一.搭建一個簡單web即dns服務器
10.10.54.61
[root@gyf html]# vim /etc/named.conf
options {
listen-on port 53 {any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query {any; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "ssr.com" IN {
type master;
file "named.ssr.com";
};
zone "54.10.10.in-addr.arpa" IN {
type master;
file "named.10.10.54";
[root@gyf html]# /etc/init.d/named restart
[root@gyf named]# vim /var/named/named.ssr.com
$TTL 86400
@ IN SOA ssr.com. root (
2014010802
1H
2M
1W
1D
);
@ IN NS ssr.com.
ssr.com. IN A 10.10.54.61
@ IN MX 3 master.ssr.com #郵箱服務器
master.ssr.com. IN A 10.10.54.61
slaver IN A 10.10.54.64
svn IN A 10.10.54.64
ftp IN CNAME master.ssr.com.
www.ssr.com. IN CNAME ssr.com
[root@gyf named]# vim /var/named/named.10.10.54
$TTL 86400
@ IN SOA ssr.com. root (
2014010802
1H
2M
1W
1D
);
@ IN NS ssr.com.
61 IN PTR ssr.com.
61 IN PTR master.ssr.com.
61 IN PTR ftp.ssr.com.
64 IN PTR slaver.ssr.com.
64 IN PTR svn.ssr.com.
61 IN PTR www.ssr.com.
//在本機上解析測試
[root@gyf ~]# dig ssr.com @127.0.0.1
[root@gyf ~]# dig -x 10.10.54.61 @127.0.0.1
//在ubantu10.10.54.60修改解析服務器爲10.10.54.61
vim /etc/resolv.conf
nameserver 10.10.54.61
php
二:apache基於域名的虛擬主機+htaccess密碼認證html
10.10.54.61
多個域名對應一個ip或多個ip
多個域名對應一個ip能夠用cname
[root@gyf named]# vim /var/named/named.ssr.com
www.ssr.com. IN CNAME ssr.com.
hr IN CNAME ssr.com.
bbs IN CNAME ssr.com.
[root@gyf named]# vim /var/named/named.10.10.54
61 IN PTR www.ssr.com.
61 IN PRT hr.ssr.com.
61 IN PRT bbs.ssr.com.
2.修改配置文件,添加虛擬主機
[root@gyf named]# mkdir /var/www/hr
[root@gyf named]# mkdir /var/www/bbs
[root@gyf named]# vim /etc/httpd/conf/httpd.conf
NameVirtualHost *:80 ---基於域名的虛擬主機,須要開啓此參數
#基於密碼認證的網頁
:416 <Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>
#add file
<Directory "/var/www/html">
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/hr">
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/bbs">
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
<VirtualHost *:80>
ServerAdmin guoyf.ssr.com
DocumentRoot /var/www/html
ServerName www.ssr.com
ErrorLog logs/www-error_log
CustomLog logs/www-access_log common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin guoyf.ssr.com
DocumentRoot /var/www/hr
ServerName hr.ssr.com
ErrorLog logs/hr-error_log
CustomLog logs/hr-access_log common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin guoyf.ssr.com
DocumentRoot /var/www/bbs
ServerName bbs.ssr.com
ErrorLog logs/bbs-error_log
CustomLog logs/bbs-access_log common
</VirtualHost>
[root@gyf hr]# /etc/init.d/httpd restart
3.建網頁
[root@gyf hr]# vim /var/www/html/index.html
<html>
<h1 style=color:red align="center"> welcome to ssr!</h1>
</html>
#爲網頁創建.htaccess文件
[root@gyf hr]# vim /var/www/html/.htaccess
AuthName "htaccess auth"
AuthType Basic
AuthUserFile /etc/httpd/conf/users
Require valid-user
[root@gyf hr]# vim /var/www/hr/index.html
<html>
<h1 style=color:red align="center"> welcome to hr!</h1>
</html>
[root@gyf hr]# vim /var/www/hr/.htaccess
AuthName "htaccess auth"
AuthType Basic
AuthUserFile /etc/httpd/conf/users
Require valid-user
[root@gyf hr]# vim /var/www/bbs/index.html
<html>
<h1 style=color:red align="center"> welcome to bbs!</h1>
</html>
[root@gyf hr]# vim /var/www/bbs/.htaccess
AuthName "htaccess auth"
AuthType Basic
AuthUserFile /etc/httpd/conf/users
Require valid-user
#建立用戶
[root@gyf bbs]# htpasswd -c /etc/httpd/conf/users gyf
New password:
Re-type new password:
4.在ubantu10.10.54.60修改解析服務器爲10.10.54.61
vim /etc/resolv.conf
nameserver 10.10.54.61
或者
gyf@gyf:~$ sudo vim /etc/hosts
10.10.54.61 www.ssr.com
10.10.54.62 hr.ssr.com
10.10.054.63 bbs.ssr.com
5.測試
在10.10.54.60 網址中輸入www.ssr.com
在10.10.54.60 網址中輸入10.10.54.61
#多個域名對應一個ip,輸入ip時 出現第一個/etc/httpd/conf/httpd.conf 中網頁
6.測試工具
[root@gyf hr]# ab -n 10000 -c 50 http://www.ssr.com/index.htmlmysql
三.apache 延伸 基於ssl加密網頁
1.install mod_ssl
[root@gyf conf]# mkdir /etc/httpd/conf/.ssl
[root@gyf conf]# cd /etc/httpd/conf/.ssl
[root@gyf .ssl]# yum list|grep mod_ssl
mod_ssl.x86_64 1:2.2.15-26.el6.centos Packages
[root@s01 .ssl]# yum install mod_ssl.x86_64
#mod_ssl提供的apache配置文件
[root@gyf conf.d]# vim /etc/httpd/conf.d/ssl.conf
系統提供的私鑰文件,用來製做證書
[root@gyf conf.d]# vim /etc/pki/tls/private/localhost.key
#系統提供的加密過得證書文件
[root@gyf conf.d]# vim /etc/pki/tls/certs/localhost.crt
#下載 mod_ssl source code,get sign.sh
[root@gyf soft]# wget http://www.modssl.org/source/mod_ssl-2.8.31-1.3.41.tar.gz
[root@gyf soft]# cp /soft/mod_ssl-2.8.31-1.3.41/pkg.contrib/sign.sh /etc/httpd/conf/.ssl/
/conf/.ssl/
2.建立CA證書
//建立rsa私用密鑰
[root@gyf soft]# cd /etc/httpd/conf/.ssl/
[root@gyf .ssl]# openssl genrsa -des3 -out ca.key 1024
Generating RSA private key, 1024 bit long modulus
.++++++
............++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key: .... caca
Verifying - Enter pass phrase for ca.key: ....caca
//查看ca.key密鑰內容
[root@gyf .ssl]# openssl rsa -noout -text -in ca.key
Enter pass phrase for ca.key: ....caca
//利用CA的RSA密鑰建立一個自簽署的CA證書
[root@s01 .ssl]# openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
Enter pass phrase for ca.key:
must type in 4 to 8191 characters
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hn
Locality Name (eg, city) [Default City]:ly
Organization Name (eg, company) [Default Company Ltd]:ssr
Organizational Unit Name (eg, section) []:ssr
Common Name (eg, your name or your server's hostname) []:sw
Email Address []:guoyf@ssr.com
3.建立服務器證書籤署請求
//建立一個RSA私用密鑰
[root@gyf .ssl]# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
............++++++
...++++++
e is 65537 (0x10001)
Enter pass phrase for server.key: .....123456
Verifying - Enter pass phrase for server.key: ......123456
[root@s01 .ssl]# ll
total 12
-rw-r--r-- 1 root root 985 3月 5 23:58 ca.crt
-rw-r--r-- 1 root root 951 3月 5 23:54 ca.key
-rw-r--r-- 1 root root 963 3月 6 01:41 server.key
-rwxr-xr-x 1 root root 1784 3月 6 01:21 sign.sh
//利用server.key產生證書籤署請求CSR
[root@gyf .ssl]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key: .....123456
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hn
Locality Name (eg, city) [Default City]:ly
Organization Name (eg, company) [Default Company Ltd]:ssr
Organizational Unit Name (eg, section) []:ssr
Common Name (eg, your name or your server's hostname) []:sw
Email Address []:guoyf@ssr.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
//簽署證書
[root@gyf .ssl]# ./sign.sh server.csr
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key: .....caca
140559083972424:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:869:You must type in 4 to 8191 characters
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'cn'
stateOrProvinceName :ASN.1 12:'hn'
localityName :ASN.1 12:'ly'
organizationName :ASN.1 12:'ssr'
organizationalUnitName:ASN.1 12:'ssr'
commonName :ASN.1 12:'ssr'
emailAddress :IA5STRING:'yangry@ssr.com'
Certificate is to be certified until Mar 6 02:09:01 2015 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK
[root@gyf .ssl]# ll
total 40
-rw-r--r-- 1 root root 985 3月 5 23:58 ca.crt
drwxr-xr-x 2 root root 4096 3月 6 01:46 ca.db.certs
-rw-r--r-- 1 root root 91 3月 6 01:46 ca.db.index
-rw-r--r-- 1 root root 21 3月 6 01:46 ca.db.index.attr
-rw-r--r-- 1 root root 3 3月 6 01:46 ca.db.serial
-rw-r--r-- 1 root root 951 3月 5 23:54 ca.key
-rw-r--r-- 1 root root 2529 3月 6 01:46 server.crt
-rw-r--r-- 1 root root 660 3月 6 01:44 server.csr
-rw-r--r-- 1 root root 963 3月 6 01:41 server.key
-rwxr-xr-x 1 root root 1784 3月 6 01:21 sign.sh
#移除證書籤署請求
[root@gyf .ssl]# rm -f server.csr
#修改簽好的服務器端證書爲用戶只讀權限
[root@gyf .ssl]# chmod 400 server.crt
4.產生client端的我的證書
[root@gyf .ssl]# openssl pkcs12 -export -in server.crt -inkey server.key -out client.p12 -name "public"
Enter pass phrase for server.key: ......123456
Enter Export Password: ......123
Verifying - Enter Export Password: ......123
[root@gyf .ssl]# ll
total 40
-rw-r--r-- 1 root root 985 3月 5 23:58 ca.crt
drwxr-xr-x 2 root root 4096 3月 6 01:46 ca.db.certs
-rw-r--r-- 1 root root 91 3月 6 01:46 ca.db.index
-rw-r--r-- 1 root root 21 3月 6 01:46 ca.db.index.attr
-rw-r--r-- 1 root root 3 3月 6 01:46 ca.db.serial
-rw-r--r-- 1 root root 951 3月 5 23:54 ca.key
-rw-r--r-- 1 root root 1666 3月 6 01:53 client.p12
-r-------- 1 root root 2529 3月 6 01:46 server.crt
-rw-r--r-- 1 root root 963 3月 6 01:41 server.key
-rwxr-xr-x 1 root root 1784 3月 6 01:21 sign.sh
5.編輯/etc/http/conf.d/ssl.conf
[root@gyf .ssl]# vim /etc/httpd/conf.d/ssl.conf
:12 LoadModule ssl_module modules/mod_ssl.so ---confirm
:18 Listen 443 ---confirm
:74 <VirtualHost _default_:443>
ServerAdmin yangry@ssr.com
DocumentRoot /var/www/bbs
ServerName bbs.ssr.com
ErrorLog logs/bbs-error_log
CustomLog logs/bbs-access_log common
SSLCertificateFile /etc/httpd/conf/.ssl/server.crt
SSLCertificateKeyFile /etc/httpd/conf/.ssl/server.key
</VirtualHost>
[root@gyf .ssl]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: Apache/2.2.15 mod_ssl/2.2.15 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server bbs.ssr.com:443 (RSA)
Enter pass phrase: .......123456
OK: Pass Phrase Dialog successful.
[ OK ]
在ubuntu在輸入
https://bbs.ssr.com/
四,搭建bbs論壇linux+apache+mysql+php
mysql主要的文件:
安裝目錄文件
配置文件
數據目錄文件
啓動服務文件
###RPM軟件包安裝mysql10.10.54.61
[root@tech2 ~]# yum install -y mysql.x86_64 mysql-server.x86_64 mysql-libs.x86_64 mysql-devel.x86_64
#有mysql用戶和用戶組
[root@tech2 ~]# cat /etc/passwd|grep mysql
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
[root@tech2 ~]# id mysql
uid=27(mysql) gid=27(mysql) groups=27(mysql)
#修改環境變量
vim /etc/profile.d/mysql.sh
PATH=/usr/bin:$PATH
export PATH
shell>source /etc/profile.d/mysql.sh
#建立目錄
mkdir -p /data/mysql級聯建立數據目錄
chown -R mysql.mysql /var/lib/mysql
chown -R mysql.mysql /data/mysql
#修改配置文件
[root@gyf mysql]# vim /etc/my.cnf
[mysqld]
datadir = /data/mysql
[root@gyf mysql]# /etc/init.d/mysqld start
#安裝php
yum install php.x86_64 php-cli.x86_64 php-common.x86_64 php-gd.x86_64 php-mysql.x86_64 php-pear.noarch
#在http配置文件中添加php首頁
[root@gyf upload]# vim /etc/httpd/conf/httpd.conf
DirectoryIndex index.php
user apache ...... 注意用戶是apache
#把Discuz_X3.0_SC_UTF8.zip 論壇文件在bbs下解壓
[root@gyf soft]# yum list |grep unzip
unzip.x86_64 6.0-1.el6 @Packages
[root@gyf soft]# yum install unzip.x86_64
[root@gyf soft]# cd /var/www/bbs/
unzip Discuz_X3.0_SC_UTF8.zip
[root@gyf bbs]# ls
Discuz_X3.0_SC_UTF8.zip readme upload utility
#upload下放的是網頁
[root@gyf upload]# ls
admin.php connect.php forum.php member.php search.php uc_server
api cp.php group.php misc.php source userapp.php
api.php crossdomain.xml home.php plugin.php static
archiver data index.php portal.php template
config favicon.ico install robots.txt uc_client
#測試
在ubuntu10.10.54.60下輸入http://bbs.ssr.com/upload
#修改bbs下的全部用戶和用戶組爲apache
[root@gyf upload]# chown apache.apache -R /var/www/bbs
root@mysql 05:58>grant all on *.* to 'root'@'10.10.54.61' identified by 'aaa12345';
root@mysql 05:59>flush privileges;linux