马哥教育网络班21期+第12周课程练习
5、为第4题中的第2个虚拟主机提供https服务,使得用户可以通过https安全的访问此web站点;
-
(1)要求使用证书认证,证书中要求使用的国家(CN)、州(HA)、城市(ZZ)和组织(MageEdu);
-
(2)设置部门为Ops,主机名为www2.stuX.com,邮件为admin@stuX.com;
1.CA生成私钥
[root@web ~]# (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
2.CA生成自签证书
[root@web ~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem
-out /etc/pki/CA/cacert.pem -days 365
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HA
Locality Name (eg, city) [Default City]:ZZ
Organization Name (eg, company) [Default Company Ltd]:MagEdu
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www2.stuX.com
Email Address []:admin@stuX.com
3.提供CA所需的目录和文件
[root@web ~]# mkdir -pv /etc/pki/CA/{certs,crl,newcerts}
[root@web ~]# touch /etc/pki/CA/{serial,index.txt}
[root@web ~]# echo 01 > /etc/pki/CA/serial
4.虚拟主机生成私钥
[root@web ~]# mkdir /usr/local/apache/ssl
[root@web ~]# (umask 077;openssl genrsa -out /usr/local/apache/ssl/http.key 2048)
5.虚拟主机生成证书请求文件
[root@web ~]# openssl req -new -key /usr/local/apache/ssl/http.key
-out /usr/local/apache/ssl/http.csr -days 365
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HA
Locality Name (eg, city) [Default City]:ZZ
Organization Name (eg, company) [Default Company Ltd]:MagEdu
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www2.stuX.com
Email Address []:admin@stuX.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
6.在CA上签署虚拟主机的证书
[root@web ~]# openssl ca -in /usr/local/apache/ssl/http.csr
-out /usr/local/apache/ssl/http.crt -days 365
7.编辑httpd.conf开启对应的模块和ssl.conf文件
[root@web ~]# vim /etc/httpd24/httpd.conf
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
Include /etc/httpd24/extra/httpd-ssl.conf
8.修改httpd-ssl.conf文件
[root@web ~]# vim /etc/httpd24/extra/httpd-ssl.conf
<VirtualHost _default_:443>
DocumentRoot "/web/vhosts/www2"
ServerName www2.stuX.com
ErrorLog "/var/log/httpd/www2.err"
CustomLog "/var/log/httpd/www2.access" common
<Directory "/web/vhosts/www2">
Options None
AllowOverride None
Require all granted
</Directory>
SSLCertificateFile "/usr/local/apache/ssl/http.crt"
SSLCertificateKeyFile "/usr/local/apache/ssl/http.key"
</VirtualHost>
9.重启httpd24服务并测试
[root@web ~]# service httpd24 restart
[root@web ~]# curl -k https://www2.stuX.com
www2.stuX.com
6、在LAMP架构中,请分别以php编译成httpd模块形式和php以fpm工作为独立守护进程的方式来支持httpd,列出详细的过程。
php编译成模块形式在第三题中做过,Apache和mysql编译安装与第三题相同。 1.安装所需要的环境 yum install bzip2-devel libmcrypt-devel libxml2-devel -y 2.编译安装php-5.4.26 [root@web ~]# tar xf php-5.4.26.tar.bz2 [root@web ~]# cd php-5.4.26 [root@web php-5.4.26]# ./configure --prefix=/usr/local/php5 --with-mysql=/usr/local/mysql --with-openssl --with-mysqli=/usr/local/mysql/bin/mysql_config --enable-mbstring --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --enable-sockets --enable-fpm --with-mcrypt --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 [root@web php-5.4.26]# make [root@web php-5.4.26]# make test [root@web php-5.4.26]# make intall 3.为php提供配置文件 [root@web php-5.4.26]# cp php.ini-production /etc/php.ini 4.为php-fpm提供SysV脚本并添加到服务列表 [root@web php-5.4.26]# cp sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm [root@web php-5.4.26]# chmod +x /etc/rc.d/init.d/php-fpm [root@web php-5.4.26]# chkconfig --add php-fpm [root@web php-5.4.26]# chkconfig php-fpm on 5.为php-fpm提供配置文件 [root@web php-5.4.26]# cp /usr/local/php5/etc/php-fpm.conf.default /usr/local/php5/etc/php-fpm.conf 6.编辑php-fpm配置文件内容 [root@web php-5.4.26]# vim /usr/local/php5/etc/php-fpm.conf pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 2 pm.max_spare_servers = 8 pid = /usr/local/php5/var/run/php-fpm.pid 7.启动php-fpm并检测 [root@web php-5.4.26]# service php-fpm start [root@web php-5.4.26]# ps aux | grep php-fpm root 81568 0.0 0.0 154960 3940 ?Ss Aug10 0:00 php-fpm: master process (/usr/local/php5/etc/php-fpm.conf) nobody81569 0.0 0.0 154960 3496 ?SAug10 0:00 php-fpm: pool www nobody81570 0.0 0.0 154960 3496 ?SAug10 0:00 php-fpm: pool www nobody81571 0.0 0.0 154960 3496 ?SAug10 0:00 php-fpm: pool www nobody81572 0.0 0.0 154960 3496 ?SAug10 0:00 php-fpm: pool www nobody81573 0.0 0.0 154960 3496 ?SAug10 0:00 php-fpm: pool www root 81623 0.0 0.0 103244 840 pts/0S+ 00:11 0:00 grep php-fpm 此命令输出有中几个php-fpm进程就说明启动成功了 [root@web php-5.4.26]# netstat -tnlp | grep php-fpm tcp0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 81568/php-fpm fpm监听在127.0.0.1的9000端口 8.编辑httpd的配置文件使支持php-fpm [root@web php-5.4.26]# vim /etc/httpd24/httpd.conf LoadModule proxy_module modules/mod_proxy.so //这行取消注释 LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so //这行取消注释 Include /etc/httpd24/extra/httpd-vhosts.conf //这行取消注释 #DocumentRoot "/usr/local/apache/htdocs" //这行注释掉 AddType application/x-httpd-php .php //添加这行 AddType application/x-httpd-php-source .phps //添加这行 DirectoryIndex index.php index.html //这行修改 在Apache httpd 2.4以后已经专门有一个模块针对FastCGI的实现, 此模块为mod_proxy_fcgi.so,它其实是作为mod_proxy.so模块的扩充, 因此,这两个模块都要加载。 9.创建虚拟主机目录并创建所需php测试文件 [root@web php-5.4.26]# mkdir -p /web/vhosts/www1 [root@web php-5.4.26]# echo '<? php phpinfo() ?>' > /web/vhosts/www1/index.php 10.编辑虚拟主机配置文件使支持使用fcgi [root@web php-5.4.26]# vim /etc/httpd24/extra/httpd-vhosts.conf <VirtualHost 192.168.82.58:80> DocumentRoot "/web/vhosts/www1" ServerName www1.stuX.com ErrorLog "/var/log/httpd/www1.err" CustomLog "/var/log/httpd/www1.access" common ProxyRequests Off ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/web/vhosts/www1/$1 <Directory "/web/vhosts/www1"> Options None AllowOverride None Require all granted </Directory> </VirtualHost> ProxyRequests Off:关闭正向代理 ProxyPassMatch:把以.php结尾的文件请求发送到php-fpm进程, php-fpm至少需要知道运行的目录和URI,所以这里直接在fcgi://127.0.0.1:9000后 指明了这两个参数,其它的参数的传递已经被mod_proxy_fcgi.so进行了封装,不需要手动指定。 11.重启httpd24服务并测试 [root@web php-5.4.26]# service httpd24 restart
原创文章,作者:N21_孤狼,如若转载,请注明出处:http://www.178linux.com/64304
