一个证书请求,当然,用到了前面生成的密钥privkey.pem文件

这里将生成一个新的文件cert.csr,即一个证书请求文件,你可以拿着这个文件去数字证书颁发机构(即CA)申请一个数字证书。CA会给你一个新的文件cacert.pem,那才是你的数字证书。

如果是自己做测试,那么证书的申请机构和颁发机构都是自己。就可以用下面这个命令来生成证书:

openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

这个命令将用上面生成的密钥privkey.pem生成一个数字证书cacert.pem

[[email protected] nginx-1.6.0]#
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

Enter pass phrase for
privkey.pem:

You are about to be asked
to enter information that will be incorporated

into your certificate
request.

What you are about to enter
is what is called a Distinguished Name or a DN.

There are quite a few
fields but you can leave some blank

For some fields there will
be a default value,

If you enter ‘.‘, the field
will be left blank.

-----

Country Name (2 letter
code) [XX]:cn

State or Province Name
(full name) []:cn

Locality Name (eg, city)
[Default City]:cn

Organization Name (eg,
company) [Default Company Ltd]:cn

Organizational Unit Name
(eg, section) []:cn

Common Name (eg, your name
or your server‘s hostname) []:cn

Email Address []:cn

移动生成的证书和秘钥到nginx的配置目录下

[[email protected] nginx-1.6.0]# mv
cacert.pem privkey.pem /usr/local/nginx/conf/

修改nginx.conf配置【添加】

server {

listen       443;

server_name  localhost;

ssl                  on;

ssl_certificate
/usr/local/nginx/conf/cacert.pem;

ssl_certificate_key
/usr/local/nginx/conf/privkey.pem;

server_name 192.168.108.112

ssl_session_timeout  5m;

}

为主程序创建链接文件

[[email protected]
nginx-1.6.0]#  ln -s
/usr/local/nginx/sbin/nginx /usr/local/sbin/

语法检测

[[email protected] conf]# nginx -t

Enter PEM pass phrase:

nginx: the configuration
file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file
/usr/local/nginx/conf/nginx.conf test is successful

启动服务,浏览器测试

[[email protected] conf]# killall -3
nginx

[[email protected] conf]# nginx

Enter PEM pass phrase:

时间: 2024-08-11 18:31:50

lnmp搭建+openssl(仅测试)的相关文章

LNMP搭建(CentOS 6.3+Nginx 1.2.0+PHP 5.3.15(fpm)+ MySQL 5.5.35)

Nginx ("engine x") 是一个高性能的 HTTP 和反向代理服务器,也是一个 IMAP/POP3/SMTP 代理服务器. Nginx 是由 Igor Sysoev 为俄罗斯访问量第二的 Rambler.ru 站点开发的,它已经在该站点运行超过三年了.Igor 将源代码以类BSD许可证的形式发布. 系统环境: # cat /etc/redhat-release CentOS release 6.3 (Final) 1.安装所需的第三方库 yum -y install gcc

LNMP搭建时可能用到的各种安装参数总结

需要安装的依赖包 gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-deve

分离部署LNMP搭建WORDPRESS详细步骤

分离部署LNMP搭建WORDPRESS LNMP是一个基于CentOS/Debian编写的Nginx.PHP.MySQL.PHPMyAdmin.LNMP代表的就是:Linux系统下Nginx+MySQL+PHP这种网站服务器架构. Nginx较为稳定.功能丰富.安装配置简单.低系统资源,Nginx既可以在内部直接支持PHP,也可以支持作为HTTP代理服务器对外进行服务. Nginx用C编写,不论是系统资源开销还是CPU使用效率都比Perlbal好得多. wordpress是一款开源免费的产品,利

快速搭建虚拟桌面测试环境(NetScaler10.1.119.7、StoreFront、XenDesktop7.5)

经过本人几天的摸索和测试 快速搭建虚拟桌面的步骤如下: 1.制作Windows2008R2的模版(安装上Xentools.dotNet4.0.dotNet4.5.SQLServer2008R2安装准备.关闭IE安全.关闭防火墙,然后使用Sysprep封装,转成模版) 2.使用模版生产3个虚拟机分别命名为AD50,DB49,XD55,PVS56(安装域控,把XD55和PVS56都加入到域中,还有安装一个数据库) 3.在XD55上安装Xendesktop软件,在PVS上安装PVS软件 4.安装Win

IDEA搭建ssm框架测试衍生出的问题The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: D:\Develop\jdk7\jdk1.7.0_79\bin;

最近玩起IDEA这开发工具,搭建ssm框架测试时,部署项目出现如下问题: 信息: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: D:\Develop\jdk7\jdk1.7.0_79\bin;C:\Windows\Sun\Java\bin;C:\Windows

Redis中sentinel集群的搭建和Jedis测试 图文教程[三]

在前两篇Redis中sentinel集群的搭建和Jedis测试 图文教程[一] 和Redis中sentinel集群的搭建和Jedis测试 图文教程[二] 中分别简述了Redis中sentinel集群的搭建和Java代码的Jedis测试. 这篇主要来简单分析一下Redis-sentinel集群的原理,根据追踪sentinel信息来完成Redis-sentinel集群测试中的详细的原理分析.包括master-slave各个中的sentinel信息的分析,failover过程,master宕机后的le

Eclipse+Java+OpenCV249环境搭建和代码测试

1.首先下载OpenCV2.4.9,下载的时候,选择windows版的.然后安装 2.其实安装的过程就是解压的过程,并没有什么安装向导之类的,安装完成后,我们最关心的是这个目录:opencv\build\java 如下图所示 3,建立项目   JavaOpenCv249 3.导入java包 4.设置项目的native库,即opencv_java246.dll所在的路径 运行下面代码: package com.gao; import org.opencv.core.CvType; import o

使用Docker如何搭建Web漏洞测试环境?

本文和大家分享的是使用Docker搭建Web漏洞测试环境相关知识,希望对大家学习Docker有所帮助,一起来看看吧. 由于一直在做 Web 漏洞扫描器的开发, 那么就必然少不了 Web 的漏洞测试环境, 其中就包括 bWAPP.DVWA.OWASP WebGoat 等这些国际品牌. 这些漏洞环境一般搭建比较繁琐, 而且出问题后有不能像 git 那样方便的'回滚'操作, 当然你可以使用 esxi 来管理, 不过虚拟机仍然会存在定期快照.回滚操作较长等繁重操作. 那有没有轻量级的能够快速搭建 Web

LAMP 搭建和压力测试

LAMP 搭建和压力测试 (1) CentOS 7, apm+xcache, rpm包, phpmodule; a)一个虚拟主机提供phpMyAdmin,另一个虚拟主机提供wordpress: b)为phpMyAdmim提供https服务: (2) CentOS 7, amp + xcache, rpm包,php-fpm: a)httpd, php, mariadb分别部署在一个单独的主机上: b)一个虚拟主机提供phpMyAdmin,另一个虚拟主机提供wordpress: c)为phpMyAd