首页 > 代码库 > lnmp搭建+openssl(仅测试)
lnmp搭建+openssl(仅测试)
搭建LNMP环境
一,安装nginx
卸载rpm安装的httpd
安装支持软件pcre-devel zlib-devel gcc gcc-c++ make
创建nginx用户和组
[root@www ~]# useradd -M -s /sbin/nologin nginx
编译安装Nginx
[root@www ~]# tar xf nginx-1.6.0.tar.gz -C /usr/src/
[root@www ~]# cd /usr/src/nginx-1.6.0/
[root@www nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module && make && make install
其中--with-http_stub_status_module模块,为日志统计模块
为主程序nginx创建链接文件
[root@www nginx-1.6.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
检查语法,启动服务
[root@www nginx-1.6.0]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@www nginx-1.6.0]# nginx
[root@www nginx-1.6.0]# netstat -anpt | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4513/nginx
编写nginx服务脚本
[root@www ~]# vim /etc/init.d/nginx
#!/bin/bash
# chkconfig: 2345 99 20
# description: Nginx Server Control Scripts shell
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
start)
if [ -f $PIDF ];then
echo "Nginx is running...Start it is error"
else
$PROG
fi
;;
stop)
if [ -f $PIDF ];then
kill -3 $(cat $PIDF)
rm -f $PIDF
else
echo "Nginx is stopping...Stop it is error"
fi
;;
restart)
$0 stop
$0 start
;;
reload)
if [ -f $PIDF ];then
kill -1 $(cat $PIDF)
else
echo "Nginx is stopping...reload it is error"
fi
;;
status)
if [ -f $PIDF ];then
echo "Nginx is running"
else
echo "Nginx is stopped"
fi
;;
*)
echo "Usage:$0 (start|stop|restart|reload|status)"
exit 1
esac
exit 0
[root@www ~]# chmod +x /etc/init.d/nginx
[root@www ~]# chkconfig --add nginx
[root@www ~]# chkconfig --list nginx
nginx 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
修改nginx.conf主配置文件,添加两个虚拟主机
[root@www ~]# cd /usr/local/nginx/conf/
[root@www conf]# cp -p nginx.conf nginx.conf.bak
[root@www conf]# vim nginx.conf
[root@www conf]# cat nginx.conf
user nginx nginx;
worker_processes 2;
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;
pid logs/nginx.pid;
events {
use epoll;
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main ‘$remote_addr - $remote_user [$time_local] "$request" ‘
‘$status $body_bytes_sent "$http_referer" ‘
‘"$http_user_agent" "$http_x_forwarded_for"‘;
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
server {
listen 80;
server_name www.wx001.com;
charset utf-8;
access_log logs/host.access.log main;
location / {
root html/wx001;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
# proxy_pass http://127.0.0.1;
}
server {
listen 80;
server_name www.wx002.com;
charset utf-8;
access_log logs/host.access.log main;
location / {
root html/wx002;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
# proxy_pass http://127.0.0.1;
}
}
添加网页文件后,测试
搭建Mysql数据 库
安装支持软件
[root@www ~]# rpm -q ncurses-devel
ncurses-devel-5.7-4.20090207.el6.x86_64
安装cmake
[root@www ~]# tar xf cmake-2.8.6.tar.gz -C /usr/src/
[root@www ~]# cd /usr/src/cmake-2.8.6/
[root@www cmake-2.8.6]# ./configure && gmake && gmake install
编译安装Mysql数据库
[root@www ~]# tar xf mysql-5.5.22.tar.gz -C /usr/src/
[root@www ~]# cd /usr/src/mysql-5.5.22/
[root@www mysql-5.5.22]# cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_EXTRA_CHARSETS=all -DSYSCONFDIR=/etc && make && make install
安装后调整优化
[root@www ~]# echo "PATH=$PATH:/usr/local/mysql/bin" >>/etc/profile
[root@www ~]# . /etc/profile
[root@www ~]# cp -p /usr/src/mysql-5.5.22/support-files/my-medium.cnf /etc/my.cnf
cp:是否覆盖"/etc/my.cnf"? y
[root@www ~]# cp -p /usr/src/mysql-5.5.22/support-files/mysql.server /etc/init.d/mysqld[root@www ~]# chmod +x /etc/init.d/mysqld
[root@www ~]# chkconfig --add mysqld
[root@www ~]# chkconfig --list mysqld
mysqld 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
[root@www ~]#
初始化数据库
[root@www ~]# useradd -M -s /sbin/nologin mysql
[root@www ~]# chown -R mysql:mysql /usr/local/mysql/
[root@www ~]# /usr/local/mysql/scripts/mysql_install_db --basedir=/usr/local/mysql/ --datadir=/usr/local/mysql/data/ --user=mysql
启动Mysql服务
[root@www ~]# /etc/init.d/mysqld start
Starting MySQL... [确定]
[root@www ~]# netstat -anpt| grep mysql
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 28555/mysqld
[root@www ~]#
创建root用户密码
[root@www ~]# mysqladmin -uroot password "123";history -c
安装PHP服务
安装支持软件
[root@www wx001]# rpm -q gd libxml2-devel libjpeg-devel libpng-devel
package gd is not installed
libxml2-devel-2.7.6-21.el6_8.1.x86_64
package libjpeg-devel is not installed
libpng-devel-1.2.49-2.el6_7.x86_64
[root@www wx001]# yum -y install gd
编译安装PHP
[root@www ~]# tar xf php-5.3.28.tar.gz -C /usr/src/
[root@www ~]# cd /usr/src/php-5.3.28/
[root@www php-5.3.28]# ./configure --prefix=/usr/local/php5 --with-gd --with-zlib --with-mysql=/usr/local/mysql/ --with-config-file-path=/usr/local/php5 --enable-mbstring --enable-fpm --with-jpeg-dir=/usr/lib && make && make install
安装后优化调整
[root@www php-5.3.28]# cp -p /usr/src/php-5.3.28/php.ini-development /usr/local/php5/php.ini
[root@www php-5.3.28]# ln -s /usr/local/php5/bin/* /usr/local/bin/
[root@www php-5.3.28]# ln -s /usr/local/php5/sbin/* /usr/local/sbin/
安装ZendGuardLoader(PHP的优化模块)
[root@www ~]# tar xf ZendGuardLoader-php-5.3-linux-glibc23-x86_64.tar.gz -C /usr/src/
[root@www ~]# cd /usr/src/ZendGuardLoader-php-5.3-linux-glibc23-x86_64/
[root@www ZendGuardLoader-php-5.3-linux-glibc23-x86_64]# cd
[root@www ~]# cp /usr/src/ZendGuardLoader-php-5.3-linux-glibc23-x86_64/php-5.3.x/ZendGuardLoader.so /usr/local/php5/lib/php/
[root@www ~]# echo -e "zend_extension=/usr/local/php5/lib/php/ZendGuardLoader.so\nzend_loader.enable=1" >> /usr/local/php5/php.ini
启用php-fpm进程
[root@www ~]# cd /usr/local/php5/etc/
[root@www etc]# cp -p php-fpm.conf.default php-fpm.conf
[root@www etc]# vim php-fpm.conf
25 pid = run/php-fpm.pid //确认pid文件位置
140 user = nginx //程序用户
141 group = nginx //程序组
217 pm.max_children = 50 //子进程的最大数
222 pm.start_servers = 20 //启动时开启的进程数
227 pm.min_spare_servers = 5 //最少空闲进程数
232 pm.max_spare_servers = 35 //最大空闲进程数
[root@www etc]# php-fpm
[root@www etc]# netstat -anpt | grep php-fpm
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 123477/php-fpm
修改/etc/init.d/nginx服务脚本
[root@www etc]# vim /etc/init.d/nginx
#!/bin/bash
# chkconfig: 2345 99 20
# description: Nginx Server Control Script
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
PROG_FPM="/usr/local/sbin/php-fpm"
PIDF_FPM="/usr/local/php5/var/run/php-fpm.pid"
case "$1" in
start)
$PROG
$PROG_FPM
;;
stop)
kill -s QUIT $(cat $PIDF)
kill -s QUIT $(cat $PIDF_FPM)
;;
restart)
$0 stop
$0 start
;;
reload)
kill -s HUP $(cat $PIDF)
;;
*)
echo "Usage: $0 (start|stop|restart|reload)"
exit 1
esac
exit 0
[root@www etc]# chkconfig --del nginx
[root@www etc]# chkconfig --add nginx
[root@www etc]# /etc/init.d/nginx stop
[root@www etc]# /etc/init.d/nginx start
[root@www etc]# netstat -anpt |egrep "nginx|php-fpm"
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 123527/php-fpm
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 123522/nginx
配置Nginx支持PHP解析(黄色添加项)
location / {
root html/wx002;
index index.php index.html index.htm;
}
location ~ \.php$ {
root html/wx002;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
[root@www ~]# nginx –t
[root@www ~]# vim /usr/local/nginx/html/wx002/test.php
<?php
$link=mysql_connect(‘localhost‘,‘root‘,‘123‘);
if($link) echo "<h1>这是一个PHP解析的页面</h1>";
mysql_close();
?>
重启服务,PHP页面访问测试
部署Nginx+Apache动静分离
开两台主机,一台搭建LNMP,一台搭建LAMP
192.168.108.111 LAMP环境
192.168.108.112 LNMP环境
静态网页由LNMP服务器提供解析,动态PHP语言由LAMP服务器提供解析。
环境搭建OK
修改nginx.conf主配置文件(添加lication)
location ~ \.php$ { //区分大小写匹配,以php结尾的的网页去下面的服务器访问
proxy_pass http://192.168.108.111:80;
}
location ~ \.(gif|jpg|jpeg|bmp|png|swf) { //区分大小写匹配,以gif、jpg…swf结尾的文件,到下面路径去找
root html/wx002;
}
[root@www ~]# ulimit -n 65000
[root@www ~]# echo "ulimit -n 65000" >>/etc/profile
在LAMP服务器Apache网页目录下
[root@www htdocs]# vim test.php
<?php
$link=mysql_connect(‘localhost‘,‘root‘,‘123‘);
if($link) echo "<h1>这是一个PHP解析的页面,由LAMP提供解析服务</h1>";
mysql_close();
?>
<img src="http://www.wx002.com/jdqs.jpg"/>
[root@www htdocs]# echo "192.168.108.112 www.wx001.com www.wx002.com" >>/etc/hosts
重启nginx服务,网页浏览测试
nginx使用openssl安装数字证书
编译安装nginx时,添加openssl模块,把openssl路径指定到解压出来的路径
[root@www ~]# tar xf nginx-1.6.0.tar.gz -C /usr/src/
[root@www ~]# tar xf openssl-1.0.2l.tar.gz -C /usr/src/
[root@www ~]# cd /usr/src/nginx-1.6.0/
[root@www nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-openssl=/usr/src/openssl-1.0.2l/ --with-http_gzip_static_module && make && make install
生成RSA密钥【这个命令会生成一个2048位的密钥,同时有一个des3方法加密的密码,如果你不想要每次都输入密码,可以改成:
openssl genrsa -out privkey.pem 2048
建议用2048位密钥,少于此可能会不安全或很快将不安全。】
[root@www nginx-1.6.0]# openssl genrsa -des3 -out privkey.pem 2048
Generating RSA private key, 2048 bit long modulus
................................................+++
....+++
e is 65537 (0x10001)
Enter pass phrase for privkey.pem:
Verifying - Enter pass phrase for privkey.pem:
生成一个证书请求
【openssl
req -new -key privkey.pem -out cert.csr
这个命令将会生成一个证书请求,当然,用到了前面生成的密钥privkey.pem文件
这里将生成一个新的文件cert.csr,即一个证书请求文件,你可以拿着这个文件去数字证书颁发机构(即CA)申请一个数字证书。CA会给你一个新的文件cacert.pem,那才是你的数字证书。
如果是自己做测试,那么证书的申请机构和颁发机构都是自己。就可以用下面这个命令来生成证书:
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
这个命令将用上面生成的密钥privkey.pem生成一个数字证书cacert.pem
】
[root@www nginx-1.6.0]# openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
Enter pass phrase for privkey.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:cn
Locality Name (eg, city) [Default City]:cn
Organization Name (eg, company) [Default Company Ltd]:cn
Organizational Unit Name (eg, section) []:cn
Common Name (eg, your name or your server‘s hostname) []:cn
Email Address []:cn
移动生成的证书和秘钥到nginx的配置目录下
[root@www nginx-1.6.0]# mv cacert.pem privkey.pem /usr/local/nginx/conf/
修改nginx.conf配置【添加】
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /usr/local/nginx/conf/cacert.pem;
ssl_certificate_key /usr/local/nginx/conf/privkey.pem;
server_name 192.168.108.112
ssl_session_timeout 5m;
}
为主程序创建链接文件
[root@www nginx-1.6.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
语法检测
[root@www conf]# nginx -t
Enter PEM pass phrase:
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
启动服务,浏览器测试
[root@www conf]# killall -3 nginx
[root@www conf]# nginx
Enter PEM pass phrase:
lnmp搭建+openssl(仅测试)