week1
程序员文章站
2024-03-25 21:48:58
...
1.编译安装LNMP
1.1环境准备
源码包版本请自行下载,下载方式不做介绍
#源码包版本
[aaa@qq.com apps]# ll
total 63196
drwxr-xr-x 2 root root 4096 Jun 13 13:09 mysql
-rw-r--r-- 1 root root 48833145 Sep 13 2017 mysql-boost-5.7.20.tar.gz
drwxr-xr-x 11 nginx nginx 4096 Jun 11 22:06 nginx
-rw-r--r-- 1 root root 1039530 Apr 21 22:33 nginx-1.18.0.tar.gz
-rw-r--r-- 1 root root 14820606 May 26 14:00 php-7.3.5.tar.bz2
drwxr-xr-x 9 root root 4096 Jun 13 09:26 php-fpm
[aaa@qq.com apps]#
1.2 编译安装nginx
1.2.1 安装依赖包
[aaa@qq.com apps]# yum install -y
vim lrzsz tree screen psmisc \
lsof tcpdump wget ntpdate \
gcc gcc-c++ glibc glibc-devel \
pcre pcre-devel openssl openssl-devel \ systemd-devel nettools iotop bc \
zip unzip zlib-devel bash-completion \
nfs-utils automake libxml2 \
libxml2-devel libxslt \
libxslt-devel perl \
perl-ExtUtils-Embed
1.2.2 解压到自定义目录
#解压到指定目录
[aaa@qq.com apps]# tar -zxvf nginx-1.18.0.tar.gz -C /usr/local/src/
# 进入目录查看
aaa@qq.com apps]# cd /usr/local/src/
[aaa@qq.com src]# ls
nginx-1.18.0 openssh-7.4p1
[aaa@qq.com src]# cd nginx-1.18.0/
[aaa@qq.com nginx-1.18.0]# ll
total 784
drwxr-xr-x 6 1001 1001 4096 Jun 11 21:42 auto
-rw-r--r-- 1 1001 1001 302863 Apr 21 22:09 CHANGES
-rw-r--r-- 1 1001 1001 462213 Apr 21 22:09 CHANGES.ru
drwxr-xr-x 2 1001 1001 4096 Jun 11 21:42 conf
-rwxr-xr-x 1 1001 1001 2502 Apr 21 22:09 configure
drwxr-xr-x 4 1001 1001 4096 Jun 11 21:42 contrib
drwxr-xr-x 2 1001 1001 4096 Jun 11 21:42 html
-rw-r--r-- 1 1001 1001 1397 Apr 21 22:09 LICENSE
drwxr-xr-x 2 1001 1001 4096 Jun 11 21:42 man
-rw-r--r-- 1 1001 1001 49 Apr 21 22:09 README
drwxr-xr-x 9 1001 1001 4096 Jun 11 21:42 src
[aaa@qq.com nginx-1.18.0]#
1.2.3 编译
- 编译是为了检查系统环境是否符合编译安装的
要求,比如是否有gcc编译工具,是否支持编译参数
当中的模块,并根据开启的参数等生成Makefile
文件为下一步做准备
注:这个模块一定要安装,后面配置SSL用得到 --with-http_ssl_module
[aaa@qq.com nginx-1.18.0]# ./configure --prefix=/apps/nginx
--user=nginx
--user=nginx --with-http_ssl_module --with-http_v2_module
--with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module
--with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
Configuration summary
+ using system PCRE library
+ using system OpenSSL library
+ using system zlib library
nginx path prefix: "/apps/nginx"
nginx binary file: "/apps/nginx/sbin/nginx"
nginx modules path: "/apps/nginx/modules"
nginx configuration prefix: "/apps/nginx/conf"
nginx configuration file: "/apps/nginx/conf/nginx.conf"
nginx pid file: "/apps/nginx/logs/nginx.pid"
nginx error log file: "/apps/nginx/logs/error.log"
nginx http access log file: "/apps/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
1.2.4 编译安装
#编译步骤,根据Makefile文件生成相应的模块
[aaa@qq.com nginx-1.18.0]# make
#创建目录,并将生成的模块和文件复制到相应的目录
[aaa@qq.com nginx-1.18.0]# make install
[aaa@qq.com nginx-1.18.0]# useradd nginx -s /sbin/nologin -u 2000
[aaa@qq.com nginx-1.18.0]# chown nginx.nginx -R /apps/nginx/
[aaa@qq.com nginx-1.18.0]# ls /apps/nginx
conf html logs sbin
[aaa@qq.com nginx-1.18.0]# ls -al /apps/nginx
total 24
drwxr-xr-x 6 nginx nginx 4096 Jun 11 21:52 .
drwxr-xr-x 3 root root 4096 Jun 11 21:52 ..
drwxr-xr-x 2 nginx nginx 4096 Jun 11 21:52 conf
drwxr-xr-x 2 nginx nginx 4096 Jun 11 21:52 html
drwxr-xr-x 2 nginx nginx 4096 Jun 11 21:52 logs
drwxr-xr-x 2 nginx nginx 4096 Jun 11 21:52 sbin
[aaa@qq.com nginx-1.18.0]#
[aaa@qq.com nginx-1.18.0]#
- conf:该目录中保存了nginx所有的配置文件,其中nginx.conf是nginx服务器的核心主要的配置文件,其他 的.conf则是用来配置nginx相关的功能的,例如fastcgi功能使用的是fastcgi.conf和fastcgi_params两个文 件,配置文件一般都有个样板配置文件,是文件名.default结尾,使用的使用将其复制为并将default去掉即可。
- html:该目录中保存了nginx服务器的web文件,但是可以更改为其他目录保存web文件,另外还有一个50x的web文件是 默认的错误页面提示页面。
- logs:该目录用来保存nginx服务器的访问日志错误日志等日志,logs目录可以放在其他路径,比 如/var/logs/nginx里面。
- sbin:该目录用来保存nginx二进制启动脚本,可以接受不同的参数以实现不同的功能。
1.2.5 验证安装是否成功
[aaa@qq.com sbin]# /apps/nginx/sbin/nginx -V
nginx version: nginx/1.18.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/apps/nginx --user=nginx --user=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
1.2.6 Nginx启动脚本
[aaa@qq.com system]# more nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx.pid (按照实际路径更改)
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStart=/apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.conf (按照实际路径更改)
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
[Install]
WantedBy=multi-user.target
1.2.7 启动服务
#有了启动脚本后就可以加入系统启动服务
[aaa@qq.com ~]# systemctl daemon-reload
[aaa@qq.com ~]# systemctl start nginx
[aaa@qq.com ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:2222 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 :::2222 :::*
LISTEN 0 128 :::111 :::*
[aaa@qq.com ~]#
1.2.8 验证
1.2安装PHP
1.2.1 安装依赖包
yum -y install php-mcrypt libmcrypt libmcrypt-devel autoconf freetype gd libmcrypt libpng libpng-devel libjpeg libxml2 libxml2-devel zlib curl curl-devel re2c net-snmp-devel libjpeg-devel php-ldap openldap-devel openldap-servers openldap-clients freetype-devel gmp-devel
#安装完成
Updated:
curl.x86_64 0:7.29.0-57.el7 freetype.x86_64 0:2.8-14.el7
Dependency Updated:
cyrus-sasl-lib.x86_64 0:2.1.26-23.el7 elfutils-libelf.x86_64 0:0.176-4.el7 elfutils-libs.x86_64 0:0.176-4.el7
gmp.x86_64 1:6.0.0-15.el7 libcurl.x86_64 0:7.29.0-57.el7 libssh2.x86_64 0:1.8.0-3.el7
lm_sensors-libs.x86_64 0:3.4.0-8.20160601gitf9185e5.el7 net-snmp.x86_64 1:5.7.2-48.el7_8 net-snmp-agent-libs.x86_64 1:5.7.2-48.el7_8
net-snmp-libs.x86_64 1:5.7.2-48.el7_8 nspr.x86_64 0:4.21.0-1.el7 nss.x86_64 0:3.44.0-7.el7_7
nss-softokn.x86_64 0:3.44.0-8.el7_7 nss-softokn-freebl.x86_64 0:3.44.0-8.el7_7 nss-sysinit.x86_64 0:3.44.0-7.el7_7
nss-tools.x86_64 0:3.44.0-7.el7_7 nss-util.x86_64 0:3.44.0-4.el7_7 openldap.x86_64 0:2.4.44-21.el7_6
rpm.x86_64 0:4.11.3-43.el7 rpm-build-libs.x86_64 0:4.11.3-43.el7 rpm-libs.x86_64 0:4.11.3-43.el7
rpm-python.x86_64 0:4.11.3-43.el7
Complete!
[aaa@qq.com apps]#
1.2.2 解压到指定目录
#解压到指定目录
[aaa@qq.com apps]# tar -xjf php-7.3.5.tar.bz2 -C /usr/local/src/
[aaa@qq.com apps]# cd /usr/local/src/php-7.3.5/
[aaa@qq.com php-7.3.5]# pwd
/usr/local/src/php-7.3.5
[aaa@qq.com php-7.3.5]#
1.2.3 编译安装
#编译
./configure --prefix=/usr/local/php-fpm --enable-fpm --with-zlib --with-pdo-mysql --enable-mbstring --with-gd --with-png-dir=/usr/lib64 --with-jpeg-dir=/usr/lib64 --with-freetype-dir=/usr/lib64
#安装
make && make install
1.2.4 配置
#修改php-fpm.conf文件的PID
[aaa@qq.com etc]# more php-fpm.conf | grep pid
pid = /apps/php-fpm/var/run/php-fpm.pid
[aaa@qq.com etc]#
#修改www.conf文件
[aaa@qq.com php-fpm.d]# cp www.conf.default www.conf
[aaa@qq.com php-fpm.d]# vim www.conf
[aaa@qq.com php-fpm.d]# ll
total 40
-rw-r--r-- 1 root root 19219 Jun 13 09:59 www.conf
-rw-r--r-- 1 root root 19225 Jun 13 09:26 www.conf.default
[aaa@qq.com php-fpm.d]# pwd
/apps/php-fpm/etc/php-fpm.d
[aaa@qq.com php-fpm.d]#
#修改启动用户
user = www
group = www
#创建用户
[aaa@qq.com sbin]# useradd -M -s /sbin/nologin www
#启动服务
[aaa@qq.com init.d]# ./php.fpm start
Starting php-fpm done
#查看状态
[aaa@qq.com init.d]# ps -ef | grep php
root 18595 11019 0 09:57 pts/2 00:00:00 more php.ini
root 18727 1 0 10:11 ? 00:00:00 php-fpm: master process (/apps/php-fpm/etc/php-fpm.conf)
www 18728 18727 0 10:11 ? 00:00:00 php-fpm: pool www
www 18729 18727 0 10:11 ? 00:00:00 php-fpm: pool www
root 18732 2181 0 10:11 pts/1 00:00:00 grep --color=auto php
[aaa@qq.comr16 init.d]#
#复制php.ini文件
[aaa@qq.com php-fpm]# cp /usr/local/src/php-7.3.5/php.ini-production /apps/php-fpm/etc/php.ini
#加入系统环境变量
[aaa@qq.com init.d]# vim /etc/profile
[aaa@qq.com init.d]#
[aaa@qq.com init.d]#
[aaa@qq.com init.d]# source /etc/profile
[aaa@qq.com init.d]# echo $PATH
/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/openssh/bin:/root/bin:/apps/php-fpm/bin:/apps/php-fpm/sbin
[aaa@qq.com init.d]#
#启动脚本
#复制php启动脚本到/etc/init.d/
cp /usr/local/src/php-7.3.5/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/init.d/php-fpm
chkconfig --add php-fpm
chkconfig php-fpm on
[aaa@qq.com sbin]# systemctl start php-fpm
[aaa@qq.com sbin]# ps -ef | grep php-fpm
root 18956 1 0 10:32 ? 00:00:00 php-fpm: master process (/apps/php-fpm/etc/php-fpm.conf)
www 18957 18956 0 10:32 ? 00:00:00 php-fpm: pool www
www 18958 18956 0 10:32 ? 00:00:00 php-fpm: pool www
root 18960 2152 0 10:32 pts/0 00:00:00 grep --color=auto php-fpm
1.3安装mysql
1.3.1 卸载系统自动的Mariadb数据库
yum -y remove mariadb* boost-*
1.3.2 安装依赖包
yum install -y cmake make gcc gcc-c++ bison ncurses ncurses-devel
1.3.3 解压源码包
tar zxf mysql-boost-5.7.20.tar.gz -C /usr/local/src/
1.3.4 编译安装
#编译
cmake -DCMAKE_INSTALL_PREFIX=/apps/mysql \
-DMYSQL_DATADIR=/apps/mysql/data \
-DDOWNLOAD_BOOST=1 \
-DWITH_BOOST=/usr/local/src/mysql-5.7.20/boost/boost_1_59_0 \
-DSYSCONFDIR=/etc \
-DWITH_MYISAM_STORAGE_ENGINE=1 \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_MEMORY_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_FEDERATED_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITH_READLINE=1 \
-DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \
-DMYSQL_TCP_PORT=3306 \
-DENABLED_LOCAL_INFILE=1 \
-DENABLE_DTRACE=0 \
-DEXTRA_CHARSETS=all \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DMYSQL_USER=mysql
#编译安装
make && make install
1.3.5 数据库配置
#创建数据库用户
useradd -M -s /sbin/nologin -r mysql
#创建目录
mkdir -p /apps/msyql/data
#赋权
[aaa@qq.com mysql]# chown -R mysql.mysql /apps/mysql/data
[aaa@qq.com mysql]#
[aaa@qq.com mysql]#
[aaa@qq.com mysql]# ll
total 4
drwxr-xr-x 2 mysql mysql 4096 Jun 13 13:48 data
[aaa@qq.com mysql]#
[aaa@qq.com mysql]#
1.3.6 配置Mysql启动脚本
[aaa@qq.com mysql-5.7.20]# cp /apps/mysql/support-files/mysql.server /etc/init.d/mysqld
#开机启动
[aaa@qq.com init.d]# chkconfig --add mysqld
[aaa@qq.com init.d]# chkconfig mysqld on
#修改路径
vim /etc/init.d/mysqld
basedir=/apps/mysql
datadir=/apps/mysql/data
初始化mysql
[aaa@qq.com init.d]# /apps/mysql/bin/mysqld --initialize-insecure --user=mysql --basedir=/apps/mysql --datadir=/apps/mysql/data
#启动mysql
[aaa@qq.com init.d]# /etc/init.d//mysqld start
Starting MySQL. SUCCESS!
[aaa@qq.com init.d]#
#登录mysql
[aaa@qq.com init.d]# mysql -u root -p -S /apps/mysql/mysql.sock
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.20 Source distribution
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
4 rows in set (0.00 sec)
mysql>
mysql>
mysql> alter user 'root'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql>
1.4自定义404界面
1.4.1在nginx.conf中自定义
error_page 404 /404.html;
location = /404.html {
root html;
}
1.4.2 重启服务
systemctl reload nginx
1.4.3 查看
1.5配置日志格式为json
#定义日志格式
log_format access_json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"uri":"$uri",'
'"domain":"$host",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"tcp_xff":"$proxy_protocol_addr",'
'"http_user_agent":"$http_user_agent",'
'"status":"$status"}';
#access_log logs/access.log main;
access_log /apps/nginx/logs/access_json.log access_json;
1.5.1重启服务
systemctl reload nginx
1.5.2 查看日志格式
[aaa@qq.com logs]# tail -f access_json.log
{"@timestamp":"2020-06-13T22:11:48+08:00","host":"172.16.62.16","clientip":"172.16.62.10","size":0,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","http_host":"172.16.62.16","uri":"/index.html","domain":"172.16.62.16","xff":"-","referer":"-","tcp_xff":"-","http_user_agent":"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0","status":"304"}
{"@timestamp":"2020-06-13T22:11:49+08:00","host":"172.16.62.16","clientip":"172.16.62.10","size":0,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","http_host":"172.16.62.16","uri":"/index.html","domain":"172.16.62.16","xff":"-","referer":"-","tcp_xff":"-","http_user_agent":"Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0","status":"304"}
2. 配置虚机主机
2.1虚拟主机配置
2.1.1 创建网站目录和文件
[aaa@qq.com vhosts]# tree
.
├── bbs
│ └── index.html
├── bbs.conf
├── www
│ └── index.html
└── www.conf
2.1.2 修改nginx配置
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
access_log /apps/nginx/logs/access_json.log access_json;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#vhosts目录下会包含所有的虚拟主机的配置文件
include vhosts/*.conf;
2.2 生成SSL证书
#生成临时私钥文件, tmp.key
[aaa@qq.com tmp]# openssl genrsa -des3 -out tmp.key 2048
Generating RSA private key, 2048 bit long modulus
........................................+++
......+++
e is 65537 (0x10001)
Enter pass phrase for tmp.key: (输入加密密码)
Verifying - Enter pass phrase for tmp.key:
[aaa@qq.com tmp]# ll
total 697340
-rw-r--r-- 1 root root 714050311 May 27 14:42 mysql-5.7.26-el7-x86_64.tar.gz
drwxr-xr-x 3 root root 4096 Jun 13 09:27 pear
drwx------ 3 root root 4096 Jun 14 16:46 systemd-private-fe9d70cea75447cab779c6b4b9e7440f-nginx.service-i53KTF
-rw-r--r-- 1 root root 1743 Jun 14 17:20 tmp.key
-rw-r--r-- 1 root root 3439 Jun 13 21:10 vgauthsvclog.txt.0
drwx------ 2 root root 4096 Jun 13 21:10 vmware-root
[aaa@qq.com tmp]# openssl rsa -in tmp.key -out www_private.key
Enter pass phrase for tmp.key:
writing RSA key
#转换临时私钥文件为新的私钥文件 www_private.key
[aaa@qq.com tmp]# openssl rsa -in tmp.key -out www_private.key
Enter pass phrase for tmp.key:
writing RSA key
[aaa@qq.com tmp]# ll
total 697344
-rw-r--r-- 1 root root 714050311 May 27 14:42 mysql-5.7.26-el7-x86_64.tar.gz
drwxr-xr-x 3 root root 4096 Jun 13 09:27 pear
drwx------ 3 root root 4096 Jun 14 16:46 systemd-private-fe9d70cea75447cab779c6b4b9e7440f-nginx.service-i53KTF
-rw-r--r-- 1 root root 1743 Jun 14 17:20 tmp.key
-rw-r--r-- 1 root root 3439 Jun 13 21:10 vgauthsvclog.txt.0
drwx------ 2 root root 4096 Jun 13 21:10 vmware-root
-rw-r--r-- 1 root root 1675 Jun 14 17:20 www_private.key
# 临时私钥可以删除
rm -f tmp.key
#生成证书请求文件
- 要用私钥文件www_private.key来生成证书请求文件www.csr
[aaa@qq.com tmp]# openssl req -new -key www_private.key -out www.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:CN
Locality Name (eg, city) [Default City]:SH
Organization Name (eg, company) [Default Company Ltd]:YV
Organizational Unit Name (eg, section) []:YV
Common Name (eg, your name or your server's hostname) []:www
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:www
[aaa@qq.com tmp]# ll
total 697348
-rw-r--r-- 1 root root 714050311 May 27 14:42 mysql-5.7.26-el7-x86_64.tar.gz
drwxr-xr-x 3 root root 4096 Jun 13 09:27 pear
drwx------ 3 root root 4096 Jun 14 16:46 systemd-private-fe9d70cea75447cab779c6b4b9e7440f-nginx.service-i53KTF
-rw-r--r-- 1 root root 3439 Jun 13 21:10 vgauthsvclog.txt.0
drwx------ 2 root root 4096 Jun 13 21:10 vmware-root
-rw-r--r-- 1 root root 1029 Jun 14 17:21 www.csr
-rw-r--r-- 1 root root 1675 Jun 14 17:20 www_private.key
#用证书请求文件和私钥制作公钥,有效期365天,
- 证书请求文件 www.csr
- 私钥文件 www_private.key
- 来生成公钥文件 www_public.crt
[aaa@qq.com tmp]# openssl x509 -req -days 365 -in www.csr -signkey www_private.key -out www_public.crt
Signature ok
subject=/C=CN/ST=CN/L=SH/O=YV/OU=YV/CN=www
Getting Private key
[aaa@qq.com tmp]# ll
total 697352
-rw-r--r-- 1 root root 714050311 May 27 14:42 mysql-5.7.26-el7-x86_64.tar.gz
drwxr-xr-x 3 root root 4096 Jun 13 09:27 pear
drwx------ 3 root root 4096 Jun 14 16:46 systemd-private-fe9d70cea75447cab779c6b4b9e7440f-nginx.service-i53KTF
-rw-r--r-- 1 root root 3439 Jun 13 21:10 vgauthsvclog.txt.0
drwx------ 2 root root 4096 Jun 13 21:10 vmware-root
-rw-r--r-- 1 root root 1029 Jun 14 17:21 www.csr
-rw-r--r-- 1 root root 1675 Jun 14 17:20 www_private.key
-rw-r--r-- 1 root root 1135 Jun 14 17:22 www_public.crt
#查看所有证书文件
[aaa@qq.com tmp]# ll
-rw-r--r-- 1 root root 1029 Jun 14 17:21 www.csr
-rw-r--r-- 1 root root 1675 Jun 14 17:20 www_private.key
-rw-r--r-- 1 root root 1135 Jun 14 17:22 www_public.crt
[aaa@qq.com tmp]#
#拷贝到SSL目录
[aaa@qq.com ssl]# ll
total 8
-rw-r--r-- 1 root root 1675 Jun 14 17:41 www_private.key
-rw-r--r-- 1 root root 1135 Jun 14 17:41 www_public.crt
2.3 https配置
2.3.1 www配置文件
www配置文件为
[aaa@qq.com vhosts]# more www.conf
server {
listen 443 ssl; (需要配置SSL)
server_name www.haostack.com;
access_log /apps/nginx/logs/access_json.log access_json; (日志格式为json)
ssl_certificate /apps/nginx/conf/ssl/www_public.crt;(公钥)
ssl_certificate_key /apps/nginx/conf/ssl/www_private.key;(私钥)
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /apps/nginx/conf/vhosts/www;(网站目录)
index index.html index.htm;
}
}
[aaa@qq.com vhosts]#
2.3.2 测试
2.3.3 bbs配置文件
bbs配置文件为
[aaa@qq.com vhosts]# more bbs.conf
server {
listen 443 ssl;(SSL)
server_name bbs.haostack.com;
access_log /apps/nginx/logs/access_json.log access_json;(json格式)
ssl_certificate /apps/nginx/conf/ssl/www_public.crt;(公钥)
ssl_certificate_key /apps/nginx/conf/ssl/www_private.key;(私钥)
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /apps/nginx/conf/vhosts/bbs; (网站目录)
index index.html index.htm;
}
}
[aaa@qq.com vhosts]#
2.3.4 测试
上一篇: 卡尔曼滤波器小白入门
下一篇: 卡尔曼滤波器在deep sort中的应用