目录
1、系统环境
2、CA证书服务器配置
3、nginx环境部署
4、MariaDB部署
5、php部署及与nginx整合
6、phpmyadmin部署
7、discuz论坛部署测试
8、验证nginx的status功能
9、总结
1、系统环境
1.1、基本环境:
[root@LEMP~]#ifconfig|grepBcastinetaddr:192.168.0.200Bcast:192.168.0.255Mask:255.255.255.0[root@LEMP~]#cat/etc/issueCentOSrelease6.4(Final)Kernel\ronan\m[root@LEMP~]#uname-r2.6.32-358.el6.x86_64[root@LEMP~]#vim/etc/sysconfig/selinuxSELINUX=disabled#关闭[root@LEMP~]#setenforce0
1.2、系统防火墙设置:
[root@LEMPscripts]#pwd/root/scripts[root@LEMPscripts]#vimiptables.sh#!/bin/bash/sbin/iptables-F/sbin/iptables-X/sbin/iptables-Z/sbin/iptables-PINPUTDROP/sbin/iptables-POUTPUTACCEPT###/sbin/iptables-AINPUT-ptcp–dport2222-jACCEPT/sbin/iptables-AINPUT-ilo-jACCEPT/sbin/iptables-AOUTPUT-olo-jACCEPT/sbin/iptables-AINPUT-mstate–stateESTABLISHED,RELATED-jACCEPT/sbin/iptables-AINPUT-ieth+-picmp–icmp-type8-jACCEPT#denyDDOS/sbin/iptables-AINPUT-picmp-micmp–icmp-type8-mlimit–limit6/min–limit-burst2-jACCEPT/sbin/iptables-AINPUT-picmp-micmp–icmp-type8-jREJECT–reject-withicmp-port-unreachable###/sbin/iptables-AINPUT-pTCP-ieth0–dport80-jACCEPT/sbin/iptables-AINPUT-pTCP-ieth0–dport443-jACCEPT[root@LEMPscripts]#chmod+xiptables.sh[root@LEMPscripts]#./iptables.sh[root@LEMPscripts]#vim/etc/rc.local/root/scripts/iptables.sh#新增加此行
1.3、windows测试客户端hosts配置
确保本地hosts文件中有以下信息,
192.168.0.200 phpmyadmin.com
192.168.0.200 status.zhaochj.com
192.168.0.200 bbs.zhaochj.com
本次环境所涉及的软件请在这里下载
2、CA证书服务器配置
2.1、以CA服务器角色生成私钥文件:
[root@LEMPCA]#pwd/etc/pki/CA[root@LEMPCA]#(umask077;opensslgenrsa-outprivate/cakey.pem2048)GeneratingRSAprivatekey,2048bitlongmodulus……………………………………………………………………………….+++………….+++eis65537(0x10001)2.2、利用私钥文件自签后生成证书文件:[root@LEMPCA]#opensslreq-new-x509-keyprivate/cakey.pem-outcacert.pem-days365Youareabouttobeaskedtoenterinformationthatwillbeincorporatedintoyourcertificaterequest.WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.TherearequiteafewfieldsbutyoucanleavesomeblankForsomefieldstherewillbeadefaultvalue,Ifyouenter’.’,thefieldwillbeleftblank.—–CountryName(2lettercode)[XX]:CNStateorProvinceName(fullname)[]:ChongQingLocalityName(eg,city)[DefaultCity]:YuBeiOrganizationName(eg,company)[DefaultCompanyLtd]:LearingOrganizationalUnitName(eg,section)[]:TechCommonName(eg,yournameoryourserver’shostname)[]:ca.zhaochj.comEmailAddress[]:admin@zhaochj.com[root@LEMPCA]#touchindex.txtserial[root@LEMPCA]#echo01>serial
3、nginx环境部署
3.1、处理依赖关系及建立运行nginx的用户
[root@LEMP~]#yum-yinstallpcre-devel#如果系统没有此开发包则要先安装[root@LEMP~]#useradd-r-s/sbin/nologin-Mnginx
3.2、nginx源码编译安装
[root@LEMPsoftware]#pwd/root/software[root@LEMPsoftware]#lsnginx-1.6.2.tar.gz[root@LEMPsoftware]#tarxfnginx-1.6.2.tar.gz[root@LEMPsoftware]#cdnginx-1.6.2[root@LEMPsoftware]#./configure\–prefix=/opt/lemp/nginx16\–sbin-path=/opt/lemp/nginx16/sbin/nginx\–conf-path=/etc/nginx16/nginx.conf\–error-log-path=/var/log/nginx16/error.log\–http-log-path=/var/log/nginx16/access.log\–pid-path=/var/run/nginx16.pid\–lock-path=/var/lock/subsys/nginx16\–user=nginx\–group=nginx\–with-file-aio\–with-http_ssl_module\–with-http_flv_module\–with-http_mp4_module\–with-http_gzip_static_module\–with-http_stub_status_module\–http-client-body-temp-path=/var/tmp/nginx16/client\–http-proxy-temp-path=/var/tmp/nginx16/proxy\–http-fastcgi-temp-path=/var/tmp/nginx16/fastcgi\–http-uwsgi-temp-path=/var/tmp/nginx16/uwsgi\–http-scgi-temp-path=/var/tmp/nginx16/scgi\–with-pcre[root@LEMPnginx-1.6.2]#make&&makeinstall人生的路无需苛求。只要你迈步,路就在你的脚下延伸。
