创建web服务器（LAMP）： 

# optimization by onekey

sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#‘ /etc/selinux/config

grep SELINUX=disabled /etc/selinux/config

setenforce 0

getenforce

/etc/init.d/iptables stop

/etc/init.d/iptables stop

chkconfig iptables off

chkconfig|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk ‘{print "chkconfig",$1,"off"}‘|bash

useradd oldboy

\cp /etc/sudoers /etc/sudoers.bak

echo "oldboy ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

tail -l /etc/sudoers

visudo -c

echo ‘export TMOUT=1800‘ >> /etc/profile

echo ‘export HISTSIZE=5‘  >> /etc/profile

echo ‘export HISTFILESIZE=5‘ >> /etc/profile

. /etc/profile

echo ‘*                -       nofile          65535‘ >> /etc/security/limits.conf

echo ">/etc/udev/rules.d/70-persistent-net.rules" >>/etc/rc.local

#about selinux

cat >> /etc/sysctl.conf <<EOF

net.ipv4.tcp_fin_timeout = 2

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_keepalive_time = 600

net.ipv4.ip_local_port_range = 4000   65000

net.ipv4.tcp_max_syn_backlog = 16384

net.ipv4.tcp_max_tw_buckets = 36000

net.ipv4.route.gc_timeout = 100

net.ipv4.tcp_syn_retries = 1

net.ipv4.tcp_synack_retries = 1

net.core.somaxconn = 16384

net.core.netdv_max_backlog = 16384

net.ipv4.tcp_max_orphans = 16384

net.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_tcp_timeout_established = 180

net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120

net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60

net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120

EOF

#set ip and hosts for web02

cat >/etc/sysconfig/network-scripts/ifcfg-eth0<<EOF

DEVICE=eth0

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=static

IPADDR=10.0.0.7

NETSK=255.255.255.0

GATEWAY=10.0.0.2

nameserver=202.96.128.86

EOF

cat >/etc/sysconfig/network-scripts/ifcfg-eth1 <<EOF

DEVICE=eth1

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=yes

IPADDR=172.16.1.7

NETSK=255.255.255.0

EOF

cat >/etc/sysconfig/network<<EOF

NETWORKING=yes

HOSTNAME=web02

EOF

hostname web02

cat >/etc/hosts <<EOF

127.0.0.1    localhost localhost.localdomain localhost4 localhost4.localdomain4

::1          localhost localhost.localdomain localhost6 localhost6.localdomain6

172.16.1.5   lb01

172.16.1.6   lb02

172.16.1.7   web02

172.16.1.8   web01

172.16.1.31  nfs01

172.16.1.41  backup

172.16.1.51  db01

172.16.1.61  m01

EOF

#/etc/init.d/network reload

#make some dir

mkdir -p /server/scripts /server/tools /application

reboot

====================================================================================================

#yum repo and epel

yum -y install  wget

\cp /etc/yum.repos.d/CentOS-Base.repo{,.backup}

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

yum clean all

yum makecache

#setup some tools and develpment

yum -y install lrzsz nmap tree dos2unix nc wget

yum groupinstall -y "Base" "Compatibility libraries" "Debugging Tools" "Development tools"

#set ntp cron

echo ‘#time sync by NTP Server at 20170608‘ >>/var/spool/cron/root

echo ‘*/5 * * * * /usr/sbin/ntpdate 172.16.1.61 >/dev/null 2>&1‘ >>/var/spool/cron/root

crontab -l

#tar configs for every server rsync to backup

#install rsync

yum -y install rsync

#create passwordfile

echo "oldboy" >/etc/rsync.password

chmod 600 /etc/rsync.password

cat >/server/scripts/bak.sh <<EOF

#!/bin/sh

##create by 20has at 2017-5-18

IP=\$(ifconfig eth1|awk -F "[ :]+" ‘NR==2{print \$4}‘)

TIME=\$(date +%F)

mkdir -p /backup/\$IP

cd / && \

tar -zcf /backup/\$IP/\$TIME.tar.gz var/spool/cron/root etc/rc.local server/scripts etc/sysconfig/iptables

md5sum /backup/\$IP/\$TIME.tar.gz >/backup/\$IP/flag.log

rsync -az /backup/ rsync_backup@172.16.1.41::backup --password-file=/etc/rsync.password

#del

find /backup -type f -name "*.tar.gz" -mtime +7 |xargs rm -f

EOF

#add cron to rsync backup

echo ‘#add cron to rsync backup at 20170608‘ >>/var/spool/cron/root

echo ‘00 00 * * * /bin/sh /server/scripts/bak.sh &>/dev/null‘ >>/var/spool/cron/root

crontab -l

#setup apache

yum -y install gcc gcc-c++ ncurses-devel perl

yum -y install zlib zlib-devel

cd /server/tools

tar -xf httpd-2.2.32.tar.gz

cd httpd-2.2.32

mkdir -p /application/apach2.2.31

./configure \

--prefix=/application/apache2.2.31 \

--enable-deflate \

--enable-expires \

--enable-headers \

--enable-modules=most \

--enable-so \

--with-mpm=worker \

--enable-rewrite

make

make install

ln -s /application/apache2.2.31/ /application/apache

ll /application/apache

#config apache

cd /application/apache/htdocs/

mkdir bbs blog www

echo "apache www" > www/index.html

echo "apache bbs" > bbs/index.html

echo "apache blog" > blog/index.html

cd ../conf/

sed -i "s@#Include conf/extra/httpd-vhosts.conf@Include conf/extra/httpd-vhosts.conf@g" httpd.conf

sed -i "s@#ServerName www.example.com:80@ServerName 127.0.0.1:80@g" httpd.conf

sed -i "s@Options Indexes FollowSymLinks@Options -Indexes FollowSymLinks@g" httpd.conf

cat >/application/apache/conf/extra/httpd-vhosts.conf <<EOF

NameVirtualHost *:80

<VirtualHost *:80>

    ServerAdmin a-@qq.com

    DocumentRoot "/application/apache/htdocs/www"

    ServerName www.etiantian.org

    ServerAlias etiantian.org

    ErrorLog "logs/www-error_log"

    CustomLog "logs/www-access_log" common

</VirtualHost>

<VirtualHost *:80>

    ServerAdmin a-@qq.com

    DocumentRoot "/application/apache/htdocs/blog"

    ServerName blog.etiantian.org

    ErrorLog "logs/blog-error_log"

    CustomLog "logs/blog-access_log" common

</VirtualHost>

<VirtualHost *:80>

    ServerAdmin a-@qq.com

    DocumentRoot "/application/apache/htdocs/bbs"

    ServerName bbs.etiantian.org

    ErrorLog "logs/bbs-error_log"

    CustomLog "logs/bbs-access_log" common

</VirtualHost>           

EOF

/application/apache/bin/apachectl -t

/application/apache/bin/apachectl start

/application/apache/bin/apachectl graceful

#setup php

yum -y install zlib-devel libxml2-devel libjpeg-devel libjpeg-turbo-devel libiconv-devel

yum -y install freetype-devel libpng-devel gd-devel libcurl-devel libxslt-devel

yum -y install libmcrypt-devel mhash mcrypt openssl-devel libxslt

cd /server/tools/

tar zxf libiconv-1.14.tar.gz

cd libiconv-1.14

./configure --prefix=/usr/local/libiconv

make

make install

cd ../

tar zxf php-5.5.32.tar.gz

cd php-5.5.32

./configure \

--prefix=/application/php5.3.27 \

--with-apxs2=/application/apache/bin/apxs \

--with-mysql=mysqlnd \

--with-pdo-mysql=mysqlnd \

--with-iconv-dir=/usr/local/libiconv \

--with-freetype-dir \

--with-jpeg-dir \

--with-png-dir \

--with-zlib \

--with-libxml-dir=/usr \

--enable-xml \

--disable-rpath \

--enable-bcmath \

--enable-shmop \

--enable-sysvsem \

--enable-inline-optimization \

--with-curl \

--enable-mbregex \

--enable-mbstring \

--with-mcrypt \

--with-gd \

--enable-gd-native-ttf \

--with-openssl \

--with-mhash \

--enable-pcntl \

--enable-sockets \

--with-xmlrpc \

--enable-soap \

--enable-short-tags \

--enable-static \

--with-xsl \

--enable-ftp

make

make install

cd ../

ln -s /application/php5.3.27/ /application/php

ll /application/php/

cd /application/apache/conf 

sed -i ‘320iADDType application/x-httpd-php .php .phtml‘ httpd.conf

sed -i ‘321iADDType application/x-httpd-php-source .phps‘ httpd.conf

sed -i "s#DirectoryIndex index.html#DirectoryIndex index.php index.html#g" httpd.conf

sed -i "s#User daemon#User www#g" httpd.conf

sed -i "s#Group daemon#Group www#g" httpd.conf

sed -i "s#Deny from all#Allow from all#g" httpd.conf

sed -i "s@#Include conf/extra/httpd-mpm.conf@Include conf/extra/httpd-mpm.conf@" httpd.conf

#sed -i "s#MaxClients          150#MaxClients          1500#g" extra/httpd-mpm.conf

sed -i "s#MaxRequestsPerChild   0#MaxRequestsPerChild   5000#g" extra/httpd-mpm.conf

useradd -u888 -s /sbin/nologin www

id www

/application/apache/bin/apachectl -t

/application/apache/bin/apachectl graceful

lsof -i :80

#setup wordpress

cd /application/apache/htdocs/blog/

tar -zxf /server/tools/blog-wordpress.tar.gz

chown -R www.www /application/apache/htdocs/blog/

cd /application/apache/conf/

#mount 

yum -y install rpcbind nfs-utils

/etc/init.d/rpcbind start

chkconfig rpcbind on

showmount -e 172.16.1.31

mount -t nfs 172.16.1.31:/data /application/apache/htdocs/blog/wp-content/uploads/

echo "/bin/mount -t nfs 172.16.1.31:/data /application/apache/htdocs/blog/wp-content/uploads/" >>/etc/rc.local

cat /etc/rc.local

df -h

/application/apache/bin/apachectl -t

/application/apache/bin/apachectl graceful

lsof -i :80

wordpress是直接套用的niginx的blog文件，所以apache的伪静态没做！

坑之一：

[root@web02 extra]# /application/apache/bin/apachectl -t

[Tue Jun 13 21:49:01 2017] [warn] _default_ VirtualHost overlap on port 80, the first has precedence

[Tue Jun 13 21:49:01 2017] [warn] _default_ VirtualHost overlap on port 80, the first has precedence

Syntax OK

apache配置检查的时候出现的不明原因的错误！

[root@web02 extra]# vim /etc/hosts

[root@web02 extra]# curl www.etiantian.org

apache www

[root@web02 extra]# curl etiantian.org

apache www

[root@web02 extra]# curl bbs.etiantian.org

apache www

[root@web02 extra]# curl blog.etiantian.org

apache www                 #网页读取不到blog和bbs的网页  都是显示的apache ww

解答：NameVirtualHost *:80   后续对比上课的web02发现httpd-vhosts.conf第一行少了此句！！！

6.创建web服务器（LAMP）：