新_CentOS 6下搭建Apache+MySQL+PHP+SSL
CentOS6下搭建Apache+MySQL+PHP+SSL
网上的一些文章都已经比较老了,现在版本高了之后,其实配置是很省力的(不考虑什么负载的话)
分享全过程,出了文中提到的安装epelrpmfushion源指令不同外,其他的过程也适用与Centos5
1.安装CentOS6,可以选择最小安装,也可以安装桌面
2.升级系统
?yumupdate
3.安装mysql,并设置mysql开机自启动,同时启动mysql
?yuminstallmysqlyuminstallmysql-serverchkconfig--levels35mysqldonservicemysqldstart
4.配置mysql的root密码
?mysql_secure_installation
Entercurrentpasswordforroot(enterfornone):(回车)
OK,successfullyusedpassword,movingon...
SettingtherootpasswordensuresthatnobodycanlogintotheMySQL
rootuserwithouttheproperauthorisation.
Setrootpassword?[Y/n](Y)
Newpassword:(123456)
Re-enternewpassword:(123456)
Passwordupdatedsuccessfully!
Reloadingprivilegetables..
...Success!
Bydefault,aMySQLinstallationhasananonymoususer,allowinganyone
tologintoMySQLwithouthavingtohaveauseraccountcreatedfor
them.Thisisintendedonlyfortesting,andtomaketheinstallation
goabitsmoother.Youshouldremovethembeforemovingintoa
productionenvironment.
Removeanonymoususers?[Y/n]
(是否移出数据库的默认帐户,如果移出,那么在终端中直接输入mysql是会提示连接错误的)Y
Normally,rootshouldonlybeallowedtoconnectfrom'localhost'.This
ensuresthatsomeonecannotguessattherootpasswordfromthenetwork.
Disallowrootloginremotely?[Y/n]
(是否禁止root的远程登录)Y
Bydefault,MySQLcomeswithadatabasenamed'test'thatanyonecan
access.Thisisalsointendedonlyfortesting,andshouldberemoved
beforemovingintoaproductionenvironment.
Removetestdatabaseandaccesstoit?[Y/n]Y
Reloadprivilegetablesnow?[Y/n]Y
5.安装apache,并设置开机启动
?yuminstallhttpdchkconfig--levels35httpdonservicehttpdstart
这时候可以测试apache是否正常工作
直接浏览器访问localhost应该没问题,但是如果别的机子访问不了的话,是因为防火墙的关系,配置防火墙
(后面的ssl还会有这个问题的)
6.安装php
?yuminstallphpyuminstallphp-mysqlphp-gdphp-imapphp-ldapphp-odbcphp-pearphp-xmlphp-xmlrpc
这个时候php就安装完成拉,写个脚本测试一下
?vi/var/www/html/info.php
输入
?<?phpphpinfo();?>
访问localhost/info.php即可~
7.安装phpMyAdmin
首先先给系统安装epel和rpmfushion两个软件大仓库
?rpm-Uvhhttp://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpmrpm-Uvhhttp://download1.rpmfusion.org/free/el/updates/testing/6/i386/rpmfusion-free-release-6-0.1.noarch.rpmhttp://download1.rpmfusion.org/nonfree/el/updates/testing/6/i386/rpmfusion-nonfree-release-6-0.1.noarch.rpm
如果是centos5的话执行下面
?rpm-Uvhhttp://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpmrpm-Uvhhttp://download1.rpmfusion.org/free/el/updates/testing/5/i386/rpmfusion-free-release-5-0.1.noarch.rpmhttp://download1.rpmfusion.org/nonfree/el/updates/testing/5/i386/rpmfusion-nonfree-release-5-0.1.noarch.rpm
接着安装起来就很方便拉,~根本不需要去下载就可以获得最新的版本
?yuminstallphpmyadmin
安装完成后还需要配置一下访问权限,使得出了本机外,其他机子也能访问phpMyAdmin
?vi/etc/httpd/conf.d/phpMyAdmin.conf
找到两个directory的权限设置,Allowfrom改成All
<Directory/usr/share/phpMyAdmin/>
OrderDeny,Allow
DenyfromAll
Allowfrom127.0.0.1
AllowfromAll
</Directory>
<Directory/usr/share/phpMyAdmin/setup/>
OrderDeny,Allow
DenyfromAll
Allowfrom127.0.0.1
AllowfromAll
</Directory>
重启服务器
?servicehttpdrestart
测试localhost/phpMyAdmin
用户名密码:root123456
OK~LAMP搭建完毕,
8.搭建SSL,让apache支持https
?yuminstallmod_ssl
其实安装完这个模块后,重启完apache就可以用https://localhost测试了,因为他创建了默认的证书
在/etc/pki/tls下
当然我们也可以用openssl创建自己的证书
?yuminstallopenssl
生成证书文件
创建一个rsa私钥,文件名为server.key
?opensslgenrsa-outserver.key1024
GeneratingRSAprivatekey,1024bitlongmodulus
............++++++
............++++++
eis65537(0x10001)
用server.key生成证书签署请求CSR
?opensslreq-new-keyserver.key-outserver.csr
CountryName:两个字母的国家代号
StateorProvinceName:省份名称
LocalityName:城市名称
OrganizationName:公司名称
OrganizationalUnitName:部门名称
CommonName:你的姓名
EmailAddress:地址
至于'extra'attributes不用输入.直接回车
生成证书CRT文件server.crt。
?opensslx509-days365-req-inserver.csr-signkeyserver.key-outserver.crt
修改ssl.conf指定我们自己生成的证书
?vi/etc/httpd/conf.d/ssl.conf
找到如下位置,修改路径
#ServerCertificate:
#PointSSLCertificateFileataPEMencodedcertificate.If
#thecertificateisencrypted,thenyouwillbepromptedfora
#passphrase.Notethatakill-HUPwillpromptagain.Anew
#certificatecanbegeneratedusingthegenkey(1)command.
SSLCertificateFile/etc/pki/tls/certs/localhost.crt
#ServerPrivateKey:
#Ifthekeyisnotcombinedwiththecertificate,usethis
#directivetopointatthekeyfile.Keepinmindthatif
#you'vebothaRSAandaDSAprivatekeyyoucanconfigure
#bothinparallel(toalsoallowtheuseofDSAciphers,etc.)
SSLCertificateKeyFile/etc/pki/tls/private/localhost.key
OK
?servicehttpdrestart
一切都搞定拉~~
整个过程我们不需要修改/etc/httpd/conf/httpd.conf这就是版本高了的好处阿
http://www.idouye.com爱豆叶资料分享