OPENBSD-3.8上快速安装和配置apache+mysql+php+ssl
<p>本文旨在用OPENBSD自己提供的软件<a target="_blank" href="#" class="UBBWordLink">安装</a>包来搭建<a target="_blank" href="#" class="UBBWordLink">服务</a>器环境,当然你也可以下载原代码包编译<a target="_blank" href="#" class="UBBWordLink">安装</a>,但这样就费时费力了。实际上OPENBSD给我们提供了大量的编译好的二进制<a target="_blank" href="#" class="UBBWordLink">安装</a>包,利用这些二进制<a target="_blank" href="#" class="UBBWordLink">安装</a>包我们可以快速部署我们需要的<a target="_blank" href="#" class="UBBWordLink">服务</a>器环境,不仅省时还可以保障OPENBSD的安全性,还可以自动<a target="_blank" href="#" class="UBBWordLink">解决</a>各个<a target="_blank" href="#" class="UBBWordLink">安装</a>包之间的包依赖问题(用pkg_add来<a target="_blank" href="#" class="UBBWordLink">安装</a>远程<a target="_blank" href="#" class="UBBWordLink">服务</a>器上的软件包,包依赖问题会自动处理不需要认为干预,这个有点像通过PORT安装)。下面的文档在一个E文的文档基础上经过整理补充后形成的,那个E文档找不到了。 <br /><br />
设立<a target="_blank" href="#" class="UBBWordLink">网络</a><a target="_blank" href="#" class="UBBWordLink">安装</a><a target="_blank" href="#" class="UBBWordLink">服务</a>器的地址: <br />
<br />
# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/3.8/packages/i386/ <br />
<br />
1. 配置APACHE服务器: <br />
<br />
因为APACHE是<a target="_blank" href="#" class="UBBWordLink">系统</a>默认<a target="_blank" href="#" class="UBBWordLink">安装</a>的,这里就省去了<a target="_blank" href="#" class="UBBWordLink">安装</a>过程,下面配置APACHE这样就可以开机运行HTTP了因为在/ETC/RC脚本中已经有了HTTPD服务的启动<a target="_blank" href="#" class="UBBWordLink">设置</a> <br />
<br />
# vi /etc/rc.conf <br />
改: <br />
httpd_flags=NO <br />
为: <br />
httpd_flags="" <br />
<br />
对apache做一初步<a target="_blank" href="#" class="UBBWordLink">设置</a> <br />
# vi /var/www/conf/httpd.conf <br />
<br />
ExtendedStatus On <br />
ServerAdmin llzqq@126.com <br />
ServerName llzqq.3322.org <br />
ServerTokens Prod <br />
ServerSignature Off <br />
Options Indexes FollowSymLinks 改为 Options FollowSymLinks <br />
<br />
2. <a target="_blank" href="#" class="UBBWordLink">安装</a>mysql-server-4.0.24p1: <br />
<br />
# pkg_add -v mysql-server-4.0.24p1.tgz <br />
# cp /usr/local/share/mysql/my-medium.cnf /etc/my.cnf <br />
<br />
如果不想让其他机器连接MYSQL,可以通过下面的<a target="_blank" href="#" class="UBBWordLink">操作</a>实现: <br />
<br />
# vi /etc/my.cnf <br />
<br />
bind-address = 127.0.0.1 <br />
<br />
启动MYSQL-SERVER服务器: <br />
<br />
# /usr/local/bin/mysqld_safe & <br />
<br />
<a target="_blank" href="#" class="UBBWordLink">设置</a>ROOT的MYSQL密码: <br />
<br />
# /usr/local/bin/mysqladmin -u root password mypass <br />
<br />
为了方便启动和关闭MYSQL服务建立了下面的脚本: <br />
<br />
# vi /etc/rc.d/mysqld.sh <br />
======================================================== <br />
#!/bin/sh <br />
# made by llzqq <br />
# mail:openbsd@163.com <br />
# mysql startup scripts <br />
case "$1" in <br />
start) <br />
if [ -x /usr/local/bin/mysqld_safe ]; then <br />
/usr/local/bin/mysqld_safe & <br />
fi <br />
;; <br />
stop) <br />
pkill mysqld & <br />
rm -f /var/run/mysql/mysql.sock & <br />
<br />
;; <br />
*) <br />
echo "$0 start | stop" <br />
;; <br />
esac <br />
exit 0 <br />
======================================================== <br />
<br />
# chmod 555 /etc/rc.d/mysqld.sh <br />
<br />
<a target="_blank" href="#" class="UBBWordLink">设置</a>开机启动MYSQL <br />
<br />
# vi /etc/rc.local <br />
<br />
if [ -f /etc/my.cnf ]; then <br />
/etc/rc.d/mysqld.sh start <br />
fi <br />
<br />
3. <a target="_blank" href="#" class="UBBWordLink">安装</a>配置PHP-4.4.1 <br />
<br />
# pkg_add -v php4-core-4.4.1p0.tgz <br />
<br />
运行下面的命令使其生效 <br />
# cp /usr/local/share/examples/php4/php.ini-recommended /var/www/conf/php.ini <br />
# /usr/local/sbin/phpxs -s <br />
<br />
由于OPENBSD上的APACHE采用了CHROOT机制,要保证PHP正常工作就要建下面的目录PHP工作目录: <br />
<br />
# mkdir /var/www/tmp <br />
# chmod 1777 /var/www/tmp <br />
<br />
下面选择<a target="_blank" href="#" class="UBBWordLink">安装</a>几个PHP组件: <br />
<br />
# pkg_add -v php4-gd-4.4.1p0-no_x11.tgz <br />
# /usr/local/sbin/phpxs -a gd <br />
<br />
# pkg_add -v php4-mysql-4.4.1p0.tgz <br />
# /usr/local/sbin/phpxs -a mysql <br />
<br />
# pkg_add -v php4-ncurses-4.4.1p0.tgz <br />
# /usr/local/sbin/phpxs -a ncurses <br />
<br />
# pkg_add -v php4-imap-4.4.1p0.tgz <br />
# /usr/local/sbin/phpxs -a imap <br />
<br />
# pkg_add -v php4-curl-4.4.1p0.tgz <br />
# /usr/local/sbin/phpxs -a curl <br />
<br />
# pkg_add -v php4-dbx-4.4.1p0.tgz <br />
# /usr/local/sbin/phpxs -a dbx <br />
<br />
# pkg_add -v php4-ldap-4.4.1p0.tgz <br />
# /usr/local/sbin/phpxs -a ldap <br />
<br />
# pkg_add -v php4-pdf-4.4.1p0.tgz <br />
# /usr/local/sbin/phpxs -a pdf <br />
<br />
# pkg_add -v php4-snmp-4.4.1p0.tgz <br />
# /usr/local/sbin/phpxs -a snmp <br />
<br />
<a target="_blank" href="#" class="UBBWordLink">设置</a>apache支持PHP: <br />
<br />
# vi /var/www/conf/httpd.conf <br />
<br />
DirectoryIndex index.html index.php <br />
AddType application/x-httpd-php .php <br />
AddType application/x-httpd-php-source .phps <br />
<br />
# vi /var/www/conf/php.ini <br />
<br />
doc_root= "/htdocs" <br />
register_globals = On <br />
<br />
建立测试php页面 <br />
<br />
# vi /var/www/htdocs/test.php <br />
<br />
<?php phpinfo(); ?> <br />
<br />
测试一下: <br />
<br />
# pkill httpd <br />
# /usr/sbin/httpd <br />
<br />
在浏览器中输入http://IP/test.php实验一下 <br />
<br />
<br />
4. <a target="_blank" href="#" class="UBBWordLink">安装</a>mod_limitipconn模块来限制单IP的并发连接数 <br />
<br />
# wget http://dominia.org/djao/limit/mod_limitipconn-0.04.tar.gz <br />
# tar xzf mod_limitipconn-0.04.tar.gz <br />
# cd mod_limitipconn-0.04 <br />
# vi Makefile <br />
<br />
APXS = /usr/sbin/apxs <br />
<br />
# make <br />
# make install <br />
<br />
让APACHE支持这个模块: <br />
# vi /var/www/conf/httpd.conf <br />
<br />
<IfModule mod_limitipconn.c> <br />
<Location /> <br />
MaxConnPerIP 5 <br />
</Location> <br />
</IfModule> <br />
<br />
<br />
到次整个<a target="_blank" href="#" class="UBBWordLink">安装</a>过程结束。 <br />
<br />
附件部分: <br />
<br />
我们为让APACHE支持SSL传输配置APACHE: <br />
<br />
# vi /var/www/conf/httpd.conf <br />
添加下面两行: <br />
SSLCertificateFile /etc/ssl/server.crt <br />
SSLCertificateKeyFile /etc/ssl/private/server.key <br />
<br />
为了使APACHE启动时启用SSL,<a target="_blank" href="#" class="UBBWordLink">设置</a>一下APACHE启动选项: <br />
<br />
# vi /etc/rc.conf.local <br />
改: <br />
httpd_flags="" # or it could have httpd_flags=NO <br />
为: <br />
httpd_flags="-DSSL # or it could have httpd_flags=NO <br />
<br />
手动启动和关闭APACHE这样做就可以了: <br />
<br />
# apachectl startssl <br />
# apachectl stop <br />
<br />
下面是<a target="_blank" href="#" class="UBBWordLink">设置</a>APACHE+SSL的过程: <br />
<br />
1. 创建<a target="_blank" href="#" class="UBBWordLink">服务</a>器KEY文件 (1024 bit) : <br />
<br />
# /usr/sbin/openssl genrsa -out /etc/ssl/private/server.key 1024 <br />
<br />
<br />
2. 创建<a target="_blank" href="#" class="UBBWordLink">服务</a>器CSR文件(certificate signing request) <br />
<br />
# /usr/sbin/openssl req -new -key /etc/ssl/private/server.key -out /etc/ssl/private/server.csr <br />
<br />
这里自己填写一些注册信息 <br />
<br />
3. 生成签名证书(365天有效证书): <br />
<br />
# /usr/sbin/openssl x509 -req -days 365 -in /etc/ssl/private/server.csr -signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt <br />
<br />
4. 虚拟主机部分: <br />
<br />
<br />
NameVirtualHost 192.168.10.1:* <br />
<br />
<VirtualHost 192.168.10.1:443> <br />
ServerAdmin llzqq@126.com <br />
DocumentRoot /var/www/llzqq <br />
ServerName llzqq.home.com <br />
ErrorLog logs/llzqq.home.com-error_log <br />
CustomLog logs/llzqq.home.com-access_log common <br />
SSLEngine on <br />
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP <br />
SSLCertificateFile /etc/ssl/virtualsite.com.crt <br />
SSLCertificateKeyFile /etc/ssl/private/server.key <br />
<br />
</VirtualHost> <br />
<br />
<br />
<VirtualHost 192.168.10.1:80> <br />
ServerAdmin llzgg@126.com <br />
DocumentRoot /var/www/llzgg <br />
ServerName llzgg.home.com <br />
ErrorLog logs/llzgg.home.com-error_log <br />
CustomLog logs/llzgg.home.com-access_log common <br />
<br />
</VirtualHost> <br />
</p>
頁:
[1]