首页 > 代码库 > lnmp搭建+openssl(仅测试)

lnmp搭建+openssl(仅测试)

搭建LNMP环境

一,安装nginx

卸载rpm安装的httpd

安装支持软件pcre-devel zlib-devel gcc gcc-c++ make

创建nginx用户和组

[root@www ~]# useradd -M -s /sbin/nologin nginx

编译安装Nginx

[root@www ~]# tar xf nginx-1.6.0.tar.gz -C /usr/src/

[root@www ~]# cd /usr/src/nginx-1.6.0/

[root@www nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module && make && make install

其中--with-http_stub_status_module模块,为日志统计模块

为主程序nginx创建链接文件

[root@www nginx-1.6.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/

检查语法,启动服务

[root@www nginx-1.6.0]# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@www nginx-1.6.0]# nginx

[root@www nginx-1.6.0]# netstat -anpt | grep :80

tcp     0      0 0.0.0.0:80                  0.0.0.0:*       LISTEN              4513/nginx         

编写nginx服务脚本

[root@www ~]# vim /etc/init.d/nginx

#!/bin/bash

# chkconfig: 2345 99 20

# description: Nginx Server Control Scripts shell

PROG="/usr/local/nginx/sbin/nginx"

PIDF="/usr/local/nginx/logs/nginx.pid"

case "$1" in

         start)

                   if [ -f $PIDF ];then

                             echo "Nginx is running...Start it is error"

                   else

                            $PROG

                   fi

         ;;

         stop)

                   if [ -f $PIDF ];then

                            kill -3 $(cat $PIDF)

                            rm -f $PIDF

                   else

                            echo "Nginx is stopping...Stop it is error"

                   fi

         ;;

         restart)

                            $0 stop

                            $0 start

         ;;

         reload)

                            if [ -f $PIDF ];then

                                     kill -1 $(cat $PIDF)

                            else

                                     echo "Nginx is stopping...reload it is error"

                            fi

         ;;

         status)

                            if [ -f $PIDF ];then

                                     echo "Nginx is running"

                            else

                                     echo "Nginx is stopped"

                            fi

         ;;

         *)

                   echo "Usage:$0 (start|stop|restart|reload|status)"

                   exit 1

esac

exit 0

[root@www ~]# chmod +x /etc/init.d/nginx

[root@www ~]# chkconfig --add nginx

[root@www ~]# chkconfig --list nginx

nginx              0:关闭      1:关闭      2:启用      3:启用      4:启用      5:启用      6:关闭

修改nginx.conf主配置文件,添加两个虚拟主机

[root@www ~]# cd /usr/local/nginx/conf/

[root@www conf]# cp -p nginx.conf nginx.conf.bak

[root@www conf]# vim nginx.conf

[root@www conf]# cat nginx.conf

 

user  nginx nginx;

worker_processes  2;

 

#error_log  logs/error.log;

#error_log  logs/error.log  notice;

error_log  logs/error.log  info;

 

pid        logs/nginx.pid;

 

 

events {

    use epoll;

    worker_connections  1024;

}

 

 

http {

    include       mime.types;

    default_type  application/octet-stream;

 

    log_format  main  ‘$remote_addr - $remote_user [$time_local] "$request" ‘

                      ‘$status $body_bytes_sent "$http_referer" ‘

                      ‘"$http_user_agent" "$http_x_forwarded_for"‘;

 

    access_log  logs/access.log  main;

 

    sendfile        on;

    #tcp_nopush     on;

 

    #keepalive_timeout  0;

    keepalive_timeout  65;

 

    gzip  on;

 

    server {

        listen       80;

        server_name  www.wx001.com;

 

        charset utf-8;

 

        access_log  logs/host.access.log  main;

 

        location / {

            root   html/wx001;

            index  index.html index.htm;

        }

 

        error_page   500 502 503 504  /50x.html;

        location = /50x.html {

            root   html;

        }

 

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80

        #    proxy_pass   http://127.0.0.1;

    }

    server {

        listen       80;

        server_name  www.wx002.com;

 

        charset utf-8;

 

        access_log  logs/host.access.log  main;

 

        location / {

            root   html/wx002;

            index  index.html index.htm;

        }

 

        error_page   500 502 503 504  /50x.html;

        location = /50x.html {

            root   html;

        }

 

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80

        #    proxy_pass   http://127.0.0.1;

    }

}

添加网页文件后,测试

 技术分享

技术分享

 

 

搭建Mysql数据 库

安装支持软件

[root@www ~]# rpm -q ncurses-devel

ncurses-devel-5.7-4.20090207.el6.x86_64

安装cmake

[root@www ~]# tar xf cmake-2.8.6.tar.gz -C /usr/src/

[root@www ~]# cd /usr/src/cmake-2.8.6/

[root@www cmake-2.8.6]# ./configure && gmake && gmake install

编译安装Mysql数据库

[root@www ~]# tar xf mysql-5.5.22.tar.gz -C /usr/src/

[root@www ~]# cd /usr/src/mysql-5.5.22/

[root@www mysql-5.5.22]# cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_EXTRA_CHARSETS=all -DSYSCONFDIR=/etc && make && make install

安装后调整优化

[root@www ~]# echo "PATH=$PATH:/usr/local/mysql/bin" >>/etc/profile

[root@www ~]# . /etc/profile

[root@www ~]# cp -p /usr/src/mysql-5.5.22/support-files/my-medium.cnf /etc/my.cnf

cp:是否覆盖"/etc/my.cnf"? y

[root@www ~]# cp -p /usr/src/mysql-5.5.22/support-files/mysql.server /etc/init.d/mysqld[root@www ~]# chmod +x /etc/init.d/mysqld

[root@www ~]# chkconfig --add mysqld

[root@www ~]# chkconfig --list mysqld

mysqld            0:关闭      1:关闭      2:启用      3:启用      4:启用      5:启用      6:关闭

[root@www ~]#

初始化数据库

[root@www ~]# useradd -M -s /sbin/nologin mysql

[root@www ~]# chown -R mysql:mysql /usr/local/mysql/

[root@www ~]# /usr/local/mysql/scripts/mysql_install_db --basedir=/usr/local/mysql/ --datadir=/usr/local/mysql/data/ --user=mysql

启动Mysql服务

[root@www ~]# /etc/init.d/mysqld start

Starting MySQL...                                          [确定]

[root@www ~]# netstat -anpt| grep mysql

tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      28555/mysqld       

[root@www ~]#

创建root用户密码

[root@www ~]# mysqladmin -uroot password "123";history -c

 

安装PHP服务

安装支持软件

[root@www wx001]# rpm -q gd libxml2-devel libjpeg-devel libpng-devel

package gd is not installed

libxml2-devel-2.7.6-21.el6_8.1.x86_64

package libjpeg-devel is not installed

libpng-devel-1.2.49-2.el6_7.x86_64

[root@www wx001]# yum -y install gd

编译安装PHP

[root@www ~]# tar xf php-5.3.28.tar.gz -C /usr/src/

[root@www ~]# cd /usr/src/php-5.3.28/

[root@www php-5.3.28]# ./configure --prefix=/usr/local/php5 --with-gd --with-zlib --with-mysql=/usr/local/mysql/ --with-config-file-path=/usr/local/php5 --enable-mbstring --enable-fpm --with-jpeg-dir=/usr/lib && make && make install

安装后优化调整

[root@www php-5.3.28]# cp -p /usr/src/php-5.3.28/php.ini-development /usr/local/php5/php.ini

[root@www php-5.3.28]# ln -s /usr/local/php5/bin/* /usr/local/bin/

[root@www php-5.3.28]# ln -s /usr/local/php5/sbin/* /usr/local/sbin/

安装ZendGuardLoaderPHP的优化模块)

[root@www ~]# tar xf ZendGuardLoader-php-5.3-linux-glibc23-x86_64.tar.gz -C /usr/src/

[root@www ~]# cd /usr/src/ZendGuardLoader-php-5.3-linux-glibc23-x86_64/

[root@www ZendGuardLoader-php-5.3-linux-glibc23-x86_64]# cd

[root@www ~]# cp /usr/src/ZendGuardLoader-php-5.3-linux-glibc23-x86_64/php-5.3.x/ZendGuardLoader.so /usr/local/php5/lib/php/

[root@www ~]# echo -e "zend_extension=/usr/local/php5/lib/php/ZendGuardLoader.so\nzend_loader.enable=1" >> /usr/local/php5/php.ini

启用php-fpm进程

[root@www ~]# cd /usr/local/php5/etc/

[root@www etc]# cp -p php-fpm.conf.default php-fpm.conf

[root@www etc]# vim php-fpm.conf

25 pid = run/php-fpm.pid //确认pid文件位置

140 user = nginx //程序用户

141 group = nginx //程序组

217 pm.max_children = 50 //子进程的最大数

222 pm.start_servers = 20 //启动时开启的进程数

227 pm.min_spare_servers = 5 //最少空闲进程数

232 pm.max_spare_servers = 35 //最大空闲进程数

[root@www etc]# php-fpm

[root@www etc]# netstat -anpt | grep php-fpm

tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      123477/php-fpm     

修改/etc/init.d/nginx服务脚本

[root@www etc]# vim /etc/init.d/nginx

#!/bin/bash

# chkconfig: 2345 99 20

# description: Nginx Server Control Script

PROG="/usr/local/nginx/sbin/nginx"

PIDF="/usr/local/nginx/logs/nginx.pid"

PROG_FPM="/usr/local/sbin/php-fpm"

PIDF_FPM="/usr/local/php5/var/run/php-fpm.pid"

case "$1" in

         start)

         $PROG

         $PROG_FPM

         ;;

         stop)

         kill -s QUIT $(cat $PIDF)

         kill -s QUIT $(cat $PIDF_FPM)

         ;;

         restart)

         $0 stop

         $0 start

         ;;

         reload)

         kill -s HUP $(cat $PIDF)

         ;;

         *)

         echo "Usage: $0 (start|stop|restart|reload)"

         exit 1

esac

exit 0

 

[root@www etc]# chkconfig --del nginx

[root@www etc]# chkconfig --add nginx

[root@www etc]# /etc/init.d/nginx stop

[root@www etc]# /etc/init.d/nginx start

[root@www etc]# netstat -anpt |egrep "nginx|php-fpm"

tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      123527/php-fpm     

tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      123522/nginx

配置Nginx支持PHP解析(黄色添加项)

        location / {

            root   html/wx002;

            index  index.php index.html index.htm;

        }

        location ~ \.php$ {         

          root html/wx002;                

    fastcgi_pass 127.0.0.1:9000;                

    fastcgi_index index.php;

              include fastcgi.conf;

        }

[root@www ~]# nginx –t

[root@www ~]# vim /usr/local/nginx/html/wx002/test.php

<?php

$link=mysql_connect(‘localhost‘,‘root‘,‘123‘);

if($link) echo "<h1>这是一个PHP解析的页面</h1>";

mysql_close();

?>

重启服务,PHP页面访问测试

 技术分享

 

 

部署Nginx+Apache动静分离

开两台主机,一台搭建LNMP,一台搭建LAMP

192.168.108.111     LAMP环境

192.168.108.112     LNMP环境

静态网页由LNMP服务器提供解析,动态PHP语言由LAMP服务器提供解析。

环境搭建OK

修改nginx.conf主配置文件(添加lication)

location ~ \.php$ { //区分大小写匹配,以php结尾的的网页去下面的服务器访问

proxy_pass http://192.168.108.111:80;

}

location ~ \.(gif|jpg|jpeg|bmp|png|swf) { //区分大小写匹配,以gif、jpg…swf结尾的文件,到下面路径去找

root html/wx002;

}

 

[root@www ~]# ulimit -n 65000

[root@www ~]# echo "ulimit -n 65000" >>/etc/profile

 

在LAMP服务器Apache网页目录下

[root@www htdocs]# vim test.php

<?php

$link=mysql_connect(‘localhost‘,‘root‘,‘123‘);

if($link) echo "<h1>这是一个PHP解析的页面,由LAMP提供解析服务</h1>";

mysql_close();

?>

<img src="http://www.wx002.com/jdqs.jpg"/>

[root@www htdocs]# echo "192.168.108.112 www.wx001.com www.wx002.com" >>/etc/hosts

重启nginx服务,网页浏览测试

 技术分享

 

nginx使用openssl安装数字证书

编译安装nginx时,添加openssl模块,把openssl路径指定到解压出来的路径

[root@www ~]# tar xf nginx-1.6.0.tar.gz -C /usr/src/

[root@www ~]# tar xf openssl-1.0.2l.tar.gz -C /usr/src/

[root@www ~]# cd /usr/src/nginx-1.6.0/

[root@www nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-openssl=/usr/src/openssl-1.0.2l/ --with-http_gzip_static_module  && make && make install

生成RSA密钥【这个命令会生成一个2048位的密钥,同时有一个des3方法加密的密码,如果你不想要每次都输入密码,可以改成:
openssl genrsa -out privkey.pem 2048
建议用2048位密钥,少于此可能会不安全或很快将不安全。】

[root@www nginx-1.6.0]# openssl genrsa -des3 -out privkey.pem 2048

Generating RSA private key, 2048 bit long modulus

................................................+++

....+++

e is 65537 (0x10001)

Enter pass phrase for privkey.pem:

Verifying - Enter pass phrase for privkey.pem:

生成一个证书请求

【openssl req -new -key privkey.pem -out cert.csr
这个命令将会生成一个证书请求,当然,用到了前面生成的密钥privkey.pem文件
这里将生成一个新的文件cert.csr,即一个证书请求文件,你可以拿着这个文件去数字证书颁发机构(即CA)申请一个数字证书。CA会给你一个新的文件cacert.pem,那才是你的数字证书。

如果是自己做测试,那么证书的申请机构和颁发机构都是自己。就可以用下面这个命令来生成证书:
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
这个命令将用上面生成的密钥privkey.pem生成一个数字证书cacert.pem

[root@www nginx-1.6.0]# openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

Enter pass phrase for privkey.pem:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.‘, the field will be left blank.

-----

Country Name (2 letter code) [XX]:cn

State or Province Name (full name) []:cn

Locality Name (eg, city) [Default City]:cn

Organization Name (eg, company) [Default Company Ltd]:cn

Organizational Unit Name (eg, section) []:cn

Common Name (eg, your name or your server‘s hostname) []:cn

Email Address []:cn

移动生成的证书和秘钥到nginx的配置目录下

[root@www nginx-1.6.0]# mv cacert.pem privkey.pem /usr/local/nginx/conf/

修改nginx.conf配置【添加】

    server {

        listen       443;

        server_name  localhost;

        ssl                  on;

        ssl_certificate /usr/local/nginx/conf/cacert.pem;

        ssl_certificate_key /usr/local/nginx/conf/privkey.pem;

        server_name 192.168.108.112

        ssl_session_timeout  5m;

}

为主程序创建链接文件

[root@www nginx-1.6.0]#  ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/

语法检测

[root@www conf]# nginx -t

Enter PEM pass phrase:

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

启动服务,浏览器测试

[root@www conf]# killall -3 nginx

[root@www conf]# nginx

Enter PEM pass phrase:

 技术分享

技术分享

 

lnmp搭建+openssl(仅测试)